Hello and good morning, members of the committee. My name is Jesse Calvert and I'm the director of operations for Canada's New Democratic Party. I want to thank you for the invitation to appear before you to discuss our work with data and our privacy policies.
The federal NDP and most of its provincial sections across the country all use software called Populus to interface with our respective databases of elector data, similar in principle to both the Conservative Party's constituent information management system and the Liberal Party's Liberalist. Of course, the NDP has a unique structure, wherein the federal party and the provincial sections share a formal affiliation with a common membership.
While both the federal party and the provincial sections use Populus as a way to interface with their databases, the databases themselves are not shared. Information about electors is retained by the section collecting the data and each section uses the voters list from their respective elections agency, which is the permanent voters list produced by Elections Canada in our case, as the backbone of their own database.
With regard to membership lists, this information is handled by a single point of contact at the federal party and counterparts in the provincial sections. Each instance of Populus is separate from each other.
Populus is a web application developed by a third party contractor. This same company also developed foreAction, which is used by NDP caucus members and staff to track constituent case work. These programs are totally separate. They do not speak to each other and party staff, like myself, have no access to the case work database.
In terms of the data that we collect, like other parties, we use the Elections Canada permanent voters list, our own membership and donation lists, contact information from petitions, public data, such as from the census, and data collected as a result of direct outreach operations. We only use this data in accordance with our needs as a registered political party, and we do not give it to third parties, as a matter of policy.
We do not use any kind of psychographic modelling. Any modelling or analytics we do is based on publicly available statistical information and not personal private information. Nothing we use for these kinds of analytical purposes is more specific than, say, polling data or census information.
We understand that privacy is a serious concern and we strive to abide by the principles of PIPEDA. We have a designated privacy officer at the federal NDP, and recently put into place an updated privacy policy, which can be viewed at NDP.ca/privacy.
Here are some examples of how the party protects Canadians' privacy.
Every user of Populus must agree to terms of use before they are able to access the NDP database. Internally, we have secure protocols that govern who can access our data, what they can access and when they can access it. We abide by a principle of minimal access and only give users access to data that is relevant to their needs. For example, organizers in a given riding only have access to data in that riding. We offer electors the option to unsubscribe in every communication we have with them and we have internal security protocols to ensure that, in the event of a data breach, subjects are notified promptly.
We are in the process of moving our data into the cloud using the same provider that the Communications Security Establishment uses for unclassified data. One gap between our practice and PIPEDA that is currently in place is that we are unable to provide Canadians with their data upon request and give them the ability to correct it. This is mostly due to a lack of a security protocol to verify the identity of individuals requesting their data. We are giving this problem a lot of thought to determine how to address it properly.
In solving one problem, we do not wish to create another one. It's for that reason that we support a legislative change that would give Canadians the right to request their data and to extend the PIPEDA coverage to political parties, as is already the case in British Columbia through their legislation, PIPA. We need a consistent set of clear rules on privacy and personal data that all parties can abide by.
Thank you again for the invitation. I look forward to your questions.