Evidence of meeting #38 for Access to Information, Privacy and Ethics in the 39th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was information.
A recording is available from Parliament.
4:50 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
Yes.
4:50 p.m.
Conservative
Mike Wallace Conservative Burlington, ON
Okay, I appreciate that.
I have a couple of questions on your recommendations here. I'm going to give you a real example. I intended to ask the Privacy Commissioner about this when she came back, because I didn't know what the rules actually were.
The first recommendation I have highlighted is on page 4, where you talk about “federal institutions to link personal records in computer systems only if the linkage would not reasonably be expected to harm individuals whose information is being disclosed”. Right now, if I understand you correctly, one department can tell another department that if they have information on me, they can give it to another department and there's nothing really stopping them from doing so. Is that correct?
4:50 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
Within the current legislative scheme, yes.
4:50 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
Well, there are guidelines with respect to that.
4:50 p.m.
Conservative
Mike Wallace Conservative Burlington, ON
So maybe you can help me with this. In round numbers, we have 60,000 people who are here illegally. We know where some 20,000 of them are; 40,000 we don't know. Many of them have SIN numbers and are paying taxes. They've been in my office in Burlington.
In the view of your organization, does the Government of Canada have the right to have the immigration department know where those people...? When people put their taxes in, their address is on their tax return, so CRA has it. Should the government be able to use that information from CRA to assist the officials in immigration and border security to be able to find those people, or would you consider that harming individuals if that information were disclosed? I'd like your opinion.
4:50 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
I'm absolutely confident that particular scenario didn't go before the committee that developed these recommendations. What we recommended was a framework so that the government departments in question, subject to oversight or consultation with the Privacy Commissioner, could make that particular decision.
4:50 p.m.
Conservative
Mike Wallace Conservative Burlington, ON
I'll ask the Privacy Commissioner that specific question when we see her again.
I hate to put you on the spot, but I'm trying to find out where the limits are in terms of whether there are limits or whether people are expecting limits. In my view, as the Government of Canada, if people are here and have been ordered to leave, they're here illegally, and we should work with whatever resources we have to fulfill those requirements for them to leave. For people who have come here legitimately, or are trying to get here, we should spend our time and resources making sure that happens.
My next question comes from part of the recommendations of the commissioner. Hers are slightly different, unless I'm reading it wrong, and that's why I'm asking you. On page 7, you ask about the PIAs, the development of any new programs and policies that involve the collection and use of data, that there should be an amendment to the Privacy Act requiring the bodies to do it. I think it's what she's recommending; I simply want to be sure. At present, there are policies around departments requiring them to do it. Do you believe it should be in the legislation as a legal requirement?
4:55 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
Yes.
4:55 p.m.
Conservative
Mike Wallace Conservative Burlington, ON
Are you aware of any situations or anything where the policy piece that Treasury Board has put out to all departments is not working? Do you know if it's not working?
4:55 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
The privacy impact assessment framework that has been put out by Treasury Board I think reflects a lot of thought that went into it, and I think there is no information to suggest that it's not being properly implemented. I think what this recommendation reflects is that it's a very important practice; it's a very important tool to understand the context and the consequences of any change in government programs, be it data matching, be it extending a program or otherwise, and to make it mandatory, much more so than simply a guideline. There's no accountability for not following a guideline, other than potential employment consequences.
So the issue, ultimately--particularly combined with the ability for the courts to enforce it and to order it--is to make sure that these things do take place.
4:55 p.m.
Liberal
The Chair Liberal Paul Szabo
Thank you.
I have Mr. Nadeau, followed by Mr. Van Kesteren and Mr. Martin.
4:55 p.m.
Bloc
Richard Nadeau Bloc Gatineau, QC
Thank you, Mr. Chairman.
Good afternoon, gentlemen.
The commissioner's sixth recommendation deals with the power to reject or drop a case. What is your opinion on that? Do you think that such a power should be granted?
4:55 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
We have recommended, in concurrence with the Office of the Privacy Commissioner of Canada, that in the event it is reasonably considered that it would not ultimately be advantageous to take a question or inquiry to a full investigation and ultimately to a report, the Privacy Commissioner have the ability, once she has made that determination, to end the process there.
I don't expect it would be used very often; it would only be in those explicit cases. But it would ensure that the attention of the investigators and analysts was focused appropriately on the right cases, rather than perhaps following a formalistic process in those cases where it's not going to result in any real advantage for the individual.
4:55 p.m.
Bloc
Richard Nadeau Bloc Gatineau, QC
Witnesses who came before the committee did have some reservations. Is this something that happens often at this point? Should certain mechanisms be changed or improved to allow for that, while ensuring that those who file complaints do not feel that their rights have been violated?
4:55 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
There are similar provisions. In my own experience and understanding, courts are asked from time to time to consider somebody as a vexatious litigant, so they are not able to file complaints, lawsuits, or other process with the court, except with the permission of the chief justice. They are simply seen to have been abusive to the court process. It's that same sort of mechanism.
I do not have--and I do not believe our committee considered--actual statistics on what the commissioner considered to be the number of inquiries or questions that were put into that category, but I expect it would be a reasonably small number.
4:55 p.m.
Bloc
Richard Nadeau Bloc Gatineau, QC
I would like to move on to something else.
Regarding coordination with foreign countries seeking information, we met with representatives from CSIS and the RCMP. We could not explore all aspects of the issue because our time was limited. There is something that bothers me a bit. CSIS and the RCMP are two separate silos. Either one can deal with a request from within Canada or a foreign department without the other knowing it.
Do you think that some things would need to be looked at more closely? I do not know if this is the correct term, but people talk about data matching. Would it be important to make sure that the left hand knows what the right hand is doing with respect to a given case?
5 p.m.
Chair, National Criminal Justice Section, Canadian Bar Association
I hesitate, because I certainly don't want to speak on behalf of either agency. They will be pleased. But the mandates are separate, so it is entirely conceivable to me that there will be instances in which each is working with a foreign country advancing their individual mandates in a way that is not coordinated with one another.
As to what extent there should be better information-sharing or coordination between them, I think representatives of either of those agencies might best address that type of question.
5 p.m.
Bloc
Richard Nadeau Bloc Gatineau, QC
I would have thought that you would have an opinion on this issue since they told us that independence is what it is for each of the entities. The whole issue of national security... Without being an expert in this field, it seems to me that it is unusual that two important institutions do not know that they are each dealing with the same country on a given file.
We would like to improve this act. According to your recommendations, which changes are the most urgent and would result in improvement, given that we may not be able to do everything all at once? Are there any aspects that require a change like the one we had yesterday, compared to others that may be implemented over time? Would it be acceptable to prioritize some aspects of your recommendations?
5 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
You'll notice in our submission that we didn't rank them or say that this one was more important than the other. Without having asked the question to the group that put together the report and consulted with the members of the subsections involved in its production, I would hesitate to say what would be the highest priorities.
We have identified and concur with the Privacy Commissioner that at least the ten recommendations she put forward are important and should be addressed now. We have identified, in particular, two additional ones that bear close thinking. It would be a shame to open up the Privacy Act for review without having at least made an attempt to implement these twelve recommendations to the extent possible.
I hesitate to make a guess or purport to speak on behalf of my colleagues.
June 3rd, 2008 / 5 p.m.
Conservative
Dave Van Kesteren Conservative Chatham-Kent—Essex, ON
Thank you, Chair.
Thank you both for coming. We really appreciate your being here. I think you bring a whole lot of knowledge to the table.
Just very quickly, your recommendation on page 4 talks about harm to individuals, but who would deem it to be harmful? Who would have the responsibility to deem what is harmful? Is that something the courts would do?
5 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
What we are looking at is a situation with privacy legislation where you're trying to anticipate and put in place rules that are going to be applied—or hopefully are going to be applied—in a huge diversity of circumstances. So almost by necessity, there has to be language that talks about principles rather than rules. It's not necessarily a yes or no, but of looking at the totality of the circumstance and asking, is this reasonable or is this not? Ultimately we're trying to come up with an objective standard, which would likely be would a reasonable person consider the result of this project, or the possible likely result of this project, to be harmful. Ultimately, the courts do step in and take that role.
5:05 p.m.
Conservative
Dave Van Kesteren Conservative Chatham-Kent—Essex, ON
Page 6: I'm a little bit worried about that recommendation. There seems to be a problem with inmates, and I'm a little afraid that this particular recommendation would worsen that problem. That's just a personal observation.
I think the recommendation on page 11 is good. I think that's necessary.
Page 12: when we get to the final list of recommendations, I begin take issue. I really don't care if foreign governments have my information. Mr. Fraser, you said somebody would ask, “Why are they collecting this information?” and the answer would be, “Because they can”. The question then was, “How can I make them stop?” Why?
What are worried about if we don't have anything to hide? I'll tell you why I'm leaning towards this. I had an interesting chat with a criminologist. I know Mr. Martin would quickly bring out Mr. Arar's case, but that was a case where we had just had 9/11, and we made a bad judgment call. I'm wondering, don't we correct that?
Getting back to the criminologist, the biggest challenge to law enforcers today are criminal elements. It's the criminal elements who use these. I'm not being judgmental, but I want a balance here. I would think if you were drafting up something you'd probably be representing mostly criminal elements when you talk about people who are concerned about privacy. If you were a criminal, you'd want to have laws that would enable you to win your case. Do you understand what I'm saying?
I'm not being judgmental. I'm not saying you're being cynical. I'm just wondering if that's not what we're doing, if we're not protecting the criminal even further. It's so difficult now for law enforcement agencies. It's so difficult for governments to handle terrorist groups. Why would we want to make it that much more difficult?
5:05 p.m.
Treasurer, National Privacy and Access Law Section, Canadian Bar Association
Your question had a number of elements. I would like to break them down.
With respect to things that happened after 9/11 and our correcting them as we move on, we believe that this is part of this correction. I'll try to address the balance of your question.
Ultimately, this is about trying to find a balance. We're in a different world, security-wise, than we were a little while ago. We're in a different world, technology-wise, than we were a while ago. This affects both the common way that individuals communicate and the way that people who want to evade being intercepted communicate. And this in turn affects the investigative tools that law enforcement have at their disposal.
We're not looking at dramatically altering the balance. It's not up to the Privacy Act to determine the proper balance with respect to law enforcement and private laws. This comes under the Charter. We're looking at putting in place a framework that deals with the reality that we're living in an age of identity theft, where the more information that an organization has about somebody, the more safeguards they have to implement to prevent the greater harm of accidental disclosure of that information. So there are protections with respect to that.