Infographic representing key issues concerning future of data broken by country.
Quick Summary of Bill C-23
It is no secret that Canada and the United States have one of the most important trading relationships in the World. While the American presidential election has taken the spotlight in terms of politic news, ad of late, the Canadian federal government is proposing to rewrite Canada’s electoral laws. On June 17, 2016, the Minister of Public Safety and Emergency Preparedness introduced Bill C-23 “an Act respecting the preclearance of persons and goods in Canada and the United States” (to be known as the “Preclearance Act 2016″) in the House of Commons. The main purpose of the Agreement and Bill C-23 is to facilitate and expedite travel between Canada and the United States for goods and services.
Bill C-23 is intended to implement the Agreement on Land, Rail, Marine, and Air Transport Preclearance between the Government of Canada and the Government of the United States of America signed on March 16, 2015 (the “Agreement”). Part 1 of Bill C-23 authorizes United States customs officers to conduct preclearance in Canada of travelers and goods bound for the United States. Preclearance allows the inspection of goods and people before they leave the country of exit. Bill C-23 allows any traveler destined for the United States to revoke from the preclearance process, unless the traveler is detained under Part 1.Under the Bill, Canadian police officers and the officers of the Canada Border Services Agency are sanctioned to support United States preclearance officers in the upholding of their powers and performance of their duties and functions.
Part 2 of Bill C-23 speaks to the performance of Canadian preclearance officers in the United States. Bill C-23 specifies how the Immigration and Refugee Protection Act will apply to travelers bound for Canada who are in preclearance areas and preclearance perimeters in the United States. This spreads the claim of other Canadian legislation that relates to the entry of persons and importation of goods into Canada to those preclearance areas and preclearance perimeters. Bill C-23 allows a traveller bound for Canada to withdraw from the preclearance process, unless the traveller is detained.
Part 3 of Bill C-23 contains amendments to the Criminal Code.
Part 4 of Bill C-23 amends the Customs Act.
Some examples of implications the Bill include, high risk passengers being screened before being allowed to proceed. Goods are also x-rayed to identify risks. This preclearance is also to expand to other airports and land/rail/marine locations. The preclearance arrangements under this Bill, essentially increase the American customs presence in Canada. C-23 would give an agent posted at a U.S. airport the right to prevent the resident from boarding a flight to Canada. Under this Bill, with new powers to question, search and detain Canadian citizens, U.S.A border guards are able to erode the standing of Canadian permanent residents by threatening their automatic right to enter or leave Canada. This may be problematic, given new President, Trump’s promising of greater scrutiny of travelers coming into the USA.
The United States and Canada are crucial allies to one another. The United States and Canada must continue to work together to address terrorizations at the border as well as throughout the two countries, while expediting lawful cross-border trade and travel. Canada is the only country in the world with which the United States has signed a new Preclearance agreement that covers all modes of transportation across our shared border. To date, the Trudeau government has reinforced its support for the Agreement and is passing the necessary legislation to implement the Act. The Agreement can only enter into force once both countries have enacted the required implementing legislation (in Canada, Bill C-23).
To read more about Bill C-23, please visit: link to the bill
Dr. Hassan spoke at the digital conference of the future:
- The state of health care data protection
- Mobile health services and applications affected patient privacy
- Steps needed to protect your business’ data from cyber threats?
About Digital Hospital of the Future, Canada 2016
Digital Hospital of the Future, Canada 2016 brings to the forefront future challenges in healthcare, discuss emerging trends and reveal best practices in the digital landscape that have the potential to revolutionize how hospitals function and their healthcare capabilities.
Hear from healthcare thought leaders on a wide variety of topics including leading technology solutions such as mobile health, digital health, health informatics systems and big data strategies, reinforcing cyber security, conquering eHealth silos and interoperability in healthcare. Besides gaining expert perspectives on significant healthcare trends and practices, network with fellow healthcare professionals to exchange insights and engage in meaningful debate on digital health issues.
It’s time for a digital revolution – take your organization’s healthcare capabilities to the next level and be equipped to overcome the healthcare challenges of the future at the Digital Hospital of the Future, Canada 2016. Learn from healthcare leaders on how technology has transformed care delivery and drive your organization in the digital direction.
It is the digital age, and there is a new type of warfare. Cyberwarfare refers to the utilization of modern technologies and software to mount politically-motivated attacks against information systems; in the past, it has successfully brought down websites, networks, services, financial systems, data warehouses, and more. It is increasingly used by nation states, terrorists, extremist groups, “hacktivists,” and other criminal organizations as a method to create disruption or damage.
Politics and geopolitics has moved online. Many of the revolts and international headlines we read today involve some aspect of the web, whether directly or indirectly. Digital mediums can be used by the government to repress citizens in countries such as China and Saudi Arabia; it can organize and raise awareness for national or political uprisings, such as the case in the Arab Spring; it can be used to access and release confidential information, such as the case during the US presidential election. Cyberterrorism, cyberwarfare, and cyber espionage has become one of the most pressing national and international issues.
- Sochi Olympics, 2014: Athletes’ cell phones were compromised within minutes of landing at the airport
- Viber, WhatsApp, Twitter, and other apps are commonly used to locate terrorist targets in Syria. As a counterpoint, recruitment for terrorist groups such as ISIS is largely done online as well.
- Use of bots/humans to broadcast government agenda in Saudi Arabia, religious or government dissent has led to bloggers being flogged and sentenced to prison
- Kuwait enacted mandatory DNA collection from citizen to build a national genetic database
- China and Russia are actively working on their private internet
Trying to control the cyber landscape is near impossible. For instance, the sheer number of mobile applications designed for everything from communications to social media to fitness tracking make up a global marketplace that isn’t ready for innumerable threats. Individuals disclose their personal information across multiple platforms and apps that provide vastly different levels of privacy and security.
Governance Analysis is a logic-based, computer assisted framework for validating legal compliance of enterprise governance models. This framework is intended to help check whether governance systems are consistent with the law. My approach to Governance Analysis includes legal and enterprise models, a governance analysis method (GAM), a governance analysis language (GAL), and an implemented governance analysis tool (GAT) (see Publications). GAM consists in extracting legal requirements and translating them into GAL statements by using patterns and translating them into a logic model for consistency checking.
The GAM, GAL, and GAT evolved as a result of their application to governance laws related to privacy and financial management. The method’s main processes were validated through application to Canadian and US laws (mainly PIPEDA and Sarbanes-Oxley) combined with various examples taken from enterprise systems.
Governance Analysis begins with an extraction process, which uses patterns to match legal and enterprise requirements. Next, the representation process maps extracted requirements to GAL statements. The generation process takes as input GAL statements to generate a logic model, and the Alloy logic analyser is used to check legal consistency. Three legal compliance validation techniques can then be applied: model, ontology, and scenario checks (see What are the Methods for Validating Legal Compliance?). Model checks validate the combined legal and enterprise requirements for logical consistency; ontology checks validate the enterprise structure and process; and scenario checks validate enterprise scenarios.
These Governance Analysis techniques have proven to be useful not only for identifying conflicts between laws and enterprise governance models, but for identifying the specific scenarios in the enterprise which threaten legal compliance.
Recently I have been working on a formal framework for evaluating the maturity of de-identification services within an organization. The framework gauges the level of an organization’s readiness and experience with respect to de-identification, in terms of people, processes, technologies and consistent measurement practices.
The De-Identification Maturity Model (DMM) is used as a measurement tool and enables the enterprise to implement an empirically-based improvement strategy.
The DMM was published under the auspices of Privacy Analytics, a leader in de-identification technology solution delivery. Alternatively, the article can be downloaded from DMM Khaled El-Emam & Wael Hassan. Or download a one-page DMM Summary.
We have developed an enterprise reference model used to conceptualize enterprise elements. The model suggests three planes:
- Subject and role-grouping plane: In this plane, the subjects are grouped into roles. Roles reflect subject access rights into the processes and activities of the middle plane.
- Process and activity plane: Here, processes are organized in a hierarchy which includes activity graphs.
- Object plane or data plane: This is the plane of data object identifiers. Objects enclose data.
These three planes are connected by mapping from the subject plane to the process plane. Mapping represents a logical association usually indicating right of access, or operating on an object to complete the process. Our method will focus on the top two layers of the reference model, namely the subject and the process layers.
The layers can be described as follows:
The subject plane includes the user groups and their roles. In enterprise governance requirements, a user or a group of users (a role) can be the subject of legal requirements. For example, the privacy or financial officer is a role defined by laws such as PIPEDA and Sarbanes-Oxley (SOX). Role formations are not mandatory, but they are almost pervasive in enterprise definitions. There are numerous references in legal requirements to role groupings.
The process plane defines the process workflow. The process flow has the ability to implement process requirements, which are requirements that specify process compositions, in addition to precedence relations between activities. The process plane acts as the intermediary between the subject and object planes. It assists in mapping processes to the object layer. A mapping defines an explicit ‘reachability’ relation from users to activities and to objects. Semantically, a relation between an activity and an object means that the activity has access to an object. Given that there is a strict mapping between objects and activities, we shall consider access to an activity equivalent to object access.
The object plane consists of object references. These references can also refer to composite objects. Our method will focus on the top two layers of the reference model, namely, the subject and the process layers.
Consent Management in Ontario
Depending on the type of personal health information (PHI) involved, Ontarians can withdraw consent to the use and disclosure of their PHI by various health information networks.
- Calling Service Ontario allows you to:
Block access to all personal health information used in Ontario labs
- Calling Service Ontario – Ministry of Health Info-line, you can ask to:
Block access to the use of all personal health information:
- In the drugs database
- Related to a specific drug in the database
- Visiting an Ontario lab, you can ask to:
Block access to the use of all personal health information used:
- In Ontario labs
- In a specific lab order
- Sending a fax to the Drug Programs Branch allows you to:
Block access to all personal health information:
- In the Drugs Database
- Related to a particular prescription
- Related to a particular drug
- Any hospital, clinic, or independent healthcare practitioner should be able to give you a form that you can send to the Service Ontario Ministry of Health info-line.