Thank you very much.
I am very pleased to be joined from the Department of Justice by Joan Remsu and Carolyn Kobernick, who may have appeared before you on occasion here—I'm not sure—and Denis Kratchanov. I'm very pleased to have him join me.
And you're quite correct that I do have a few opening comments. Again, thank you for the opportunity to appear before you today to make some comments about the Privacy Act, and particularly your study of that, among other things. Perhaps you will concentrate on the ten recommendations made by the Privacy Commissioner that were suggested to you. I'll be very interested to hear your comments.
I have a few opening remarks. I'll give you a brief overview of the federal privacy landscape and then follow that with some general comments on the commissioner's key proposals.
The privacy protections Canadians enjoy flow from a number of sources at the federal level. To take a macro view, I've divided the landscape into the public sector and the private sector.
In the public sector, the private protection regime is a complex legislative puzzle. The Canadian Charter of Rights and Freedoms, as you may have guessed, is a part of that puzzle. Although the term “privacy” is not explicitly mentioned in the charter, you're probably aware that the Supreme Court of Canada has found that privacy is a core constitutional value in its interpretations of sections 7 and 8. In particular, section 8 has been found to protect against unwarranted government interference with an individual's reasonable expectation of privacy.
Another important piece of this puzzle, of course, is the Privacy Act, which, since the enactment of the Federal Accountability Act, applies now to 250 government entities. The Privacy Act describes a legal floor for privacy protection in the federal public sector, below which government institutions cannot go. This means the federal departments are entirely free to impose upon themselves a standard of privacy protection that is in fact higher than that set out in the Privacy Act.
Indeed this is what many departments have done, which brings me to the next important piece of the public privacy protection, and that's the individual departmental statutes. These more specific statutes outline privacy-related legal obligations for their respective departments. Some examples of these are, of course, very well known. The Income Tax Act is a good example of that, as is the Statistics Act. Both these statutes contain strict controls, including punishments, on what can be done with taxpayer information and personal information gathered for statistical purposes.
For example, everyone employed under the Statistics Act must, before they begin their duty, swear an oath that they will not disclose, without due authority, anything that comes to their knowledge by reason of their employment. It is a criminal offence to deliberately violate that oath. Similarly, the Income Tax Act stringently controls the collection, use, and disclosure of taxpayer information. Furthermore, taxpayer information may only be disclosed as set out in the Income Tax Act, and this disclosure regime takes precedence over the more general disclosure regime in the Privacy Act. The Income Tax Act also contains offences for unauthorized disclosure of taxpayer information, and that is as it should be.
The Privacy Act allows for these strict controls, and they are absolutely necessary to maintain people's willingness to provide highly sensitive personal information to the Canada Revenue Agency and to Statistics Canada. In addition, in the same area there are a number of departments that have their own privacy codes. Human Resources and Social Development is an example of one such department.
Now let me move to private sector privacy protection and the Personal Information Protection and Electronic Documents Act. All of us refer to it, of course, as PIPEDA. As your committee has completed the five-year review of PIPEDA, and because this legislation falls under the purview of my colleague, the Minister of Industry, I will spare you some of its technical details. Essentially, though, PIPEDA is the source of privacy protection in the commercial private sector that is within the federal sphere of control. It controls how companies collect, use, and disclose personal information in the course of commercial activities. PIPEDA contains ten principles of privacy protection, which include accountability, limiting collection, accuracy, and safeguards.
Now that I've identified the federal privacy protection regime for both the public and the private sector, I would like to make some general comments in relation to the commissioner's Privacy Act reform proposals.
Before I begin, I must note that my officials have been closely following the testimony of the witnesses you have heard up to this point. Specifically, we are fully aware of the Privacy Commissioner's extensive 2006 reform proposals. We also appreciate that the Privacy Commissioner has tried to make privacy reform more manageable by presenting to you something known as her top ten quick fixes.
I understand this is why your committee is focusing on the Privacy Commissioner's ten fixes and has invited witnesses to speak to these.
First, several of the commissioner's recommendations are clearly based on her view that the Privacy Act and PIPEDA should be more alike. I think it's fair to say that the commissioner believes that a number of amendments to the Privacy Act should be imported from PIPEDA. I would suggest to you, though, that there are important differences between the federal public sphere and the federal private sector. These include differences in how entities are held accountable for their actions in relation to privacy and differences in how business is conducted. I would encourage you to keep these differences in mind when you're studying the commissioner's recommendations that are inspired by PIPEDA.
A few of the commissioner's proposed reforms also seem to be inspired by provincial access to information and privacy legislation. I would suggest to you that the provincial sphere of responsibility is different from the federal one. This seems obvious, but I think it is worth noting nonetheless. For example, provinces do not have the primary responsibility for national security, nor do provinces have the primary responsibility for conducting and furthering international relations for the country as a whole. Accordingly, when you are examining the commissioner's proposals that fall into this category, you may wish to ask yourselves whether the difference between the federal and the provincial sphere comes into play.
On another note, it's important to point out that some of the commissioner's proposals could have fairly significant cost implications. I don't mean to suggest, Mr. Chairman, that a proposal should be disqualified, so to speak, simply because it would have a cost implication; however, I think in any examination of any proposals, that is of course a consideration.
Finally, Mr. Chairman, in several instances the commissioner proposes to codify policy or enshrine current policy in law. One of the advantages of policy over law is flexibility; that is, it is undoubtedly easier to change a policy to reflect the current situation than it is to amend a law to do the same thing. At the same time, I recognize that people tend to think a law carries more weight than policy. But when you're considering the commissioner's proposals that fall into this category, I trust you will examine this balancing act between the flexibility of policy and the force of law.
Mr. Chairman, thank you very much for allowing me to make some initial comments. In conjunction with the officials who are here today, I am prepared to answer any questions you have.