Thank you very much, Mr. Chair, and good afternoon.
My name is Ken Cochrane, and I am the chief information officer of the Government of Canada.
Today, as the chair indicated, I am accompanied by Mr. Donald Lemieux, who is the executive director of the information and privacy policy division of the Treasury Board Secretariat, so the subject expert in this particular area within the secretariat.
I'd like to begin by thanking the committee for this opportunity to discuss the policy role that the Treasury Board Secretariat plays with respect to privacy across the Government of Canada. We have been invited by your committee to offer our knowledge of the policy on privacy protection and the privacy impact assessment policy, for which the Treasury Board Secretariat is the lead department. Therefore, I'd like to take a few minutes to provide an overview of the Treasury Board Secretariat's role in supporting the policy instruments we are responsible for.
First, it's important to note the shared responsibility of the Treasury Board Secretariat, the Department of Industry, and the Department of Justice in the area of privacy protection. In this respect, the policy on privacy protection and the privacy impact assessment policy are under the responsibility of the Treasury Board Secretariat. These two management policies support the Privacy Act. The Privacy Act itself falls under the responsibility of the Minister of Justice, and the Personal Information Protection and Electronic Documents Act, PIPEDA, which the Privacy Commissioner has previously discussed with the committee, is administered by the Minister of Industry.
Heads of institutions are responsible for ensuring that their organizations comply with management policy and legislative requirements.
So the President of the Treasury Board is the Minister designated under the Privacy Act with the responsibility for developing and issuing management policies and guidelines to ensure the effective administration of the act itself. The Treasury Board Secretariat supports the president in this role by developing policies and guidelines and by providing ongoing training and support to the access to information and privacy community in government.
It's important to note that the head of each institution is responsible for protecting personal information under their control and adhering to management policies and this legislation. Detailed information on privacy management policy instruments can be found in the manual that we have provided to the committee members.
I'd like to provide you with a little more information on the privacy policies that fall under the Treasury Board Secretariat's responsibility. As members of the committee may know, the government is going through an extensive renewal of its management policy suite, and this renewal includes our privacy policy instruments. There are two privacy policies issued by the President of the Treasury Board to support the Privacy Act itself: the policy on privacy protection, and the privacy impact assessment policy.
The policy on privacy protection replaces the former policy on privacy and data protection. It was recently revamped to reflect changes made through the Federal Accountability Act. This policy aims to ensure a number of things: first, that sound management practices are in place for the handling and protection of personal information; that clear decision-making and operational responsibilities are assigned within government institutions; that there is consistent public reporting through annual reports to Parliament, statistical reports, and the annual publication of Infosource, produced by the Treasury Board Secretariat; and that there is identification, assessment, and mitigation of privacy impacts and risks for all new or modified government programs and activities that use personal information.
The privacy impact assessment policy itself is the second management policy we are responsible for, and it was implemented in 2002. Privacy impact assessments assure Canadians that privacy principles are being taken into account when planning, designing, implementing, developing, and changing programs and services that raise privacy issues. The results of government privacy impact assessments are communicated to the Privacy Commissioner and to the public. We are currently reviewing this policy and we are working in close collaboration with the Office of the Privacy Commissioner on this matter. We expect our review will be completed within this fiscal year.
To go on with the role of other institutions, while the secretariat plays an important role in establishing policies and guidelines and providing guidance to the ATIP community, heads of government institutions are ultimately responsible for personal information under the control of their respective institutions. They are responsible for ensuring that their organizations comply with all the Treasury Board Secretariat's management policy requirements. And institutions are assessed annually on their compliance through MAF, the management accountability framework, which I am sure you are familiar with.
Specifically, for privacy-related management policy instruments, the responsibility of implementing requirements within institutions is generally delegated to ATIP coordinators within departments. Treasury Board Secretariat is the leader of the privacy community across government.
Given the importance of the mandate of the ATIP community, the Treasury Board Secretariat has adopted different measures to help federal institutions adhere to the policies regarding privacy. For example, Treasury Board Secretariat provides ongoing training to the ATIP community. We do this through a variety of means, such as developing training material and hosting training sessions to ensure members of the community are informed of the latest policy developments; by distributing guidance documents to ATIP practitioners; by holding regular community meetings to share issues of interest and best practices and advise the community of any changes to the policy; and by responding to questions from ATIP practitioners who require assistance and advice on the interpretation of our policies.
Finally, the Treasury Board Secretariat publishes the annual InfoSource bulletin that contains statistics of requests made under the Access to Information Act and the Privacy Act, and summaries of Federal Court cases of relevance to the interpretation of the acts.
Mr. Chairman and members of the committee, as you know, the government is strongly committed to the protection of individual privacy rights. Our policy instruments aim to support legislation that is passed through the House of Commons by parliamentarians on behalf of Canadians. These policy instruments are robust and are taken very seriously by government institutions. I'm confident that the privacy policies strengthen the rights of Canadians in regard to the sound protection of their personal information.
As this committee continues to study the Privacy Act, the Treasury Board Secretariat will await direction set in law by Parliament.
Mr. Chairman, this concludes my remarks. Mr. Lemieux and I would be very pleased to answer any questions from the committee.