One of the big problems is thinking that with Bill C-51, privacy is going to be protected because the Privacy Act applies. The broad authorization for information sharing in SCISA itself seems to capture a lot of what section 8 does. I don't have the act in front of me, but any analysis of this issue has to start from the proposition that compliance with section 8 does not mean compliance with the charter. All sorts of information sharing could be consistent with those disclosure provisions or the use provisions in section 7 or section 8 of the Privacy Act, as it currently stands, yet still violate the charter.
I'm not sure, as a matter of legislative drafting, if you want to change those provisions or just indicate somewhere that in some circumstances this is going to raise charter issues, because it won't necessarily or in all circumstances. The Privacy Act regulates collection, usage, and disclosure of personal information. Not all of that is going to meet a constitutional threshold for the reasonable expectation of privacy. That's the tricky part. When you're contemplating information sharing, particularly in those contexts where the individual is in that coercive relationship with the state, you have to be incredibly mindful that there are charter issues at stake. How can that be built in?
That's why we were arguing that you need an interpretive principle saying that this was meant to be consistent with the charter and build in charter review. Perhaps something could be written into section 8 that this must also be consistent with the charter. You want to build up expertise somewhere of people who understand what the jurisprudence is saying about uses and disclosures of information. When they trigger charter violations, what does that mean? Do you need prior authorization? Is it an issue of safeguards? What do those safeguards mean? Make sure those information processes are compliant from the start so that some person doesn't luck out and find out about this process and then have to go to court 10 years later. You build in charter compliance from the start.