Information & Ethics committee  We ask departments or agencies to look at every step in their proposed program or the proposed measures in the light of the Privacy Act as well as what we call the fair information principles. It has been said to us that strictly speaking these aren't part of the Privacy Act, and that's true, but these are the modern iterations of good data protection standards in the light of their impact on individuals' privacy in terms of keeping the personal information private.

Information & Ethics committee  Starting with the Francophonie and the Asia-Pacific area, perhaps?

Information & Ethics committee  I'll start with the Asia-Pacific, and then maybe my colleague can continue with the Francophonie, and then we can come back to the others. Asia Pacific Privacy Authorities, or APPA, was started by New Zealand, Australia, and Hong Kong, who have similar world standard legislation, to try to get some momentum going in terms of data protection in that area of the world.

Information & Ethics committee  Yes. Thank you for that question. Indeed, in reading that, I was very surprised at that reasoning, because while in a sense it is true, yes, that the commercial entities are not covered by the charter, more and more we are looking to try to converge the standards for personal information handling between the public sector and the private sector.

Information & Ethics committee  Well, “obliged” means departments should do it, but one of the things we've been concerned about is that there's no clear sanction if they don't do it. There are a number of policies. Senior officials will say there are so many policies in the government that it's hard to comply with them all, but we are increasingly concerned about policies that are honoured in the breach.

Information & Ethics committee  Perhaps I could ask my colleague, because she's actually talking to Treasury Board.

Information & Ethics committee  This matter does fall under our jurisdiction since this is an international matter. However, that does not exclude the fact that Quebec could also have jurisdiction over this matter. We want to work in a collegial way with our colleagues. And in the pursuit of friendly relations, we work in a complementary fashion.

Information & Ethics committee  I am going to ask my colleague to reply because she supervises the administration of complaints in this area. She may have information on this topic.

Information & Ethics committee  I certainly don't, and I don't know that my mandate would give me the authority to ask exactly what their protocols are. My colleague has worked in national security for a while. Can you respond?

Information & Ethics committee  Yes. There is an oversight authority over CSE who used to be a retired judge of the Supreme Court. I'm just trying to think...Monsieur Gonthier, but he just died recently. So there is some oversight built into it. And we met with Mr. Justice Gonthier about two years ago. He just wanted to be sure that he was applying the Privacy Act the same way as we were.

Information & Ethics committee  No, not the problems involving Aeroplan specifically. However, we did discuss these matters a few years ago in one of our conclusions where we said that a credit card company affiliated with a major bank—

Information & Ethics committee  Exactly. It was transferring data concerning Canadians to the United States for processing. We concluded that since this had been explained when the credit card was obtained, this fell within the parameters of Canadian law and that the company or the bank in question had taken all the measures necessary to prevent illegal access.

Information & Ethics committee  My recollection is that we were consulted several times on this. This dates back a certain time, but we certainly were consulted on it. In fact, we are regularly consulted on the development of Treasury Board guidelines that have to do with personal information protection. We have an ongoing relationship with that unit, which is usually under the supervision of my colleague Chantal Bernier.

Information & Ethics committee  No, we don't. We're happy that there are policies, but policies are not law and policies are often of uneven application. It's clear, if it is a policy, that as a policy it's not quite as compulsory. A lot of our efforts--to which this committee has been a partner--are taking some of these existing policies and saying that if this is government policy, why couldn't it be in an updated Privacy Act?

Information & Ethics committee  We could provide that to you.