With the increasing development and usage of precision agriculture and technological advances in the agriculture industry, farmers are experiencing huge increases in productivity, efficiency and profitability. These innovations include the industry’s development of software applications to manage farm data, sensors on implements, drones, precision machinery and GPS technology, to name a few.
With this rise in technology use in the ag industry, the security and privacy of farmers’ data and personal information has become a hot-button issue. Farmers are increasingly being asked to complete customer questionnaires, sign data usage contracts, agree to various software applications’ terms of service, and provide more information to their suppliers and manufacturers.
Hand-in-hand with this rise in disclosure requests, farmers recognize there can be negative consequences in having so much information floating around. This begs the question, “What are you doing with my information?”
Read Also
ReinCloud 3 app offers improvements for irrigators
Compared to previous versions, the new version of Reinke’s ReinCloud is billed as more intuitive, allowing irrigators to flow more data-driven information into their water management.
Are you prepared to answer this question?
As agronomists and agrologists, collecting more information about a particular grower can provide numerous benefits. In addition to strengthening the farmer-agronomist relationship, the more information and farm data you have on a specific grower, the better-quality advice and crop recommendations you can provide.
However, by possessing a farmer’s personal information you have automatically imposed on yourself legal responsibilities concerning collecting, protecting, storing and using a farmer’s data and personal information.
A high-level overview of these legal obligations is discussed below.
The primary piece of data protection legislation for private businesses in Canada is the Personal Information Protection and Electronic Documents Act (PIPEDA). Although this act does not explicitly address agricultural data, it applies to the collection, use, disclosure and retention of personal information in the context of the agriculture industry.
“Personal information” can mean any factual or subjective information, recorded or not, about an identifiable individual. Examples include a farmer’s name, address, date of birth, phone number, email address, driver’s license number, bank account number, financial institution name and credit card information. This is sensitive information that could be used by cyber criminals to perpetrate identity theft.
LISTEN: The Cyber-Savvy Farmer
Given the highly sensitive nature of this information, PIPEDA requires you to communicate your purpose for the data you are collecting and to obtain consent from the farmer before it is collected. PIPEDA also requires that you take steps to protect all personal information (regardless of how it is stored) against loss, theft, or any unauthorized access, disclosure, copying, use or modification.
If the personal information you collect is intended to be shared with third parties or ag industry partners, you must obtain the farmer’s specific consent to use their information for this purpose. You must also ensure that those third parties and industry partners comply with the same legal terms and conditions you initially presented to the farmer in terms of processing, sharing and retention of data collected.
If the requirements under PIPEDA sound strict, that is because they are. You are being entrusted with sensitive information.
Non-compliance with PIPEDA can result in serious consequences for businesses, including fines of up to $100,000 per violation, in addition to the reputational damage due to the negative publicity associated with said violations.
To help keep you on-side of PIPEDA, we have compiled a few tips and recommendations that can help minimize your potential liability:
Understand your obligations
The first step in protecting customer data is learning about your responsibilities. While reading this article is a start, this is only the tip of the iceberg.
Familiarize yourself with applicable data protection laws and regulations in your industry. PIPEDA is not great bedside reading material, but there are numerous articles summarizing a business’s data protection responsibilities on the web.
Consider having clients sign a data license agreement
Farmers must know why you’re collecting their information, what you will do with it, and how you will protect it. Providing a brief legal agreement for your clients to review and sign can be a valuable tool to ensure they understand your data protection processes.
A “data license agreement” is a legal contract that can play an important role in informing your clients about your business’s data processing practices and informs clients of the collection, use, safeguarding and sharing of their information.
It is critical that such legal documents be written in simple language that is easy to understand.
Keep your software up-to-date and password-protected
Technology such as mobile devices and laptops are in regular use in the ag industry to store farmers’ data. At the same time, security risks are heightened. To avoid breaches such as ransomware, which locks owners out of their data, you should install protection software, maintain strong passwords and do frequent data backups.
Constant software update notifications may seem annoying, but updates are a cybersecurity best practice. These updates typically involve security patches and other modifications that make it harder for hackers to break into your system. Cybercriminals are often searching for businesses that don’t have their software up to date — avoid becoming an attractive target by keeping your software updated.
Further, if you have a WiFi network for your workplace, make sure it is secure, password-protected, encrypted and hidden. To hide your WiFi network, set up your wireless access point or router so it does not broadcast the network name.
Properly dispose of information you no longer need
Once you determine that you no longer need to store some personal information — for example, when a business relationship ends — it is important to ensure that such personal information is properly deleted. Further, when disposing of old computers and portable storage devices, use software to securely erase data. Such software is inexpensive and can provide better results by overwriting the entire hard drive so that the files are no longer recoverable.
As is typical with legal guidance, the above practices may seem like overkill, and in some cases it is. However, just like insurance, having the above precautions in place can provide peace of mind to both you and your growers, and can help reduce your business’s potential legal liability if there is ever a privacy breach.
As the agriculture industry continues to adopt new technologies, and as data security becomes a major theme in all industries, the protection of personal information and farm data will continue to become increasingly important.
