Michael Geist thinks the Department of Justice attempts to get Google to hand over vast quatities of search data should begin to alert us to the risks and rewards of data retention.
"One of the biggest risks associated with data retention comes not from requests that proceed through the legal system, but from security vulnerabilities that puts sensitive data into the hands of hackers. Last year, more than 50 million people in North America received notifications that their personal information had been placed at risk due to a security breach.
Policy makers worldwide have scarcely begun to reconcile the risks and rewards of data retention. In the immediate aftermath of the Google issue, at least one U.S. politician has called for new legislation to set limits on data retention and establishes a positive obligation to destroy data under certain circumstances. In Europe, the debate has centered on mandating data retention to assist law enforcement.
While Canadian privacy law establishes general obligations on data retention and destruction, there are few clear legal obligations to either retain or destroy information. In light of recent events, it is time to search for some solutions. "