Thursday, July 3, 2014

Privacy vs. FOI

We had long ago entered an age, a new age if you wish, of data or information collection. Not only is information collected it is shared for all kinds of reasons. This sharing of information is on all levels of government and business, and the word sharing is used to calm one about the process. After all as children it had been imbedded in our brains that sharing is a good thing, mind you at times that may be true. Though too often the sharing really only covers for the act of selling, and selling does always infer the exchange of monetary consideration.

As society evolved it became apparent that information, particularly personal information must be safeguarded in some fashion. The result of this realisation was the birth of the Freedom of Information and Protection of Privacy Act (R.S.O. 1090. c.F.31), commonly abbreviated to FIPPA. Its history began with a request by Ontario's Attorney General to convene the Williams Commission in 1977 with a mandate to report on public information policies of the Government of Ontario. The Williams Commission presented its report in August 1980. Eventually Bill 34 was introduced in July 1985, resulting in the Act coming into effect on January 1st 1988.

Information gathering had progressed dramatically since 1988 to where we are today. There are those who will claim that nothing is private anymore, and that may be true. Governments face issues of security and demand the need of a greater net to gather all kinds of information. Businesses on the other hand faces competition at a level unheard of even in 1988 justifying their demands on the need of information.

In Ontario there is the Information and Privacy Commissioner with a base mandate to decipher the difference between the need of information and the wanting of it for various cloudy reasons. Ann Cavoukian, Ph.D developed Privacy by Design in the 90's, a concept she herself describes as “to address the ever-growing and systemic effects of Information and Communications Technologies, and of large-scale networked data systems.”

Dr. Cavoukian further developed the 7 Foundational Principles. Of the seven, number one is headlined as Proactive not Reactive, Preventative not Remedial, and it states - “The Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred – it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.”

Further in Principle number two, Privacy as the Default Setting, it states, “No action is required on the part of the individual to protect their privacy – it is built into the system, by default.” All of these principles and PhD language sound convincing, if we were some 200 hundred years in the future where IT systems ran everything and Arnold Schwarzenegger was not needed to say “I'll be back.” Sadly today's reality has one spanner in the works, and that is humanity, leaving one hell of a question for Dr. Ann Cavoukian. How do all these 7 Foundational Principles work in the hands of human beings who are not “embedded” in their “design and architecture”?

It is time to present three detailed breaches of FIPPA and the wonderfully articulated Foundational Principles requesting comment from Dr. Ann Cavoukian. As comment is not expected each is being presented separately in an official capacity to the Privacy Commissioner of Ontario, Ann Cavoukian, PhD. for requests for investigation.



In the Niagara Region of Ontario, the Regional Municipality of Niagara has an Information and Privacy Analyst, Matthew Trennum, who even has a short biography listed on the Privacy by Design site. It states that “Matthew Trennum is the Information and Privacy Analyst with the Access & Privacy Unit at Niagara Region. Working in the dual role, Matthew is responsible for coordinating the formal freedom of information request process, and working to ensure corporate compliance with the privacy policy and the privacy breach management protocol.” Sounds somewhat impressive, it further claims that Trennum had worked to train over 1500 staff in privacy protection, “and has helped put Niagara Region on the map when it comes to privacy in the municipal public sector.”

Now what happens to FIPPA and the PbD Foundational Principles if it can be shown that Matthew Trennum the expert in “privacy breach management protocol” had lied? Matthew Trennum is not an IT system, and no “defaults” can be “embedded” in his “design and architecture.” Yet facts and evidence as provided are both alarming and needing investigation.




On August 22nd 2002 a Mr. Preston Haskell had sent an email to a Janet Pilon, former Regional Clerk at Niagara Region, requesting details surrounding an issue of pollution. Ms. Pilon referred this request to Matthew Trennum. The following day Trennum responded to Mr. Haskell suggesting that a freedom of information request be filed by Mr. Haskell. By mid-September the response from Matthew Trennum included this opening statement, “I have conducted a search for information, and have a few responsive records for you in this request. These are emails and water tests from storm water on the site.” This email was followed up with another by Matthew Trennum to Mr. Preston Haskell on September 19th 2012. In it Trennum says “As I informed you yesterday, the records that you have requested are available once we receive your $5.00 application fee. If you wish to mail us a cheque, please provide me with your return address so I can send these records to you by courier.”




These two emails were clear from Matthew Trennum to Mr. Haskell. Trennum had located the records requested and only wanted a $5.00 fee and an application requesting them. In fact by September 19th 2012, Trennum was happy to just have the $5.00 fee. He clearly states, “...so I can send these records to you by courier.” No misinterpretations can be made here in what Matthew Trennum said in writing to Preston Haskell.

Fast forward to March 19th 2014 some 18 months later. Here a request application was filled out and the $5.00 fee paid. The FOI request was for the same information as made by Preston Haskell in August 2012. Mr. Haskell requested information on what tests were done on the soil and water, who had done the tests, what were the results and where was the soil dumped. The March 2014 application had the $5.00 paid up front and the request for information related to who did the testing, what were the results of the tests on soil and water, and where was the soil dumped.




Both the August 2012 request and March 2014 request were for the same records and information. September 2012 Trennum said, “the records that you have requested are available...” and, “...so I can send these records to you...”. On April 17th 2014 this was the response by Matthew Trennum, “Please be advised that no records have been found.” Matthew Trennum the guy who “has helped put the Niagara Region on the map...” (privacybydesign.ca) has LIED! The only question is who did Trennum lie to?

Matthew Trennum lied, that is proven, but who to and why now is the real question. Both the requests centred on a serious environmental issue and the lies by Trennum have serious repercussions. Why did Matthew Trennum lie? Who instructed Trennum to lie? Why was the lie necessary? What was the real story behind the contamination on that land? More and more questions and no answers. Maybe Trennum would be willing to shed some light on this polluted trail of evidence.

As someone who has worked “to ensure corporate compliance protocol,” Trennum is painted as an expert. Now evidence is revealed that proves Trennum lied regarding an FOI request. Yet that is not all, there is more to question Trennum on.

On June 6th 2014 a letter was sent by Matthew Trennum advising me that a freedom of information request had been received by the Niagara Region. Mind you that means Trennum received the request as the Privacy by Design website states in his short bio: “Matthew is responsible for coordinating the formal freedom of information request process.” This request as described in the letter by Trennum dated June 6th 2014 is specific, as all requests for FOI have to be. Someone had requested a copy of an email I had sent to Regional Chair Gary Burroughs, the date of my email is quoted and the subject matter.

My response on June 9th was clear. First of all I objected the release of anything relating to my email to Gary Burroughs. Secondly, I raised a more alarming issue of a breach of privacy legislation at region. I also requested to have the individual who made the request identified. Matthew Trennum sent this as a reply, “Unfortunately, I am unable to inform you who made the request. Nor do I know whether the requester has any direct knowledge of the existence of an email.”

It has been proven with direct evidence that Matthew Trennum is willing to lie even in writing. Here in this situation he says that “I am unable to inform you who made the request...,” does this mean Trennum is not willing to or simply that he claims he does not know the identity of the individual? For this request to have been made a request form and $5.00 application fee was required. Who can forget the fiasco between Mr. Haskell and Trennum. The request form requires the details of the individual who is making the request. In addition to those details the request form requires information in order to be processed, it states in a box “Detailed description of requested records.”



Here lies the breach of legislation, how was that individual able to know of an email sent directly to the Regional Chair Gary Burroughs? In his reply of June 9th Trennum states, “Nor do I know whether the requester has any direct knowledge of the existence of an email.” Yet the original letter sent by Trennum June 6th clearly states that an FOI request was received “for the following records.” It then describes clearly the request was for my email sent on a specific date, who it was sent to and the subject.

Matthew Trennum has set the stage for more deceit and more intentional misconceptions. Who is Trennum covering up for? My email was sent directly to Regional Chair Gary Burroughs. Whoever made this request, whether it was Mayor Brian McMullan or Regional Councillor Debbie Zimmerman, it has not been established. Whoever it was, that individual had been provided with direct details in breach of legislation. It is impossible to avoid one question now. As it was Regional Chair Gary Burroughs who received the email and not anyone else, when and who did Gary Burroughs exchange this information with, and for what possible gain?

All Freedom of Information (FOI) requests are required to have specific and detailed information, the letter of June 6th by Trennum clearly and specifically states the request was my email to Regional Chair Gary Burroughs. Yet Trennum only days later lies that he doesn't know if “the requester has any direct knowledge of the existence of an email.”

Breaches of law and legislation at Niagara's regional government are far from surprising. Yet look at the bio for Matthew Trennum on how he has “put Niagara Region on the map,” the only question now is what that map really leads to.

Another entity, which is part of the Regional Municipality of Niagara, Niagara Regional Housing is under investigation for breaching the whistleblower legislation. Matthew Trennum, Privacy analyst at the Region lied to cover-up details over a heavily contaminated brownfield development site. Now the same privacy analyst who boasts that he has taught or trained some 1500 staff on privacy protection covers up the breach of legislation with the FOI request. One doesn't need a GPS to decipher the direction Niagara Region is heading towards.

It is time for Dr. Ann Cavoukian as the Information & Privacy Commissioner to look at a situation where embedding and design together with architecture are simple human weaknesses. In this situation all the theory of function and privacy protection become worthless.  Privacy has been sold the same way as pork bellies, and if analogies of maps are still required then simply follow the directions as set out here.


Send comments to: demtruth@gmail.com

No comments:

Post a Comment