Disconnect between privacy regulations and the privacy regulator

The mantra of “do as I say, not as I do” is getting awfully tired when it comes to how the government handles privacy and information security. The Privacy Commissioner of Canada reports government agencies are collecting and storing information that violates privacy and security best practices and exposes millions to identity theft.

This follows multiple reports by the same commission bashing the poor privacy security standards in our society as a whole, from private citizens voluntarily leaving detailed profiles on social media sites to companies collecting more and more information without first integrating measures to protect it. How long can this disconnect go on, between making the regulations and breaking them?

The privacy audit results showed some voter lists simply vanished during elections and by-elections. As well, Elections Canada collects too much personal information on voters, including on teenagers too young to vote. These are not just theoretical threats. A Privacy Commissioner statement says voters lists were used in 2006 by the Tamil Tiger terrorist organization to identify potential financial supporters.
It will be nice when the regulator is finally seen to set the standard, not just talk about it. Of course, any organization serious about security and protecting supporters or customers isn’t going to wait for government to legislate or send the problem away by official decree.