Included in Trump’s reprehensible executive order “Enhancing Public Safety in the Interior of the United States” was this:
Sec. 14. Privacy Act. Agencies shall, to the extent consistent with applicable law, ensure that their privacy policies exclude persons who are not United States citizens or lawful permanent residents from the protections of the Privacy Act regarding personally identifiable information.
The Privacy Act covers personal information held by US Federal agencies. This would apply, for example, to information collected about Canadians entering the United States.
This should be attracting the wrath of the Canadian privacy commissioner and the Canadian government.
Given this attitude, we should be redoubling efforts to make sure our communications are encrypted.
Conventional wisdom has been that our data is just as safe in the US as Canada given that both countries have limits to protect privacy when it comes to law enforcement and government ability to dip into our information. But this cavalier attitude puts that into question, and it may be prudent for Canadian entities to keep their data in Canada to the extent possible. Where that isn’t practical, attempts should be taken (and assurances obtained from vendors) to encrypt that the data in a way that the provider doesn’t have access to it.