Evidence of meeting #34 for Access to Information, Privacy and Ethics in the 41st Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was audit.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

  • Jennifer Stoddart  Privacy Commissioner, Office of the Privacy Commissioner of Canada
  • Chantal Bernier  Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada

11:40 a.m.

Conservative

Brad Butt Mississauga—Streetsville, ON

The second area—if I still have some time, Mr. Chair—I want to quickly touch on is PIPEDA and the parliamentary review that I guess will be taking place imminently.

I remember back before I got to this place, when I was the president of the Greater Toronto Apartment Association. We actually helped our members develop a standard privacy template because they were collecting personal information on their tenants living in apartment buildings.

I'm quite familiar with the rules around PIPEDA and some of the pros and cons of that, and obviously some of the administrative difficulties that does create for some private sector companies that are collecting personal information.

How are you preparing for that review? Do we have any timelines as to how we're relooking at that and what role either Parliament needs to play or what role you are simply playing within your own office to deal with the whole protection of privacy and electronic documents act?

11:40 a.m.

Privacy Commissioner, Office of the Privacy Commissioner of Canada

Jennifer Stoddart

We have been preparing for the next PIPEDA review for the last three years. We will have completed our final positions, I'd say, by this summer, so I am very interested in your question. I'm really hoping that Parliament will look into PIPEDA. The last review was in 2006, I believe, by this committee.

We are, I guess, a little past due to look at PIPEDA again. We've had some major work done by some law professors. We have complementary work done. We have a lot of developments that have happened in organizations that are like ours in other countries, things coming out of the United States, out of Europe, and so on that I think should inform a review of PIPEDA now. So we're looking forward to that.

11:40 a.m.

Conservative

Brad Butt Mississauga—Streetsville, ON

Okay.

Is that it, Mr. Chair, or do I have more time?

11:40 a.m.

NDP

The Chair Pierre-Luc Dusseault

Mr. Butt, you have a minute and a half remaining.

11:40 a.m.

Conservative

Brad Butt Mississauga—Streetsville, ON

Have you identified any specific areas around PIPEDA that you would be recommending be improved in the legislation, changed, deleted? Are you at that stage yet, where you have semi-ideas around what you might be recommending to us should there be a formal review of the legislation?

11:40 a.m.

Privacy Commissioner, Office of the Privacy Commissioner of Canada

Jennifer Stoddart

Yes, certainly we're looking at enforcement issues. There are some technical issues that have come up in previous work, but certainly enforcement is a major topic for consideration, because as you know now, there's an investigation, and if the alleged victim, the complainant, consents and the case is not resolved, we can go to the Federal Court.

In the Federal Court there are no statutory damages, and this differs from the privacy regimes now in comparable countries. People who have suffered some harm in the Ontario Court of Appeal spoke to this recently in a case. There should be some recognition of the harm they've suffered.

Strengthening the enforcement regime, I would think, would be something that should be considered at this point. There has to be some kind of sanction, on the one hand, for companies that don't pay attention to privacy, and on the other hand there has to be some recognition that if this is an important value, well, people should be compensated.

11:40 a.m.

NDP

The Chair Pierre-Luc Dusseault

Thank you. Your time is up.

Ms. Borg, the floor is yours for five minutes.

April 26th, 2012 / 11:40 a.m.

NDP

Charmaine Borg Terrebonne—Blainville, QC

Thank you, Mr. Chair.

I want to thank Ms. Stoddart and Ms. Bernier for joining us today.

Ms. Stoddart, when you talked about CATSA, you highlighted a problem regarding protocol compliance by private companies with contracts for passenger screening. You mentioned certain gaps in their methods of data disposal and incident report safeguarding. In Bill C-30, the reliance on private companies to collect and safeguard personal information is apparent. Are you concerned by this increased reliance? Is that a current trend?

11:40 a.m.

Privacy Commissioner, Office of the Privacy Commissioner of Canada

Jennifer Stoddart

I will ask the assistant commissioner to answer your question.

11:40 a.m.

Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada

Chantal Bernier

Exactly. Public-private partnerships have an impact on privacy. Continuity must be established in the protection of privacy, and that continuity must be ensured through a strong and effective legislative framework.

In CATSA's case, that contract ensured that the agency's obligations with regard to privacy also applied to subcontractors. Therefore, this violation of privacy was non-compliant, and it violated the Privacy Act.

CATSA acknowledged the fact that it needed to improve its monitoring of contractors when it comes to privacy. Therefore, we expect improvements in the overseeing of contractors. Regarding your more general question, you are completely right. In our opinion, the public-private partnership phenomenon has very relevant repercussions on privacy protection, and we are monitoring the situation.

11:45 a.m.

NDP

Charmaine Borg Terrebonne—Blainville, QC

Thank you.

My second question is about sections 3.1 and 3.2 of your report.

You say that a complaint by a former soldier prompted you to undertake an investigation into the Department of Veterans Affairs. In 2012, personal information regarding Thomas Hope, another veteran, was made public without his consent. I think that you are currently looking into that issue. Could you tell us about how you are monitoring that situation?

11:45 a.m.

Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada

Chantal Bernier

There are a number of things that need mentioning. First, we have received several complaints. Therefore, we have several ongoing investigations. Second, following the first complaint, we noted some systemic deficiencies or an appearance, at first glance, of such deficiencies in the management of personal information at the Department of Veterans Affairs. That is why we decided to conduct an audit. So we also have an ongoing audit, which should lead to a report that will be submitted to you in the fall.

11:45 a.m.

NDP

Charmaine Borg Terrebonne—Blainville, QC

To follow up on this last question, I am worried by the fact that there have been so many violations of access to personal information involving veterans. Another one of my worries is that this may also be happening in other departments.

There is an increasing number of government services that are, in some cases, available only on line. Is that a reality we must get used to? Does that worry you?

11:45 a.m.

Privacy Commissioner, Office of the Privacy Commissioner of Canada

Jennifer Stoddart

Indeed, the idea of potential technological problems or programming errors is worrisome. One of our annual reports talks about such a case. On a Service Canada website, personal information on a number of individuals was suddenly exposed.

We are talking to the government about the security standards needed to establish new steps for providing Canadians with access to an online government. This is still an area we monitor carefully, and we hope that the government will continue to do so as well.

11:45 a.m.

NDP

The Chair Pierre-Luc Dusseault

Thank you, Ms. Borg.

Mr. Mayes now has the floor for five minutes.