Information & Ethics Committee on May 3rd, 2016

It will depend a lot on our consultations with the organizations in question. One thing we've launched in the past year is the consultation process with small and medium-sized businesses. We've approached a number of these sectors to start a conversation. We have an idea in terms of the investigations we conduct following complaints. That gives us an idea of the types of issues and the types of sectors that would benefit from guidance.

The accommodation sector, for instance, is one we're focusing on. Investigations give us a hint, but we also want to talk to these sectors so our advice is concrete, practical, tangible, and meets the reality on the ground. That's the stage we're at currently.

I'll start, and I'll ask Daniel Nadeau to complete the answer.

We have arrangements with different agents of Parliament on different issues. With IT, we have certain arrangements with certain colleagues, and on other things we have other arrangements with other colleagues. We have these discussions all the time, and when we think bilaterally or collectively that there is an efficiency to be gained, we try to implement that.

I'll let Mr. Nadeau finish.

I would add that we share things on three levels. One level is from a facilities perspective. The second level is from a systems perspective. The third level is from a knowledge perspective.

On the knowledge side, as agents of Parliament, we get together at minimum on a monthly basis. As CFOs, for example, we have a conversation on a monthly basis as to what is going on, what the areas are where we could share certain things, either intelligence or resources, and things of this sort. There is an ongoing conversation at that level, which is quite useful.

On the facilities side, as the Commissioner mentioned earlier, two years ago four of us, four of the seven agents, moved into the same building. We have started sharing a number of things, whether a common mailroom, a common knowledge centre, or a library. We share boardrooms, for example. There are a number of things we share from a facility perspective.

From a systems perspective, again, we are always looking for efficiencies that can be made. We share the same financial system with the Office of the Information Commissioner. There are a lot of conversations that happen at that level.

We are web-hosting the platform for the Lobbying Commissioner, whom you will be talking to shortly as part of these sessions, I am guessing. We are always on the lookout for things that may be beneficial for the organization.

When we look at these things, I would say that our lens is threefold. First, are there cost savings to be made? Second, can we improve the services to one another? Third, can we reduce our exposure risk? Again, it is not easy having a small amount of resources dedicated to some of these key functions.

Often what we'll find is that the service level will improve or the risk will be reduced as a result of that. Cost savings, not so much...but as a result of it often we are better served, or we can at least have a decent level of service for our clients within our respective organizations.

In some aspects.... For example, on the IT side, our premises are shared with the Office of the Official Languages Commissioner. The IT folks for both organizations are sitting together. They share best practices, tools that we buy, and so on. There is always a conversation going on at that level.

Another example, which I didn't use, is that we share, with the same organization, the same regional office location, within the Toronto area. We have an office in the greater Toronto area, and so does OCOL. We are within the same area.

On security measures, for example, when you get into our building, there are a number of things that are shared from a security perspective with the other agents.

We are constantly looking at that to see if we can make our dollars go a little further and to make sure, as you said earlier, that we can reinvest them on the program side.

The notice that we currently receive voluntarily, which will be mandatory once Bill S-4 comes into force, comes into our PIPEDA investigation group. There is one person who receives these notices. In the notice from the organization, the company describes certain facts and tries to assess the impact. We review that. We give advice to the company.

When the case is particularly of concern, as we have seen in some cases, we can actually start an investigation, which is in the broader group of investigators within the PIPEDA group.

The vast majority of breaches will lead simply to reading the report given to us by the company in question and giving advice—or not, depending on the situation. In a minority of cases, a full investigation will occur.

Roughly, yes.

It's strategic and operational advice on how to mitigate and try to reduce this type of occurrence. If we saw what looked to us to be criminal activity, we would report it to the police but we would not investigate ourselves.

Agreed.

I'll ballpark these figures here. You have about $3 million that will be for the IM and IT components of the organization.

I'll just qualify. Earlier I said we centralize a number of functions. From an IT perspective, for example, we have tools and applications internally that service our programs. We have staff who support the delivery of these tools to make sure that the investigators have them. These work directly with the programs. For example, on the information management side, you'll have people who will receive all the complaints. They will handle them by scanning them and putting them into the system. Those are overhead costs but they are still part of the program.

No, but it's sitting in internal services basically.

We're looking at about $3 million of folks there. Part of it is true corporate and part of it is program-related.

As well, you'll have about $1 million that's dedicated to the financial function. I'll remind you that as a small organization and as an agent of Parliament we are audited by the Auditor General of Canada, which is unlike other smaller organizations. Because we're independent and autonomous it's part of the oversight of the organization, so we need to have strict and rigorous financial controls. I'm not saying that other small organizations don't have them. It's about $1 million from a finance perspective. You'll have as well about $0.5 million for strategic planning, audit, evaluation, and performance measurement. On that, again, as a small organization and an agent of Parliament, we have an audit committee that is made up of external members. That's part of the oversight of being a small organization. We have costs related to that that other small organizations do not have.

We'll have the oversight and management of the organization that's going to be about $1 million. This will include things like access to information, for example. It will also include the commissioner's office and things of this sort, the assistant commissioner, and so on. From memory I think we're around—

Yes, $5.5 million.

There is all the administrative side of things as well as security. That's about $0.5 million.