The CIO Strategy Council published a new National Standard of Canada for third-party access to data last week, news that quickly got buried after Sidewalk Labs announced it was pulling the plug on its smart city project in Toronto.
And while the rest of the country argues over whether or not the project’s demise is good or bad for the country, the absence of such standards during the early planning stages of the project becomes increasingly evident in retrospect, according to Keith Jansa, executive director of the CIO Strategy Council.
“This is where standards become a very effective tool, because you have a consensus built across diverse interest groups, and you have that dialogue on a national level that effectively provides a high level of assurance that these minimum requirements benefit the businesses and individuals,” Jansa said.
A quick look at Waterfront Toronto’s initial request for proposal reveals next to zero mention of third-party to data or any mention of a set of standards interested applicants would have to adhere to. Meanwhile, Sidewalk Labs’ attempts to quell fears among the public when it came to protecting people’s information came in the form of an urban data trust, a concept that was eventually scrapped after pushback from privacy experts.
And while the project likely collapsed due to a number of reasons – Dan Doctoroff, Sidewalk Labs’ chief executive officer, published a blog post citing “unprecedented economic uncertainty” from the COVID-19 pandemic as the primary reason – a set of standards, such as the ones published by the CIO Strategy Council, could have helped Waterfront Toronto and Sidewalk Labs reach consensus on a number of items, including third-party access to data, much faster, Jansa explained.
“Whether you’re a public or private company, the government, a not-for-profit, the scope of these standards can be applied across all industries and across all the organizations,” he said, noting these guidelines help those organizations establish a strong baseline to combat the rising number of cyber and privacy threats.
EU confirms PIPEDA’s adequacy status under the GDPR
In a Report issued two weeks ago,[1] the European Commission advised that i…