Report on privacy tackles airport security

For the London Free Press - January 23, 2012 - Read this on Canoe The Office of the Privacy Commissioner of Canada (OPC) recently tabled its Annual Report on the Privacy Act. The airport scanner issue receiving much of the press, however there are a number of other noteworthy items in the report. The Privacy Act is the legislation that applies to the Canadian federal government.

Regarding airport scanners, the major concern is whether the Canadian Air Transport Security Authority (CATSA) and the airport screeners it hires under contract are respecting the privacy rights of travellers. While some elements of good privacy management were found, an audit performed earlier in the year identified a number of areas for concern. Of particular note was the security over the images produced by the full-body scanners. Despite being strictly prohibited, a cellphone and closed-circuit television camera were found in the room where officers were viewing the images. These issues were discovered during the audit and were addressed by CATSA.

CATSA has also suggested a plan to observe passengers in the airport pre-boarding areas for suspicious behaviour. OPC expressed a number of concerns including the potential for inappropriate risk profiling based on characteristics such as race, ethnicity, age or gender.

The report also looked at various forms of biometric information such as fingerprints and facial images. Although the collection of biometric information can lead to highly reliable identification systems -- certainly more reliable than paper systems -- the collection and use of this information has also raised significant privacy concerns. While biometric information has the potential to bolster identification systems, it can also lead to privacy concerns regarding covert collection of data, cross-matching and unwanted secondary disclosure. To aid organizations looking to utilize biometric information, the OPC has prepared a primer that helps to identify the pros and cons of biometric data systems.

Also addressed in the report was a complaint made by an individual who was asked by Canada Post to provide identification in order to terminate the rental of a postal box. After review, OPC found that Canada Post has a statutory obligation to provide a secure postal service and that the collection of personal information was consistent with that mandate. The purpose of the data collection was to ensure that postal boxes were not being used or closed fraudulently and further to aid in the investigation of illegal goods shipments. OPC determined that the collection of data for these purposes was reasonable and that the complaint made was not well founded.

Privacy issues are often a balancing act between too much and too little. OPC's annual report looks to identify areas of concern and make recommendations as to how to strike an appropriate balance. Governments require personal information to properly exercise their functions, however the question quickly becomes "how much collection and use is too much?" A complete copy of OPC's Annual Report to Parliament is on OPC's website at