Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Annual Reports to Parliament

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web.

House of Commons Information, Privacy and Ethics Committee

October 20, 2005
Ottawa, Ontario

Opening Statement by Jennifer Stoddart
Privacy Commissioner of Canada

(CHECK AGAINST DELIVERY)

I want to thank you for giving me the opportunity to appear before your Committee once again. I am joined by Heather Black, Assistant Commissioner responsible for the private sector legislation, and Raymond D'Aoust, Assistant Commissioner responsible for the public sector legislation.

Having a Committee devoted to the issues of ethics, access to information and privacy is an encouraging sign about the importance of privacy issues. This is in-line with recent polling data. Canadians have indicated that privacy is one of the most important issues facing the country, and close to 70 per cent of Canadians surveyed have expressed a high sense of erosion of their privacy and the protection of their personal information. 

And so I am looking forward to once again having a chance to discuss this and other privacy-related issues with you today.

As you know, on October 6, 2005, Parliament tabled my Office's two Annual Reports. This is a brand-new approach to how we report to Parliament and I’m looking forward to hear your views on this.

These reports cover the 2004-2005 fiscal year for the Privacy Act and the 2004 calendar year for PIPEDA. Both detail the efforts we have taken to meet the growing demands on our Office to act as the guardian of privacy for Canadians on behalf of Parliament.

The good news is that having two reports gives us an opportunity to report to Parliament on our activities at six month intervals – so I hope you don't mind that you will see us more often. Our next Annual Report on PIPEDA, which will cover the 2005 calendar year – will be tabled in the spring of 2006.

2004 PIPEDA Annual Report

Our 2004 Annual Report on PIPEDA is a milestone, in a sense. It covers the first year of full implementation of PIPEDA, Canada’s new private sector privacy law. As you know, PIPEDA has been phased-in in stages since 2001.

The year 2004 saw PIPEDA reach full maturity, extending across the country to all commercial activities, except in provinces with legislation deemed substantially similar (British Columbia, Alberta and Quebec). PIPEDA continues to apply to federal works, undertakings and businesses across the country, as well as to interprovincial and international transactions.

Our 2004 Annual Report on PIPEDA provides a snapshot of that first full year. There is some cause for celebration. Canadians now have comprehensive privacy rights in Canada. That is not to say, however, that the public and private sector privacy laws fully protect the privacy rights of Canadians in every sense. They don’t. But the essential framework for protecting those rights is now in place.

I think that, leading up to 2004, there was a bit of skepticism and confusion – perhaps even some trepidation – about the degree of the impact of PIPEDA on businesses. I think that, especially for those who didn’t gear up in advance of 2004, there was the perception that the sky was going to fall – and that the legislation would have a significantly negative impact on business.

Well, the sky did not fall. In fact, what we are seeing is the adoption of improved privacy management practices. Businesses are recognizing that good privacy is ultimately good for the bottom line. Businesses need predictability and a harmonized set of rules, and the legal framework in PIPEDA establishes that predictability and consistency.

Our report provides some examples of complaint investigations, in an effort to demonstrate the application of the law. Please refer to pages 33 to 74 for examples of our complaint investigations, and I would be pleased to discuss any of these further with you.
The law certainly isn’t perfect, but it is a modern approach to privacy protection. And unlike the Privacy Act, PIPEDA has a built-in review mechanism to ensure that it is reviewed and brought up-to-date on a regular basis. We are very much looking forward to taking an active role in Parliament’s upcoming review of PIPEDA in 2006.

2004-2005 Privacy Act Annual Report

Our Annual Report to Parliament on the Privacy Act details our experiences in dealing with privacy protection in the federal public sector during the course of the 2004-2005 fiscal year. This report tells quite a different story from our report on PIPEDA. In addition to highlighting some of the most significant issues my Office has faced in the past year, this report emphasizes the long overdue need to modernize the Privacy Act, a first generation privacy law that has not been substantially amended since its inception in 1983. It may even be that the Privacy Act does not fully respect the Charter.

The privacy landscape is infinitely more complex today than it was a decade ago – with increased globalization and extensive outsourcing of personal information processing and storage. Canada’s Privacy Act simply cannot keep up.

To provide you with a few examples:

  • Under the Privacy Act, only those present in Canada have the right to seek access to their personal information. This means airline passengers, as well as immigration applicants, foreign student applicants, and countless other foreigners with information in Canadian government files, have no legal right to examine or correct erroneous information, to know how their information is used or disclosed, or to complain to my Office. It is our view that this right should be extended.
  • Although government use of data matching arguably poses the greatest threat to individuals’ privacy, the Privacy Act is silent on the practice. It is our view that the Act should contain provisions to regulate data matching.
  • And complainants may only seek a Court review of, and remedies for, denials of access to their personal information. This means allegations of improper collection, use and disclosure may not be challenged before the Court, and the subsequent benefit of the Court’s guidance is lost. And the Privacy Act does not provide remedies for damages. The benefit of the Court’s oversight of Government operations is lost. It is our view that this shortcoming should be address in a reformed Act.

The weaknesses of the Privacy Act are even more striking when it is measured against PIPEDA. In fact, many of our concerns could be remedied by adopting provisions similar to those that are in PIPEDA. I am referring here to the ten principles enshrined in Schedule I of PIPEDA, which provide a solid, normative framework for privacy management.

All this to say – and I hope you agree – that the Privacy Act is an outdated and often inadequate piece of legislation that is in need of a major review and overhaul. I am urging the Government to focus its attention on this so that we can bring the Privacy Act in-line with the protections available to individuals in the private sector.

Other key issues

Our Annual Reports – and Committee appearances such as these – are also an opportunity to highlight some of the issues that are keeping our Office on its toes. These are issues that, as Parliamentarians with a keen interest in privacy, I'm sure you are concerned about as well.

Increasingly, we are seeing ourselves become a form of "surveillance state." There is more and more data gathering and "intelligence gathering" taking place across the board, all for legitimate public concerns – for example, public safety and anti-terrorism, public health, and to combat money laundering. We all want to be safer, but I think it's important that we raise our voices regularly to remind Government not to sacrifice fundamental human rights such as privacy at any cost.

The issue of Canadians' personal information being shared across borders – what we call transborder data flow – is another key concern. This is an old issue that Canada has studied since the 1960s. Recent polls tell us that the level of concern with the cross-border transfer of personal information is extremely high. In fact, close to 90 per cent of Canadians surveyed have expressed concern about their personal information being transferred across borders. There is little that federal privacy laws can do to protect Canadians’ personal information once it is in the hands of foreign governments. We are collaborating with Treasury Board Secretariat, as well as with provincial and international colleagues, to urgently address this issue.

We are also deeply concerned about the Government's lawful access proposals and internet surveillance. We appreciate having had the opportunity to take part in consultations with the Department of Justice on this issue and we have made a submission to the Minister of Justice outlining our specific objections. We have no problem in principle with modernizing the tools that law enforcement must have for the successful prosecution of crime, but the devil lies in the details. Individuals do not expect that their telephone calls will be monitored, their conversations taped or their computers searched by agents of the state. Without having a clear understanding of the problems that the proposed legislation is intended to correct it is impossible to determine if the measures being proposed are necessary and proportionate. And we have made similar statements regarding the Anti-terrorism Act.

There are also a number of technology issues that have us increasingly worried. While there are many benefits to these technologies – radio frequency identification devices (RFIDs), biometrics and geo-positioning systems, for example – they also pose significant risks to personal information. We are studying these technologies carefully and their potential impact, and we plan to issue guidance to the public and organizations on their use.

My Office has also devoted a considerable amount of time and energy over the past year preparing a full-fledged business case for all of its operations. This exercise involved a careful review and analysis of our activities. We have completed our reports and submitted them to Treasury Board. We are now getting the benefit of their review. We are getting ready for the next step, which is to submit our business case to the joint House and Senate Special Committee that will be formed to examine the budget proposals of Agents of Parliament. Our objective remains the same: to stabilize our resource base so that we can effectively carry out our mandate.

The question about a potential merger between my Office and the Information Commissioner's Office – and Justice La Forest's study into this matter – is also top of mind. We have met with Mr. La Forest and we have attempted to be helpful to him in his research. We undertook a consultative process – with staff and managers – to come up with questions and issues pertaining to a potential merger. These have been shared with Mr. La Forest. We are also finalizing a series of observations related to these questions, and these will also be sent to Mr. La Forest in the next day or so. They will also be made public – and I would be pleased to send you a copy as well. In a nutshell, however, I think more important matters relate to the legislation and resources available to the Offices to achieve their mandates.

Conclusion

In closing, I hope you have found our Annual Reports useful in offering a sense of the focus of our work during the reporting periods, as well as of some critical privacy issues which we think require urgent and immediate attention.

As I have stated in my Reports, we are generally pleased with the results of our interventions and with the cooperation of business and government to try to comply with fair information practices and legal requirements. But there is a steady erosion of rights taking place and, with the dramatic increase of surveillance technologies and desire of Government to share more and more information in the name of public safety and security, it is difficult to keep the pace. We would like to encourage everyone – Parliamentarians, government departments, businesses, citizens – not just to care about privacy, but to take an active role in protecting these rights. We can work to defend and protect the personal information of Canadians, but we cannot do the job alone.

I appreciate your interest in these issues and I look forward to working with this Committee. On that note, I would like to thank you for having the opportunity to address you and I would welcome any questions about these or any other issues you would like to discuss.

Date modified: