U.S. citizens may not like the common practice of U.S. companies outsourcing their personal information to other countries that may have less-stringent privacy laws. But, as illustrated by the furor over a recent court case, Canadians are just as leery of their data being sent to the United States as they fear that it may end up in the Federal Bureau of Investigation's hands.
When the British Columbia (B.C.) government decided to outsource the processing of Canadians' medical claims previously processed by B.C. government employees, the employees' union objected to the loss of jobs and the potential privacy risks. One principal argument was that the data might fall into the hands of the U.S. government because the proposed data processing contractor, Maximus Inc., was a U.S.-based multinational company.
The union feared that lack of broad U.S. privacy laws, together with expansive government authority to obtain personal information accorded by the USA PATRIOT Act, would put employees' personal information at risk. The Patriot Act became a focus of the B.C. outsourcing debate among Canadians.
Previous international controversies over the transborder flow of personal information resulted mostly from actions in Europe. The European Union Data Protection Directive restricted the transfer of personal information to countries with inadequate privacy laws, including the United States. However, few actual problems have been reported.
In spring 2004, British Columbia's information and privacy commissioner responded to the growing controversy by seeking public comment on the scope of the Patriot Act and the implications for Canadian privacy protections. He received more than 500 submissions, including some from the United...