Discussion paper 1: what we heard

Summary

Learn about the Ontario Data Strategy consultation sessions on promoting public trust and confidence in the data economy. Read about what we asked, our findings, who participated and our next steps. 

On this page

  1. What we asked
  2. What we heard
  3. Who participated
  4. What happens next

Data Strategy consultation

From July 24, 2019 to September 6, 2019, we asked for your comments, online and in person, on our discussion paper about promoting public trust and confidence in the data economy. We held three in-person roundtable consultations in Toronto: 

Wednesday, July 24, 2019 
Stakeholder session hosted by the Council of Canadian Innovators
1:00 - 3:00 p.m.
Attendees: 16 senior executives from leading Ontario-based tech firms    

Thursday, July 25, 2019
Stakeholder session hosted by the Brookfield Institute for Innovation and Entrepreneurship
9:00 - 11:30 a.m.
Attendees: 41 representatives from civil society, academia and industry     

Wednesday, July 31
Public session hosted by Ryerson University
6:30 - 8:30 p.m.
Attendees: 82 participants from the general public (attendees self-identified as members of the public, civil society, academic institutions and industry)

What we asked  

In-person

At each roundtable consultation, government staff gave an overview of Ontario’s Data Strategy and our first discussion paper. Then we facilitated conversations where participants discussed our questions. 

At the stakeholder roundtables, we asked participants how:

  • data has changed their organization, business or institution
  • they are managing threats, risks and harms associated with the use of data 
  • the government may be able to help them manage opportunities and risks associated with the data economy

At the public roundtable, we asked participants: 

  • what their top concerns are about data, and why
  • where and how they learn about protecting their data
  • to provide early input on how the government can help create economic benefits in the data economy and enable a more data-driven government

Online

We asked participants on the online platform (EngageON) to: 

  • share their views on the first discussion paper and the data strategy 
  • tell us what ‘data rights’ mean to them

What we heard

We used the feedback that we collected from the stakeholder roundtables, public roundtables and online participant submissions to analyze the responses to our questions.  

We coded all comments according to themes, including data rights and data monetization. We tallied results to determine what themes people mentioned the most often. 

Findings

Below is a list of our findings about the most frequently mentioned themes, in descending order.

Ontarians want to be better informed about data rights and risks 

Many participants expressed a need for better public education about:

  • data privacy (when and how personal data should be kept private)  
  • data rights (when and how personal data should be collected, used and shared as well as when and how Ontarians can agree or decline to share personal data) 

Participants recommended: 

  • teaching data and digital literacy in schools, particularly to younger students
  • on the job training for employees to better understand and manage data-related threats
  • creating a single, trusted source of information about data and digital literacy

Participants raised concerns about barriers that companies and organizations face when they want to train their staff on data protection. These include:

  • lack of buy-in from senior corporate leadership
  • lack of capacity and resources to deliver training
  • lack of recognition for data protection knowledge and skills acquired by employees outside formal training settings
Ontarians want stronger protections for their personal data 

Many participants called on government to update or amend current provincial privacy laws to increase data privacy and security, in response to new and emerging threats, risks and harms.

Specifically, participants asked government to help ensure: 

  • greater transparency about how the personal data of Ontarians is used and shared by businesses
  • greater transparency about the monetary value that businesses derive from Ontarians’ personal data  
  • the creation of standards for meaningful, informed consent when data is collected, used or shared
  • clearer accountability for businesses that do not meet existing requirements to protect Ontarians’ personal data

Participants noted that the cost for businesses or organizations to comply with personal data protection requirements should be reasonable. 

As a result, the government should assess the potential financial impacts of any new policies, regulations or legislation to minimize compliance burdens for businesses.  

Protecting data privacy should be a competitive advantage for businesses in Ontario, not a burden

Participants noted that businesses’ efforts to protect Ontarians’ data privacy should be a selling point, not an obstacle. 

Companies that proactively protect customers’ personal data should not lose ground to global competitors that offer less rigorous protection.  

Participants recommended that government take steps to:

  • understand what businesses are already doing to protect Ontarians’ data (for example, through data security measures and data de-identification processes) 
  • implement data protection standards for businesses in Ontario that are adaptable, and that integrate with the standards of other jurisdictions
  • grow Ontario’s cybersecurity talent pool, so businesses have access to data protection skills and knowledge that are currently in short supply
Ontario’s people and businesses fear growing cyberthreats and data breaches 

Many participants raised concerns about the overwhelming number of data breaches and data-related crimes being reported in the news. 

At an individual level, participants:

  • voiced concern about health data breaches and the risk of private patient information being identified
  • expressed low awareness about the measures they can take to protect or recover data in the face of growing breaches
  • asked for greater transparency about the financial cost of data breaches

At the level of businesses and organizations, participants noted that:

  • after a breach, reputational risks for companies or organizations are high 
  • smaller entities may not have adequate resources or capacity to recover from data breaches
  • employee negligence is still a risk, even when strong cybersecurity infrastructure is in place to prevent breaches

Who participated

During the roundtables, we heard from over 130 stakeholders who represented a wide range of perspectives and organizations. This included participants from industry, government and non-profit sectors. 

What happens next

As we develop Ontario’s Data Strategy, we will use the findings from this consultation to guide our policy process. We will continue to hold in-person roundtables and online consultation sessions.

To inform these conversations, we will release two more discussion papers. We have released our second discussion paper about creating economic benefits in the data economy and will be accepting comments on that paper until October 9, 2019. We will release our third and final discussion paper in October on the topic of better, smarter and more efficient government.  

Sign up for our newsletter to get updates and be included in future consultations.