Memorandum of Understanding Regarding Coordination of Activities

Between

The Office of the Privacy Commissioner of Canada;

And

The National Security and Intelligence Review Agency.

Hereinafter referred to as “the Parties”.

PREAMBLE

Whereas subsection 15.1(1) of the National Security and Intelligence Review Agency Act (NSIRA Act) states that when fulfilling its mandate under any of paragraphs 8(1)(a) to (c), the National Security and Intelligence Review Agency (“Review Agency”) may coordinate its activities with those of the Privacy Commissioner (“PC”) under subsection 37(1) of the Privacy Act to avoid any unnecessary duplication of work;

Whereas subsection 37(5) of the Privacy Act provides that the PC may coordinate his or her activities under subsection 37(1) with those of the Review Agency under any of paragraphs 8(1) (a) to (c) of the NSIRA Act to avoid any unnecessary duplication of work;

Whereas for the purpose of coordinating their activities as mentioned above, the Review Agency has the legal authority to provide information to the PC pursuant to subsection 15.1(2) of the NSIRA Act and the PC has the corresponding legal authority to provide information to the Review Agency pursuant to subsection 64(3) of the Privacy Act;

Recognizing that it is in their common interest for the Parties to coordinate their mandated activities and to benefit from the expertise of the other Party;

Recognizing that there is a public interest in strong and effective review in these areas, and that there are benefits for departments and agencies in the security and intelligence community when the Parties coordinate on privacy issues; and

Recognizing that it would be beneficial to enter into a Memorandum of Understanding (MOU) to set out the parameters for future coordination between the Review Agency and the PC and to ensure transparency of the coordination efforts of the Parties.

THEREFORE, THE PARTIES AGREE TO THE FOLLOWING:

1. Objectives

1.1 The objectives of this MOU are:

1. to ensure that the collaborative work of the two Parties is planned, conducted and reported in a coordinated fashion, in keeping with each Party’s respective mandate and purpose,
2. to allow each party to contribute in accordance with their respective areas of expertise and to benefit from the expertise of the other Party, allowing for more effective review in these areas,
3. to establish procedures for initiating coordination, defining the roles and responsibilities, and setting out the parameters for information management, reporting and administration, and
4. to provide transparency to inform the public, parliamentarians and government institutions on the coordination efforts of the Parties.

2. Procedures for ongoing coordination and for exchange of information

2.1 The Parties agree to maintain open lines of communication in order to identify as early as possible matters for which the coordination of activities would be appropriate.

2.2 Each Party will designate up to two primary contacts for the purpose of initiating coordination and other communications under this MOU.

1. The primary contacts for the PC shall be the Director of the Privacy Act Compliance Directorate and the Director of the Government Advisory Directorate;
2. The primary contacts for the Review Agency shall be Director of International Review and the Director of Domestic Review.

2.3 The Parties shall establish a joint liaison committee to address issues of mutual interest as the parties may determine. The joint liaison committee will make reasonable efforts to meet quarterly, but shall meet at least once every twelve (12) months. The committee shall be co-chaired by a designated representative of each of the Parties.

2.4 Where:

1. the Review Agency has reason to believe that a matter that may be subject to review pursuant to paragraphs 8(1)(a) to (c) of the NSIRA Act relates to a matter that would equally fall within the mandate of the PC under the Privacy Act; or
2. the PC has reason to believe that a matter that may be subject to investigation pursuant to subsection 37(1) of the Privacy Act relates to a matter that would equally fall within the mandate of the Review Agency under the NSIRA Act:
   
   The Parties may write to the appropriate primary contact to advise of the matter and representatives of the Parties may meet to discuss the matter.

2.5 With a view to avoiding duplication of work, representatives from the Parties may provide each other with information concerning their respective activities. This includes, but is not limited to, preliminary discussions concerning matters that may fall under the relevant mandate of both Parties, providing copies of reports produced by the Parties, providing general updates, review plans, and sharing lessons-learned; and

2.6 Representatives from the Parties may bring to one another’s attention the existence of specific documents, that were obtained from departments and agencies, which are considered relevant to the mandate of the other party. Such documents may be described and discussed to such an extent as is necessary for the other party to assess its need to review the document.

2.7. Before sharing Protected, Classified or potentially privileged information with the OPC, NSIRA shall consult with relevant departments and agencies.

3. Where a decision is made to conduct a joint review or investigation

3.1 If a decision is made to conduct a joint review/investigation, the Review Agency’s primary contact shall write to the PC confirming that:

1. a review pursuant to paragraphs 8(1) (a) to (c) of the NSIRA Act has been or will be initiated; and
2. the Review Agency agrees that conducting a joint review/investigation is appropriate in the circumstances.

3.2 If a decision is made to conduct a joint review/investigation, the PC’s appropriate primary contact shall write to the Review Agency confirming that:

1. an investigation pursuant to subsection 37(1) of the Privacy Act has been or will be initiated; and
2. the PC agrees that conducting a joint review/investigation is appropriate in the circumstances.

3.3 In accordance with section 31 of the Privacy Act, and pursuant to NSIRA’s review mandate under section 8 of the NSIRA Act, the Parties will notify the head of the government institution(s) that will be the subject of the joint review/investigation.

4. Roles and responsibilities when conducting a joint review/investigation

4.1 Each Party shall ensure that its work is carried out in accordance with its respective legislation, policies and practices.

4.2 The Parties will decide if one of the Parties should take the lead in relation to the joint review/investigation activities for a particular matter, and if so, which Party.

4.3 Before sharing Protected, Classified or potentially privileged information with the OPC, NSIRA shall consult with relevant departments and agencies.

4.4 Where useful and appropriate, the Party identified to be the Lead may designate a representative for coordinating the collection of information to avoid duplicating demands on the subject(s) of coordinated review/investigation activities. This may include:

1. Scheduling joint interviews of the subject(s) of review or other relevant third parties; or
2. In accordance with clauses 2.5 and 2.7, sharing copies of documents that are deemed pertinent to the joint review.

4.5 Notwithstanding 4.4, the Parties may separately collect information relevant to their respective review or investigation, as required.

4.6 The Parties and their representatives will consult with each other throughout their respective review or investigation.

4.7 A Party may draw upon the expertise of the other Party to inform an element of their review or investigation.

4.8 None of the foregoing precludes the Parties from developing separate Terms of Reference for coordinating review/investigation activities in relation to a particular matter.

4.9 A Party may decide to terminate a specific joint review/investigation activity at any time by giving written notice to the other party.

4.10 Specific areas of cooperation and related parameters of coordinated review/investigation activities may be annexed to this MOU, all of which forms an integral part of this MOU.

5. Reporting on a joint review/investigation

5.1 The Parties may report separately on their joint activities. Where useful and appropriate, the Parties may issue a joint report.

5.2 Where a joint report is anticipated, there will be an opportunity for senior executives from both Parties to discuss the report and to make representations for amendments, if required, prior to the finalization of the joint report.

5.3 At any point, it may be determined that a joint report is not feasible. In this case, the Parties agree to consult with each other on their respective reports and to provide the other Party with an opportunity to review their report and to make representations prior to finalizing their report.

6. Collaboration outside the context of coordinating activities

6.1 In keeping with the spirit of collaboration, maximizing expertise and avoiding duplication, the Parties may collaborate outside the context of coordinating activities pursuant to section 15.1 of the NSIRA Act and subsection 37(5) of the Privacy Act. This may include, but is not limited to, providing guidance or information on technical or investigative techniques or general interpretation of principles.

6.2 Where sharing information in this context is not expressly authorized by law, each Party will seek consent from affected government institutions before sharing Protected, Classified, confidential or potentially privileged information.

7. Information Management

7.1 The Parties agree to share information, pursuant to their mandates, to the greatest extent possible in order to achieve the objectives of this MOU.

7.2 Information shared shall only be used for the purpose of furthering either the Review Agency or the PC’s investigation or review, or related actions to those activities.

7.3 The Parties agree to maintain appropriate safeguards to protect information and records obtained or created and to act in conformity with the applicable federal legislation, policies and guidelines concerning the collection, retention, use, disclosure and disposal of such information and records.

7.4 For greater certainty, the Parties agree that:

1. Only representatives that have the appropriate security clearances and indoctrinations can participate in coordinated activities and representatives will respect the “need to know” principle; and
2. Classified information must be handled and stored in accordance with the Treasury Board Secretariat requirements noted in the Directive on Security Management under the Policy on Government Security.

7.5 None of the foregoing precludes either Party from maintaining its own files to support its respective review.

8. Third party access to records

8.1 The Parties will oppose, to the fullest extent possible, any application by a third party for access to, or disclosure of information/documents received from the other Party, unless that Party consents to its release. Where a Party receives such an application, it will notify the other Party forthwith.

9. Administration

9.1 This MOU comes into force on the date of the last signature.

9.2 This MOU can be modified with the written consent of the Parties at any time. In particular, this MOU may be modified after the completion of Parliament’s statutory review of the NSIRA enabling authority, the National Security Act, 2017.

9.3 This MOU is an administrative understanding between the Parties and is not intended to be legally binding or enforceable before the Courts.

9.4 Either Party may terminate this MOU by giving at least a 30 days’ written notice to the other party.

9.5 Termination of this MOU does not affect any on-going coordination activities undertaken pursuant to this MOU, unless the Parties have agreed to terminate such activities.

9.6 The obligations mentioned in clauses 7.2, 7.3, 7.4 and 8.1 of this MOU shall survive the termination of this MOU and/or a specific coordinated review activity.

9.7 Acting in a spirit of cooperation, the Parties agree that if a dispute arises under this MOU, it will be resolved by informal discussions at the appropriate level.

The undersigned have signed this MOU in both the English and French Languages.