May 25, 2015
Ottawa, Ontario

Opening Statement by Daniel Therrien
Privacy Commissioner of Canada

(Check against delivery)

---

Introduction

Good afternoon Mr. Chair and Honourable Members.

I am pleased to address our Office’s Main Estimates and with me today are Daniel Nadeau, our Chief Financial Officer and Patricia Kosseim, our General Counsel.

In my time, I will:

• outline our fiscal outlook;
• describe how we are managing rising demands; and
• announce our new privacy priorities, which will influence our work in the future.

Fiscal outlook

To begin now, in the coming years, our resources are forecasted to remain at their existing levels.

When looking at our 2015-16 report on plans and priorities, there appears to be a drop from the last two fiscal years to this one. 

This difference is due mainly to the expenses incurred in previous years for the mandatory move of our headquarters in February 2014. 

Looking forward, for the next three fiscal years, our resources are set to remain relatively stable, at just more than $24 million, annually.

Facing rising demands

This said, we face rising demands. 

Over the last few years, we have generally seen increasing levels of complaints, while our investigations are becoming more complex.

On top of reviewing Privacy Impact Assessments, we are also increasingly requested for consultations to provide advice earlier as new federal initiatives making use of personal information take shape.    

Meanwhile, data breach reports from departments were already increasing before a new Treasury Board directive came into force a year ago, making material breach reports to us mandatory.

And at the end of the last fiscal period, breach reports in the public sector hit a record high for the fifth consecutive year.

Managing the challenges

Facing rising demands, we have taken steps to continue meeting our obligations within our existing resources. 

For example, we are settling more complaints by early resolution, through which parties are satisfied without the need for a full investigation.

We are also managing situations where many complaints come from various people about the same issue by opening one, all-encompassing investigation. 

And, we have also implemented measures for situations where one individual submits many complaints, to better balance the needs of all complainants, ensuring all Canadians have access to our services.

All told, Mister Chair and Honourable Members, we are using most, if not all of the tools available by our Acts to manage rising demands. 

But, today, we are left with precious little room to maneuver to meet our obligations.

Today, we are nearly one year in after taking on new responsibilities under Canada’s anti-spam law. 

We also anticipate the passing of S-4, which will make breach reports from private sector organizations to our Office mandatory.

Bill C-51 will also create new work for our Office as we are called upon to investigate whether its implementation respects the Privacy Act.

 So, while I  am not ready to say our Office needs new resources today, I think it will be quite difficult to meet our existing and new responsibilities with our current level of resources. After we have some experience fulfilling our new roles, I may need to appear before you to make the case for an adjustment.

New privacy priorities  

When I appeared before you to discuss my nomination for the position of Privacy Commissioner of Canada, I said that during my mandate my goal would be to increase the control Canadians have over their personal information. 

One of my first initiatives after assuming the role was to launch a priority-setting exercise that would guide the discretionary work my Office does towards realizing this vision in the most efficient and effective way possible.  As part of this exercise, our Office engaged representatives from business, government, civil society and academia. We also held focus groups to gauge the views of the public.  And today, I am pleased to share our results.

The Economics of Personal Information 

To begin, one of our four privacy priorities will be “The Economics of Personal Information.” 

Our discussions highlighted the need for user clarity about the personal information they provide in exchange for online services, how that data is used, and the question of meaningful consent.

As a result, some of our key work under this priority will be closely examining the issue of consent in today’s digital world, increasingly marked by the emergence of Big Data and the Internet of Things. 

The goal of this priority will be to enhance the privacy protection and trust of individuals so that they may confidently participate in an innovative digital economy.

The Body as Information

“The Body as Information” will be another privacy priority.

Whether it is biometric information tied to a trusted traveler card, or that generated by medical devices, genetic testing or wearable fitness trackers, this data may be used in many ways that could compromise people’s privacy.

This issue concerned the experts we engaged, and it is one about which we will learn more and raise awareness among both the developers and users about the potential privacy risks of these new technologies, with a view to promoting respect for the privacy and integrity of the human body as the vessel of our most intimate personal information.

Reputation and Privacy

Of course, one of the hallmarks of today’s information technology is sharing information with the world in a click. 

And as the saying goes, “the Net never forgets,” which means youth growing up today may no longer get to outlive their past mistakes.

These are among the reasons why “Reputation and Privacy” will be one of our priorities and one under which we will work to help enhance digital literacy among vulnerable populations while also examining the Right to be Forgotten.  

Our goal with this priority will be to help create an environment where individuals may use the Internet to explore their interests and develop as persons without fear that their digital trace will lead to unfair treatment.

Government Surveillance

Fourth and finally, “Government Surveillance” will also be among our priorities.

As mentioned, we will be directing investigative resources to ensure the Privacy Act is duly respected by the information sharing made possible by Bill C-51. We will also give advice to departments, through Privacy Impact Assessments or otherwise, to prevent privacy breaches. We will work with private organizations and government to establish appropriate standards for transparency and accountability reports.

Ultimately, our goal with this priority will be to contribute to the adoption and implementation of laws and other measures that demonstrably protect both national security and privacy.

Strategies

In order to make progress on these priorities, we will focus our activities around five cross-cutting strategies:

• Exploring innovative and technological ways to protect privacy;
• Enhancing accountability and promoting good privacy governance;
• Taking into consideration the fact that privacy knows no borders;
• Enhancing our public education role; and
• Paying special attention to vulnerable groups.

Conclusion

In closing, our new privacy priorities will help hone our focus to: make best use of our limited resources; and further our ability to inform Parliamentarians and protect and promote Canadians’ privacy rights.

Having identified what we believe are the 21st Century’s most pressing privacy concerns, our Office will now chart a course to address them in partnership with individuals, organizations, legislators and fellow oversight bodies. 

And with that, I look forward to your questions.