Useful parallel concepts do exist in copyright laws, which protect original works; in patent laws, which protect proprietary rights in inventions; and in the Criminal Code, which creates the offence of theft of some intangibles, such as of telecommunications time. The proof of the civil wrong, or the offence under those laws, is difficult, but not impossible. Proof of the offence which I have proposed may be as difficult; however, difficulty of proof does not necessarily mean that an offence cannot be properly defined or successfully prosecuted.

Such an offence would make inappropriate or undesirable data linkage illegal, regardless of the device used. The effect would be that individuals would be able to inform themselves and weigh the consequences of giving personal information in return for benefits and services, and they would be able to set conditions appropriate to their specific needs, unless the requirement to give the information was legislated. Because it is as easy to modify information as it is to appropriate it, and the modification might cause more harm than the simple taking of the data, the proposed offence would make such modification illegal.

There is a saying in business: "If it ain't broken, why fix it?" I tend to agree, but the offence, if enacted, should be a deterrent to those with access to personal information, whether they are faced with a casual, or accidental opportunity to misuse personal data, or are engaged in espionage. The severity of the sanctions for offenders would, of course, vary with the motive of the person who breaks the law. Presumably, the courts would deal with youthful pranksters in a manner analogous to the way they deal with those who engage in "joy-riding", and with deliberate intruders, who acquire, sell, or use personal data without authority, in the way they deal with people who commit other offences against persons or property. Because the possible motives for, and the consequence of misuse of data may vary greatly, it will probably be necessary to provide for prosecution, both by way of summary proceedings and by indictment.

To prohibit behaviour does not automatically cause it to disappear, and the enactment of the suggested offence would not solve all problems related to the use of the Social Insurance Number, or of other personal data. It should increase public aware- ness of the entitlement of others to some informational privacy and, if the Criminal Code were to provide penalties for certain uses of data, preventive security measures would probably be taken by those who collect, store, or use personal data. If there were sanctions in the Criminal Code, it is also possible that the courts would find negligence under common law, or faute under civil law, if reasonable measures were not taken to prevent the commission of a crime.

It is, of course, also possible that those who collect personal data may insist on release clauses to protect against being charged with such an offence. If individuals choose to provide information in spite of a wide-open release clause, the protection would still apply in respect of dishonest acts of persons other than the beneficiary of the release, but a strong consumer lobby would be necessary to ensure a proper balance between private and organizational rights.

The proposal for an offence against the privacy of another has some additional advantages, in that it would, if included in the Criminal Code, apply to everyone in both the public and private sectors, and to both provincial and federal spheres of authority. It does not interfere with provincial laws, such as, for example, those protecting credit information. If necessary, governments would still be able to establish data commissions to control or protect data, and license collectors of personal data within their respective jurisdictions. In addition, the creation of a criminal offence would employ an established mechanism for enforcement; no new legislation or regulation is required to establish procedures, and no new bureaucracy appears necessary. Finally, barring unforeseen new inventions, the offence would still be a workable concept in a cashless, paperless society, where individuals carry their own data on their so-called smart card.

But we need more than a new criminal offence; an educational program is necessary to enlist the help of individuals to ensure that their own records are up to date and correct. If records containing personal information are inaccurate or out of date, they are useless, and may damage the individual concerned. They may be dangerous. Yet, few people care to check their own records; few seem concerned with the incredible growth in our ability to collect, store, transmit and process information. Few seem concerned with the imminent arrival of the so-called information society, where all records are maintained electronically.

Fair information practices in both the public and the private sectors will become essential. The right of access, the right to seek correction and to complain, must be provided to the individuals concerned. When the collectors of information know that each individual has the right of access, the collectors act more responsibly and fairly. When the authors of reports know that their reports may not be kept confidential, language becomes cautious, derogatory assessments will be supported by examples, or the examples only will be cited, leaving the reader to make up his or her own mind.

In the new information society, everything can be recorded, transmitted and memorized. Nothing disappears with time. What human frailty and laziness provided in the past, laws protecting privacy, and public vigilance must provide for the future. Information which is electronically recorded can be stored in ever- decreasing spaces. It can be retrieved by any identifier that is part of the data. It can be processed and manipulated in whatever way the programmers can imagine. It can be passed around the globe in five seconds, and it need never be destroyed. That is awesome.