Thank you, Mr. Chairman. I am certainly very happy to be here and very happy that we have this double session.
I would like to take the opportunity of introducing Assistant Commissioner Elizabeth Denham. This is her first appearance, not only before the committee but on the Hill. We are very pleased that Elizabeth has joined us from the office of the privacy commissioner of Alberta, and she brings a much-needed perspective from the provinces to our functioning.
Also with me is the director general of finance and administration, Mr. Tom Pulcine, whom you have met before.
I have a short opening statement, which I hope will summarize the issues in the document that is set before you and will allow you to approve in principle the credits that go with us.
If I go back now to 2005, where we fixed our mandate of trying to take a more proactive approach to protecting and promoting the privacy rights of Canadians, we have received some increased resources. This has allowed us to reduce our backlog of investigations; reduce turnaround times for privacy impact assessments; be more active in the investigation field; initiate more complaint investigations--most recently, the TJX data breach, the U.S.-based owner of Winners and HomeSense stores; increase the number of audits that we've been able to undertake, and you may have seen the special report to Parliament on the RCMP this winter; and become actively involved in court litigation.
When we received more resources we understood our new vision for the organization, but we underestimated the challenge of implementing it. We now realize that we need to double our efforts to become more efficient in investigating. This is partly due to contextual challenges as well as to our ongoing obligation under both acts to receive and investigate every complaint that comes to us.
Through our work it has become apparent that more targeted and more specialized communications and outreach activities are needed to foster privacy awareness among Canadians.
For example, we've begun the development of a social marketing campaign on children's privacy online. We've embarked on a regional engagement program to better understand the privacy concerns and the awareness levels of citizens across the country.
We recognize the need to address key issues in order to have a real, positive, and measurable impact in niche areas, so we've identified four priority privacy issues on which to focus efforts over the next three years. These are information technology, privacy and national security, identity integrity and protection, and genetic privacy.
These priorities will allow us, we hope, to leverage resources across the organization, to plan concerted and collaborative action with key stakeholders, to build the necessary expertise and capacity, and to adopt a deliberate, multifaceted approach using a number of enforcement tools and research and education efforts to more effectively address these emerging privacy issues.
Finally, the implementation of the Federal Accountability Act last year has resulted in new responsibilities for our office. To handle these responsibilities we've created an office to manage access to information and privacy requests. We are now hiring additional investigators to handle new organizations that are now subject to the Privacy Act, and we are establishing an internal audit program, which is required of all entities.
In recognition of this new vision and our organizational challenges, we have identified five strategic priorities for the new year: continuing to improve service delivery through focus and innovation; strategically advancing global privacy protection for Canadians; supporting Canadians to make informed privacy decisions; building a sustainable organizational capacity; and providing the leadership to advance the four priority privacy issues I've mentioned.
Throughout the next year we will continue the work we began last year in reshaping our organization to make it more modern, responsive, and proactive. As I said, I'm very pleased this year to welcome Elizabeth Denham, who has been our new assistant privacy commissioner since November of last year. As the assistant commissioner with primary responsibility for PIPEDA, Ms. Denham is tasked with raising privacy awareness and ensuring legislative compliance among businesses. She has led the organization's regional engagement efforts, meeting with stakeholders and forging important relationships in the Yukon, in Saskatchewan, and in Nova Scotia in the very short time that she has been in this post.
I'd like to move on now to the theme of building sustainable organizational capacity. We are currently updating our organizational human resources plan, in keeping with our objective of building a sustainable organizational capacity. Our plan has two main components: a staffing strategy that allows us to build our workforce, and a retention strategy to engage, develop and retain our staff.
Our human resource plan is ambitious—as you will note in the graph you've received, we need to substantially grow our organization to adequately address our organizational workload and manage the increase in demand for our services.
Nowhere is the demand for our services greater than in our Investigations Branch. Last year, we reported to this Committee on our efforts to chip away at our backlog of complaints. While the backlog of PIPEDA complaints has been substantially reduced, our backlog of complaints under both the Privacy Act and PIPEDA remains, because we continue to face challenges attracting and retaining investigative personnel. Each year for the past two years, this branch has experienced a 40 per cent turnover in staff.
Along with the staffing and retention strategies I've already mentioned, we are re-engineering our entire business process. Ms. Denham is responsible for this initiative. We are seeing more complaints involving technological and transborder issues. There is an ever-increasing need for cooperation with our provincial and international counterparts. Our goal is to create a branch with the skills, knowledge and processes to respond to these complaints efficiently and well. We anticipate the re-engineering of our processes to be completed in 2009.
Last fall Canada hosted the 29th annual Conference of Data Protection and Privacy Commissioners under the theme of “Terra Incognita”, bringing together over 700 data commissioners and privacy experts from around the world to share ideas and knowledge.
I think you've all received, Mr. Chairman, this résumé of the proceedings. We were honoured by the presence of Speaker Milliken, who opened the conference. Overall the conference was deemed an overwhelming success by delegates, who left Montreal with a renewed sense of common cause and action.
One prevalent theme that emerged from our conference is that citizens around the world are increasingly concerned about when and how their personal information is shared across international boundaries. To address this growing concern, we have made global privacy protection, with a strong dose of Canadian content, one of our five strategic priorities. One country or jurisdiction alone cannot confront the phenomenon of outsourcing and the range of privacy issues that flow from it. At the international level we have started this work to find solutions to the privacy issues implicit in transborder data flows.
In conclusion, Mr. Chairman, the environment in which our office operates continues to evolve, demanding from us that we evolve along with it so that we may fulfill our mandate of protecting and promoting the privacy rights of individuals.
This year promises to be a dynamic one for our organization. From our internal recalibration of our business processes to our new outreach initiatives, the key word for us is change.
While our current resources have allowed us to take on several major initiatives in support of our new vision, there are still gaps we need to fill and challenges we need to address, many of which I mentioned today. In the coming weeks I look forward to engaging you once more to outline how we plan to meet these outstanding challenges.
Our goal is to become a data protection authority that is modern, proactive, efficient, and sufficiently flexible to adapt to the realities around us, so that we may provide Canadians with the necessary assurance that their personal information is being respected and protected here and elsewhere in the world.
I thank you once again for the opportunity to speak to you today, and I would be pleased to answer your questions.
