Evidence of meeting #4 for Access to Information, Privacy and Ethics in the 40th Parliament, 2nd Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was complaints.
A recording is available from Parliament.
3:50 p.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
Okay.
I understand that the RCMP has a number of exempt databases, so they're exempt from your ability to look into them and they're exempt from these privacy regulations. How many such databases are you aware of besides Project Shock?
3:50 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
If I may just add to the comment of the honourable member, “exempt banks” doesn't mean they're exempt from us looking at them. That is how we did the report on the exempt banks. That kind of report hadn't been done for a while. It means that the ordinary member of the Canadian public finds that these banks are exempt from their right to access their own personal information for national security reasons. That's how they're exempt.
3:50 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
As far as I know, now there's only one.
3:50 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
No. Project Shock was closed. The Project Shock exempt bank was closed as a result of our audit.
3:50 p.m.
Liberal
Borys Wrzesnewskyj Liberal Etobicoke Centre, ON
How many people would have been on that data bank, Project Shock, and on the current one that's still functioning?
3:50 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
I'd have to get back to you on the exact number.
3:50 p.m.
Bloc
Carole Freeman Bloc Châteauguay—Saint-Constant, QC
Good afternoon, Ms. Stoddart, Ms. Campbell and Ms. Bernier. Thank you for being here today.
I entirely agree with you that this act is completely obsolete, since it dates back 25 years. With 25-year-old tools, it therefore cannot address today's technological issues.
I carefully read the 10 recommendations you referred to. I also noted that you had set priorities. Among the four priorities you want to address in the policy and research areas, I see emerging information technologies. Can you further explain the kind of work you intend to do in this regard and in the areas of identity and national security?
3:55 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Mr. Chairman, I would like to ask my colleague Ms. Bernier to respond to the member on that subject, since she is supervising the work on priorities.
3:55 p.m.
Chantal Bernier Privacy Commissioner , Assitant Privacy Commissioner
Indeed, I've been asked to coordinate the four priority projects, each of which is directed by one person. Simply to give you some background, I'll say that these projects concern respectively technology, developments in genetics, developments in national security policy and identity management.
To answer your question, then, I'm going to tell you about what we're doing specifically with regard to technology. As you'll no doubt understand—the Commissioner moreover said this in her opening remarks— we must be at the forefront of technology and we must very carefully monitor developments with respect to privacy.
What we're doing can be divided into four major components. The first consists in forming the greatest understanding and the greatest possible expertise in technology so that we can truly understand the scope, extent and impact of the various technologies. So we're working on research and training projects on identity systems, technologies such as RFID and on biometrics, for example.
We're also taking part in international work in order to genuinely take advantage of information sharing. In our audits, we're focusing particularly on certain types of communications such as wireless communications. We're also starting an audit at six departments that were selected on the basis of our analytical work to see how wireless communications are managed.
In short, the purpose of our activities is, on the one hand, to develop and broaden our expertise and, on the other hand, to see how federal institutions manage the information retained through technology in order to protect privacy. In this area, I am responsible for the Privacy Act.
3:55 p.m.
Bloc
Carole Freeman Bloc Châteauguay—Saint-Constant, QC
So you're trying to stay at the forefront of emerging information technologies.
I saw the organization chart of people working on your team. You have a titanic job.
Only yesterday, on the program Enquête, there was a report on the virtually childlike ease with which computer hackers can, in the space of five minutes, recover information such as names, addresses and telephone numbers from our departments.
You're no doubt familiar with Mafiaboy, that young man of 15 who completely paralyzed all the Internet search engines. This is all the more disturbing since the incident I'm referring to dates back a few years.
What have you done since then to protect the identity of people in our federal organizations?
3:55 p.m.
Privacy Commissioner , Assitant Privacy Commissioner
We're doing a lot of things. First, we're conducting assessments of the impact certain programs have on privacy, in cooperation with the federal institutions. When they introduce a program that can leave room for an invasion of privacy, they conduct an assessment of it.
For example, one of those ongoing assessments received some media coverage. It was the Canadian Air Transport Security Authority pilot project in Kelowna, in which they used what's called the Integrated Checkpoint System, a machine for viewing passengers with the aid of holographic images. That was reported in the press. The Administration got us involved in it from the outset. We haven't issued a decision or judgment, but we're working with the administration's representatives to assess the impact on privacy.
So this is an upstream job to determine in advance whether a proposed program would be consistent with privacy. That's one of our activities.
We're also proceeding with audit activities. Once a program is in place, we determine whether personal information management is adequate. We also do policy development work, research work and public information work.
With respect to technology, I'll give you a recent example. Two weeks ago, we handed out some awards for videos produced by young people in which they had to show how technology can compromise personal information. It was a contest held in Canada's high schools. Projects were submitted, and we awarded prizes for the best ones. That was one way of making youths aware of the dangers of technology.
There are a host of examples, even though I've just given you a few.
4 p.m.
Bloc
Carole Freeman Bloc Châteauguay—Saint-Constant, QC
What you say is very interesting, Ms. Bernier. On the other hand, the purpose of my question was to determine how you go about protecting personal information that departments and agencies have on citizens.
We know that computer hackers can very easily hack into the systems of federal organizations to recover data. Yesterday on Radio-Canada, Enquête very clearly explained over the one-hour program how easy it is to access organizational data bases directly.
4 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Mr. Chairman, I'm going to supplement my colleague's comments.
For a number of years now, we have urged the Government of Canada to adopt a cyber security policy. We clearly have to have such a policy. I believe that Canada is now one of the only OECD countries without a policy on its cyber infrastructure. That's quite serious.
I would like to point out to you that our office does not have an obligation to protect data. That's up to each department, agency and organization. However, we increasingly take the opportunity to remind them of their responsibility in both the private and public sectors. The two acts, that is to say the Privacy Act and PIPEDA, require that all data be protected from all threats so that it remains confidential. Where there is an attack, we can investigate and suggest remedies. We've done that in a number of cases.
February 23rd, 2009 / 4 p.m.
NDP
Bill Siksay NDP Burnaby—Douglas, BC
Thank you, Chair.
Thank you for being here, Ms. Stoddart.
It's good to see you again, Ms. Campbell.
Congratulations on the new job, Madame Bernier.
My question, Ms. Stoddart, is about security for the Olympics. I know earlier this month you were in British Columbia to participate in a workshop on security for the Olympics. You raised a number of concerns that you had about the Olympics and security, particularly security post-Olympics. I wonder if you might share with us some of the concerns you raised at that time.
4 p.m.
Privacy Commissioner, Office of the Privacy Commissioner of Canada
Once again I would ask that my colleague Madame Bernier answer this, since before joining our office--as you probably read--she was assistant deputy minister of public safety. She has a great knowledge of security issues, which means that she was immediately assigned this file. In fact she met with the RCMP in Vancouver, so she can give you a much better description of it than I can, if you would allow that, Mr. Chairman.
