Information & Ethics committee  You refer to the example of the incident involving Canada's Communications Security Establishment. I would start by saying that the government claims—and I have no reason to dispute that claim—that metadata, particularly in a foreign intelligence context, is necessary to identify threats.

Information & Ethics committee  The short answer is no. What I think we should all try to achieve is a mechanism that provides a quick, final decision to individuals who seek access or privacy rights, together with a system that is sustainable. As to arguments around whether the hybrid model creates risks of conflicts of interest and so on, I think such arguments would simply delay things, creating judicial debates that are not necessary.

Information & Ethics committee  I'll give you a few and I'll ask my colleague Patricia Kosseim to complete the list. We say “including” because this kind of discretion exists under PIPEDA. We can manage our work volume, essentially, by refusing to handle certain complaints on various grounds, including if a complaint is frivolous or vexatious.

Information & Ethics committee  Absolutely.

Information & Ethics committee  We would say that judicial review would be an appropriate remedy. I would say that this type of discretion exists with many tribunals. It may raise issues of access to justice, or access to a response on the merits of the complaint. I recognize this. However, many tribunals, administrative or judicial, are given the authority to balance access to justice with certain limitations where giving access to one individual might actually impede access by others.

Information & Ethics committee  In an information-sharing context, there are two parties. There is a sending institution and there is a recipient institution. For the recipient institution, the information-sharing transaction is actually a collection exercise, so necessity may not apply to the sending institution, but it applies to the recipient institution.

Information & Ethics committee  Yes.

Information & Ethics committee  I will say yes. Certainly, retention at the level of principles should be governed by.... Yes, the necessity to keep that information for a lawful government program, that should ultimately be the test.

Information & Ethics committee  There are two things. To deal with the easier question first on the privacy ad hoc mechanism, in 2007 the OPC became subject to the access provisions of the Privacy Act and the Access to Information Act. We had to provide information, as departments, which then led to, if according to an individual we do not act in a way consistent with this legislation, who do people complain to?

Information & Ethics committee  Yes, essentially on the basis that here we're dealing with.... Tribunals federally are subject to judicial review, as you know. There is a special remedy in the Privacy Act, which is a de novo review of an access request. That's a current remedy in the act. Why was that remedy created?

Information & Ethics committee  In our submission, then, if there were a charter violation, there would be damages according to section 24 of the charter, but otherwise not.

Information & Ethics committee  First of all, necessity would apply to the collection of information. For information sharing, our recommendation is that there be agreements with certain content, which I won't go into, but necessity is not one of the conditions of our information-sharing agreements. There should still be a link between the objective of the program, the information to be collected, and so on.

Information & Ethics committee  The current act already does have a number of standards, so consistency where it applies and then other standards in other situations. For instance, one of the provisions that authorizes information sharing is in court proceedings in order to respond to a subpoena. There's no gradation here.

Information & Ethics committee  That's a good question. At a minimum we would find that the transaction was not in accordance with privacy law. To the extent that it's not too late to remedy the situation, one could think about how to frame the order making to provide for that situation. I don't have a precise recommendation to make, but it may be that it's too late.

Information & Ethics committee  We say that the statutory standard should be necessity, but we also recommend that you consider defining necessity. In our recommendation we define necessity, in part, through proportionality. At the end of the day, both necessity and proportionality would be part of the standard.