Evidence of meeting #29 for Access to Information, Privacy and Ethics in the 39th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was complaints.
A recording is available from Parliament.
5 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Privacy seals are used in the United States and throughout the Asian world right now, so I've never quite asked myself.... They are usually self-administered. It's like a chamber of commerce--
5 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
It's not even ISO; that's another privacy standard we're working on.
The privacy standard of the Government of Canada is probably medium; we think it should be high. It's probably medium, and what helps us is a strong historical appreciation of the value of privacy by the Canadian people across Canada.
However, it's being strongly and consistently eroded, as you mentioned, by national security, by technology, and by international pressures. You will see that the Secretary of Homeland Security recently said that fingerprints were not personal information, which is absolutely contrary to what is in the Privacy Act. That's letting alone the issue of gathering DNA, which is being debated internationally.
What is of medium.... Many countries don't even have these protections. I'm not saying Canada is far down the list, but the current mechanisms are quickly becoming more and more obsolete as these pressures on governments go ahead from technology, from international situations, from world alignments, from international trade, and so on. That's why I would urge you to look at least for some changes. We've really done our best to try to....
When I look at them, at least half of them are now Treasury Board policies that should be enshrined in the law, and we could provide you with more information if you choose to advance the study. It's not that there doesn't seem to be some consensus in government that this is necessary, but we would argue that Treasury Board policies are more likely to run the risk of being honoured in the breach. If the thinking is there, why don't we say it is the law that you do a privacy impact assessment? Why don't we say it is the law that before you send information abroad, you have to go through the privacy evaluation test Treasury Board has set up, etc.?
5:05 p.m.
NDP
Pat Martin NDP Winnipeg Centre, MB
Correct. That seems eminently reasonable. And you hit on another point. Nowhere in your eight points do you recommend changing the definition of “personal information”. Or did I miss that? Or maybe that means harmonizing it with—
5:05 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Oh, yes, this has to do with the issue of recorded information, which is the DNA issue. It's recommendation 7.
5:05 p.m.
NDP
Pat Martin NDP Winnipeg Centre, MB
Oh, right, number 7.
So the Privacy Act applies only to recorded information.
5:05 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Exactly.
5:05 p.m.
NDP
Pat Martin NDP Winnipeg Centre, MB
If you change the definition of “personal information”, it may then include things like DNA and modern content.
5:05 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
That's right. Some of the DNA banks could be under that level, which is of great concern to me.
5:05 p.m.
NDP
Pat Martin NDP Winnipeg Centre, MB
That's an excellent point. The more you dig into this, the more you realize how overdue it is and how far behind we have slipped. You and the former Privacy Commissioner have tried to alert people to this problem, but there just hasn't been the political will to do the hard work that needs to be done.
That's all I have.
5:05 p.m.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
Thank you, Ms. Stoddart, for being here today.
I noted in the opening statement that you distributed--but didn't have a chance to read--that you've retained a privacy expert to prepare a report on the Privacy Act reform. I was wondering if you could tell us who this expert is and when you would expect the report to be completed. We might want to take a look at it.
5:05 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
The expert is Dr. David Flaherty, the former information and privacy commissioner of British Columbia. He is the author of a pioneering study on surveillance societies across the world. Assistant Privacy Commissioner D'Aoust is working on this.
When is it due, Mr. D'Aoust?
5:05 p.m.
Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
Dr. Flaherty co-authored the 1987 report, “Open and Shut: Enhancing the Right to Know and the Right to Privacy”. So we asked Dr. Flaherty, who is on our external advisory committee, besides being a scholar and an expert in this area, to take stock and write a “20 years later” type of report on what he believes needs to be changed.
5:05 p.m.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
When do you think it's going to be finished?
5:05 p.m.
Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
We have a rough draft report that we reviewed two weeks ago. I believe the deliverable date is the end of June.
5:05 p.m.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
Would it be possible to see a draft of some kind, as we're in the middle of a study on this subject right now?
5:05 p.m.
Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
I would defer to the commissioner.
5:05 p.m.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
If we wait until the end of June, we might have run out of time to consider his recommendations.
5:05 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
I'm not sure about a draft, but perhaps we could ask him to do an executive summary of his thoughts, which we could then present in both official languages, if the committee wishes. Or you could invite him as a witness. He's a very knowledgeable person.
5:05 p.m.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
I think both ideas are good. All right, I'll ask the chair to proceed on both those fronts.
Ms. Stoddart, I have questions on three different subjects: identity theft, national security, and data matching.
On the issue of identity theft, you probably know that the government has introduced Bill C-27. It is designed to amend the Criminal Code so as to crack down on identity theft. You noted in your own report of 2006-07 that there are other ways to help prevent identity theft. Your report refers to “Privacy Act reforms requiring stronger protection of personal information held by government institutions”. I'm wondering if you could briefly expand on what you mean by “stronger protection”. How would you suggest we amend the Privacy Act to prevent identity theft?
5:05 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Can the assistant commissioner answer this?
5:05 p.m.
Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
There is a firm by the name of Symantec. It is one of the best firms that monitor cyber attacks. A few years ago, they put out a report referring to an international survey of 30 or 40 countries. The report had apparently shown that 25% of information used for identity theft and fraud comes from government sources.
They didn't actually point to the federal government, but I suspect that this is probably the reality. Furthermore, this is not the work of hackers. Rather, it's an insider problem—people walking out the door with the information and abusing it.
In response to your question, I would suggest that the best way to tackle this problem would be to strengthen the security requirements around personal information holdings.
I receive incidence reports. An ADM will call to inform us that a laptop containing encrypted personal information has been stolen from an individual's house. That's not good enough—that's not the standard we want to have.
5:10 p.m.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
I appreciate that.
On the issue of national security, you mentioned in your recent submission to the committee that you take issue with certain elements of the Anti-terrorism Act. One of your key recommendations is more oversight in the intelligence-gathering agencies. You speak of striking a better balance between protecting privacy and ensuring national security.
I'm wondering, based on your experience and your international contacts and studies, if you can give us some examples of where a more appropriate balance between these two elements is being practised.
Could you tell us what elements we could amend in the Privacy Act to address those concerns?
