Information Technology

Privatizing the provincial government's information technology (IT) services benefits private business, but is a losing proposition for the people of Saskatchewan. The government has already contracted-out more than 60 per cent of its IT services to at least 70 different private, for-profit companies.

The Wall government is quietly privatizing Saskatchewan's government technology services

Privatizing information technology. What's the bottom line?

Our privacy rights at risk

Whether we like it or not, many of the personal details of our lives are in someone else's hands. Your health records, tax information, legal records, and aspects of your social history are collected, stored, and often transferred between organizations. Governments traditionally handled your personal information. It was stored in filing cabinets behind locked doors. Today, information is digital, highly mobile, and much easier to access. This means that governments need to be extra cautious about safeguarding your personal information. The provincial government is the steward of much of our personal data. It has a responsibility to ensure that the details of our lives are not out there for the world to see. The Saskatchewan government's computer systems - like others around the globe - face thousands of security threats every day. Yet, despite the very real concerns about keeping our personal information secure and confidential, the government is handing the management of our data systems over to private companies - without any public discussion or consultation.

Who is safeguarding my information?

We risk losing control of our personal information when our data is turned over to private interests. There is less transparency and accountability when a private corporation is in charge. If a Saskatchewan citizen believes their right to privacy has been violated by a public body, they can turn to the Office of the Information and Privacy Commissioner (OIPC) for help and redress. But private companies are not automatically covered by our privacy law. A private contractor managing public data may or may not be held accountable for the security of personal information - it is determined on a case-by-case basis, according to the OIPC. When there is a privacy breach, private contractors have a vested interest in keeping the cyber-threat quiet. Companies do not want to jeopardize their reputation, so they are unlikely to voluntarily acknowledge that their systems have been attacked. Saskatchewan, like most other provinces, has no legislation to compel companies to make privacy breaches public.

Out of our hands - in another country

"We’re seeing unimaginable quantities of data flash around the world, including to countries where data-protection laws are slim to non-existent." - Privacy Commissioner of Canada Jennifer Stoddart, 2010. If companies are sold or work is transferred to the U.S. or off-shore there is an even greater risk of losing control over our personal information. When private businesses with links to other countries control our information, they can easily move our data out of province and out of Canada, where our laws do not apply. When our personal data is housed in another country, it is subject to the laws of that nation. For example, a Saskatchewan citizen's private information stored in the U.S. would be subject to the U.S.A. Patriot Act, which gives American law enforcement officials sweeping powers to override traditional privacy rights as part of its anti-terrorism strategy.

The government record on privacy concerns

The provincial government has not demonstrated a genuine concern for protecting the privacy rights of its citizens. Saskatchewan's Privacy Commissioner Gary Dickson has had to publicly call for additional funds to deal with what he terms a crisis situation. In 2010, Dickson reported a 113 per cent increase in reviews and complaints, but no increase in staff and resources to handle the growing demand. His office has not received an increase to its base funding despite a mounting caseload. The government's poor track record on supporting privacy rights is worrisome in light of the potential threats arising from contracting out government IT services. Will government ensure that contracts with for-profit companies include strong privacy guidelines? And, will it be prepared to pay even more money to private companies to cover the cost of ensuring that privacy standards are met?

Private providers vs. the public interest: Who's in control?

What guarantees do Saskatchewan citizens have that their personal information will be safe in the hands of private companies? We have a right to know what is being done to protect our personal information. There are many legitimate questions:

  • Are workers in private companies receiving adequate and ongoing training regarding privacy?
  • Are independent privacy audits conducted?
  • Are the privacy impacts of new programs and services assessed?
  • Is the company willing to adjust the privacy strategy as needed?
  • Who is accountable if there is a breach? Will the public be informed? Will private companies, who may be tempted to cut corners to increase their profit margin, spend the money needed to ensure that our personal information is safe?

Blocking the public's access to information

In order to get answers to some of the key questions about who will be in control of our personal information, SGEU filed an access to Information request for contracts between the Ministry of Health and private IT companies from 2000 -2009. In response, the Ministry requested a total fee of $80,920, with half of that amount to be paid up front. Charging exorbitant fees for freedom of information requests effectively blocks the public's ability to know who is in control and who is accountable. It costs more Government is paying business substantially more to do the same work that has traditionally been done in-house by government workers. This is because:

  • contract employees are typically paid more than government workers; and
  • businesses need to charge more for their services in order to make a profit. The bottom line is that privatizing information technology services not only risks the security of our personal information, it costs taxpayers more.

Losing ground: Public infrastructure and human capital

Government has a responsibility to manage and protect its citizens' personal information. That obligation is a core government function. When that task is handed over to private interests, we not only relinquish control, we also lose a crucial part of our public infrastructure. We lose hundreds of highly-skilled employees with the institutional knowledge and capability to manage our information technology systems. Once those jobs are gone and the expertise is lost, it will be nearly impossible to re-build a reliable public information management system. It's in our best interests as a province to keep IT capacity within our own government. We don't want to see our personal information, our money, or the technological expertise leave the province. The government should be strengthening our internal capacity, and focusing on safeguarding citizens' privacy rights, not putting us at the mercy of corporate interests who have no real commitment to our province or its people.