Information & Ethics Committee on Oct. 30th, 2018

Thank you very much.

My name is Trevor Bailey. I'm the Conservative Party of Canada's privacy officer. I'd like to thank the committee for inviting me here today to discuss our privacy policy, and I look forward to answering any questions you may have surrounding that policy.

I've been the privacy officer for the Conservative Party for approximately one year in addition to my role as director of membership for the party.

The Conservative Party of Canada has had a formal privacy policy in place, including the role of privacy officer, for approximately six years. Though I am relatively new to this privacy role, I've held senior positions in the membership and fundraising departments for the past seven years. In those roles, I've had or shared the responsibility to oversee our data, access thereto and its authorized distribution.

The privacy officer role is built around our party's commitment to protecting the privacy of Canadians. This commitment is important to the Conservative Party of Canada. That commitment includes taking great care to keep both confidential and secure all information in our possession that relates to the personal information Canadians willingly provide to us or is passed to us by Elections Canada as laid out in the Canada Elections Act. That information includes surname, given names, civic address and mailing address. Other information the party may ask for and receive from individuals, like an email address, phone number, gender and date of birth, is also information we include as covered by our privacy policy and is collected through our website or in response to a mail piece with that person's consent.

As part of our privacy policy, any person may unsubscribe from our email, mail or phone lists at any time using links provided in each email message, clicking on our privacy policy at conservative.ca or contacting the party directly.

As this committee would know, as a federal political party registered under the Canada Elections Act, the Conservative Party, including its electoral district associations, candidates, nomination contestants and leadership contestants, are subject to extensive regulation under that act, including in particular the public disclosure requirements for contributions over $200. As a result of these requirements, we collect personal information from donors and members when they contribute to our party or purchase a membership. You may also choose to provide us with personal information on a voluntary basis such as when registering for an event or signing a petition. We are required by law to keep records of donors for tax purposes.

The information the Conservative Party gathers, either directly from Canadians or as a result of legislative requirements, is used for communication purposes. As a political party, we believe it is very important to communicate with Canadians on a regular basis. We are a national organization, but we have a riding-based membership system, so personal information may be disclosed to local riding associations, candidates, nomination contestants or leadership candidates for the purposes of communicating with those persons.

There is some non-personal information that we track that is also included in our privacy policy for the additional information of Canadians. That non-personal information that may be collected through our website is collected through the use of web cookies with the purpose of informing the party about how people use our website in order to help us deliver better content for those users or to assist in general advertising efforts. We inform people in our policy about how to opt out of many of the advertising features used by sites like ours by adjusting their Google Ads settings or through free services like the Network Advertising Initiative's consumer opt-out page.

To wrap up, the Conservative Party employs a variety of security systems to safeguard personal information from unauthorized access, disclosure or misuse, and from loss or unauthorized alteration. The Conservative Party does not and will not sell personal information.

As I said in the opening, the commitment to protecting Canadians' privacy is important to us, and ensuring it's kept safe and secure is something we take great care in doing.

If there are any questions on this policy, I'd be happy to take them.

Thank you.

Thank you.

Honourable members of the committee and Mr. Chair, it is a privilege to be able to speak with you today. I want to thank you for the opportunity for the Liberal Party of Canada to be heard on these important issues.

My name is Michael Fenrick, and as I was introduced before, I serve as the legal and constitutional adviser to the national board of directors. That's a volunteer position. I'm also a riding chair for the riding in my home community of Parkdale—High Park, so I also have the experience of working for the party and volunteering for the party at a local level.

Both from serving on our party's board and from working closely with grassroots volunteers, I know the party takes the protection of personal information extremely seriously. I also know how the responsible use of data can significantly increase participation and engagement in our political process.

Today, I hope to speak to you about both of those priorities, and I look forward to answering your questions.

First, I want to outline our most fundamental commitment on these matters. The Liberal Party of Canada works very hard both during and between elections to engage as many Canadians as possible in our democratic process. Protecting their personal information is a priority for the party in all of its interactions and operations.

As part of that commitment, the Liberal Party of Canada has a clear and strict privacy policy in place, which is posted on all of the party's national websites, and it can always be publicly viewed at liberal.ca/privacy. The highest level of security is implemented for all data and records that are maintained by the party. The party does not sell any personal information. At all times the Liberal Party of Canada fully complies with all Elections Canada rules and regulations for political engagement and campaign activities as required by our campaign partners, who do the same.

Why does all of this matter? Because secure and accurate data is very important to how modern political parties operate and engage with Canadians. Like all Canadian political parties, the Liberal Party uses data to engage with voters. Understanding the interests and the priorities of Canadians helps us to speak to the issues that matter most to them and in turn mobilizes democratic participation in our country.

The importance of this objective truly can't be overstated. Political parties are not commercial businesses. We are not-for-profit voluntary associations defined in the Canada Elections Act as organizations whose fundamental purpose is to participate in public affairs by endorsing candidates for election. Our interests are very different from those of private sector entities to which federal privacy legislation applies. We promote candidates to Canadians. We're informed in part by information about eligible voters and in accordance with accepted privacy practices and safeguards, and we safeguard the information that Canadians entrust us with.

Using data to help engage voters isn't a bad thing; it's quite the opposite. It helps to ensure that political parties are in tune with what matters to the electorate and that more of us are involved in elections. For as long as there have been free and democratic elections, successful candidates have worked to build detailed lists of their supporters, to understand their priorities and return to them with an ask to help out at the polls.

Knowing what interests have motivated voters and who supports our party helps us deliver relevant information and policy positions to Canadians. For example, we know that more and more people, and especially young people, are seeking out news and information online. For parties to be relevant, we need to have a strong online presence and interact with Canadians through the mediums and on the platforms they are using. That's why in recent years innovative engagement on social media, online advertising and email communications has become increasingly important to our operations.

Where do we get the information we have about voters? Like the other registered political parties, we receive an electronic copy of the list of electors from Elections Canada each year. Under the Canada Elections Act, registered parties are authorized to use the lists to communicate with electors, including for the purposes of soliciting contributions and recruiting party members, in our case registered Liberals.

For all parties, using personal information contained in the list of electors in an unauthorized manner is a criminal offence under the act. It is punishable by a fine and up to two years of imprisonment. We take our obligations in this regard very seriously.

In addition, we work hard to identify, engage and mobilize potential supporters with phone calls, outreach events, door knocking, digital advertising, emails, petitions and more. Often we keep track of information about the issues that matter most to our supporters and to Canadians, and the information they express about whether they intend to vote for us. This information is recorded if it is volunteered by the individual voter and is used to inform the party's outreach efforts and political strategies at election time.

On occasion, limited types of data are purchased by the party to help us reach out and connect with more supporters and Canadians. For example, in the past we have purchased widely available phone book-type information or Canada Post address validation lists.

While we use social media to boost voter turnout, identify supporters through issues-based petitions and ask for fundraising support, the Liberal Party of Canada does not have access to specific Facebook accounts beyond those of our own social media channels.

Our party's primary voter-contact database is a system called Liberalist. Certain individuals, including MPs, riding association executives, candidates and campaign managers may request access to Liberalist. They can view the voter information for electors in their ridings.

Account holders are assigned certain levels of access based on our internal rules and policy, and must provide their name, email address, phone numbers, riding name and address. All account holders on Liberalist must agree to be bound by a Liberalist user agreement, which sets out the terms and conditions for using the system. A copy of that, I understand, is with the clerk.

Users must only use the data for the purpose of communication on behalf of the party with voters, donors and registered Liberals. They agree that they will not keep a copy of any of the data and will not share it with anyone else.

Yes.

I will take one moment to wrap up.

The Liberal Party of Canada also has a strict privacy policy in place. A copy has also been filed with the clerk of this committee. We think it is a best-in-class privacy policy for protecting the personal information of Canadians.

We hope this committee will seriously entertain submissions of the Liberal Party of Canada about the importance of political engagement as a guiding factor when considering these important issues.

Thank you.

Hello and good morning, members of the committee. My name is Jesse Calvert and I'm the director of operations for Canada's New Democratic Party. I want to thank you for the invitation to appear before you to discuss our work with data and our privacy policies.

The federal NDP and most of its provincial sections across the country all use software called Populus to interface with our respective databases of elector data, similar in principle to both the Conservative Party's constituent information management system and the Liberal Party's Liberalist. Of course, the NDP has a unique structure, wherein the federal party and the provincial sections share a formal affiliation with a common membership.

While both the federal party and the provincial sections use Populus as a way to interface with their databases, the databases themselves are not shared. Information about electors is retained by the section collecting the data and each section uses the voters list from their respective elections agency, which is the permanent voters list produced by Elections Canada in our case, as the backbone of their own database.

With regard to membership lists, this information is handled by a single point of contact at the federal party and counterparts in the provincial sections. Each instance of Populus is separate from each other.

Populus is a web application developed by a third party contractor. This same company also developed foreAction, which is used by NDP caucus members and staff to track constituent case work. These programs are totally separate. They do not speak to each other and party staff, like myself, have no access to the case work database.

In terms of the data that we collect, like other parties, we use the Elections Canada permanent voters list, our own membership and donation lists, contact information from petitions, public data, such as from the census, and data collected as a result of direct outreach operations. We only use this data in accordance with our needs as a registered political party, and we do not give it to third parties, as a matter of policy.

We do not use any kind of psychographic modelling. Any modelling or analytics we do is based on publicly available statistical information and not personal private information. Nothing we use for these kinds of analytical purposes is more specific than, say, polling data or census information.

We understand that privacy is a serious concern and we strive to abide by the principles of PIPEDA. We have a designated privacy officer at the federal NDP, and recently put into place an updated privacy policy, which can be viewed at NDP.ca/privacy.

Here are some examples of how the party protects Canadians' privacy.

Every user of Populus must agree to terms of use before they are able to access the NDP database. Internally, we have secure protocols that govern who can access our data, what they can access and when they can access it. We abide by a principle of minimal access and only give users access to data that is relevant to their needs. For example, organizers in a given riding only have access to data in that riding. We offer electors the option to unsubscribe in every communication we have with them and we have internal security protocols to ensure that, in the event of a data breach, subjects are notified promptly.

We are in the process of moving our data into the cloud using the same provider that the Communications Security Establishment uses for unclassified data. One gap between our practice and PIPEDA that is currently in place is that we are unable to provide Canadians with their data upon request and give them the ability to correct it. This is mostly due to a lack of a security protocol to verify the identity of individuals requesting their data. We are giving this problem a lot of thought to determine how to address it properly.

In solving one problem, we do not wish to create another one. It's for that reason that we support a legislative change that would give Canadians the right to request their data and to extend the PIPEDA coverage to political parties, as is already the case in British Columbia through their legislation, PIPA. We need a consistent set of clear rules on privacy and personal data that all parties can abide by.

Thank you again for the invitation. I look forward to your questions.

Certainly. Thank you, Mr. Chair.

There are really two elements to protecting the data. There is protecting against unauthorized access. We're talking about data breaches and attacks on our systems. That's obviously a continuing effort for us. We have a great team on that. That's not my expertise, but I do know that we have a very good data team in place. We test our systems constantly. We host in a very secure manner. We try to secure against any and all attacks. That's one side—the unauthorized access.

The other side, of course, is authorized access but inappropriate use. That would be where someone who has access in a limited capacity to the database would access information and use it in a way they were not authorized to do. We have significant policies and processes in place to minimize the impact or the opportunity for someone to do such a thing.

First and foremost is obviously limiting access to that data, so that, as my colleagues have mentioned, only people who have a need to access it have the opportunity to do so. Any of the information they do access is logged, and they are required to provide the reason for this access. If and when it's used in an inappropriate manner, we have methods, both internally and, if necessary, with the relevant authorities to.... We would co-operate fully with any investigation if there were any breach of our privacy policy or, of course, any loss.

There are two elements to it. As far as protecting our data, we have a great IT team for that. Our data security is a continuing matter. I was just talking this morning about some of the firewall protections that we're updating. The other side, which is where people have the key but want to use it in an inappropriate manner, is primarily where our policies come into play. Certainly, the procedure is that we limit the breadth of access to data that any one user can have at one time.

For our part, many of the same things that Mr. Bailey has spoken to apply equally with respect to the Liberal Party and its treatment of personal information. From the perspective of somebody outside the system gaining access, we regularly run training. We've developed a cybersecurity policy, and we regularly run training at all levels of the organization, in terms of trying to ensure that people are educated about how to avoid things like phishing scams, spoof email addresses and matters along those lines.

In addition to that, the Liberal Party's national director and the team at the head office here in Ottawa have met with the CSE in order to discuss best practices on how to secure Canadians' information. That includes using cloud-based email servers, which is what is recommended by the CSE. That has been implemented.

On the access by users who have been granted access, who are volunteers, there are a number of ways in which we protect that information. Probably the most important, though, is that it's a segmented database. You're only given access to the information on Liberalist that you need. That can be as little as a single poll or, in the case of somebody who is running a canvass, in fact, it could just be the canvass information for a particular block or two of a neighbourhood. Riding association presidents may have access to the entire riding. Very few people within the Liberal Party have access to the entire list of electors. Our database is segmented in order to ensure that only the access that you've been granted and that you need is given to you.

Unsurprisingly, much of what my colleagues have just said applies also to the New Democratic Party. We have a varying degrees of access protocol to ensure that folks who have access to the database only have access to the information that they require to do their tasks, and only a very small number of IT professionals have full access to the information.

We also have a terms of use policy that all users are required to read and understand and consent to before they are given access to their particular segment of the database. Also, as I mentioned in my opening statement, we are in the process of moving our database and our systems into the cloud, which will increase our ability to secure the information that is contained within it.

In terms of guarding against security breaches, we have a number of internal security protocols that are constantly under review and being developed and improved upon. We have ongoing threat monitoring to ensure that if a breach were to take place, we would be able to respond quickly, swiftly. We have protocols for notification, if such a situation were ever to arise to ensure that the folks whose information might have been compromised are informed of that situation.

I could start off on that one.

You're absolutely right. They are separate. They are different. We currently operate under a different legislative situation, with PIPEDA coverage for private companies and not covering us as political parties.

My role with the party is to enforce our privacy policy as written, and currently it does not come up to full PIPEDA compliance, which I believe might be the suggestion there. We certainly cover all our legal requirements and we follow everything as laid out in the privacy policy, but the decision as to whether or not we should implement or change the legislative background that covers us as political parties, I leave to Parliament and to you, as a committee. We're here to enforce the rules as written, and if there's a new rule basis that comes in and takes effect for how we need to operate, then we would certainly come into compliance.

I don't have an opinion as to whether it would be required or not.

Once again, as you mentioned, there was a lot of concern around third parties and their involvement. We certainly share that concern, and we want to make sure we have fair elections in this country, obviously. We play a large part in that, and we want to continue to be able to participate in the democratic process as fully as we possibly can.

That being said, as for whether there should be oversight by the Privacy Commissioner or enforcement of PIPEDA across political parties, once again I would leave that to Parliament to make that decision. My role as director of membership and privacy officer is to protect our lists, to make sure we take good care of them and to make sure everyone is treated fairly and evenly.

If anything above and beyond that came from Parliament, we would certainly come into compliance. As for whether we should, once again, I would leave that up to Parliament.

From the Liberal Party of Canada's perspective, obviously it's a critical issue that we need to address in terms of third parties. I've already outlined some of the ways in which we are trying to both address those issues and constantly improve on them within the Liberal Party.

On the issue, more broadly, of PIPEDA's application to political parties, I think we would hope that one of the serious considerations that this committee would take under advisement is the fundamental difference—I would say, founded in the Charter of Rights and Freedoms—between political participation or engagement and commercial activity. Our courts have recognized that in a number of places, including in protection of freedom of speech, etc.

If we are going to develop rules, we need to develop rules that work for all people who participate in the political process in this country. I say that from the perspective of a party that had approximately 80,000 volunteers, I think, in the last election. We need rules that work for the volunteer who's an 18-year-old, just got interested in politics, belongs to a campus club and is signing up his friends, all the way to more sophisticated people who have worked on a variety of campaigns.

From our perspective, whatever rules are developed need to recognize that fundamental reality, that political parties are voluntary associations of volunteers, fundamentally, and that there are hundreds, if not thousands, of volunteers to every paid staff member. It would be a real disincentive to participation in the political process if people could face the kinds of penalties that exist for corporations, for instance, for non-compliance under PIPEDA. It would actually have a chilling effect, I believe, on our political process to do so.

The New Democratic Party seriously believes that Canadians deserve to have trust in their democracy and to have trust in their political parties. We think that the only way to increase this trust and to increase transparency is to ensure that, first, all political parties are playing by the same rules, and second, there is the ability for oversight into the way the internal policies of the party are applied. It's for that reason that we have been calling, again and again, for the inclusion of political parties within the PIPEDA framework.

I do agree that there are differences between the way political parties do their work and the way other types of organizations do their work, and certainly there should be thought and consultation when moving toward a framework, but we are very clear. We do think parties should be included in PIPEDA. We do hope the government moves toward that goal. We believe that will increase the trust Canadians can have in the security of their information and their trust in their democratic process.

I'll start off once again. Thank you.

We have a very similar process to that laid out by my colleague Mr. Fenrick. We receive our data from four main sources. We're very up front about all of these.

The primary one we don't purchase. It's provided to us as part of the electors list from Elections Canada. That is 90% of our data. It is the information about who is an eligible voter. That makes up the lion's share of what we have in our system.

We do purchase data from two sources. One is InfoCanada. It's basically the white pages. We buy the phone book, so we get some phone numbers to match up with those constituents who we get from the list of electors. The second one we purchase from is Canada Post's change of address list, so that our lists are as up-to-date as possible, because that is issued more frequently than the list of electors. We try to reconcile those two. That is it. We don't purchase from any other source.

The fourth source of data, I think we should make clear, is that which is provided voluntarily, primarily by our supporters, but sometimes by our non-supporters, when they make a contribution, show up at an event, purchase a membership, or if they were to contact us and indicate their support one way or another, or answer a phone call, survey or something of that nature. The only place we purchase data, to be very clear, is InfoCanada, which is the white pages, and—

The Liberal Party of Canada is very consistent with what my friend from the Conservative Party just said. Mainly things like phone book information and Canada Post information are examples. Much of this, for instance, Canada Post information, is purchased in large part in order to validate donors and ensure that we are compliant with our obligations under the elections act when we're accepting donations. There are a lot of reasons that we buy. It's not just to communicate, but that is an important part of it, obviously.