Thank you very much, Mr. Chairman and honourable members, for inviting me here.
On the screen you will see an overview of the presentation that I hope to run in the next 15 minutes, which I hope will give you an initial introduction to our role and mandate, the laws we administer, and some of the key issues.
I'll begin by explaining the role and mandate of the Office of the Privacy Commissioner. Unlike other provincial offices, the OPC is an ombudsman office with several roles, the most important of which, from a resources standpoint, is to conduct investigations.
The OPC also conduct audits under two federal privacy laws. Furthermore, it publishes information about personal information-handling practices in the private sector and brings privacy issues to the attention of Parliament.
Although it requires minimal resources, public education is one of the OPC's most important roles, as is research and policy on emerging privacy issues.
We administer two laws, and you're going to hear a lot about the first one in the coming weeks. This is our basic federal government Privacy Act. It came into force about 25 years ago, and this is your basic set of ground rules for the public sector. It's standard in terms of international data protection. Standards now are fairly low. You can use information collected from the public as long as it's directly related to a program or to an activity. You don't need the consent of Canadian citizens, and you don't need to inform them in any direct way about how you're using their information.
Since 2001, the second law we've been administering is our newest privacy law in Canada known by its acronym, PIPEDA, but you can call it the PIPED Act or...there are various ways of pronouncing it. It is now fully in force and it applies to the jurisdiction where the federal government has authority---federal works and undertakings, federal crown corporations that might have private-sector-related activities, and activities of trade and commerce in Canada under section 91 of the BNA Act. Like its counterpart, it sets out rules. These consent-based rules are far more extensive and the standard for privacy protection is a lot higher.
In the last few years, one of the important goals of the office has been to work cooperatively with the provinces and the territories. Some of you will know that privacy protection is also a provincial jurisdiction because provinces have authority over property and civil rights. Privacy is a civil right. It's a human right in the Canadian context, so it was important for us at the Office of the Privacy Commissioner to work cooperatively with the provinces to make sure Canadians have seamless privacy protection as much as possible. I can give you some examples of various joint efforts with the provinces.
Very briefly, some of our current key issues and concerns are these. Under the Privacy Act, the national security agenda, we appeared on the Anti-terrorism Act last spring. We have been asking questions about the purview or the extent to which the Anti-terrorism Act has reduced the individual right to privacy under the Privacy Act as it is now constituted. We're concerned there's less reason for judicial authorization. We think the judiciary is key, that the judicial authority be there when you're going to regiment individual rights and liberties. And we're giving Canadians less opportunity to challenge the curtailment of their freedoms.
On a separate issue, we're also concerned about the increasing blurring of the lines between the private sector and the public sector. In Canada, we're used to the state carrying out laws, certainly carrying out criminal law and national security issues. With a change to PIPEDA that came about two years ago, organizations in Canada are now mandated to specifically request information, to collect it for the express purpose of giving it to the national security authority. Again, this is a trend we want to watch.
The transborder flow of information has been a constant theme in the last few years. There are two major subsets of issues. The first issue is what happens to our information at the border, information we are specifically sharing at our land and air borders, particularly our land border with the United States, given the flow of people and traffic to the United States. We have just finished a first audit of the handling of personal information at some of the land crossings by the Canada Border Services Agency, and we'll be publishing that in our next annual report on the Privacy Act that will come out at the end of June.
We also just received the draft rules for the do-not-fly list from the Department of Transport. We'll be doing a privacy impact assessment on the ground rules for the do-not-fly list.
The second set of issues is known now as the issues linked to the U.S.A. Patriot Act. They're not a U.S.A. Patriot Act set of issues per se; they are issues of transborder data flow--the global flow of our personal information. It has become accentuated in the last few years. It has existed for decades now, but what happens to Canadians' personal information once it leaves the borders of Canada and Canadian law has just recently come to public attention.