Information & Ethics Committee on June 3rd, 2008

Thanks, Mr. Chair.

I read it into the minutes last time. Should I do that again?

Yes, please.

Circulated back on May 29—

Point of order, Mr. Chair.

I understand the procedure you have set out. I don't, quite frankly, understand it or where you got your authority to do that.

However, if Mr. Hubbard makes his motion—and you're obviously allowing him to do that—and you rule that motion out of order, and you are challenged, we will be obliged to proceed with this today unless there is unanimous agreement that we don't proceed today. If that's the case, I trust you will be explaining to our guests why you have brought them this long distance to hear a motion they have nothing to do with.

I hear you, and this is—

I think you're dead wrong in doing what you're doing, sir. I don't know where you have the authority to do what you're doing. In fact, that might be a good start: you can tell me where you got the authority to do what you're doing on this issue, particularly when initially I got a notice on Thursday, I guess it was, or maybe it was Friday, that we were going to be hearing the representatives from the Canadian Bar Association.

I then got another notice that at 5:30 today we were going to be dealing with Mr. Hubbard's motion. I then got another saying that this thing has been cancelled, and now, out of the blue today, when we arrive, we're dealing with it. It's just a continuation of a bizarre series of events of the ethics committee.

Okay. Let me see if I can respond, just so everybody knows.

At the last meeting, as we were debating the prior motion of Mr. Martin, it appeared to me very late in the meeting that that matter was not going to be completed. I was also very well aware that we had scheduled witnesses who had to travel here, and I requested that the clerk give notice of another meeting, at the call of the chair, to continue the committee business.

As it turned out, we did in fact complete that item. I forgot to tell the clerk not to call that meeting. He followed his instructions; it was my mistake. But I don't want the members to feel there are any other things. I have already indicated to Mr. Hiebert that unless the committee agrees otherwise, our meetings are as regularly scheduled, 3:30 to 5:30 Tuesdays and Thursdays, until the committee decides otherwise.

In regard to this matter, I understand that once we get started and should we get into the situation you described, the committee can give its consent to say that in the best interests of all, and our witnesses, we should hear from them today—they're here, they've travelled here—and that there is a logical point at which we may suspend the proceedings or the debate on the matter before us, to be continued at the point where we left off, at our next meeting when we have a little bit more time to deal with it.

That is my proposal to the committee. If the committee wishes to do otherwise, I will certainly entertain any proposals. But in the meantime, I would ask Mr. Hubbard to move his motion.

Mr. Chair, thank you.

I move that the Standing Committee on Access to Information, Privacy and Ethics investigate the actions of the Conservative Party of Canada during the 2006 election, in relation to which Elections Canada has refused to reimburse Conservative candidates for certain election campaign expenses, in order to determine if these actions meet the ethical standards expected of public office holders.

Mr. Chair, I'd like to thank you for ensuring that it's on our agenda today. I was disappointed on the last day that we didn't deal with it. I thought it would be a quick vote by the committee. I certainly don't want our witnesses not to be heard today.

I'm sure there's widespread support across Parliament and across the country to attempt to resolve this issue as soon possible. It's been brought up in the House on a number of occasions. I recommend that we look at it and vote on it. But if it's a matter for debate, I think we should hear from the witnesses.

Okay.

I have spent some time in consultation on this matter and I am prepared to rule on the admissibility of the motion.

I don't have to explain to members that the matter relates to an issue in which Elections Canada has found that a political party engaged in some practice that Elections Canada claims was an attempt to circumvent the national advertising spending limits of the party and that a number of candidates were recruited to participate in those actions.

You may recall that the mandates of committees are under section 108 in the Standing Orders. Indeed, our specific mandate is laid out in Standing Order 108(3)(h), subparagraphs (i) to (vi). As with the Mulroney–Schreiber case, subparagraph 108(3)(h)(vi) states that our mandate would include “the proposing, promoting, monitoring and assessing of initiatives which relate to...ethical standards relating to public office holders”. That's extremely important, and it's one of the reasons I wanted to be careful about this. As members know, public office holders are cabinet ministers, secretaries of state, and parliamentary secretaries, as well as Governor in Council appointees, of which there are some 1,200 or 1,300.

The motion before us ultimately asks us to determine whether these actions as alleged or described by Elections Canada and the actions of public office holders related to this meet the ethical standards expected of public office holders.

The question I had to wrestle with, colleagues, was that at the time of the election, there were candidates; there were no public office holders involved. However, once the election was over, the government formed, and public office holders appointed--ministers, etc., and parliamentary secretaries--one further action took place: the filing of election expenses returns by all candidates who ran in that election. Therefore, there was a formal obligation under the Canada Elections Act to file a return and to make all necessary declarations in accordance with the law.

In this matter, 67 candidates who participated were identified by Elections Canada. Of those, 17 became members of Parliament. They were elected. Of the 17, 10 are currently or at the time had been public office holders.

The four parliamentary secretaries are the Parliamentary Secretary for Canadian Heritage, the Parliamentary Secretary to the Minister of Natural Resources, the Parliamentary Secretary to the Prime Minister and for Status of Women, and the Parliamentary Secretary to the Minister of Labour.

The ministers or secretaries of state who were named by Elections Canada include the Minister of Public Safety; the Secretary of State and Chief Government Whip; the Minister of Transport; the Minister of Canadian Heritage; the former foreign affairs minister; and the Secretary of State for Agriculture.

Colleagues, this motion and our mandate can only relate to public office holders. You will find the code on the Ethics Commissioner's website. It's a 34-page document that, pursuant to the Parliament of Canada Act, must be provided by the Prime Minister.

I want to just cite a couple of quotations from this document. One is a comment from the Prime Minister:

Our government must uphold the public trust to the highest possible standard, and this responsibility falls uniquely on all public office holders, beginning with Ministers.

Under the objectives and principles of the Conflict of Interest and Post-Employment Code for Public Office Holders, under “Ethical Standards”, it states that:

Public office holders shall act with honesty and uphold the highest ethical standards so that public confidence and trust in the integrity, objectivity and impartiality of government are conserved and enhanced.

As well, under the caption “Public Scrutiny”, it requires that

Public office holders have an obligation to perform their official duties and arrange their private affairs in a manner that will bear the closest public scrutiny, an obligation that is not fully discharged by simply acting within the law.

I also note that there is a compliance obligation, in addition to specific compliance, that required measures provide that “the Ethics Commissioner may impose any compliance measure, including divestment or recusal, in respect of any matter or asset”, liabilities, and so on. This relates to conflict of interest. It would appear to me that conflict of interest is not what we're talking about in this matter. But it does provide a model when there is an issue such as a subsequent event.

It also says, under section 9, that within 60 days after appointment, a confidential report is required. A further report is required 120 days after appointment. The report shall include a description of all outside activities in which the public office holders were engaged during the two years prior to assuming office. It also must report all their assets and direct and contingent liabilities. I stress the contingent liabilities, because as you know, under the Canada Elections Act, when a candidate is an official candidate, the surplus or deficit is the responsibility of the candidate, not the party and not a riding association, and so on. In fact, the full disposition and responsibility are the responsibility of the candidate.

As a consequence, depending on the circumstances of an individual candidate, there may be some implications with regard to how this matter with Elections Canada is resolved by the courts and how it impacts persons. There may be some consequences to certain persons, depending on how that ruling comes out.

Finally, paragraph 15, which is related to outside activities, affirms that “Public office holders' participation in activities outside their official duties and responsibilities is often in the public interest”. It goes on to list prohibited activities and so on.

Now, having said that, colleagues, it would appear that there are issues of public interest here. There is no question that public office holders are involved in terms of filing their obligations under the Canada Elections Act and in terms of claiming expenses that relate to the matter Elections Canada has alleged and on which it has ruled, which is now being challenged in court, as you know. I won't elaborate any further.

So the question of interest, as I see it, can involve such things as whether the public office holders knew or ought to have known that their actions in regard to this matter may have been in violation of the Canada Elections Act and whether the conflict of interest code appropriately handles this kind of matter. We know that it handles conflict of interest. It certainly does not specifically deal with an alleged infringement of other acts of Canada, such as the Canada Elections Act, and whether that would require reporting disclosure and possible recusal of any parties involved in such a matter on votes or debate, pending the resolution of the matter. This is not specifically clear. An item the committee may want to consider is whether there should be amendments to the conflict of interest code.

We don't want to impugn any member or party in this matter. This is a very serious matter. But there is also the matter of whether or not there are any actions the public office holders should have met or may have met to meet ethical standards that are expected of them.

It may involve an assessment of whether or not due diligence was taken by them and by others who are jointly responsible for their elections return, whether or not they exercised a duty to make necessary inquiries of officials, experts, or Elections Canada, seeking rulings on matters that may have been in question, and whether or not there was an obligation or duty to report to the Ethics Commissioner and maybe even recuse themselves pending the resolution of the matter.

Also, as I indicated, under section 8 of the code there is a confidential report--

Point of order, Chair.

Just a minute. I'm going to finish. I'm just now finishing.

A point of order. Recuse themselves from what, exactly?

In the conflict of interest, recuse themselves from the matter with regard to voting or debating, participating in debate on that matter.

On what matter?

In the code, under conflict of interest.

I didn't know there had been a vote on this matter.

In the code under conflict of interest.

Has there been a vote on this matter?

No, that is the code.

Okay, but there has been no vote on the matter.

This is a bit.... Let me finish. I've got only a couple more sentences.

I'm curious as to what they're supposed to recuse themselves from.

I'll take your questions, but let me finish.

Again, there is a matter for consideration of the requirements under section 8 of the code, the confidential report, where there are subsequent events that involve a public office holder that may have some bearing on the assessment of whether or not they have met the highest ethical standards, which has been asked for by the Prime Minister in this document that he is required to submit under the Parliament of Canada Act.

Accordingly, it would appear that this matter warrants consideration from an ethical perspective on standards, duties, and obligations. Accordingly, I rule that the motion is in order.

Chair, you didn't answer the question I posed to you.

Okay. Mr. Poilievre, you had a question, sir?

You said that this had to do with a recusal from this issue, from votes related to this issue, and I didn't know there was a vote on this issue anywhere.

Are you talking about the current issue in front of Elections Canada?

Cited in the motion, yes.

The motion? No. The recusal I was referring to was the recusal that may be imposed on a public office holder in the event that they report a matter on which there may be a conflict of interest. The consequences would be that a member shall not participate in any debate or any votes, as you could understand, on a matter of conflict of interest.

I raise the point from the standpoint that if there is another statute of Canada under which there is an alleged infringement, there may be a reporting requirement and the commissioner may, parallel to how they handle conflicts of interest, require a recusal of that member on matters relating to the item they reported.

I give that simply as an example of some items that I found very interesting in reading this. I should also indicate--

Sorry, Chair, I simply have no idea what that has to do with this case at all. It seems to me that you have rambled through a lot of documents that were prepared for you that have absolutely nothing--

No, sir.

--to do with the question at hand.

Order, please.

I'm sorry. We're into debate. This is not a point of order.

I'm asking you a question.

And I've made a ruling that the motion is in order. Mr. Hubbard's motion is in order.

Point of order.

Now, point of order, Mr....

Can you clarify? You said earlier that we would be moving to the witnesses at this point. Is that the intention?

Well, okay.

I have a point of order.

No, no. I'm sorry. The member has rights. He has asked for a point of order, and I want to hear from Mr. Tilson.

Mr. Chairman, I want the record to show that you made a ruling without allowing members of this committee to debate whether this motion was in order or not in order. I can assure you that members on this side would be arguing very strenuously that this motion is out of order.

You never gave us a chance to do that. You simply went willy-nilly with your ruling without giving us a chance to speak. Accordingly, Mr. Chair, I would challenge your ruling.

The decision of the chair that the motion is in order has been challenged by Mr. Tilson. It is not debatable. I must put the question immediately.

(Ruling of the chair sustained)

The chair is sustained.

Do we want to move to our witnesses?

And I agree.

If I may, in respect to Mr. Tilson, if I were to allow everybody to debate admissibility, we'd be going for days. I made a ruling. There is still going to be a debate on this thing.

Mr. Chairman, how dare you say that?

It's exactly the way we handled it with the Mulroney-Schreiber issue. The first thing I did was rule on admissibility.

Sir, that is absolute nonsense. If we want to argue one way or the other, we have the right to argue. You can't just cut us off like that.

When are we going to deal with this item?

At the next meeting.

Can I ask you to review something before you bring it back to us at the next meeting?

I'd like to know if this motion would be in order if the court case with Elections Canada were to find in favour of the Conservative Party and it is determined that no ethical standards were violated, that we did everything legally, the party did everything legally, the individuals were legal. Would this motion not be out of order if the Elections Canada court case with the Conservative Party of Canada were resolved and the Conservative Party of Canada won that case? Would that not throw this out?

On a point of order, Mr. Chair, I don't think you should engage in discussing the ratio decidendi of your decision, and what was obiter and what's real. This isn't Larry King or The Situation Room, where you're asked to decide the fine points of your ruling. Your ruling is your ruling.

What if the moon were made of cheese? Would you change your decision? It's silly. Don't answer it.

Colleagues, I hear you.

You took a long time to explain why you made the decision. I'm asking you for your thought pattern on that.

First of all, the chair is not obligated to explain to you, on your question, or to others. Let me indicate that the motion is asking us to determine whether the actions meet the ethical standards expected of public office holders, but it's not simply that issue. It's whether or not the nature of the item is properly reflected in the Standing Orders and in the code with regard to obligations. This is like an example. It's not the specifics of it, but rather an example of whether there are standards.

In any event, we have witnesses. From the Canadian Bar Association we have Mr. Gregory DelBigio, chair of the national criminal justice section; and Mr. David Fraser, treasurer, national privacy and access law section.

Welcome, gentlemen.

I apologize for the delay. It was important that we get that matter out of the way.

We know we have until 5:30 or maybe a little longer, if the members are into it, to engage you on matters of importance.

As you know, we're dealing with the Privacy Act. It's not necessarily a comprehensive review, but we're certainly focusing ourselves, as you're probably aware, on some of the so-called quick fixes that may allow us to improve the situation to some extent while consideration is being given to a more comprehensive review of the act.

I welcome you. I understand you have a brief opening statement, and I will ask you to start now.

Thank you very much, gentlemen.

We have a number of members who would like to engage you in some questions.

We're going to begin with Mr. Murphy, Madame Lavallée, Mr. Martin, and Mr. Hiebert.

I want to thank you for being here today.

I'm a refugee from another committee that isn't actually sitting these days, the justice committee, but I'm happy to be here. Forgive me if I'm not as au courant with everything that's going on that this committee obviously has studied over the last year or so.

If I can take you to your brief, pages 9 and 10, with respect to notification of security breaches, David, I just want to get this straight. I think the gist of the third paragraph on page 9 is that there are now no legislated guidelines for notification. In the last paragraph, you say, or at least I'll say, it's too bad the commissioner did not recommend or have an explicit recommendation for a parallel statutory breach notification, mimicking a bit what PIPEDA had done.

The OPC's response, at the top of page 11, is that “It is the view of the OPC that these requirements should be incorporated into the act itself”—that is, the Treasury Board guidelines.

Do I understand that the OPC has said the Treasury Board guidelines should be incorporated into the act, but you would like to suggest that the considerations that are in PIPEDA for notification also be made part of the act, and it's unfortunate that the OPC did not specifically say that?

Is that clear?

Since you brought it up, what's a trivial breach?

I know there are a couple of highly publicized and sometimes inadvertent breaches with respect to health records. I can think of my own province of New Brunswick; it happened. Or passport information. I think we are on common ground that those are not trivial.

Let's not get into what trivial is, but on those we can agree that there should be some legislative requirement to notify someone that their privacy has been breached. We're on common ground here with that.

I'm trying to figure out what is the higher standard. Is it the Treasury Board guidelines as they exist under the Privacy Act? They're not law, but they're guidelines if they're followed. They're moral law, if you like. Or is it the discussion that's surrounding what there will be for PIPEDA?

I can think of one set of hearings we had in which the tax information of a particular witness was very much at issue, and we were unable to discuss the sensitivity of it in any detail—but that may come another day.

Finally—this is more philosophical, and I can see it going both ways and want your brief opinion on it—for government to work, there has to be some disclosure of personal information. I can think of no instance where, in the private sector, they have to have information. If you want the privilege of getting a loan, you have to give information; that's fine, but I can think of no forced reason for it. Government is a little different.

On the other hand, our government is in a fiduciary relationship with us, so the care must be higher. Given that the government has to have some information but the relationship is much more a fiduciary one, I wonder whether the balance is that it should be the same standard as for the private sector, as is contemplated in PIPEDA, or do you think it should be held to a higher standard of notification?

Just in hindsight, do you think there should be different centres within government?

I'm sorry, Mr. Murphy. I really have to manage the clock here to be fair to all.

Madame Lavallée, allez, s'il vous plaît.

Thank you very much, Mr. Chairman.

I want to come back to the recommendations as a whole. If I understand correctly, you took the commissioner's recommendations and commented on them. If I understand correctly, you agree with the ten recommendations, but you have added another one, which deals with notification.

Have you added any others?

You may be right, but I can't find the recommendation dealing with notification.

I for one have not seen it. It was not included in any of the 10 recommendations.

So you would put that in as recommendation number 11.

The commissioner numbered them.

So you are making that recommendation in addition to the ones already presented. Some witnesses have made other recommendations. I would like your opinion on, among other things, the commissioner's quasi-judicial power to make orders.

The commissioner said that she did not need that power in order to do her work. But some witnesses have indicated that no one would take a commissioner seriously that did not have the power to make recommendations or act as an ombudsman.

I am sorry, but I do not understand. You say that you have not looked at whether the commissioner herself should have order-making power. You also say that a body outside the commissioner's office should be able to require individuals, officials or federal institutions to comply with the act.

We are having a bit of difficulty.

Thank you.

You talked earlier about notification regarding situations where there were potential violations or disclosure of personal information. If I remember correctly, the committee's recommendation was that businesses would be required to notify the commissioner in those types of situation under the Personal Information Protection and Electronic Documents Act. The commissioner would decide whether the people concerned would be notified. It might be good to add that possibility, after all.

Thank you.

Mr. Martin, please.

Thank you, Mr. Chair.

Thank you to both of the witnesses. It's been very interesting.

I don't know if I fully understand Brian's comments that the Privacy Act should have the same duty of notification provisions as PIPEDA. One of the big flaws of PIPEDA is that it doesn't have the duty of notification, and when our committee studied it we recommended unanimously to the government that it should have duty of notification. But when the government reacted to our report, tabled in Parliament, they said clearly the government is not interested in putting duty of notification into PIPEDA. So I don't think we're any closer to having that duty put into statute at all, which is really worrisome to me, because a lot of Canadians would be horrified to know or would want to know if their personal information was compromised in the private sector or the public sector.

The PIPEDA report was just tabled in Parliament today by the Privacy Commissioner. You might want to get a copy of that. It talks about the TJX case, where personal information and 94 million debit card and credit card numbers were compromised in that one violation alone. There were 94 million--they weren't all Canadians--people from around the world, I guess. This is worrisome to me, and I think the Privacy Act should have a rigid duty of notification.

The cross-border sharing of information is of great concern to us. I want to thank you for bringing your input into this, and specifically citing the Maher Arar case as a graphic illustration of what can go wrong and has gone wrong.

Is there anything more you can tell us about the Canadian Bar Association's views on this? Or would you like to speak a little more on the subject of how we might prevent another Maher Arar incident?

That's very well put.

With what little time we have left, you've led me to another thought. This committee wrestled with section 7. Paragraph 7.1(e), I believe, of the national security legislation essentially gives the government the right to deputize others to intrude into a person's private information. One of the examples used was that a government couldn't open up a worker's locker without a warrant, but they could have the employer do it and pass that information along to them, if they have a third party do an end run around your rights to privacy through the national security legislation.

Do you know what section I'm getting at here?

Yes, that's it exactly. It's somewhere in there. That's right. It was in the context of the long review of PIPEDA that we did. I guess the law association has made representation, perhaps, on that clause in the past, and you're aware of the point I'm raising. Would you care to expand on that?

That's interesting.

Mr. Hiebert, please. You're up again.

Thank you, Mr. Chair.

A number of questions come to mind.

One thing that the Privacy Commissioner mentioned was that a lot of complaints--in fact, the single largest source of complaints--her office receives are from inmates in Canadian correctional services, and she felt that many of these were frivolous or vexatious.

While I'm sure there are certain complaints from inmates that are legitimate, it does seem strange that so many of them are coming from that area, a much higher number than from any other area.

Mr. DelBigio, since you have some background as a defence attorney, can you explain to the committee why there are so many complaints coming from this area? What are they used for? Why would this be the case?

Mr. Fraser, do you have any idea why this is happening?

So I guess either of you would be in a position to help us figure out how to address this concern.

On page 11, under section F, which is dealing with recommendation number 6, you suggest that the Privacy Act should be amended to authorize the commissioner not to prepare a report in specified circumstances. What kinds of circumstances are you contemplating?

Right. You're saying the commissioner would have the opportunity to say this particular complaint is frivolous or vexatious and it's not in the public interest, but at the same time, that individual who made the complaint could then appeal that decision to the Federal Court. Is that not your recommendation number 2?

So an individual would not have the opportunity to appeal to the Federal Court if they disagreed with the Privacy Commissioner.

The chair is telling me that my time is limited, and I have an additional question. So I'll leave that discussion aside for a moment.

Dealing with recommendation 9, on page 12, section H, the five-year statutory review, you suggest, without any explanation, that this committee review this legislation every five years. Now, you may or may not be aware, but we haven't reviewed this legislation in 25 years, and it's not likely that there would be a desire to do it as often as you suggest.

I'm wondering if you could help us understand why you think the time and expense would be necessary to review it every five years, keeping in mind that we understand that with PIPEDA things change frequently in the marketplace, and there's certainly a need to review that every five years. But with respect to this legislation and the less frequent change in how the public interacts with the government, what would be the value in reviewing it so often? Would it not suffice to do it less frequently?

This is why I'm so glad we're taking the time to review this at this present time. And I hope we're not derailed.

Mr. Hubbard, please.

Thank you.

First of all, I'm very pleased with your submission. It really goes number for number with the various recommendations the Privacy Commissioner has made.

As practising lawyers, have you had any direct interventions on behalf of your own clients with the Privacy Commissioner or her office?

If you go back to 1982, have you had clients that said they were having trouble under the Privacy Act and you dealt with the privacy commission on their behalf?

One group that probably avails themselves more of this act than others would be the 300,000 people who work for the public service. Those who apply for jobs within the public service can apply under the Privacy Act to find out why they weren't promoted, why they didn't get certain jobs, why they weren't hired. From that point of view, I think that every manager has to be very much concerned with what he or she does with data in terms of working with people.

Do public servants have a fair showing in terms of privacy legislation, going back to 1982? You see soldiers who say “I didn't get my sergeant's rank”, or “I didn't get my promotion to major”, or “Someone has written a bad report on me, and I would like to get a copy of that report”.

I do know that many federal institutions are reluctant to provide the complete details on particular individuals when they request that information. With the present act and the changes we're talking about here, will it in any way enhance the ability, or will it be a further problem to managers within the public service? If a job is open and ten people apply, only one person gets it and there are six people who are dissatisfied, how big an operation are we involved with in terms of the privacy legislation?

Thank you.

Paul, am I done?

Yes, you are, sir. Right on time.

Mr. Wallace, please.

Thank you, Mr. Chair.

Thank you, gentlemen, for coming.

Mr. Fraser, in your private practice, what kind of law do you practise?

Okay, thank you.

If I heard you correctly, if you had your choice from an organizational point of view and you were giving us advice, instead of what the committee has sort of framed itself around thus far, the organization that you represent would have liked us to do a much more thorough review of the act, clause by clause or whatever you want to call it, since it has never really been reviewed to that extent since its inception. Is that correct?

Okay, I appreciate that.

I have a couple of questions on your recommendations here. I'm going to give you a real example. I intended to ask the Privacy Commissioner about this when she came back, because I didn't know what the rules actually were.

The first recommendation I have highlighted is on page 4, where you talk about “federal institutions to link personal records in computer systems only if the linkage would not reasonably be expected to harm individuals whose information is being disclosed”. Right now, if I understand you correctly, one department can tell another department that if they have information on me, they can give it to another department and there's nothing really stopping them from doing so. Is that correct?

Is there an exception of some sort?

So maybe you can help me with this. In round numbers, we have 60,000 people who are here illegally. We know where some 20,000 of them are; 40,000 we don't know. Many of them have SIN numbers and are paying taxes. They've been in my office in Burlington.

In the view of your organization, does the Government of Canada have the right to have the immigration department know where those people...? When people put their taxes in, their address is on their tax return, so CRA has it. Should the government be able to use that information from CRA to assist the officials in immigration and border security to be able to find those people, or would you consider that harming individuals if that information were disclosed? I'd like your opinion.

I'll ask the Privacy Commissioner that specific question when we see her again.

I hate to put you on the spot, but I'm trying to find out where the limits are in terms of whether there are limits or whether people are expecting limits. In my view, as the Government of Canada, if people are here and have been ordered to leave, they're here illegally, and we should work with whatever resources we have to fulfill those requirements for them to leave. For people who have come here legitimately, or are trying to get here, we should spend our time and resources making sure that happens.

My next question comes from part of the recommendations of the commissioner. Hers are slightly different, unless I'm reading it wrong, and that's why I'm asking you. On page 7, you ask about the PIAs, the development of any new programs and policies that involve the collection and use of data, that there should be an amendment to the Privacy Act requiring the bodies to do it. I think it's what she's recommending; I simply want to be sure. At present, there are policies around departments requiring them to do it. Do you believe it should be in the legislation as a legal requirement?

Are you aware of any situations or anything where the policy piece that Treasury Board has put out to all departments is not working? Do you know if it's not working?

Thank you.

I have Mr. Nadeau, followed by Mr. Van Kesteren and Mr. Martin.

Thank you, Mr. Chairman.

Good afternoon, gentlemen.

The commissioner's sixth recommendation deals with the power to reject or drop a case. What is your opinion on that? Do you think that such a power should be granted?

Witnesses who came before the committee did have some reservations. Is this something that happens often at this point? Should certain mechanisms be changed or improved to allow for that, while ensuring that those who file complaints do not feel that their rights have been violated?

I would like to move on to something else.

Regarding coordination with foreign countries seeking information, we met with representatives from CSIS and the RCMP. We could not explore all aspects of the issue because our time was limited. There is something that bothers me a bit. CSIS and the RCMP are two separate silos. Either one can deal with a request from within Canada or a foreign department without the other knowing it.

Do you think that some things would need to be looked at more closely? I do not know if this is the correct term, but people talk about data matching. Would it be important to make sure that the left hand knows what the right hand is doing with respect to a given case?

I would have thought that you would have an opinion on this issue since they told us that independence is what it is for each of the entities. The whole issue of national security... Without being an expert in this field, it seems to me that it is unusual that two important institutions do not know that they are each dealing with the same country on a given file.

We would like to improve this act. According to your recommendations, which changes are the most urgent and would result in improvement, given that we may not be able to do everything all at once? Are there any aspects that require a change like the one we had yesterday, compared to others that may be implemented over time? Would it be acceptable to prioritize some aspects of your recommendations?

Mr. Van Kesteren.

Thank you, Chair.

Thank you both for coming. We really appreciate your being here. I think you bring a whole lot of knowledge to the table.

Just very quickly, your recommendation on page 4 talks about harm to individuals, but who would deem it to be harmful? Who would have the responsibility to deem what is harmful? Is that something the courts would do?

Page 6: I'm a little bit worried about that recommendation. There seems to be a problem with inmates, and I'm a little afraid that this particular recommendation would worsen that problem. That's just a personal observation.

I think the recommendation on page 11 is good. I think that's necessary.

Page 12: when we get to the final list of recommendations, I begin take issue. I really don't care if foreign governments have my information. Mr. Fraser, you said somebody would ask, “Why are they collecting this information?” and the answer would be, “Because they can”. The question then was, “How can I make them stop?” Why?

What are worried about if we don't have anything to hide? I'll tell you why I'm leaning towards this. I had an interesting chat with a criminologist. I know Mr. Martin would quickly bring out Mr. Arar's case, but that was a case where we had just had 9/11, and we made a bad judgment call. I'm wondering, don't we correct that?

Getting back to the criminologist, the biggest challenge to law enforcers today are criminal elements. It's the criminal elements who use these. I'm not being judgmental, but I want a balance here. I would think if you were drafting up something you'd probably be representing mostly criminal elements when you talk about people who are concerned about privacy. If you were a criminal, you'd want to have laws that would enable you to win your case. Do you understand what I'm saying?

I'm not being judgmental. I'm not saying you're being cynical. I'm just wondering if that's not what we're doing, if we're not protecting the criminal even further. It's so difficult now for law enforcement agencies. It's so difficult for governments to handle terrorist groups. Why would we want to make it that much more difficult?

Good questions.

Mr. Martin.

I don't have much more to add, other than that I'm enjoying reading some of the background that you've given us regarding data matching.

The one example I'd like to run by you is similar to what Mr. Wallace cited as an example. We found this one worrisome. The federal government knew that 300,000 senior citizens were eligible for the guaranteed income supplement but had never applied for it. They knew this by virtue of their income tax returns.

We asked the officials, if they knew these people were eligible, and they knew they were in need, because they had to be really low income to be eligible, why they didn't just tell them that they qualified for another $12,000 a year. Their answer was that it would be a violation of the right to privacy to use income information for any purpose other than assessing taxes on their income.

Does that jibe, does it seem plausible? Given what you know about the Privacy Act, was the government acting properly in not using their income tax information for any purpose other than income tax?

But Brian Mulroney says it's safer.

Is that right? I know that's not what we're here to talk about, but you mean under the Income Tax Act, if you did report income from illegal sources, Revenue Canada couldn't use that against you to turn you in, as it were? They wouldn't know, though.

There are mechanisms, of course, disclosing...money laundering and stuff like that.

As another example, the border guards turned in a carload of people who were on EI, employment insurance. When these people were coming back into Canada, having gone for a day trip to the States, the border guards somehow learned they were on EI and turned them in. You're not allowed to travel out of the country while you're supposed to be actively looking for work in this country. Wouldn't that be a violation of these people's right to privacy?

So that's not contravening your right to privacy as a Canadian citizen, if I choose to break the law.... I don't think I'm going to go any further down this.... I'm on dangerous territory, I agree.

Is that an example that brings us back to where I started--that's what you call data matching, computer matching?

What specifically was wrong with the RCMP database that the Privacy Commissioner felt compelled to make a special report to Parliament that they had compiled this massive database?

I'm sure it's available to us.

I think your time has expired. If you wish to speak again, you can, but we'll go now to Mr. Murphy.

Thank you, Mr. Vice-Chair.

I want to get back to this standard review of public-private. I may be fixated on this health issue, but records that were gathered by a public agency were sent to a private company for a process, and I suspect this might happen more and more as governments try to find ways to deliver services more economically.

I'm not starting a diatribe totally against the whole public-private partnership thing, but there has to be an understanding of whether this was a public function or a private function. I live in the world of examples, unfortunately, but when you have a public agency that gathers the information and gives it to a private company.... Back to my question a while ago, do you think there should be any different standard, and whose breach is it?

Would a contract for the service delivery not impose on the private service deliverer the same obligations as the parent—the government—has?

This leads me to another question about crown corporations. A number of MPs are fighting battles with the Canadian Border Services Agency with respect to reports on customs services at airports and so on. That is again too example-specific, but the scope of either the Privacy Act or PIPEDA toward crown corporations leaves them in a sort of no man's land sometimes. Are they explicitly covered by the Privacy Act, or are they occasionally covered by PIPEDA? Is there a gap there?

Do you see any problem with setting up the Canadian equivalent of a centre for disease control as they have it in the United States? Obviously it is very well publicized. In Canada it is patchwork: this hospital reports its outbreak of flu, or whatever. Do you see these two acts prohibiting that sort of setup because of the confidential nature of...?

I didn't know that.

Thank you very much.

We have Mr. Hiebert, Mr. Wallace, and Madame Lavallée.

We'll do our best, Madame Lavallée. We'll see how these other fellows do.

I would be pleased to do so if there is some time remaining. If not, that is allright.

Mr. Hiebert.

Thank you, Mr. Chair.

You talked in your earlier comments about the importance of foreign countries providing written, formal, detailed, and public documents under the agreements we have with other countries. We had CSIS and the RCMP here, and they made the statement that sometimes you simply can't do that. Sometimes these countries won't agree to having public documents or written documents. Sometimes it's simply not timely: the nature of the potential emergency or concern is such that you can't go through an iterative process of negotiation and drafting and that sort of thing.

How would you respond to those concerns? Your recommendation is that their worst fear would become reality: that they would have to have written, formal, detailed, and public documents with foreign countries.

I understand your point. I think the point they're trying to make is that the vast majority of nations in the world do not have privacy legislation like we have or anything comparable, so there would be numerous examples of countries that might just throw up their hands and say “Sorry, we're not interested.” Then when you have to debate whether we fulfill the Privacy Act or whether we protect and secure Canadian citizens, it's not a difficult debate in their minds. So I think there is more discussion that needs to happen on that front.

I want to draw to your attention—and perhaps you're not familiar with this particular decision—that there was a case, Murdoch v. Canada, specifically the RCMP, in 2005, where the RCMP wrongfully disclosed personal information about an individual to their employer. Mr. Murdoch took this case to court, and the court found that the Privacy Act did not allow for Mr. Murdoch to claim damages for this breach of privacy.

Do your recommendations suggest that individuals like Mr. Murdoch should have an opportunity to seek damages under these circumstances?

So you're not suggesting that it be incorporated into the changes, that there be an opportunity for Canadians, where they felt it necessary, to find redress from the courts. I know it's not in your recommendations, but in addition, your own thoughts are not that we should have such an amendment?

Fair enough.

Mr. Chair, I'll pass the balance of my time to the next member.

You have no time.

Mr. Wallace.

Thank you, Vice-Chair.

I'm happy to share with Madame Lavallée if there are a few minutes left.

When I first got here, I moved a private member's bill to deal with a database for missing persons. There isn't one that exists federally. There is some semblance of that provincially. There are some provincial jurisdiction issues.

One of the things that surprised me was that there were privacy issues, in a sense, around those who didn't want to be found and have gone missing because they're hiding from an abusive relationship, for example. But for the vast majority.... As an example, there's an individual right now in Hamilton who is pushing hard that she has DNA of a missing son that could be used to maybe find him. Otherwise you have to rely on information or go to different morgues across the country to see if the individual might be there, and so on and so forth.

It doesn't solve all the problems, but my question to you today would be, based on the Privacy Act, since you have some experience with it, and these recommendations that you have in front of me, do you foresee that they would in any way hinder my goal of adding a missing persons database to what is there already?

As you know, there's a database for criminals, sex offenders and a number of others. I want to have a more positive database that individuals can access if they have DNA of individuals who are missing.

Do you foresee, from the association's point of view or any of these recommendations, that there are any issues dealing with that concept?

I'll give you an example. Let's say my daughter goes missing. The rule of thumb is that most missing people are found within a few days or a few months. Then what you'd call missing long term is after a year. One way or another, 80% are found within the year.

Let's say I have a brush with my daughter's hair in it. I want to take it to the RCMP for the missing persons database. I want them to do a DNA analysis of my daughter's hair. If my daughter is found at a crime scene, or in a farmer's field, or in a morgue, I'd like to be notified so that I can put closure to my family's tragedy.

There are some issues here. For instance, men or women can leave abusive relationships and assume different names and so on and so forth. So if the person is found alive--this is in my bill--they have to give permission to the person who's been looking for them. But if the person who has been found is deceased, the family members are notified.

Does your organization have any view on that? Does anything you're recommending in here on the Privacy Act--I know this will have to be a quick review--affect that at all, do you think?

Thank you.

I'll share whatever time I have left with Madame Lavallée.

Well, we can see the clock. You have not much time.

Sorry.

Do I have one or two minutes?

Two minutes.

Allright. I had some one, two and three-minute questions. I'm going to choose a question that will take only one minute.

In your brief, you did not refer whatsoever to the destruction of personal information. The current act does not say much about this issue. Section 6(3) is the only place where reference is made to the destruction of information. It reads as follows:

(3) A government institution shall dispose of personal information under the control of the institution in accordance with the regulations and in accordance with any directives or guidelines issued by the designated minister in relation to the disposal of that information.

I did not consult the English version, but in the French version, the word "retrait" is used. I find it odd that this word is used in the French version in order to refer to the destruction of information. Not much reference is made to this issue and there is no obligation, as is the case in the Personal Information Protection and Electronic Documents Act, to ensure that documents are destroyed in accordance with the rules. A great deal of information is leaked when it is being destroyed.

What are your comments on this issue?

Thank you very much, sir.

The Canadian Bar Association has done well. We always appreciate the representatives who come and give us their wisdom, and you two are no exception. Thank you very much for coming.

The meeting is adjourned until Thursday at 3:30 in this room.