Senate Committee of the Whole
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Presentation of Bruce Phillips the Privacy Commissioner of Canada
February 18, 1999
Ottawa, Ontario
Bruce Phillips
Privacy Commissioner of Canada
(Check against delivery)
Let me begin by saying what an extraordinary occasion this is for me, being the first time that I have been called to appear before a Committee of the Whole in either house.
In my long-ago days as a press gallery reporter, it was a commonplace to call witnesses before Committees of the Whole, but the practice has gone out of fashion in the last couple of decades, ostensibly in the name of efficiency. Whatever the intention, one baneful result in my view has been a reduced public visibility of the legislative process, and of the workings of government.
When all of the departments and agencies were required to defend their estimates before Committees of the Whole, it was always before the eye of the Fourth Estate, even if represented by one lonely wire service reporter, although usually by many more. I know, because I sat through countless hours of such hearings, and since we were there, we daily wrote many thousands of words and scores of stories about the proceedings. Now that this work is mainly spread across a large number of committees much of it goes unseen and unreported and in my opinion has contributed to the disconnection between Parliament and the public.
So if today's session represents the beginnings of a revival of a former useful practice, forgive me for attaching a special sense of distinction to the occasion. At any rate, I certainly hope it becomes true for that tiny band of persons known as Officers of Parliament. I mean that half-dozen of us, whose appointment, alone in the entire federal establishment, requires approval by vote of both Houses of Parliament, who answer to no ministry but only to Parliament, and who make our reports directly to the Speakers of both Houses.
Parliament has decided that some issues, values and interests are of such basic importance to Canadian life that they need a champion who stands at arm's length from the government and from the political struggles of the day. Thus we have, among others, an Auditor General, a Chief Electoral Officer, a Languages Commissioner, an Information Commissioner and, in my case, a Privacy Commissioner. All of us, in our special areas, share the common charge of working to preserve fairness, decency and honesty in Public Administration.
No-one could ask for more in this life than the opportunity to represent such values, so please allow me to record my thanks to the members of this House who signified their confidence in my fitness to continue in this office by extending my term by another two years. I hope in that time, to promote even closer ties and greater interest in our work by Members of Parliament.
Also, I have to express some particular personal pleasure at attending in this Chamber, since I know many of you on both sides as friends and in some cases as former colleagues. Let me confess, too, that like many others I have fantasized from time to time about speaking in this Chamber, although not in my present capacity. And who knows, but for a stroke of fate here and there, I might have made it on my own. As it is, I have had the great good fortune for the past eight years to serve Parliament in an office that has been incredibly fulfilling, challenging and exciting.
As most of you know, my term expires in another fifteen months. This, therefore, might be my one and only shot at a meeting of this kind, so I propose on that account to take a minute of two to talk about privacy in the abstract, or, if you like, in a philosophical context.
You often hear the phrase these days that privacy is the issue of the Nineties. I think there is truth in that. One only has to scan the media for a few days to see the surprising frequency with which privacy is the subject of reportage or commentary.
Yet, I think that it must also have been an issue of the Eighteen Nineties, the Seventeen Nineties, the Sixteen Nineties, in fact all the way back to the misty beginnings of human history. Because privacy is merely a convenient, but altogether inadequate word that we use to encompass a complex set of values and considerations which touch almost every aspect of life, which have evolved over countless centuries of human experience, and which in every age have set the terms of social interaction, both between and among individuals, and between individuals and institutions, governmental and private.
Mr. Justice LaForest, who recently retired from our Supreme Court, described privacy as the value, and I quote, that is at the heart of liberty in the modern state. A wise observation, indeed. If you would assess the degree of freedom that exists in any particular society, look first to the degree of privacy which its citizens can command. The correlation is striking, and I only have to mention some of the oppressive totalitarian regimes we have seen in this century, many of them still around, by way of example.
Privacy, in short, is another word for freedom. Without it, we have no personal autonomy, no liberty, and darn little dignity. The degree to which we honor and defend the right to a private life is precisely the degree to which we respect each other as individual distinct human beings. So it follows that we chip away at this edifice at our peril. Enough chipping, and it all falls down.
And it is the chipping process that I want to talk about today. Freedom does not always, or even often, disappear in some cataclysmic eruption. It slips away quietly, bit by bit, the victim of many plausible and seductive propositions which society accepts either from indifference or ignorance. And it is this process which in my view stands in our time as the greatest danger to this priceless right.
There are privacy problems cropping up in many places, in surveillance technology, in biological science such as drug and DNA testing, and we could profitably discuss any one of them at length. But my remarks today are mainly in the context of the problem arising from the application of computer and communications technology to the massive amounts of personal information gathered in by both the corporate and governmental worlds.
The problem here is to ensure that management of all this information complies with fair practices of the kind embodied in the Privacy Act; it's not rocket science: simply to ensure that people know the information is being collected, and why, that it will not be used for other purposes without their consent, that it will be kept secure, and that people have a right of access and correction.
I don't think there are a great many people who deliberately or maliciously strive to erode people's privacy rights. It's an insidious process, and often happens quite unknowingly. I earlier mentioned indifference or ignorance, and I used those terms advisedly. More than once, it has been my experience that administrators have embarked upon actions which in the upshot they have been surprised to be told have offended good privacy practice, and I can certainly supply examples. Most of this activity is benign in its purpose, even beneficial, but carries with it a cost which upon examination is seen to be unacceptable. Usually, if I find out about it, I can fix it. But not always.
This aspect of the privacy problem has been greatly exacerbated by the onrush of technology and its impact on the collection, use and disclosure of personal information. Every enterprise, public and private, depends upon personal information as one of its vital raw resources. This information usually is given up freely by people who recognize the beneficial uses to which it will be put, but do so on the assumption that it will not be used for unrelated purposes or disclosed to other persons without consent.
Go to a doctor, you tell her your symptoms. Go to the bank for a loan, you tell him your financial situation. Go to an employer, you cite your qualifications. The world would crash to a halt without such routine exchanges. But there is an element of trust involved in all these transactions, and modern computer technology, unless properly hedged about with effective legally enforceable restraints, can and sometimes does make a shambles of any notion of trust.
So what is the state of the law? In a phrase, creaky and leaky. The federal Privacy Act is badly in need of updating, for a start. Too much is excluded from its purview. The federal government engages in massive informational exchanges with other governments and private sector entities. An essential pre-condition of such exchanges should be a requirement of compliance with established privacy norms. There are other offensive exemptions as well. Investigative bodies are allowed to deny access to individuals for any information gathered in the process of, and I quote, "the enforcement of any law of Canada or a province".
No such all-embracing exemption should be allowed unless an injury to enforcement can be demonstrated. The very definition of personal information needs updating, to take account of scientific advance, for example, blood and tissue samples. Neither does the Act provide an adequate system controlling the most dangerous potential misuse of government information holdings, which is data matching and mining. These problems must be addressed if our national government is to stay abreast of technological change and fulfill its commitment to protect the privacy of Canadians.
In the private sector? Well, it's a matter of sauve qui peut. With the single exception of Quebec, whose privacy laws cover the commercial world, its pretty much of a jungle out there.
Generally speaking, we have no right to know what information business holds, about us, how they got it, how they use it, whether it is accurate and how they will keep it.
Some corporations increasingly regard client data as a resource which they own and can mine, use or dispose of as they wish. The more widely the information is shared, the more likely it will be used, to decide what services you will be offered, what benefits you may receive, even what jobs you might qualify for, all without your permission or consent. Equally dangerous is that these decisions may be based on faulty information, which you have no legal right to correct.
One graphic example was revealed in a U.S. study a few years ago which said that credit reports contained an error rate of about 20 percent. Such errors can have serious real-life consequences in denial of credit, or employment.
I'm glad to report that, assuming the Commons passes it, a bill shortly will be sent to you which will go some distance toward providing a remedy to the absence of legal privacy rights in the commercial sector. It will provide for the extension of federal privacy law in the first instance to the federally-regulated private sector, and to the balance of the business world if the provinces do not provide equivalent protection in their own legislatures. The bill also provides a mechanism for independent oversight by the Privacy Commissioner. It's not perfect, as few bills are, but I presume it will beimproved in the legislative process. But it is a long step forward, and I support it.
You know, it is regrettable that a specific right to privacy was omitted from the Charter of Rights and Freedoms. That right is enshrined in the Universal Declaration of Human Rights, to which Canada is a signatory. It is included in the European Covenant on Human Rights, and other similar documents. It is also in Quebec's Charter of Rights. Although it was included in the original federal draft, a right to privacy fell victim to the horsetrading that went on in the Charter's journey from conception to law. The Supreme Court is slowly buttressing privacy through jurisprudence, but it has a long way to go.
At a minimum, its inclusion would have produced much more rigorous examination of draft legislation for privacy implications and given the Privacy Act itself a more solid underpinning. As it is, the Act enjoys no certain paramountcy; its heart, the code of fair information practices, is subject to any other Act of Parliament and can be easily circumvented by departments. I think anything as basic as the right to a private life deserves better.
So we need Parliament to be especially vigilant on this issue, and I implore you to be especially tough when you are asked to judge the merits of propositions in which the fate of privacy is put in the balance.
You have often heard from departmental officials, and you will hear it many times in future, that their objective is quote to strike the right balance unquote between their wonderful program proposals and that irritating obstacle of privacy rights. To me, this is a depressing litany. What they really mean is we'll just have to accept a sacrifice of privacy for the great boon of departmental efficiency. Many more so-called balancing acts, and there'll be little left to balance. It's more chipping away.
The question that must be asked, when it comes to data linkages and data mining, is the following: Can you meet the program objective without further abridgement of civil and human rights. If the answer is no, Back to the drawing board! I believe that in the great majority of cases, the answer can be yes, if sufficient ingenuity and plain hard work is put into it. Our trouble is that bureaucrats and business alike reach too quickly for the cheap, quick and easy solution: more technology.
Any proposition that involves the trade-off of privacy rights for administrative convenience should face the toughest of uphill battles.
On the subject of parliamentary vigilance, there is one issue in particular that I wish to raise. No doubt you've heard about the proposal to create a medical information highway. It has been recommended by a special advisory council, and the Minister of Health has declared his intention to proceed.
Envisaged here is a national health data network, linking existing and planned provincial and local networks. Putting health care information into electronic systems, then linking those systems, has obvious privacy implications. We all want a more efficient and effective health system, but given the fact that the raw material is the highly sensitive personal information of millions of Canadians, great care must be taken to ensure that no abuse is possible. What's at stake here is all that people have come to expect from the doctor-patient relationship. The Advisory Council has laid great stress on the privacy dimension of this proposal, but it remains to be seen how well good intentions are translated into good deeds. I urge you on that account to give this the most careful study, and of course I will be anxious to give you the assistance of my office.
Well, Senators, that is a very quick skim over part of the privacy landscape, but it is enough, I hope, to demonstrate that there is much here for legislators to ponder, and that when you do you will be animated by a resolve to ensure that efficient government is not achieved by the abridgement of precious and hard-won rights. People have a right to control their own lives, and that means the right to control their own information. They are only seeking, after all, what Mr. Justice LaForest calls the heart of freedom. Thank you.
(If you wish to read the complete session.)
- Date modified: