Data privacy concerns are major worries of more than three-fourths of Canadian citizens. In fact, more than 80% of the respondents to a recent nationwide poll on the topic said they want more control of how their personal data is handled and exposed.
The
survey was undertaken by public relations firm Hill and Knowlton in conjunction with the Leger Opinion online panel for Interac, the Toronto-based provider of digital identity and payment and value transfer networks and services. It asked 1,500 Canadians
in early 2024 to opine on a number of topics surrounding data privacy and management of personal information. Their answers clearly show growing doubts among the public and raise a number of serious questions regarding data handling that financial services
companies would be smart to take to heart when establishing future policies, procedures, and practices.
Colette Stewart, managing counsel and enterprise privacy lead at Interac shared the purpose of the company’s study, and the timing of its release, in a conversation with Finextra. “We’ve done this survey for two years, and we’re very interested in understanding
the challenges, concerns, and interests Canadians have. ‘Take Control of your Data’ is the theme of this year’s Data Privacy Week [in the country] which prompted the survey.”
New regulations coming to protect Canadians’ data and privacy - with AI added to the mix
Privacy frameworks in Canada are already quite robust, noted Stewart, and in certain provinces even stronger protections exist to cover specific instances surrounding data collection and handling. Of course, this means private entities seeking and managing
such data have to be diligent in collecting and sharing such data with third parties or intermediaries outside the country. What’s new is the threat of major penalties for non-compliance with the regulations, up to 20% of a company’s revenues or $25 million
in the case of the province of Quebec, for example, said Stewart. Updated, comprehensive national legislation (CB 27) is on the way, intended to modernise procedures and rule coverage to include artificial intelligence (AI) systems usage guidance (also with
penalties for noncompliance) while bringing its own set of punitive fines and enhancing existing data and privacy protections to try to match innovations in the marketplace.
Despite the close attention from the government, it’s apparent from these recent survey results that most Canadians don’t yet feel their data is secure: only 40% feel confident in their ability to protect their personal information stored online. “Canadians
recognise that they give up too much of their data”, says Stewart. “Individuals recognise that there is a challenge related to how their personal information is being collected as they participate in a digital ecosystem. Many people feel more powerless because
they don't quite understand what they are agreeing to or do not recognise that they have to ask questions.”
Stewart explained that even though Canadians are becoming more aware how their privacy is handled, they also are seeing that as fraud becomes more sophisticated, the bad actors are getting smarter and sneakier too. Even though individuals are becoming more
informed as to the types of increasingly complex or nefarious scams being perpetrated in the marketplace, it’s not enough, she says. “[Canadians] want corporations to tell them how this information is being used. And they want the ability to have corporations
delete their information”, not to mention protect it and explain how it’s being used under any number of potential personal data usage and storage scenarios, she said. In a rapidly changing marketplace, that’s not always easy, acknowledged Stewart. “I would
say that as the digital ecosystem evolves, so does the awareness of individuals […] but I would also say though, that individuals need to really pay attention” to where and how their personal data is stored and used.
Fine print: Ignore those terms no more, and ask questions, advises legal expert
Most people have signed up for any number of online services, software programs, and/or apps on their phones or computers. How many actually read the terms and conditions, including how their data will be used, shared, or transferred to third parties to
enable their needs to be served (at least from the point of view of the provider of the application)?
Asked to respond to this, Stewart asserted that it’s a matter of trust. “If we don't have consumer trust, then the evolution of this digital ecosystem cannot go to where consumers are obtaining the best services and businesses aren't obtaining (only) the
data they need to provide those services. What do consumers need to do about it? “Consumers”, she said, “need to ask detailed questions, because there are times when a product or service does not need the (ancillary) data you are being asked for.” Sometimes
the best thing to do is just say “No” to such a request, Stewart said. “Consumers need to be aware. They need to be engaged. And they can (and should) ask questions, and they need to know that that data they're providing is incredibly valuable.”
Consumer education is clearly a key part of making Canadians more informed not just about the systems they use, but the rights they have to question certain requirements in this increasingly digital world, said Stewart. Interac is doing its part: the company
maintains an “In the Know” page at its website, with data privacy articles and a ‘data dictionary’, as well as several other resources available for easy access and research. Other advice? Stewart reiterated that many questions need to be asked by consumers,
in many scenarios. Protecting your data also involves protecting your device and passwords as well as other private information. Most important, she says, is for consumers to understand their rights.
Data collecting companies seeking trust risk much if noncompliant
For organisations collecting data, Stewart shared further recommendations. “The key is that you want to be able to engage your customers. Whether you are collecting personal information from the vendor, or individuals who you are collecting data from, you
need to demonstrate that you are trustworthy and that you are accountable for the information control.” Because, as many famous cases discussed in the press have illustrated, it can be very damaging if that control is not maintained.
Stewart summed up our discussion by noting the potential ramifications of failure to safeguard customer data – and it’s not just about short-term impacts or even financial penalties. “Most of all you need to know that handling personal information is an
act of trust that your consumers have decided to extend it to you. And when you breach that trust, it has reputational impacts that are far more difficult to repair than simply putting a policy in place (in the first place) to always be proactive, always do
what you know is correct, to maintain the trust of your customers, and to advance this new economy.”