It’s been more than a decade since the B.C. government responded to a rush of concern about personal information being exposed to U.S. security snoops by outlawing the transfer of provincial data across the border.
The extraordinary scope of the post-9-11 USA PATRIOT Act, which gave U.S. anti-terrorist agencies open access to virtually all privately held data, prompted worries about B.C.’s plans to outsource some data management to U.S. companies or their Canadian subsidiaries.
The government employees’ union filed suit to block one outsourcing attempt over privacy concerns. The information and privacy commissioner weighed in with warnings about the threat, and the B.C. Liberals amended the law to require that government information on B.C. citizens be kept in Canada.
Privacy advocates and almost everyone else heaved a sigh of relief.
But 11 years on, a privacy expert says the supposed protection is a drag on efficient administration of B.C.’s health sector, which has to make do with third- or fourth-rate systems to comply with the law.
Steven Tam, chief privacy officer and general counsel for the Vancouver Coastal Health Authority, briefed the legislature committee reviewing the information and privacy law. He said the restriction bars health authorities from buying the best information-technology solutions to their problems. Instead, they have to shop from the limited variety available in Canada.
Some examples:
• He said one of the best spam filters processes the emails outside Canada, so it’s technically illegal for B.C. agencies to use.
• The best online survey tool does the same thing, “so health authorities and other public bodies are not able to use it, so they have to go … look for second-, third- and fourth-rate products.”
Health authorities have been using one particular survey tool for the past half-dozen years, but it was only discovered this year that they are not in compliance with the law. Tam said a huge effort was made to find a solution but it was unsuccessful, so use of the product was cancelled.
“Now we’re sort of left with trying to figure out an alternative for that.”
• Radiology staff must record all exposures to radiation, and some of the better systems for doing so are U.S.-based. The health authority has historically used one of those, but the question of its legality just recently arose. Data can be moved across the border with the consent of those involved, but that can get complicated, Tam said.
• A huge clinical systems-transformation project now underway — worth more than $800 million over a decade — is running into issues about what data services can be used without breaching the law. Workarounds are possible, “but often the conversations stop whenever someone discovers ‘Oh, it requires processing data outside of Canada.’ ”
Tam said it adds up to staff frustration, reduced functionality in IT systems and added costs in finding Canadian solutions and setting up Canadian servers. The restriction can affect recruiting talent as well, he said. Health research means collaboration across boundaries. Top researchers who find they can’t collaborate with different jurisdictions would think twice about coming to B.C.
The tendency within the health system to ignore the restriction is pervasive. “Violating sec. 30.1 [Canadian storage] can be as easy as enabling iCloud backups on your iPhone,” Tam said. The long-term impact in the health-care system on the restriction on data storage “is that we will become more antiquated, compared to the rest of the world.”
He also questioned whether the information is really protected. “If they [Homeland Security] want access to your Canadian computers, they’ll get access to your Canadian computers.”
Some NDP MLAs challenged Tam on putting administrative ease ahead of the principle of protecting British Columbians’ privacy.
He said there needs to be an open debate about what government expects to get out of the current law. “Right now there is no debate because of the fear that it’s not politically supported to talk about it.”
Information and privacy commissioner Elizabeth Denham later told MLAs she’s heard nothing to convince her the provisions need to be rolled back.
