The federal voters list is a potential gold mine for identity thieves and is not adequately protected, the federal privacy commissioner reported Thursday.
Elections Canada recently began privacy training for the tens of thousands of temporary election workers with access to the list, but a significant gap remains: political parties, which are exempt from federal privacy laws.
“We’re concerned that voters’ personal information could fall into the wrong hands and be used for illegal activities,” privacy commissioner Jennifer Stoddart told a news conference.
A joint examination with Auditor General Sheila Fraser of four large federal databanks found that identity information is generally handled well.
But there were some problems with storage and disposal of personal information at Passport Canada, and Stoddart found that a small percentage of voters lists vanished during recent federal elections and byelections.
Since last March, that voters list has included not only names and addresses, but also birth dates – key data for identity thieves.
“When you get something as reliable, as organized, as a voters list in the wrong hands, this is arguably worth a lot of money in the underground economy,” Stoddart told a news conference.
In one 2006 case, the RCMP discovered lists of voter names and addresses at the offices of a Tamil Tiger cell, allegedly for use in identifying potential financial supporters. Canada classifies the group as a terrorist organization.
It’s not known how they obtained the list.
“There’s at least one per cent of the electoral lists that don’t come back, that can’t be located,” Stoddart said. “Maybe they’ve been shredded, but maybe they’re out there.”
Prior to last October’s federal election, Elections Canada initiated training in privacy laws for its roughly 190,000 temporary workers.
The elections watchdog also issued instructions to political parties, reminding them the voters list can only be used for electoral purposes.
A spokesman, John Enright, also noted that parties don’t get the list that includes birth dates.
But Stoddart said the volume of public complaints she receives about political parties suggests there’s at least the perception of a problem.
“We’ve had a persistent pattern of complaints, for example, about MPs sending people birthday cards,” she said.
“When you see this gap, or this possibility (for data leakage) at every election for political parties to get this information, it does raise the broader question . . . . How much personal information should political parties get without the consent of the citizens?”
It’s not an academic question in the age of sophisticated data manipulation.
Last November at the Conservative policy convention in Winnipeg, the federal party’s top fundraiser described the process.
“We have created complex, leading-edge fundraising techniques such as data-mining, segmentation, targeted marketing and relationship management – all in an effort to move our pool of identified supporters up the support pyramid from supporters to members to donors,” Irving Gerstein told delegates in Winnipeg.
Gerstein, who has since been appointed to the Senate by Prime Minister Stephen Harper, said the key to raising donations is “to effectively use the (party) database for both fundraising and political purposes.”
Stoddart has commissioned an independent study on privacy laws and political parties and expects to receive recommendations later this year. She noted that Australia’s law commission recently recommended political parties there should fall under the country’s privacy legislation.
