Evidence of meeting #30 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was rcmp.

A recording is available from Parliament.

On the agenda

MPs speaking

Also speaking

Robert Mundie  Director General, Corporate Secretariat, Canada Border Services Agency
Rennie Marcoux  Chief Strategic Policy and Planning Officer, Royal Canadian Mounted Police
Michael Peirce  Assistant Director Intelligence, Canadian Security Intelligence Service
Stefanie Beck  Assistant Deputy Minister, Corporate Services, Department of Citizenship and Immigration
Dan Proulx  Director, Access to Information and Privacy Division, Canada Border Services Agency
Commissioner Joe Oliver  Assistant Commissioner, Technical Operations, Royal Canadian Mounted Police

12:05 p.m.

Assistant Deputy Minister, Corporate Services, Department of Citizenship and Immigration

Stefanie Beck

Shared Services Canada is responsible, of course, but in fact I thought the same did apply to federal data. Certainly when we're undertaking procurement for systems that will have data about Canadians on them, we specify that the servers need to be in Canada.

12:05 p.m.

Liberal

Joël Lightbound Liberal Louis-Hébert, QC

Okay.

12:05 p.m.

Assistant Deputy Minister, Corporate Services, Department of Citizenship and Immigration

Stefanie Beck

I would just add that our missions abroad are deemed to be in Canada. For a Canadian embassy in Costa Rica, the servers that are in that mission are deemed to be in Canada.

12:05 p.m.

Liberal

Joël Lightbound Liberal Louis-Hébert, QC

I don't know if anyone has anything to add on this.

I'll go to my next question. I think Mr. Kelly touched upon it. We have heard from a lot of witnesses who suggest that a necessity test would be appropriate. I would like to hear more about the impact that a necessity test for the collection of personal information would have on your various agencies, instead of what is currently in section 4 of the Privacy Act, which relates directly.

Again, we can start with CBSA.

12:05 p.m.

Director, Access to Information and Privacy Division, Canada Border Services Agency

Dan Proulx

It's a good question.

On a necessity test, I would say that the principle is already embedded in what we do every day. We don't collect information which we have no legal authority to collect. And we don't use it for a purpose for which we should not be using it.

A necessity test, in theory, seems to be a good idea; in practice, I'm not sure how you would apply it, especially with the vast amount of information that we all collect to fulfill our mandates.

Whatever the test, if ever it were embedded in legislation, would have to be operationally feasible, because you have to be able to collect information in real time. I don't know how that would also affect past collection, when the legislation is introduced. Would you have to go back and do a necessity test, or prove that you do indeed have a need to collect that information, or would it start when the new legislation is implemented? There are a lot of unknowns.

My main preoccupation would be for operational reasons. How do you practically implement that and make it work?

12:05 p.m.

Liberal

Joël Lightbound Liberal Louis-Hébert, QC

Mr. Oliver.

12:05 p.m.

A/Commr Joe Oliver

Much of our collection is actually judicially authorized. We've presented cases to a judge indicating a compelling reason for us to pursue very specific targeted and focused information under warrant or under production order.

I would say, and I go back to the point that I raised earlier, that if this section were supported, how it would be crafted would be important to us. As I mentioned earlier, we pursue evidence wherever the evidence exists, whether that is DNA, a breath sample, a hair fibre, travel information, financial information, or video surveillance. To create a prescriptive list may limit our ability to deliver our mandate.

If we can demonstrate necessity and show that it's important in the context of proving the elements of an offence in a criminal prosecution, I think that would be the necessity test for us by linking it back to reducing crime, preventing crime, and prosecuting offences. Again, it depends on the evidence that's available, and we would chase the evidence.

12:10 p.m.

Conservative

The Chair Conservative Blaine Calkins

Thank you very much, Mr. Oliver and Mr. Lightbound.

That ends our seven-minute round.

We're now going to proceed to five-minute sessions for questions and answers. Mr. Jeneroux is going to start us off.

12:10 p.m.

Conservative

Matt Jeneroux Conservative Edmonton Riverbend, AB

Wonderful.

Thank you all for being here and for taking time out of your obviously busy schedules to spend with us, and thanks to all your staff who helped prepare a lot of this as well.

I want to follow up on Mr. Lightbound's initial line of questioning on the privacy impact assessments.

I'm curious about whether, through some of these impact assessments, any of the negative results that have come back have impacted any policy or program that they are, I guess, assessing.

Whoever wants to start may go ahead.

12:10 p.m.

Assistant Deputy Minister, Corporate Services, Department of Citizenship and Immigration

Stefanie Beck

I think what is most useful in that process, which includes a necessity test, by the way, for a privacy impact assessment—a “necessity of collection” is part of it. In our conversations with, for instance, the Office of the Privacy Commissioner, when we explain what a new program is going to look like, I can recall that in one circumstance they asked why we would expect to retain the documentation for such a long period of time.

In that particular circumstance, we were talking about citizenship. To determine citizenship, we often have to go back several generations. We had to explain why we retain data on file for 150 years, in some cases.

It's that kind of back-and-forth that gives clarity to them and gives us pause, frankly. It makes us think for a moment about whether we really need to retain it, or whether, while it was a circumstance that was necessary 20 years ago that, for some other reason, we can change now because, for instance, of new technology that would enable us to trace in a different way.

Yes, it is a useful process.

12:10 p.m.

Assistant Director Intelligence, Canadian Security Intelligence Service

Michael Peirce

I can confirm that response. It is a productive relationship with the Office of the Privacy Commissioner. In doing impact assessments, that back-and-forth is very constructive for us in identifying issues that we need to address. There may be issues with which, when they are seen from a different angle, from the Privacy Commissioner's angle, we can understand there's a challenge and then decide that we should fix it and address it.

It's the back-and-forth, by and large, that's the most productive thing.

12:10 p.m.

Conservative

Matt Jeneroux Conservative Edmonton Riverbend, AB

Just quickly, you can confirm, then, that it has assisted in developing certain policies or procedures?

12:10 p.m.

Assistant Director Intelligence, Canadian Security Intelligence Service

Michael Peirce

Absolutely.

Could I very quickly just respond to a previous question, because I didn't have the opportunity to address it. It's the question of necessity.

We already have a necessity test in our act. Section 12 of our act says:

(1) The Service shall collect, by investigation or otherwise, to the extent that it is strictly necessary...

and it goes on to say that this is for the purposes of national security.

So that strict necessity test is already built into our legislation. We wouldn't in that respect have the same transition problems that others may have.

12:10 p.m.

Conservative

The Chair Conservative Blaine Calkins

We'll resume, then, with your time, Mr. Jeneroux.

We'll hear from the RCMP.

12:10 p.m.

Chief Strategic Policy and Planning Officer, Royal Canadian Mounted Police

Rennie Marcoux

Perhaps I could just answer quickly by referring to one of the programs for which we did a privacy impact assessment. It's listed in our annual report. It's called the Identity Insight program. It's software that enables the real-time analysis of operational data from multiple sources. It has helped, over time, as is stated there, to “facilitate the research, analysis... to enhance the de-confliction of person entities”.

In other words, I think it has helped to clarify the association, the individual, and their identity. I would say, then, that it has improved our ability to make sure we have the right person.

12:10 p.m.

Director, Access to Information and Privacy Division, Canada Border Services Agency

Dan Proulx

In regard to privacy impact assessments, we really appreciate the interactions we have with the Office of the Privacy Commissioner. We have regular dealings with them.

We like to engage them early in the development of a privacy impact assessment to get their ideas and to see what they think about how we should go ahead with our program or activity.

Any time we do a PIA at CBSA, we do what's called an action plan. The action plan basically identifies certain levels of deficiencies in the program or activity, and we work with the OPC to come up with solutions to address those.

The recommendations that they give to the agency will have an impact on the delivery of the program. I have not, in my experience, seen one actually stop the delivery of a program or activity, but definitely they have made changes to how we conduct our business.

12:15 p.m.

Conservative

Matt Jeneroux Conservative Edmonton Riverbend, AB

Terrific.

I have about 30 seconds. Is that correct, Chair?

12:15 p.m.

Conservative

The Chair Conservative Blaine Calkins

Yes. I'll be liberal with you, sir.

12:15 p.m.

Conservative

Matt Jeneroux Conservative Edmonton Riverbend, AB

I appreciate that—small L.

Ms. Beck or Ms. White, you didn't indicate your percentages of compliance. Do you have your compliance rate?

12:15 p.m.

Assistant Deputy Minister, Corporate Services, Department of Citizenship and Immigration

Stefanie Beck

It's sixty-nine per cent within 30 days, 27% in 31 to 60 days, and the balance, in excess of 60 days, would be about 4% of our 15,292 requests.

12:15 p.m.

Conservative

Matt Jeneroux Conservative Edmonton Riverbend, AB

Right. It's safe to say, then, that the foreign nationals piece has you worried about reaching that existing 69% that you have now. You're worried that it may drop lower.

12:15 p.m.

Assistant Deputy Minister, Corporate Services, Department of Citizenship and Immigration

Stefanie Beck

Some of those, of course, would be transformed, if I can describe it this way, from ATI requests into P, notwithstanding, I think, that with the $2.8 million, and the fact that it's free, and you could do it online from anywhere.... I don't know that we would see a corresponding drop on the access side.

12:15 p.m.

Conservative

Matt Jeneroux Conservative Edmonton Riverbend, AB

I'm out of time, but I would just like to let the rest of you know that I will be coming back with a question on that to you in the next round of questioning.

12:15 p.m.

Conservative

The Chair Conservative Blaine Calkins

Okay, thank you very much.

Mr. Saini, go ahead, please.

October 25th, 2016 / 12:15 p.m.

Liberal

Raj Saini Liberal Kitchener Centre, ON

Thank you very much, all of you, for being here.

It's very interesting, and it's unfortunate that we have only two hours. I think we could have easily spent two days asking you all the questions.

One question I want to ask is a question I have asked of other agencies, but I think it's more pertinent with the agencies that you represent, because each one of you deals internationally. This question picks up on the question that Mr. Blaikie brought up about international sharing agreements.

Mr. Oliver, you quite rightly pointed out that it's very difficult to have an agreement with every single entity in a different country. For the other agencies, I think it's a little bit easier because they're dealing with one entity, but when you deal with another jurisdiction, there might be multiple layers of different agencies that you have to deal with.

When you are dealing with another country that you have a written sharing agreement with, what confidence do each of you have that the information that you share is confidential and that there's a robust regime or a repository as strong as ours to make sure that information is confidential, especially when you're dealing with a Canadian citizen?

The second question is, if you have a written sharing agreement with one entity or one jurisdiction, there may be another country that has a separate deal with them that we don't have. What guarantee do we have that the information that we have given to one country, with whom we have a written sharing agreement with, does not get passed on to another country, with whom that country may have an agreement?