Thank you very much, Mr. Chairman.
It's a pleasure to be here again with the committee, our committee. As an agent of Parliament, we report to you.
With me today is Chantal Bernier, who's just joined us as assistant commissioner for the Privacy Act. You may remember
Raymond D'Aoust, who was assistant commissioner. His term ended in September and he was replaced by Ms. Bernier.
Also with me today is Lisa Campbell. I believe you met Lisa Campbell, our acting general counsel. She came up last week. Unfortunately, I had another engagement, briefing a minister, I think, on our upcoming report. She came with Mr. Tom Pulcine, who is just behind me and whom you'll recognize. Also here with me today are two other members of my staff: Éric Charlebois, who is our parliamentary liaison officer, and Ann Goldsmith, who's head of the policy section.
I'd also like to say, Mr. Chairman, that Elizabeth Denham, who is the commissioner for PIPEDA,
the Personal Information Protection and Electronic Documents Act,
is in Calgary this week and unfortunately can't be with us.
Members, Mr. Chairman, you can see that we've supplied you with a fairly thick binder of information about the Office of the Privacy Commissioner, about our statutory responsibilities, and about some of the issues currently preoccupying us, and we hope that you'll find it a useful reference.
As Privacy Commissioner, for those of you who aren't too familiar with what I do, I'm an independent officer of Parliament. I report to Parliament, which means through this committee, through annual reports, or through special reports.
My office, with its 160 employees, is responsible for overseeing two laws: the Privacy Act, which covers federal departments and agencies--this has just been increased through the Federal Accountability Act--and PIPEDA, which is short for the Personal Information Protection and Electronic Documents Act. PIPEDA, which was adopted almost 20 years after the Privacy Act, covers private sector organizations, including retailers, financial institutions, airlines, communication companies, and so on.
The objective of both these laws is to protect the privacy of Canadians by setting out the ground rules for how organizations collect, use, and handle personal information.
I'm going to continue by talking about privacy threats. I would be happy to elaborate later on the philosophical underpinnings of these laws, but suffice it to say that there has never been a greater need for them.
The threats to the privacy of Canadians are real and they are grave. For my Office, a major challenge is the fact that the list of issues we must address is long—and growing longer every day.
Technology, for all its benefits, has created unprecedented threats to privacy. I'm thinking here of surveillance technologies, electronic tracking devices, and biometric scans, among others.
Computer memory has never before been so plentiful and cheap, which makes it incredibly easy, not only to compile information about people, but also to cross-reference it, manipulate it, analyze it, massage it and sell it to the highest bidder.
Many businesses now see detailed personal information as essential to their marketing efforts. Governments are increasingly interested in personal information as part of their national security efforts.
And in recent years there has also been a growing recognition by thieves that they can make a lot of money by stealing names, birth dates, credit cards and other personal information. According to the RCMP, organized crime groups in Canada now see personal information as an important money-maker that complements their more traditional sources of income.
Many of the emerging risks for privacy involve incredibly complex technologies. My office needs to delve into highly technical matters, such as nanotechnologies, genetic technologies, and deep-packet inspection techniques, to name just a few examples.
Later this week my office is appearing before the public safety and national security committee on the review of the DNA Identification Act.
Adding to the complexity is the fact that many privacy issues are now global in nature. “Cloud computing” has entered our vocabulary. Data flashes around the planet literally at the speed of light, which challenges us to ensure that the personal information of Canadians is protected on the other side of the world.
Whatever we do within our borders will never be enough to protect Canadians' privacy abroad. So we work with other countries to develop a basic level of level of data protection around the world. To this end, my office has been a keen participant in a number of international privacy initiatives by the Organisation for Economic Co-operation and Development, or OECD, Asia-Pacific Economic Cooperation, or APEC, and other organizations.
Now I'll move on to the issue of legislative reform.
On the legislative front, you will recall that I appeared before this committee last year to talk about the mandatory review of PIPEDA. I am pleased to report that the process is continuing apace, and I look forward to amended legislation coming forward through Industry Canada in the near future.
I would also like to mention another significant challenge for my Office—the Privacy Act.
As I—and a string of privacy commissioners before me—have pointed out to parliamentarians over the years, this piece of legislation is seriously outdated and in urgent need of reform. To add a bit of perspective, consider this: when that law was passed, the Commodore 64 was a novelty.
Last spring, this committee launched an important review of the Privacy Act. I presented a list of 10 quick fixes that would bring some immediate relief. But, in the long run, the legislation needs a complete overall to bring it in line with the privacy challenges of the 21st century.
I know the committee has heard from many witnesses and I look forward to responding to their comments and speaking further on this issue with you.
In conclusion, reforms to Canada's privacy laws will have to start here, in this committee, with you. I would suggest to the honourable members of this committee that privacy is an issue that should be of concern to all Canadians, regardless of political beliefs.
The threats to privacy that confront Canadians may not always be apparent to the average citizen. Indeed, the risks are often subtle and nuanced. They don't tend to appear all at once, but rather in a stealthy and gradual manner and from many different directions.
Canadians cannot possibly defend themselves against such threats alone. They need a government that sees privacy as a human right and that sees personal information as a commercial asset that must be valued and properly protected.
As an officer of Parliament, my job is to support you in this important role. My office is currently developing materials for householders, such as information on identity theft, to help you talk to your constituents about privacy.
We look forward to working closely with you to ensure that the privacy rights of Canadians are protected, and I welcome your questions.