Information & Ethics Committee on Oct. 19th, 2010

I think so at the present time. I know that we're under economic constraints. One of the things I'd like to do in the future is continue to try to find ways to work more efficiently, perhaps by the use of things such as online complaints and increasingly turning to the Internet as a way of interfacing with Canadians.

What would be helpful as an agent of Parliament, I think--and as you know, for certain things we're in a different world than government ministries--would be some flexibility in the administration of the budget, which we don't have. This is something that we've recently realized is a challenge. It is not necessarily to get a new budget or to overrun our budget, but simply to administer the different budgetary posts as we choose.

Yes, I think cooperation has been very good. I'm not sure that people are really happy to see us coming. I think that if there were a popularity contest, certainly we wouldn't win it.

There has been cooperation. There is respect for the functions of the office and also an understanding by departmental officials that what we do is important, even though they're not always happy to see us and we raise uncomfortable questions.

Yes, that's a very important question. I think that on some page of this annual report, we report on a growing trend by departments to report privacy problems to us, departments that aren't legally obliged to, including losses and breaches and so on, in the hope of getting some help with this.

Increasingly we're trying to focus on a collaborative, preventive role, because you know, if people are going to be punished, they don't come forward. The issue is how to not keep repeating the same problems, or at least to make sure that they don't happen again in exactly the same way. This is a trend and I'm very happy about that.

No. These are not constraints because of previous issues. That was what was happening in the first three years of my mandate. We got back our full powers and full confidence.

Perhaps, Mr. Chair, I could answer the question of the honourable member: how do we then choose with limited resources? We look at our privacy impact assessments and choose the ones that, after a first initial examination, seem to us to be the ones that put Canadians' personal information most at risk.

They have not been tabled as such, for which I am very happy. We did in fact consult extensively ourselves and then wrote a preliminary letter to the Minister of Public Safety last fall. Some of the content of those bills or the purpose of the bills is now enshrined in, I believe, Bill C-29, and certainly that's an improvement on what we saw last summer.

No, we don't.

Yes. But in some cases, when it is a matter that comes under our particular jurisdiction, often there is informal consultation between ourselves and department officials. But we don't see the legislation per se before it's tabled.

First of all, what do we do for businesses already? We have extensive material on our website. Increasingly, we use our website, because it can be accessed by Canadians across Canada. We have just updated our tool kit for small business in consultation with the small business communities. As I've said, we hope to continue that in the future, using some of the material borrowed from the experiences of larger companies that can be adapted.

We consult with various representatives of the small business community regularly, and if they say they need x number of information sheets for their kits at a conference, we are happy to provide them with those. We have some that are done particularly for businesses.

This might seem a little frivolous, but we have worked on a series of cartoons. I think we have about 20 different cartoons now that are very useful for public education. It's hard to get the attention of the business person who's worrying about their balance sheet at the end of the month, so maybe somebody in a presentation in a local community can use one of our cartoons, and it might get their attention. Then maybe they'll go on and listen to the short message and explore this by themselves.

Those are some of the things we want to do.

We're also cooperating with the provincial commissioners across the country to provide them with templates for personal information in areas where either we have jurisdiction or sometimes there's a kind of overlapping jurisdiction. Or they can serve as the distribution point, in a collegial fashion, for materials and messages about small business if we have a jurisdiction in a province, for example, like Saskatchewan. So we do things like that.

Finally, what percentage of data breaches are human error? I would say probably between 40% and 60%. It depends on what sample you look at. It's not all about thieves and hacking into computers and so on. Often it's just employees who make human errors, as we all do, and now the errors are amplified by the technology, so it's in fact more stressing, I think, not to make an error now.

I guess we've never looked at it that way, but maybe it's 10%. I'm just saying.... I have the director of finance here, but I don't think even he has ever calculated that.

We do it because, once again, we think we can be more effective. If it's Canada alone on this technology, well, you know.... If we have a strategic alliance, we'll have much more effect.