Evidence of meeting #38 for Access to Information, Privacy and Ethics in the 40th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was complaints.
A recording is available from Parliament.
10:20 a.m.
NDP
Bill Siksay NDP Burnaby—Douglas, BC
Have you been involved in the planning for the G8 or G20 meetings in Huntsville, Ontario?
10:20 a.m.
Assistant Privacy Commissioner, Office of the Privacy Commissioner of Canada
No, not yet.
10:20 a.m.
NDP
Bill Siksay NDP Burnaby—Douglas, BC
Commissioner, in your press conference the other day, I believe you said something about being disappointed that there hasn't been an overall security review—I could be wrong, so clarify this for me—and that a group of commissioners has recommended such a review. Am I on the right track? Can you explain what you were commenting on?
10:20 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
You're talking about my comments on the no-fly list, the passenger protection program.
10:20 a.m.
NDP
Bill Siksay NDP Burnaby—Douglas, BC
I'm not sure if it was just the no-fly list or if it was an overall review of security measures and how they had rolled out over the years.
10:20 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
I think those comments were related to the no-fly list and the extensive concerns we advanced in the summer of 2007 when this was first rolled out. My office and the offices of the privacy commissioners across Canada unanimously adopted a resolution and, among other things, asked for oversight, some reporting, and a substantial parliamentary review. We asked for the development of specific regulations on which such a program would be based. It was those things that had not been developed and in which I expressed disappointment.
10:20 a.m.
NDP
Bill Siksay NDP Burnaby—Douglas, BC
With regard to your specific audit of the no-fly list and Transport Canada in that regard, I think there were four issues: the sign-off by the deputy minister, the security of lists being used, breach reporting, and computer certification of the system used to hold the list. You said that Transport Canada had responded positively; I think that was the phrase you used. Can you explain what that means? Has it changed those processes? Does the deputy minister now get information before signing off? Is that done, or is it a work in progress?
10:20 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
No, my understanding is that it was changed immediately, because it was--
10:20 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Yes, or it's in the process of being changed.
Could I just add this, Mr. Chairman, because I think the committee should know about this in terms of what we're doing with the Olympics. One file that did take a bit of time, and it took a trip to Brussels by me and the Quebec commissioner, was the European data protection authorities' concern--and particularly something called the article 29 working group, which speaks on privacy issues, data protection issues for the European Union--about the application of anti-doping standards at the Olympics. These are run out of something called WADA, the World Anti-Doping Agency, in Montreal. Canada has been very prominent in the fight against doping in sports, so both of us, my Quebec colleague and I, responded on how our different laws would apply. It is not impossible that this issue will come up again during the course of the Olympics, and we are, with the B.C. commissioner, prepared to respond to it then.
10:25 a.m.
Conservative
Kelly Block Conservative Saskatoon—Rosetown—Biggar, SK
Thank you very much, Mr. Chair, and welcome to Ms. Stoddart and Ms. Bernier.
I would like to take us back to your report and ask some questions around FINTRAC. I read in your report regarding FINTRAC and the fact that it's an independent agency with a mandate to collect and analyze financial transactions for the purpose of monitoring suspicious financial transactions that may relate to terrorism or organized crime. While they have always worked to balance security and proximity, can you tell us about the positive changes that FINTRAC has made in response to your report?
10:25 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Yes. We say that they responded to 10 out of 11 reports. I couldn't rhyme them off by heart, but what we did is publish as a separate publication this time--this is new--the complete original report rather than just giving highlights, because we thought it would interest the public. In fact, it is interesting reading. Many of the suggestions FINTRAC changed right away. We're very happy that with regard to our main problem, which is the storing of unverified and indeed unsubstantiated information with information that is of adequate quality, they are taking steps to go through all that information and sort out that information that should not be in their data banks.
10:25 a.m.
Conservative
Kelly Block Conservative Saskatoon—Rosetown—Biggar, SK
I note that the amendments that were passed in 2006 would give your office the authority to review FINTRAC every two years. Is this the first review that you've conducted since those amendments were made?
10:25 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
It is. It's the first time we've done an audit on FINTRAC according to our statutory mandate, so we'll be back to follow up in two years.
10:25 a.m.
Bloc
Meili Faille Bloc Vaudreuil—Soulanges, QC
My question concerns information technology. On page 43 of your report, you state: “[...] it is clear that future trends in computing will only magnify and intensify the risks”. Have you, in exercising your mandate, had the opportunity to examine the government plan to enhance these technologies, among others the project to modernize the federal government's technological infrastructure?
On page 44, you say that the Canadian public is demanding access to ever more services over the Internet. One project that is known as the “secret channel” will be abandoned. New technologies are going to be used. The call for tenders in connection with those technologies should be out in two weeks. I was wondering if during the past three years, you had been consulted concerning these technologies the government intends to use.
Moreover, within the framework of this modernization plan, questions have been raised by Canadian businesses and citizens concerning the storing of data in databases located throughout the world because of call centres. The government is increasingly choosing large Internet providers. Call centres and databases are thus managed elsewhere. In the case of Bell Canada, we know that this takes place in India. How are we going to protect these data and who will have access to them? How are we going to ensure that this information is secure? Would you be willing to help us and to provide us with comments and recommendations on this?
You seemed a bit surprised a little earlier, but I am asking you this question because of the speed at which things are developing at this time. The replies obtained at the Standing Committee on Public Accounts indicate that the network is slowing down to some extent. Questions were put concerning the Access to Information Act and Privacy Act. A committee report which concerns your interests will be tabled in the near future.
Can you tell me if your office has had an opportunity to assess the government's program to modernize its technological infrastructure? That project comprises four pillars.
10:30 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
I don't think there was an official review of one or the other of those pillars. We have computer experts and we are about to hire more of them. The government consults them on a voluntary basis. If we have not been invited to participate in the process, we won't be contributing to it. I think that we will only be peripherally involved.
10:30 a.m.
Bloc
Meili Faille Bloc Vaudreuil—Soulanges, QC
You are carrying out a study at this time. Could this matter interest you? The government will be choosing its supplier very soon. We are talking here about replacing 144 federal government computer systems. This concerns all of government. Would it be opportune for you to intervene quickly for the reasons you mention in your report?
10:30 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
I take good note of your questions. They are very important.
We are indeed assessing the implications that this government wireless network will have on privacy. I would also remind you that under Treasury Board policy, and not the act, the government itself should assess the factors that may have repercussions on privacy and submit the results of that assessment to us before making a definite commitment. That is what the policy requires, but as I have already said, it is often set aside. That is why we asked that similar cases be covered by provisions in the law.
10:30 a.m.
Bloc
Meili Faille Bloc Vaudreuil—Soulanges, QC
Yes, I agree with you. A policy is a policy and the government is not respecting it. The Auditor General said that she had the same concerns. She would like assessments to be made before such projects are implemented or go forward and before funds are allocated to them.
Certain technologies that are not really new, for instance the famous BlackBerrys, have an impact on privacy. Would it be possible to give us guidelines on federal government surveillance of PIN to PIN communications involving BlackBerrys? Can an employer have access to them? Can non-authorized and unjustified communications that took place using BlackBerrys be reconstituted? Could this be used for administrative investigations into frauds?
10:30 a.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
I am taking good note of this.
