Thank you, Mr. Chair. Good afternoon, honourable members.
I am pleased to address our office's main estimates, and with me today are Daniel Nadeau, our chief financial officer; and Patricia Kosseim, our general counsel.
In my time, I will outline our fiscal outlook, describe how we are managing rising demands, and announce our new privacy priorities, which will influence our work in the future.
To begin now, in the coming years, our resources are forecasted to remain at their existing levels. When looking at our 2015-16 report on plans and priorities, there appears to be a drop from the last two fiscal years to this one. This difference is due mainly to the expenses incurred in previous years with the mandatory move of our headquarters in February 2014. Looking forward, for the next three fiscal years, our resources are set to remain relatively stable, at just more than $24 million annually.
That said, we face rising demands. Over the last few years, we have generally seen increasing levels of complaints, while our investigations are becoming more complex. On top of reviewing privacy impact assessments, we are also increasingly requested for consultations to provide advice earlier as new federal initiatives making use of personal information take shape.
Meanwhile, data breach reports from departments were already increasing before a new Treasury Board directive came into force a year ago, making material breach reports to us mandatory. And at the end of the last fiscal year, breach reports in the public sector hit a record high for the fifth consecutive year.
Facing rising demands, we have taken steps to continue meeting our obligations within our existing resources. For example, we are settling more complaints by early resolution, through which parties are satisfied without the need for a full investigation. We are also managing situations where many complaints come from various people about the same issue by opening one all-encompassing investigation. And, we have also implemented measures for situations where one individual submits many complaints, to better balance the needs of all complainants, ensuring all Canadians have access to our services.
All told, Mr. Chair and honourable members, we are using most, if not all, of the tools available under our acts to manage rising demands. But, today, we are left with precious little room to manoeuvre to meet our obligations. We are nearly one year in after taking on new responsibilities under Canada's anti-spam law.
We also anticipate the passing of Bill S-4, which will make breach reports from private sector organizations to our office mandatory. Bill C-51will also create new work for our office as we are called upon to investigate whether its implementation respects the Privacy Act.
So, while I am not ready to say our office needs new resources today, I think it will be quite difficult to meet our existing and new responsibilities with our current level of resources. After we have some experience fulfilling our new roles and a better sense of the impact on our resources, I may need to appear before you to make the case for an adjustment.
Turning to strategic priorities, when I appeared before you to discuss my nomination for the position of Privacy Commissioner of Canada, I said that during my mandate my goal would be to increase the control Canadians have over their personal information.
One of my first initiatives after assuming my role was to launch a priority-setting exercise that would guide the discretionary work my office does towards realizing this vision in the most efficient and effective way possible. As part of this exercise, our office engaged representatives from business, government, civil society, and academia. We also held focus groups to gauge the views of the public. Today, I am pleased to share our results.
To begin, one of our four privacy priorities will be the economics of personal information. Our discussions highlighted the need for user clarity about the personal information they provide in exchange for online services, how that data is used, and the question of meaningful consent. As a result, some of our key work under this priority will be closely examining the issue of consent in today's digital world, increasingly marked by the emergence of big data and the Internet of things.
The overall goal of this priority will be to enhance the privacy protection and trust of individuals so that they may confidently participate in an innovative digital economy.
The “body as information” will be another privacy priority. Whether it is biometric information tied to a trusted traveller card or that generated by medical devices, genetic testing, or wearable fitness trackers, this data may be used in many ways that could compromise people's privacy. This issue concerned the experts we engaged, and it is one about which we will learn more and raise awareness among both developers and users about the potential privacy risks of these new technologies.
The goal of this priority will be to promote respect for the privacy and integrity of the human body as the vessel of our most intimate personal information.
Of course, one of the hallmarks of today's information technology is sharing information with the world in a click, and as the saying goes, “the Net never forgets”, which means youth growing up today may no longer get to outlive their past mistakes. These are among the reasons why reputation and privacy will be one of our priorities, and one under which we will work to help enhance digital literacy among vulnerable populations, while also examining the right to be forgotten.
Our goal with this priority will be to help create an environment where individuals may use the Internet to explore their interests and develop as persons without fear that their digital trace will lead to unfair treatment.
Fourth and finally, government surveillance will also be among our priorities. As mentioned, we will be directing investigative resources to ensure the Privacy Act is duly respected by the information sharing made possible by Bill C-51. We will also give advice to departments, through privacy impact assessments or otherwise, to prevent privacy breaches. We will also work with private organizations and government to establish appropriate standards for transparency in accountability reports.
Ultimately, our goal with this priority will be to contribute to the adoption and implementation of laws and other measures that demonstrably protect both national security and privacy.
In order to make progress on these priorities, we will focus our activities around five cross-cutting strategies: first, exploring innovative and technological ways to protect privacy; second, enhancing accountability and promoting good privacy governance; third, taking into consideration the fact that privacy knows no borders; fourth, enhancing our public education role; and fifth, paying special attention to vulnerable groups.
In closing, our new privacy priorities will help hone our focus to make best use of our limited resources, and further our ability to inform parliamentarians and to protect and promote Canadians' privacy rights. Having identified what we believe are the 21st century's most pressing privacy concerns, our office will now chart a course to address them, in partnership with individuals, organizations, legislators, and fellow oversight bodies.
With that, I look forward to your questions.
Thank you.
