Debates of May 17, 2007 (day 9)

Thank you, Mr. Speaker. Mr. Speaker, in recent years, governments have turned more and more to electronic databases to help them manage vast amounts of personal information used to carry out programs and services. In fact, just this week, the Minister of Health and Social Services announced a major partnership between the GNWT and Canada Health Infoway that will see all NWT communities participating in an electronic health records network within the next year.

Such announcements typically hail electronic databases as promising efficiencies and enhanced quality of services. What they fail to mention are the risks to privacy that the new ease of access to information like social insurance numbers, addresses and bank account numbers entails if appropriate security measures are not put in place. As our Information and Privacy Commissioner has warned repeatedly, identify theft is on the rise everywhere. We cannot afford to pretend that we, in the Northwest Territories, are somehow invulnerable to this threat. Aside from identity theft, there are many other ways that personal information can be misused if it falls into the wrong hands. Having the information conveniently packaged and searchable in a database only increases that risk.

Mr. Speaker, it is certainly not my intent to suggest that we do away with electronic databases which are everywhere and have become the essential part of many government and business activities. I raise these concerns to point out that, along with the efficiencies and enhancements, there are new responsibilities that have come with the electronic age. I would think that, at a minimum, these responsibilities include doing realistic assessments of the risks to privacy, implementing plans to mitigate those risks such as security measures to prevent unauthorized access to personal information, and establishing protocols for dealing with breaches including disclosure that a breach has occurred to any persons who may have been affected.

Earlier this week, I questioned the Minister of Human Resources about a possible breach of the government’s PeopleSoft system which includes extremely sensitive personal information on all government employees and raises serious security concerns. As far as I am aware, the department has not taken any steps to communicate with employees about whether or not a breach did occur and who might be affected. I found it extremely disturbing that the Minister was unable to tell me what the protocol would be if a breach did occur.

Mr. Speaker, employees turn over social insurance numbers, addresses and bank accounts on faith that the GNWT, as their employer, will fulfill its responsibility to protect that information and ensure it is only used for the purpose for which it was intended. They have a right to expect that the GNWT has strict security systems in place and protocols to deal with any breaches. Thank you, Mr. Speaker.

---Applause