Evidence of meeting #32 for Access to Information, Privacy and Ethics in the 39th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was foreign.
A recording is available from Parliament.
Director General, Intelligence Directorate, Enforcement Branch, Canada Border Services Agency
It's the first time I've heard this would be happening.
What would we do with it? We wouldn't have any way to do anything with it because we have no way to know what to do with DNA data. It doesn't pop up in any way. We'd have to develop a policy on how to react to that. How to use it, I don't know.
NDP
Brian Masse NDP Windsor West, ON
I'm very surprised to hear that there hasn't been identification of this. It's been in the media. The United States is doing this already to other foreign nationals. It's going to be an issue that obviously contradicts our laws here, with DNA information going to a government department.
What has been your response to the Auditor General's recommendations of June 2006?
I'm not a regular member here at the committee. I'm filling in for Pat Martin, and I didn't see the Auditor General's testimony here, but I'm kind of surprised that today you didn't provide a document or update as to the Auditor General's summary of recommendations. There's quite a lengthy set of recommendations. I'm sure some of them you're working on and some of them you're not. I thought perhaps there would have been some of that information.
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
I was misinformed as to what the nature of some of the discussion would be today. I didn't appreciate that you wanted to focus or drill into the audit of the Privacy Commissioner. I'm quite happy to speak to it.
It is a fairly complex document that focused on customs information and the transborder data on which she made 19 recommendations as to what we can do to improve things. Quite a few of them deal with specific system issues, such as making sure we can properly track who has had access to the system. There are three issues that sort of fall within the enforcement area, and some are policy driven issues such as the need to create a privacy management framework. She has provided us with a great deal of good advice. That's my sense.
I think some of the recommendations will take some time to deal with. For instance, she has suggested we bring up to date the existing Customs Mutual Assistance Agreement with the United States that predates the creation of the CBSA.
NDP
Brian Masse NDP Windsor West, ON
Yes, and that's an important one. I have a couple of examples involving Canadian truck drivers. One was caught with marijuana 25 years ago. He is hired by an automotive company, goes across every single day, and is detained for two hours. We don't have any objection to his being stopped, and neither does he, but he's detained for two hours. And there are other cases with similar circumstances.
Does your department advocate for those individuals? If the person has a law-abiding history and no problems before that, can you actually then get to the U.S. and try to work something out?
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
I think that's something Janet might want to speak to. This speaks to our strategy to deal with the western hemisphere travel initiative and other initiatives from the U.S.
Janet Rumball Director of Outreach and Consultation, Western Hemisphere Travel Initiative and Innovation, Science and Technology Branch, Canada Border Services Agency
This is not necessarily directly related, but the United States has a right to determine who is admissible to their country, and not having a criminal record is one of their criteria for admitting somebody into the United States. The age of the offence is not relevant: you have a criminal record. And the United States also does not recognize Canadian pardons. In that situation with a commercial truck driver, he or she is going to be detained.
NDP
Brian Masse NDP Windsor West, ON
Yes. They're just detaining them for two hours, costing Ford and other people money and losing productivity. That's why I was looking at that recommendation and saying that there perhaps would be a vehicle, if it were done, at least to advocate—not to undo the process, understanding that they want to go through vetting and checking this individual and not provide him with NEXUS or FAST and other types of things—or at least be able to make sure there's not going to be a two-hour detention every single time the person crosses.
Liberal
Conservative
Mike Wallace Conservative Burlington, ON
Thank you, Mr. Chairman.
I'm going to split my time. Let me know when there are five minutes left, to make sure Mr. Hiebert gets his question in.
First of all, thank you for coming. I don't envy your position in your role as the border service. You get heck if you don't stop people and you get heck for stopping people, so it's a tough situation to be in.
I am interested a little bit by your comment that you weren't.... I'm not sure what you expect to hear. We're looking at the review of the Privacy Act, and somebody asked you to come here as an organization to see how the act is working for you, what issues might have changed, and so on.
Mr. Masse indicated, from the 2006 final report—and I have a copy of it, actually.... It was not from the auditor; it was an audit done by the Privacy Commissioner, just as a small clarification, and there were 19 recommendations. I guess I anticipated that you might, based on those recommendations.... You're saying it's taking a while to implement some of them. Well, it's been two years, so I don't know what your definition of “a while” is. To me that's a while.
Just because there's an audit doesn't mean you can implement everything—I understand that—but of the changes you can make or are in the process of making...does that make the use of the Privacy Act easier for your organization, more cumbersome, or...? Do you have an opinion to that effect?
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
There are some acts that fall in place. For example, when we talk about sharing of information with the U.S., we're also dealing with provisions in the Customs Act, first of all. When we look at the legislative framework—and your question is basically whether it is working for us—some of our opinion is informed by what's in the Customs Act.
There's a very good provision in it that deals with the access, use, and disclosure of information, in section 107. There are some parallels between it and subsection 8(2) of the Privacy Act. It is quite specific about dealing with information that is gathered for a purpose related to customs legislation, and most of the relationship with the U.S. deals with that customs information.
Conservative
Mike Wallace Conservative Burlington, ON
So it is not in the Privacy Act, but in the Customs Act. Is that correct?
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
Yes. Of course, we're also subject to the Privacy Act. We are informed by the recommendations that the Privacy Commissioner made, and we have been trying to digest them. Some of them are very ambitious, such as creating a privacy management framework. In her audit, she offered four or five pages of recommendations on how we might go about that.
Some of it is very good. Some of it speaks about making sure we have clear roles and responsibilities laid out with respect to privacy-protected information, and we are working on that. We hired a consultant last year to help us work out what we could do. We need to hire a consultant again this year to carry on this work.
She also provided a great deal of information about what she would expect to see in written collaborative arrangements. We've worked through all of her information or suggestions, and we've created guidelines to help operational areas in the organization to update or create new written collaborative arrangements with partners.
Going back and reviewing and changing each one of the existing arrangements or agreements is a very large undertaking, if we were to go broad scale.
Conservative
Mike Wallace Conservative Burlington, ON
The Privacy Commissioner has 10 recommendations, which she calls quick fixes. Her organization would like to see a full review. It would probably take six or seven months to go through and make changes, updating the Privacy Act. She might be right—it hasn't been updated in 25 years or so.
The Privacy Commissioner mentioned that she'd like to enshrine in law that deputy heads do privacy impact assessments. I know you're not at that level, but as an organization, do you do them now? What do you do with them, and where do they go once you perform them? I need to know whether this actually happens now. Is it a Treasury Board recommendation? What actually happens?
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
The privacy impact assessment is Treasury Board policy, so we respect the policy. If it's a large project, if it involves privacy-protected information, or if there are potential privacy risks, there's basically a two-step process. The first is to create a PPIA, a preliminary privacy impact assessment. It's a tool that allows us to figure out whether we really need to do a privacy impact assessment.
If we determine that one is required, the policy sets out a process. We look at it and map out all the changes—what the potential impacts are going to be. We work with legal services, and we go to senior management. We have to present a reasonable case that we are properly mitigating privacy risks.
Once we've done our homework, we take it to the Privacy Commissioner. This is where I think the relationship is good. Her staff, her office, will make recommendations and engage us. In the past, that meant some changes to what was proposed for the advance passenger information or PNR records.
Director of Outreach and Consultation, Western Hemisphere Travel Initiative and Innovation, Science and Technology Branch, Canada Border Services Agency
Passenger name records.
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
More recently, the discussion that has been going on with her....
Conservative
Mike Wallace Conservative Burlington, ON
I'll pass. In the next round, we'll have to share again, likely.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
Thank you, Mr. Chair.
In my constituency in British Columbia, I have the largest border crossing in western Canada. I often hear from constituents that when they're returning from visits to the United States, customs officers ask them a number of questions of a personal nature—where they were travelling, what they were doing, the nature of their employment, where they live, and other such questions.
What specific powers do CBSA officers have? From which act or regulations are their powers derived? What level of privacy can Canadians expect? Is there a limit to the kinds of questions that can be asked by the CBSA officers?
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
That's a very complex question, and it requires me to parse it out a little bit. Basically, our powers at the border are derived from the Immigration and Refugee Protection Act together with the Customs Act. When you arrive at the border, you can anticipate questions. We have to establish who you are and what your purpose is in coming into the country, even if it is to return home. We also have to establish whether you have any regulatory responsibilities, whether you are carrying any goods that might be subject to some act or legislation.
In doing this, we have to process a great number of people. There are about 300,000 travellers who come through every day. What we have out of jurisprudence, through the Supreme Court of Canada, is that your expectation of privacy at the border is diminished, because we have to figure out who you are and what your purpose is in coming to Canada.
Our institution has a responsibility to be careful about the information they gather from you. We have a great deal of latitude. We can ask questions for a business purpose, a customs purpose, or an immigration purpose. We have to be careful about how we treat your information.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
Do Canadians have an obligation to respond to any of these questions? Can they just decline to answer?
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
I don't know who would like to answer that one.
Director General, Intelligence Directorate, Enforcement Branch, Canada Border Services Agency
We would expect they would answer the questions. It helps us to establish whether they have the right to enter, whether the goods or personal possessions, or the plants or animals or whatever they might be bringing with them, are being lawfully imported, etc.
I've heard that CBSA administers almost 90 acts on behalf of various departments--health acts, food acts, acts for species that are threatened, all kinds of different acts.
Conservative
Russ Hiebert Conservative South Surrey—White Rock—Cloverdale, BC
I understand that. But my question to you is whether they are free to decline to respond.
Director, Access to Information, Privacy and Disclosure Policy Division, Canada Border Services Agency
That relates to sections 11 and 12 of the Customs Act. Basically, you have to answer truthfully all the questions asked of you. The dynamic you would create by not voluntarily responding to those questions that are asked in that few minutes that a border services officer has to figure out who you are and what kind of risk you may pose would probably trigger a process in his mind that would result in your needing to go to a secondary line, so that someone else can spend a little more time with you.
