Annual Reports to Parliament

[Back to Table of Contents][Part Two][Part Three]

Annual Report to Parliament 2001-2002

Part One-Report on the Privacy Act

Introduction

The Privacy Act protects individuals' privacy with respect to personal information held by federal Government institutions.

The Act, which has been in force since 1983, governs how federal institutions collect, use, disclose and dispose of personal information, and gives people the right to access and request corrections to their personal information.

As Privacy Commissioner, I receive and investigate complaints from individuals who believe their rights under the Act have been violated. I can also initiate a complaint and an investigation myself, in any situation where there are reasonable grounds to believe the Act has been violated.

First and foremost, I am an ombudsman, and whenever possible, complaints are resolved through mediation and negotiation. But I also have broad powers of investigation under the Act. As Privacy Commissioner I can subpoena witnesses, compel testimony and enter premises to obtain documents and conduct interviews. Obstructing one of my investigations is an offence under the Act. Although the Act does not include the power to order compliance, I can recommend changes to the way Government institutions handle personal information, based on my findings.

As well, I have a mandate to conduct periodic audits of federal institutions to determine their compliance with the Act and, on the basis of my findings, I can recommend changes.

The Act requires me to submit an Annual Report to Parliament on the activities of my Office in the previous fiscal year. This current report covers the period from April 1, 2001 to March 31, 2002 for the Privacy Act.

Investigations

My Investigations Branch investigates individuals' complaints under section 29 of the Privacy Act (and under section 11 of the Personal Information Protection and Electronic Documents Act, which I will discuss later in the report).

Through these investigations, I determine whether individuals' privacy rights have been violated or whether they've been properly accorded access to their personal information. Where people's privacy rights have been violated, I look for ways to provide redress for them and to prevent violations from happening again.

I have authority under the Act to administer oaths, receive evidence and enter premises where appropriate. I can also examine or obtain copies of records found on any premises.

To date, we have had voluntary co-operation and all complaints under the Privacy Act have been resolved without our having to use these formal investigative powers.

Complaints under the Privacy Act

During the fiscal year of April 1, 2001 to March 31, 2002, we received a total of 1,213 complaints under the Privacy Act. Of those, 45 per cent concerned denial of access to personal information, 20 per cent were related to issues of collection, use, disclosure, retention and disposal of personal information, and the remaining 35 per cent concerned failure to respond to an access request within the legislated timeframes set out in the Act.

Investigations staff completed investigations of 1,673 complaints, an increase of 8 per cent over the previous year. Of those, 703 dealt with denial of access, 397 concerned issues related to collection, use, disclosure, retention and disposal of personal information, 571 were about lack of timeliness in responding to requests to obtain access to personal information and two dealt with other matters including an allegation of retaliation against an individual for submitting an access request. These complaints were concluded as follows:

Definitions of Findings under the Privacy Act

Not well-founded: A finding that a complaint is not well-founded means that the investigation uncovered no evidence to lead me to conclude that the Government institution violated the complainant's rights under the Privacy Act.

Well-founded: A finding that a complaint is well-founded means that the Government institution failed to respect the Privacy Act rights of an individual. This would also be my finding in a situation where the Government institution refuses to grant access to personal information, despite my recommendation that it be released. In such a case, my next step could be to seek a review by the Federal Court of Canada.

Well-founded/Resolved: I will find a complaint to be well-founded/resolved when the allegations are substantiated by the investigation and the Government institution has agreed to take corrective measures to rectify the problem.

Resolved: Resolved is a formal finding that reflects my role as an ombudsman. It's for those complaints where well-founded would be too harsh to fit what essentially is a miscommunication or misunderstanding. It means that my Office, after a full and thorough investigation, has helped negotiate a solution that satisfies all the parties.

Settled during the course of the investigation: This is not a formal finding but an acceptable means to dispose of a complaint when the investigation is completed, and the complainant is satisfied with the efforts of my Office and doesn't wish to pursue the issue any further. The complainant retains the right to request a formal finding. When that happens, the investigator re-opens the file, and submits a formal report, and I report the findings in a letter to the complainant.

Discontinued: This means that the investigation was terminated before all the allegations were fully investigated. A case may be discontinued for any number of reasons - for instance, the complainant may no longer be interested in pursuing the matter or cannot be located to provide additional information critical to reaching a conclusion. I don't issue a formal finding in discontinued complaints.

In my report last year, I expressed concerns that a few Government departments and agencies - most notably, Correctional Service Canada (CSC), the Department of National Defence (DND), the Canada Customs and Revenue Agency (CCRA) and Human Resources Development Canada (HRDC) - had been particularly lax in responding to access requests in a timely fashion.

There are indications that these departments and agencies are improving their turnaround times as a result of special measures they have put in place to deal with their backlogs. We received fewer time-limit complaints against these institutions this past year, with the exception of DND. This fact may indicate improved performance, or simply that they received fewer requests last year and therefore fewer dissatisfied individuals turned to my Office for assistance. Regardless, most of the time-limit complaints we investigated against CSC, DND and HRDC were deemed well-founded, a clear indication that these institutions are still not meeting their obligations under the Privacy Act.

Summary of Select Cases Under the Privacy Act

Departments accountable for information collected under contract

Despite past reminders, some departments still neglect to ensure that personal information collected under the contracts they negotiate with outside contractors is managed in accordance with the fair information principles of the Privacy Act.

Those principles require Government institutions that are subject to the Act to include provisions in contracts that:

• Define ownership of the information - that is, all information collected as part of the contract belongs to the contracting department or agency and should be turned over to it at contract end;
  
  
• Recognize individuals' rights of access to their personal information collected during the contract;
  
  
• Restrict further uses of the personal data;
  
  
• Protect the information against unauthorized disclosure;
  
  
• Establish retention and disposal criteria; and
  
  
• Ensure the department's ability to audit compliance of the contractor's management of the information collected.

In one case investigated this past year, an employee of Human Resources Development Canada (HRDC) complained that she did not receive all of her personal information gathered by an independent contractor hired by the department to conduct a workplace assessment. The employee was particularly interested in obtaining access to any mention of her by other staff in the contractor's interview notes and questionnaires.

When interviewed, the contractor admitted to destroying all the information except the report she produced for HRDC. She did this in part because she had promised confidentiality to the individuals she interviewed, indicating that their statements would not be released, and the contract signed with HRDC did not specify otherwise.

Although HRDC's policies and procedures on contracting out to third parties specify that all the provisions of the Privacy Act are to be respected, the contractor in this case was not aware of HRDC's obligations under the Act to retain the information or grant individuals access to their own information. Contractors (as well as employees conducting similar administrative investigations) must be informed that they cannot promise confidentiality and, prior to taking statements about an individual, they must inform witnesses that their statements constitute the other individual's personal information for which rights of access are provided by the Privacy Act. The witness then has a choice as to whether or not to provide a statement that would include information about another individual.

I concluded that the complaint was well-founded and HRDC was accountable for the work done under the contract. The contractor's failure to retain the information in essence resulted in the complainant being denied an opportunity to obtain access to her own information.

In a case against the Department of National Defence, a military officer sought my assistance in getting access to his medical records, including the notes of an independent medical specialist the department hired to provide an opinion based on his review of the complainant's medical file. When the officer submitted his access request, the department released the medical records in its file, but did not release the specialist's notes from the independent review.

When I investigated the matter, I learned that no effort had been made to get the information from the specialist. I interviewed the specialist and reviewed his notes, which clearly contained personal information about the complainant. The specialist claimed that he had not been told that the information he gathered as part of his review belonged to the department and that he should also supply a copy of all the information from his file to the department for inclusion in its records. Nevertheless, the specialist willingly provided a copy to the department so that it could in turn release it to the complainant. The complainant was pleased to receive the information and did not request that we pursue the matter further.

These two cases serve to remind federal departments and agencies that any contracts they enter into that require the collection of personal information must also include appropriate clauses to satisfy the provisions of the Privacy Act. Individuals should be able to access their own information whenever it is requested.

RCMP charges fee for traffic analysis report

A British Columbia man asked the Royal Canadian Mounted Police (RCMP) for a copy of a traffic analysis report prepared following an investigation of a traffic accident in which he was involved. The report attempted to reconstruct the circumstances surrounding the accident, and the man wanted to use it to support a civil claim. When he requested a copy of this report informally from the RCMP detachment where it was prepared, he was told there was a $500 fee. He then formally requested it under the Privacy Act but was refused on the basis that it was exempted under section 22(1)(a) of the Act. Section 22(1)(a) allows an investigative body such as the RCMP to deny access to information about a lawful investigation that is less than 20 years old. In his letter of complaint, the man correctly asked how the information could be available if he paid the $500 fee but not under the Privacy Act, to which no fees apply.

I determined that the RCMP detachment's response to the informal request was based on an established fee schedule. When the Privacy Act request was received at the RCMP's Access to Information and Privacy Unit in Ottawa, it confirmed that the accident was still under investigation. The RCMP routinely refuses access to information related to ongoing investigations. The unit subsequently informed the complainant that the report was exempted in its entirety under section 22(1)(a) of the Act.

However, upon further inquiries, I learned that in August 2000 the RCMP had issued a bulletin to all detachments in British Columbia that no fee should be collected for these reports. This decision followed a 1998 Supreme Court of British Columbia ruling in a case against the RCMP as the municipal police force under contract to the province. The Court ruled that the fee charged by the RCMP for a traffic analysis report was in essence a tax disguised as a user fee, and therefore was without any legislative authority.

As a result of our intervention, the RCMP provided the man with his own personal information in the report, which was all he was entitled to receive under the Privacy Act.

DND improperly retains, uses information about pardoned convictions

I investigated complaints from two Canadian Forces members who felt their privacy had been violated when the Department of National Defence (DND) kept information on its files related to their criminal convictions and subsequently used that information to deny them employment opportunities.

In the first case, the member had been selected for a posting with a United Nations tour in the Middle East, but just prior to his departure the posting was cancelled by his base commanding officer. I learned that DND's Military Police discovered the member had been charged with impaired driving shortly before his planned departure date and had reviewed its records to determine whether the man had any other charges against him. It found seven references to other criminal offences and forwarded this information to the base commanding officer. When the commanding officer saw the record, he decided against sending the member overseas.

I determined that two of the offences should have been purged from the member's file since he had received a pardon for them. The Pardons and Clemency Division of the National Parole Board had notified DND of these pardons and of the department's requirements under the Criminal Records Act to segregate its records related to these offences from other criminal records in its custody. DND complied but only insofar as reference to the convictions was concerned - all the facts related to the charges that led to these two convictions remained on file.

Unfortunately, when only the reference to a conviction is removed from a record, what remains can be misleading to anyone who has access to that information. I therefore reminded DND that under the Privacy Act it is required to ensure that personal information used for an administrative purpose - that is, in a way that directly affects the individual to whom it relates - is accurate, up-to-date and complete.

As a result of my efforts, DND agreed to amend its policy on the retention of information about pardoned convictions to conform with both the Privacy Act and the Criminal Records Act.

In the second case, an individual obtained information that led him to believe DND used information about his convictions under the National Defence Act to reject his application for re-engagement in the Canadian Forces, despite the fact that he had been granted a pardon.

When I investigated the matter, I confirmed that DND had indeed used this information in its assessment of his application. I also confirmed with the Pardons and Clemency Division of the National Parole Board that it had granted a pardon to the individual but had neglected to inform DND. I therefore asked the National Parole Board to send appropriate notifications to DND and the National Archives, the current custodian of the individual's military records, so that they could amend his records as required.

CMHC's demand for tax information inappropriate

The president of a consulting firm complained that Canada Mortgage and Housing Corporation (CMHC) had asked for an excessive amount of personal information from sole proprietors and partnerships as proponents in a Request for Proposal (RFP) process. If the lead proponent turned out to be a sole proprietor, that individual was required to provide, among other things, copies of his/her income tax returns for the last three years and a statement of net worth.

I discussed the RFP process with CMHC in depth. It was adamant that it was necessary to obtain financial information from a lead proponent when there was a high degree of risk associated with procurement and that it must ask for detailed information from a sole proprietor just as it did with any other type of business. It argued that, for a sole proprietor, unlike for a corporation, there was little comprehensive financial information that could be used to conduct an accurate risk assessment and that the information it was requesting was the best and most accurate it could get.

I agreed that the financial viability of a lead proponent had to be assessed to minimize the organization's exposure in high-risk cases. However, I did not understand how this objective was achieved by assessing income tax information for a three-year period. An individual may have had substantial revenue over three years but income tax information would not reveal how the individual disposed of that revenue. A proprietor may have had three difficult years but could still support the financial strains of a contract. An individual may also have substantial assets in property or non-interest bearing investments that are simply not reflected in income tax documents.

Section 4 of the Privacy Act provides that personal information collected by a Government institution must relate directly to an operating program or activity of the institution. Because I did not believe that income tax information was of material assistance in helping CMHC to assess the quality of a sole proprietor's RFP proposal, I could not conclude that CMHC's request for that information met the requirements of section 4. As a result of my investigation, CMHC has amended its procurement policy and has discontinued the practice of requesting income tax returns and statements of net worth from sole proprietors.

It is unacceptable to me that Canadian citizens should have to provide copies of their personal income tax returns to do business with the Government. Under the Income Tax Act, individuals must divulge a vast amount of personal information when completing their income tax returns, including a good deal of personal information about family members. The income tax process is extraordinarily intrusive and the use of personal information collected for income tax purposes must, in my view, be strictly confined to purposes that are regulated. At a time when Canadians are increasingly concerned about the erosion of their personal privacy, I find it untenable that an income tax return can be demanded from an individual for a purpose other than that required by law. Canadians should never be required to compromise a fundamental right in order to do business with the Government.

Ultimately, CMHC agreed with my finding and halted the practice. Although my investigation focused on CMHC practices, I was aware that other federal Government departments and agencies followed similar practices. I therefore wrote to the Deputy Minister for Public Works and Government Services Canada, and to the Secretary of the Treasury Board and the Comptroller General of Canada, seeking their assistance to ensure that this practice is discontinued throughout the federal Government. The Treasury Board agreed with my view. It indicated that the practice was not Government policy and that the matter would be raised with other departments and agencies. I have also been informed by Public Works and Government Services that it will discontinue the practice.

Inappropriate monitoring of employees' e-mail accounts

I investigated several complaints from individuals questioning managers' authority to search Government e-mail accounts during the course of administrative investigations.

In one instance, two employees at the Immigration and Refugee Board (IRB) alleged that local management improperly retrieved copies of confidential e-mail messages they had written each other regarding a Privacy Act complaint to this Office by one of the employees.

By way of background, one of the employees had discovered performance evaluations about several of her co-workers on the local computer network and immediately notified her union's representative, another IRB employee. The representative obtained copies of the evaluations to support his complaint to this Office about the improper disclosure of personal information.

My investigation of that complaint determined that the IRB had not taken adequate steps to restrict access to the information and I concluded that the complaint was well-founded.

Management of the IRB fixed the computer glitch that had created the problem as soon as it was notified of the substance of this complaint. Management also initiated an inquiry into the incident to establish whether any disciplinary action should be taken against the employee for disclosing the evaluations to the union representative. On instruction, the local information technology manager searched and retrieved some e-mail communications concerning the incident between the employee and the union representative.

The IRB did not have a formal policy on the use of electronic networks at the time of this incident. In the absence of a policy, it is guided by Treasury Board policies dealing with employees' expectation of privacy and the statement of authorized uses. The IRB stated that it supports the principle that access to an employee's e-mail without consent is justified only in extreme situations, for example in situations involving a criminal or security infraction, and only after proper authorization from senior management.

However, in the case in question, prior to conducting the search of the electronic system, the IRB was already well aware of the employee's actions and her contact with the union representative. Its decision to retrieve their e-mail messages was not based on any concern that they were improperly using the system. Rather, the primary purpose was to conduct an internal disciplinary inquiry.

My view was that it was unnecessary for the IRB to retrieve the e-mail exchanges to determine if disciplinary action against the employee was warranted and therefore its actions could not be justified under the Privacy Act. I recommended that the IRB proceed quickly to complete its disciplinary review and that it publish a policy, similar to Treasury Board's, governing the use of its electronic networks.

In another case, a Human Resources Development Canada (HRDC) employee complained that her supervisor retrieved personal e-mails she sent from her home to a co-worker and improperly used them in the course of an internal investigation into allegations that had been made against her by her union local.

I established that HRDC's local management was investigating an allegation that the employee interfered with a grievance process. During the investigation HRDC searched its Internet network database for any e-mail exchanges she might have had with a particular co-worker about the grievance. HRDC made no effort to obtain the consent of either individual before searching the co-worker's office e-mail account. One personal message from the complainant to the co-worker contained a reference to the grievor by name but nothing else related to the grievance. The message was otherwise predominantly personal in nature. Yet the department subsequently used it during its investigation process.

I accept that there may be occasions that would justify an employer's decision to review an employee's Internet network account and then use that information in a disciplinary process. However, this was not such an occasion. There was no evidence to suspect that the co-worker was in any way implicated in the internal investigation that would lead HRDC to search her account. By collecting the complainant's personal e-mail exchanges with the co-worker without consent, and subsequently using it to investigate the complainant, HRDC violated her Privacy Act rights.

Man denied access to his information following war crimes investigation

A European immigrant, now a Canadian citizen, requested my intervention after the Royal Canadian Mounted Police (RCMP) repeatedly denied him access to its investigation file of his involvement in Nazi activities in Jewish death camps during World War II.

The man was denied entry into the United States in 1990 when his name appeared in a database containing information gathered by the U.S. Justice Department's Office of Special Investigations (OSI). The database contained the names of all members of a Nazi unit, regardless of rank, occupation or activity. The OSI then asked the RCMP to investigate the extent of the man's involvement in the Nazi unit. During the investigation, carried out jointly by the RCMP's War Crimes Section and Justice Canada's Crimes Against Humanity and War Crimes Section, the RCMP interviewed the man about the U.S. allegations.

Over a period of several years, he attempted to obtain information from the RCMP about its investigation so that he could take appropriate action to clear his name, but was always rebuffed. The RCMP claimed it was still looking into the allegations and releasing anything from its files might jeopardize the integrity of its investigation.

He requested a copy of the file again in 2000 after he received correspondence from the Department of Justice advising him that its joint investigation with the RCMP was concluded and the file had been closed. The RCMP refused again, saying the file was exempted in its entirety under section 22(1)(a) of the Privacy Act, and verbally told him that the case was still ongoing. He then complained to my Office.

When a privacy officer of my Investigations Branch reviewed the information withheld by the RCMP, he noted that some of the information was almost 60 years old and therefore did not qualify for exemption under the provision cited by the RCMP. The RCMP then considered applying another exempting provision, section 22(1)(b), but to do so properly, the RCMP would have to demonstrate the injury that would likely occur to its investigation if the information were released. Since the investigation was already concluded, the privacy officer questioned how disclosure of the information could cause injury. The RCMP maintained that its investigation was not yet finalized even though there had been no activity on the file since 1997.

After the privacy officer confirmed with the Department of Justice's Crimes Against Humanity and War Crimes Section that the case was closed for lack of evidence to proceed, the RCMP conceded and agreed to disclose information from its file.

Disclosure of information during appeal should be limited

Several individuals who had appealed a Human Resources Development Canada (HRDC) decision to recoup an overpayment of employment insurance (EI) benefits, complained that personal information was improperly disclosed during the appeal process.

The complainants were among over 200 individuals who received EI benefits after losing their employment. Because they filed a grievance about their termination that resulted in being awarded severance packages, HRDC commenced action to recoup the EI benefits the individuals received for the period they were covered by the severance package. They appealed HRDC's decision to the EI Board of Referees.

As part of the appeal process, HRDC's local office sent a disclosure package to each of the appellants. Each package was to contain information related to that particular individual's appeal. However, one complainant's package included a document that contained the names, addresses, phone numbers and Social Insurance Numbers (SINs) of 14 other individuals involved in the appeal. When he informed HRDC of the impropriety, it reviewed its records and established that only two of the appellants had received this document.

HRDC immediately took steps to retrieve the document from both individuals and replace it with a properly vetted copy. It also contacted by phone or letter the others whose personal information had been inadvertently revealed and explained the error.

After they lost their appeal, the appellants sought a second-level review that required HRDC's district office to send each appellant a disclosure package related to that particular individual. Once again, one of the complainants got the identical document he had received previously, disclosing personal information about 14 other appellants. It was this second disclosure that prompted the complaint to me.

I was troubled that HRDC's district office would disclose the same information as the local office, despite the admission that the disclosure had been made in error. Clearly, the document should have been properly vetted by the local office the first time it was sent. The district office compounded this error when it sent the same information a second time, which it felt was required to ensure procedural fairness. I concluded that HRDC had violated the complainants' rights under the Privacy Act.

I therefore recommended that HRDC build in procedures that would respect procedural fairness throughout the various levels of the EI appeals process while at the same time recognizing its obligations under the Privacy Act to disclose personal information only when it is directly relevant to the appeal at hand.

In another case, a woman complained that information she had provided to HRDC to support her claim for a survivor's benefit under the Canada Pension Plan was disclosed to family members of her deceased common-law husband. HRDC had received applications from both the complainant and the deceased's wife by marriage, and ultimately gave the benefit to the common-law wife. The legal wife filed an appeal of HRDC's decision with the Office of the Commissioner of the Review Tribunals (OCRT).

The Review Tribunal Rules of Procedure require HRDC to convey to the OCRT copies of any documents relevant to its decisions. Under the same Rules, the OCRT must share copies of these same documents with the appellant. Therefore, the OCRT provided copies of all documents it received from the deceased's common-law wife. These documents contained information the common-law wife had given to HRDC to demonstrate her relationship with the deceased and her entitlement to the benefit - including her SIN, her application for Old Age Security, a copy of a property deed and information about a joint bank account.

HRDC's disclosure to the OCRT does not offend the Privacy Act - it was in accordance with a regulation that authorized the disclosure under an Act of Parliament. Furthermore, the OCRT is not subject to the Privacy Act. Nevertheless, I was concerned that the OCRT obtained more information from HRDC than was absolutely required. Some information, such as the common-law wife's SIN and details about her bank account, was not necessarily a factor in HRDC's decision, and did not need to be shared with the OCRT for appeal purposes. In response to my concerns, HRDC agreed to review the documents it intends to submit to the OCRT on a case-by-case basis, keeping in mind the privacy rights of all individuals concerned while providing sufficient information to ensure a fair and complete hearing.

Canada Post changes stance on using negative consent to sell addresses to mass mailers

My Office received a complaint that Canada Post, a Crown corporation, was improperly disclosing personal information collected for its National Change of Address (NCOA) service. The complainant stated that Canada Post was selling subscribers' new addresses to mass mailers and direct-marketing companies unless subscribers to the service contacted the corporation in writing to specifically request that their information not be used for that purpose. This practice is what is known as "negative consent," and it is something Canadians have been known to get very upset about.

For this service, individuals pay a fee to Canada Post to have their mail forwarded until they have had an opportunity to notify others of their change of address.
To subscribe, they sign a Change of Address Notification (COAN) form containing the following acknowledgement:

... I understand the information I provide will be used to deliver mail to my new address. I also agree Canada Post may supply this new address to mailers, provided they request it and already have my correct name(s) and old address.

By signing this statement, individuals asked Canada Post to perform the specific service they paid for - redirecting their mail to their new address. But they were also agreeing to something that they didn't specifically request - allowing Canada Post to sell their new address to mass mailers and direct-marketing companies - unless, as indicated on the back of the form, they wrote in and told the corporation not to do so within seven days.

Many individuals may have read this section, without realizing that "supply" meant sell and that "mailers" meant any mailers - primarily, companies that send junk mail.

I informed Canada Post of my concern that subscribers were not aware they were consenting to the provision of their information to mass mailers when they signed the COAN form. Canada Post argued that subscribers provided consent when they signed the form and that they could notify the corporation if they did not want their new address provided to all mailers. I pointed out that, to stop Canada Post from selling their information to mass mailers, subscribers would have to read the fine print on the front of the form that referred them to further details on the reverse side. The reverse side stated the following: "At no additional cost, Canada Post will help you advise businesses and other organizations of your new permanent address."

I disagreed with Canada Post's stance that it had obtained consent. Not only is the notion of "negative consent" insensitive to the privacy rights of Canadians, but Canada Post didn't really obtain proper consent at all. Under the Privacy Act, an organization does not have your consent if it has not told you what you are consenting to.

Informed consent was the real issue. Section 5(2) of the Act requires a Government institution to inform you of its purposes when it collects personal information from you. Was Canada Post informing those who subscribed to the NCOA service of its purposes, plainly and fully? Would reasonable persons, on reading the COAN form, conclude that they were giving consent for the sale of their personal information to mass mailers and direct marketers? I was quite sure they would not. In matters involving consent, the reasonable expectations of the individual are also relevant.

Canada Post initially agreed to adopt some of my recommendations to make the NCOA service more transparent and sensitive to privacy rights. It agreed to replace the word "acknowledgment" with "authorization" on the front of the COAN form and to add the phrase "including direct mailers" in the statement. But Canada Post was reluctant to accept my main recommendation: to give subscribers to the service a positive choice in the matter by adding an opt-in box on the front of the form. It believed that such an addition risked undermining the NCOA service and would lead to frustration and inconvenience for its customers.

I convinced Canada Post otherwise. I argued that Canada Post would benefit from such an addition, since its customers would appreciate that the corporation was doing everything in its power to maintain their privacy, and that customers would also benefit. Customers who want to receive mail from mass mailers can clearly indicate their choice, while those who don't want the junk mail will also have a choice in the matter. But the customer would have the choice, not Canada Post.

Canada Post finally agreed to add an opt-in box on its COAN form.

Incidents under the Privacy Act

The Investigations Branch staff makes inquiries about incidents that have come to my attention from various sources, but are not considered to be formal complaints under the Privacy Act. Many of these incidents concern the management (or mismanagement) of personal information - inadvertent disclosures to third parties, or lost or stolen files and electronic notebooks. Some examples follow.

Improper disclosure of SIN on Canada Child Tax Benefit forms

In one case, a newspaper reported that the Canada Customs and Revenue Agency (CCRA) had accidentally released information about individuals in western Canada in receipt of a Canada Child Tax Benefit (CCTB). When we looked into the matter, we learned that some taxpayers received page one and two of their own Notice of Determination form and page three containing information about another taxpayer. The information on page three displayed the taxpayer's Social Insurance Number (SIN), first name of the spouse where applicable, and the payment schedule for the year.

Even though the taxpayer's name is not displayed, the Social Insurance Number is a unique number assigned to that taxpayer and therefore constitutes personal information as defined by the Privacy Act. Fortunately, and contrary to the media report, the information did not include the other taxpayer's surname, home address, children's names or their dates of birth, or family income. Nevertheless, we've all heard stories about the results of SINs getting into the wrong hands and the havoc that this can wreak on a person's life.

CCRA also conducted its own investigation and determined that the problem was the result of a printing synchronization error, probably because of a computer glitch. To prevent a similar problem from occurring in the future, CCRA has enhanced its systems to detect any malfunction of the printer's sorting function and shut it down. Operator intervention will be required to continue the print job after appropriate inspection has been carried out. As a result of this incident, CCRA has decided that it is no longer necessary to print the Social Insurance Number on the second and any subsequent pages of the CCTB Notice of Determination form.

Gun registry documents found in dumpster

Several days before Christmas, a man called my Office to report that he had found three bags containing personal information belonging to the Canadian Firearms Program in a dumpster in a locked compound owned by the private company where he worked.

My investigators went to the scene immediately. The location was not anywhere near the Canadian Firearms Program processing site, and the dumpster was strictly used for wood products. My investigators retrieved a number of envelopes addressed to the Canadian Firearms Program, most of which contained names and return addresses of individuals.

My investigators then confirmed that, during the fall, the Canadian Firearms Program had sent packages containing personalized applications to all firearms owners, along with return envelopes pre-addressed to the Canadian Firearms Program. The information they found in the dumpster contained the pre-addressed envelopes that had been returned to the Canadian Firearms Program.

Having established that the information originated from the Canadian Firearms Program, my investigators tried to determine how it had ended up in the compound of a private company. They confirmed that the dumpster was rented by a waste management company and had been in the compound since early December.

My investigators observed that the bags found in the dumpster were covered in snow and were stuck to the bottom of the dumpster. It is likely that when the waste company retrieved the dumpster from a previous location and emptied it, the bags stayed within.

My officials contacted the Department of Justice, the Government institution responsible for the gun registration program. Officials stated that the department had contracted out the processing of the registration forms to a private company. The company is fully cognizant of the provisions of the Privacy Act and thought it had taken every precaution to safeguard individuals' privacy rights. However, company officials confirmed that the normal practice was to throw out the pre-addressed return envelopes using a regular garbage can, without realizing that firearms owners had written their names and return addresses on the envelopes, which would make them easily identifiable as firearms owners. The company agreed to immediately stop throwing the envelopes into the regular garbage and undertook to dispose of them in a secure manner, through shredding.

HRDC/CCRA to share data on eligibility for Guaranteed Income Supplement

I took a special interest in another situation that received a great deal of media attention - the apparent inability of the Canada Customs and Revenue Agency (CCRA) to share information with Human Resources Development Canada (HRDC) that would identify senior citizens who are eligible to receive the Guaranteed Income Supplement (GIS). The GIS is a component of the Old Age Security (OAS) benefit and is granted to those seniors in the lower income bracket. Approximately 1.5 million seniors receive the GIS. Although this case did not directly involve the Privacy Act, I did not want privacy legislation or my Office to be seen as a barrier preventing federal Government departments from engaging in activities that benefit Canadians.

CCRA has taxpayer information that would reveal which seniors would qualify to receive the supplement, but it refused to share their identities with HRDC's Income Security Programs Branch that grants the benefit because of the confidentiality provisions of the Income Tax Act. In my view, the Income Tax Act contains specific authorization to disclose personal information for the purpose of administering the Old Age Security Act, as I testified before a House of Commons committee on the matter.

Following media reports about the lack of cooperation between the two arms of Government, my Office met with officials of HRDC and CCRA to facilitate a solution to the problem, and to help ensure that seniors who qualify for the GIS are made aware of the availability of the income supplement. As a result of these efforts:

• CCRA added a page for lower income seniors to its 2001 tax guide with key messages about the GIS and how to apply;
  
  
• CCRA will send information about OAS and GIS benefits to people over age 65 who have a low or modest income; and
  
  
• HRDC will receive from CCRA a list of low-income seniors who receive the OAS benefit but not the GIS. Using income data supplied by CCRA and existing personal data from the OAS application form, HRDC will provide potential GIS clients with a simplified GIS application form containing their pre-printed name, address and income information. It will ask them to confirm or correct the information on the form so that their eligibility for GIS benefits can be decided upon return of the form to HRDC.

I understand that both HRDC and CCRA recognize the need for a more streamlined process that ensures the legal underpinnings are in place to make seniors aware of their entitlement to benefits. My staff and I are available to both departments to discuss other initiatives and to provide whatever assistance we can to ensure that there are no adverse implications from a privacy perspective.

Public Interest Disclosures

Paragraph 8(2)(m) of the Privacy Act allows the head of a Government institution to disclose personal information in the public interest, without the individual's express consent - either because disclosure clearly outweighs any consequential invasion of privacy that might result, or because it would benefit the individual to whom the information relates. This provision is designed to deal with those situations where the Government institution cannot satisfy any other provision set out in subsection 8(2) of the Act to justify the disclosure. Subsection 8(5) of the Act imposes a mandatory duty on the heads of Government institutions to notify the Privacy Commissioner in writing of any public interest disclosure of personal information. The notice is to be issued in advance unless the situation requiring disclosure is so urgent and pressing that failure to act immediately would itself contribute to some identifiable harm.

This past year, I reviewed 57 notifications that personal information would be disclosed in the public interest. Almost one half of these were generated by Correctional Service Canada (CSC). CSC receives requests from third parties, including victims groups, for Board of Inquiry reports dealing with issues that have often received wide media attention, including prison escapes and violent criminal activities of offenders still under CSC supervision. It also receives requests for information from family members of offenders who died while under CSC supervision. The public interest disclosure provision of the Privacy Act is CSC's only authority to release personal information to the family on compassionate grounds, so that the family can have a better understanding of what happened and to help them achieve some degree of closure.

I also reviewed the circumstances related to a notification to me from the RCMP that it intended to release personal information about a convicted criminal to the media. The information requested by the media related to a videotape that had been entered into evidence in the offender's trial, which the media had wanted to use in an exposé about the criminal's highly publicized case. The media had turned to the RCMP for assistance after discovering that the Court had destroyed its copy of the tape - the Court does not retain indefinitely all evidence or exhibits presented during proceedings. The only existing copy was in the possession of the RCMP.

I failed to see how the public interest would be served by disclosing the information under these circumstances and asked the RCMP to reconsider its position. Although the tape was used as evidence in a criminal proceeding, which is public in nature, it is first and foremost personal information about an identifiable individual contained in the RCMP's investigative records, which are not generally publicly available. I therefore recommended to the RCMP that it refuse to disclose the tape. The RCMP complied with my recommendation.

Top Ten Departments by Complaints Received
April 1, 2001 to March 31, 2002

Completed Investigations and Results by Department
April 1, 2001 to March 31, 2002

Completed Investigations by Grounds and Results
April 1, 2001 to March 31, 2002

Origin of Completed Investigations
April 1, 2001 to March 31, 2002

Privacy Practices and Reviews

Introduction

Section 37 of the Privacy Act permits me to initiate compliance reviews, at random, of the personal information-handling practices of federal institutions. What this means is that I audit them, to verify whether they are complying with the principles for the collection, use, disclosure, protection, retention and disposal of personal information set out in sections 4 to 8 of the Act.

The Office has been conducting compliance reviews under section 37 since 1984. I have expanded this function during the past year, setting up a Privacy Practices and Reviews Branch, to allow me to assess how well organizations are complying with the requirements set out in the Privacy Act and the Personal Information Protection and Electronic Documents Act. (The private sector legislation gives me similar powers of audit; my discussion of private sector audit activity is in Part Two of this Report.)

As an ombudsman, I want privacy audits to be non-confrontational whenever possible. An audit, ideally, is a co-operative, constructive approach to dealing with issues before they become complaints. It's useful for organizations that want to improve their personal information-handling practices. Although I have the same powers with respect to audits that I do in investigations - to summon witnesses, administer oaths, and compel organizations to produce evidence - I would only resort to them if I didn't get voluntary co-operation.

My staff in the Privacy Practices and Reviews Branch, in addition to auditing and reviewing, works with federal organizations that are looking for a better understanding of compliance issues and the privacy implications of programs and practices. It's critical for Government departments to fully explore how privacy can be protected before they go ahead with plans, however well intentioned, to cut costs or protect citizens. On request, my branch staff reviews new proposals for information management, such as data-matching initiatives, the creation of databases and information-sharing arrangements with other organizations. This is another way to help ensure that Canadians' privacy rights are respected.

In the past year, my Office completed reviews of the personal information-handling practices under section 37 of the Privacy Act at the Canadian Nuclear Safety Commission (CNSC) and the Immigration and Refugee Board (IRB).

The objectives of the reviews were: to learn where and how the CNSC and the IRB handle personal information; to determine the degree to which their personal information management policies and practices are in compliance with sections 4 to 8 of the Privacy Act in terms of the principles of fair information practices; and to offer observations and recommendations, where necessary. At the end of each review, organizations received reports complete with detailed findings and recommendations. I have recently issued the reports of our compliance reviews to the CNSC and the IRB, and I am awaiting their responses to the findings and recommendations.

It is not my intention to routinely disclose review findings unless the issues uncovered are so outstanding as to warrant public disclosure. An outstanding issue presented itself in the review of the IRB.

The review revealed that the Montreal, Vancouver and Toronto regional offices use closed circuit television equipment to monitor public reception and waiting rooms, as well as in hallways adjacent to hearing rooms. In some cases, video and audio equipment was installed inside hearing rooms. At the time of the compliance review, IRB did not have internal written policies or procedures regarding the use of electronic surveillance equipment, and no signage existed to inform individuals that they may be under surveillance in the areas where such devices are used.

My Office was particularly concerned about the existence of secret microphones in hearing rooms at the Montreal regional office of which headquarters were unaware. The conduct of covert surveillance - whether it involves the use of video surveillance equipment or other recording devices - is a major infringement of an individual's right to privacy and must be properly justified. No reasonable justification was provided concerning the installation of such equipment. IRB officials have since confirmed that the microphones in question have been dismantled and they assert that the listening devices were never used. My Office was also informed that the unions have been advised of the matter and that the IRB has developed a security policy requiring all regions to submit their security plans to headquarters for approval before implementation.

Update on Canadian Firearms Program

Since the mid-1990s my Office has taken a keen interest in the Canadian Firearms Program. The Firearms Act is a highly controversial piece of legislation that continues to produce strong emotions among both its supporters and its critics. My continued interest in the implementation of this legislation is simple: the Firearms Program involves the collection and use of a large amount of highly sensitive personal information. This legislation also has a direct impact on more than 2.3 million firearm owners, involving more than 7 million firearms in Canada. I also continue to receive complaints and inquiries about various aspects of the program, including some from Members of Parliament.

On August 29, 2001, I issued my report entitled Review of the Personal Information Handling Practices of the Canadian Firearms Program to the Department of Justice and the RCMP. Part 1 of the report summarized my Office's review of the program's compliance with sections 4 to 8 of the Privacy Act dealing with the handling of personal information. Part 2 contained our assessment of the pertinence of questions about personal history used on the firearms licence applications and their compliance with the Privacy Act. The report contained some 34 detailed recommendations for corrective measures aimed at reducing the intrusiveness of the program.

None of my recommendations to the Department of Justice has yet been accepted. The RCMP, however, has agreed to implement some of the recommendations from my report. I am pleased to note, for instance, that firearms officers across Canada no longer have full query access privileges to the RCMP's Police Information Retrieval System (PIRS) and that all of my recommendations with respect to limiting the use of PIRS have been implemented. In addition, I expect that the RCMP will complete the necessary revisions to the Memoranda of Understanding regarding four informatics and security areas related to the Firearms Program in the near future. These important steps will help to tighten up the control of access to sensitive personal information used in the program.

While I do not have the power under the Privacy Act to force the department to implement my recommendations, I will continue my efforts to urge the department to take appropriate measures to bring the Canadian Firearms Program into full compliance with the Act.

Subsequent to the research and fieldwork that formed the basis of my original report, other issues came to light. My Office has been monitoring the following outstanding issues:

• Outsourcing - Implementation of the existing contractual arrangement with BDP Business Data Services Ltd., all aspects of the Alternative Service Delivery initiative, as well as the current practice of outsourcing secondary and tertiary screening functions; and
  
  
• Any international information-sharing arrangements relating to the Canadian Firearms Program, whether directly or indirectly through other enforcement agencies.

Update on HRDC Governance protocol for the Databank Review Committee

In last year's Annual Report, I described how, under mounting public pressure, Human Resources Development Canada (HRDC) made the decision to dismantle the Longitudinal Labour Force File and implement a review process and a governance protocol for all policy analysis, research and evaluation activities involving the connection of separate databanks. As I explained then, this review process would involve consultation with my Office to examine such projects.

Since the last reporting period, my Office has provided comments on an additional 17 HRDC submissions, including the Review of the Action Centre for Employment, the Non-Experimental Evaluation of Investigation and Control, and the Testing of Probabilistic Record Linkage projects, to name a few. I thought it appropriate to discuss some examples of the work that we have done over the course of the year in terms of reviewing and providing comments in relation to these submissions.

My Office developed a customized assessment tool to provide a timely review of the HRDC submissions. The tool is intended to ensure that the review of such projects is consistently thorough and that all the principles of fair information practices in the Privacy Act are respected in the submissions. Although we are still testing its efficacy, my Office has had positive results using the tool to date.

By reviewing the development of HRDC's research projects, my Office's involvement serves as a critical check to protect privacy and often raises broader questions in relation to the use of personal information for purposes related to research and evaluation.

For instance, the Non-Experimental Evaluation of Investigation and Control (I&C) program sought to identify savings and determine the extent of deterrence resulting from I&C activities as a way of evaluating the short-term impact of the I&C function and better managing the branch. To accomplish this, HRDC research officers linked EI claim data with I&C case files and, using specific statistical methods, estimated the likelihood of EI fraud based on basic characteristics such as demographics, industry and other variables. Based on this analysis, HRDC researchers produced an equation that could be used to estimate the likelihood of EI fraud for other EI claims and therefore to evaluate the effectiveness of I&C interventions.

Although the objectives of the evaluation project were detailed and HRDC had the authority to evaluate the program, the submission was unclear with respect to the subsequent use of this equation following completion of the evaluation project. My Office was concerned that, although it was created in the context of research, HRDC could eventually use such an equation to make decisions directly affecting individuals, such as by systematically profiling all EI claims for potential investigations solely based on the results of the equation. Since access to the personal information was strictly for research and evaluation purposes, my Office was of the view that I&C could not use the equation for administrative or enforcement purposes directly affecting a particular individual.

My Office clarified this issue with HRDC, which confirmed that it never intended to use the equation for operational purposes and, specifically, that it would not use the method to profile individuals for investigation. HRDC effectively established a clear separation between its research work and its enforcement branch. Although it is clear that HRDC had implemented the appropriate practices in relation to this project, the example serves to illustrate that use of personal information for "research or evaluation purposes" can have potential pitfalls if left unchecked.

It is worth noting that my Office has noticed a marked improvement in the level of detail and completeness of HRDC's project submissions in terms of addressing privacy concerns. Nevertheless, there is always room for improvement when it comes to privacy. In reviewing some of the HRDC submissions a common deficiency was noted: since many of the proposals are not yet finalized, they only provide limited information in relation to contracts involving outside parties.

Although HRDC has provided some examples of proposed contractual language, there is often little or no reference to the Privacy Act. My Office has insisted on the importance of protecting privacy in contractual agreements with consultants and third parties. We have clearly stipulated that all such contractual agreements must state that all personal information involved in the research is deemed to be under the control of HRDC; that such information is subject to the provisions of the Privacy Act; and that consultants and third parties must explicitly undertake to comply with all of the requirements of the Act.

The significance of this clause is two-fold. First, it holds the consultant accountable to the same standards of information management that are in place across Government and, second, it ensures that the provisions related to the conduct of reviews and investigations contained in the Privacy Act are applicable and enforceable. Although we have every confidence that HRDC is integrating these clauses in its contracts, it is important to remember that part of my role is to conduct reviews to determine whether the actual privacy practices of a Government organization are consistent with the fair information principles under the Privacy Act.

In the Courts

Introduction

Section 41 of the Privacy Act allows an individual, following my investigation, to apply to the Federal Court of Canada for review of a Government institution's decision to refuse the individual access to his or her personal information. From the time the Privacy Act came into force in 1983, 118 applications for review have been filed in the Federal Court. Twelve of these were filed in the year ending March 31, 2002.

Section 42 of the Privacy Act allows me to appear in Federal Court. I can apply to the Federal Court for review of a Government institution's decision to refuse access to personal information if I have the consent of the individual who requested the information; appear before the Court on behalf of an individual who has applied for review under section 41; or, with leave of the Court, appear as a party to any review applied for under section 41.

The following is not an exhaustive list of all Privacy Act applications in the courts but rather a summary of matters in which I am actively involved:

Traveller Declaration Forms (Form E-311)

We pursued two cases based on the disclosure of personal information by Canada Customs and Revenue Agency (CCRA) to the Canada Employment Insurance Commission (CEIC) for use in an investigative data match program to determine if persons were fraudulently receiving Employment Insurance benefits while outside of Canada. The personal information in question was taken from Traveller Declaration Forms (E-311 forms) presented to Customs by Canadian residents returning to Canada between 1994 and 1996.

• Privacy Commissioner v. Attorney General of Canada
  The Federal Court of Appeal found that the disclosure of personal information from the E-311 forms was authorized by section 8(2)(b) of the Privacy Act and section 108 of the Customs Act, which gave the Minister of National Revenue discretion to disclose information collected by the department. In this case, the Court found the disclosure of information by the CCRA to the CEIC pursuant to an MOU governing terms and conditions of disclosure to be authorized. (Section 108 of the Customs Act has now been amended under Bill S-23.)
  
  
• The Charter Challenge
  The Federal Court of Appeal found there to be no reasonable expectation of privacy sufficient to engage section 8 of the Canadian Charter of Rights and Freedoms in the information contained in E-311 forms. This conclusion was based on two elements: the limited nature of the information in question, which did not reveal intimate details of the lifestyle and personal choices of the individual, and the narrow enforcement use to which the information was put.

Status

The cases were heard on November 7, 2001. The Supreme Court of Canada released its decisions in both cases on December 7, 2001. In each case, the reasoning of the Federal Court of Appeal was affirmed. In the Charter Challenge, the Supreme Court specifically concluded that there was no reasonable expectation of privacy in relation to the disclosed portion of the E-311 information which outweighed the CEIC's interest in ensuring compliance with the self-reporting obligations of the Unemployment Insurance benefit program.

Information Commissioner of Canada v. Commissioner of the RCMP and Privacy Commissioner

A list of the career postings of four named Royal Canadian Mounted Police (RCMP) officers was requested under the Access to Information Act. The Commissioner of the RCMP refused to release the information on grounds that it revealed employment history and thus was personal information as defined in section 3 of the Privacy Act.

At issue was whether the information could be disclosed under paragraph (j) of the definition of personal information in the Privacy Act, which states that information relating to the position or functions of Government officers or employees is not personal information. The larger question was the appropriate balance between the provisions of the Access to Information Act and those of the Privacy Act. The Federal Court of Appeal held that the information was personal information and did not fall under the paragraph (j) exception. The Court found that the exception should be construed in a way that does not allow for the disclosure of an individual's employment history.

Status

The Information Commissioner obtained leave to appeal this decision to the Supreme Court of Canada. I was granted leave to intervene in the appeal on January 7, 2002. The case was heard on October 29, 2002, after which the Court reserved its decision.

Clayton Charles Ruby v. Solicitor General

The Canadian Security Intelligence Service (CSIS) refused Mr. Ruby's request for access to his personal information. Mr. Ruby filed for a court review under section 41 of the Privacy Act.

During the court review, Mr. Ruby raised Charter concerns regarding the constitutionality of section 51 of the Privacy Act. This section provides for closed hearings (in camera) or hearings that exclude one party to the conflict (ex parte), where a Government institution has claimed the "foreign confidences" or the "national security" exemptions under the Act. The Federal Court of Appeal decided that these provisions (sections 51(2)(a) and 51(3) of the Privacy Act respectively) infringed on the freedom of the press, which is protected by section 2(b) of the Charter, but those provisions were justified under section 1 of the Charter. The provisions were found not to violate the right to life, liberty and security of the person protected by section 7 of the Charter.

Status

Mr. Ruby was granted leave to appeal to the Supreme Court of Canada concerning the Charter issue on January 18, 2001. The Solicitor General was granted leave to cross-appeal, and I was granted leave to intervene, on an issue concerning the interpretation of section 22(1)(b) of the Privacy Act. The case was heard by the Supreme Court of Canada on April 24, 2002 and the decision was rendered on November 21, 2002.

The Supreme Court held that the section 51 procedures in the Privacy Act do not fall below the level of fairness required by section 7 of the Charter. The Court did not find it necessary to the disposition of the case to decide on the privacy arguments raised by Mr. Ruby under section 7. Therefore, from a privacy perspective, the ruling does not affect the status quo. The mandatory in camera provision in section 51 does, however, contravene section 2(b) of the Charter. The Supreme Court further found that the provision could not be justified under section 1 of the Charter. The provision is unconstitutional and must be "read down" to apply only to those parts of the hearing that involve the merits of an exemption. The Supreme Court noted that the past judicial practice under section 51 was in fact to conduct the hearing in open court and to hear only the merits of the exemptions in camera.

With respect to the cross-appeal, the Supreme Court confirmed the finding it made in Robert Lavigne v. Office of the Commissioner of Official Languages on the interpretation of section 22(1)(b) of the Privacy Act (as follows).

Robert Lavigne v. Office of the Commissioner of Official Languages

Mr. Lavigne was refused access to information about himself contained in witness statements made in the course of an investigation conducted by the Office of the Commissioner of Official Languages. The office based its refusal of access on the exemption contained in section 22(1)(b) of the Privacy Act.

The Federal Court of Appeal held that section 22(1)(b) can only be invoked where there is evidence of injury to a specific investigation; that it cannot be invoked once the specific investigation has been completed; and that the allegation of a "chilling effect" on future investigations is not sufficient to support refusal to disclose.

Status

The Commissioner of Official Languages was granted leave to appeal to the Supreme Court of Canada on April 19, 2001. I was granted leave to intervene in support of Mr. Lavigne. The case was heard by the Supreme Court of Canada on January 17, 2002 and its decision was released on June 20, 2002.

The Supreme Court concluded that the exemption in section 22(1)(b) was not limited to current investigations. However, where an institution wishes to rely on the exemption in respect of harm to future investigations, it must be able to demonstrate a clear and direct connection between the disclosure of the information and the injury that is alleged.

The Supreme Court found that the Office of the Commissioner of Official Languages had not satisfied this test and ordered that Mr. Lavigne be given access to his personal information.

Information Commissioner of Canada v. Minister of Citizenship and Immigration Canada and Philip W. Pirie

Mr. Pirie was refused access to the identities of employees who gave views or opinions about him during an administrative review conducted by Citizenship and Immigration Canada. The information was withheld as the personal information of those employees under section 19(1) of the Access to Information Act.

The Federal Court Trial Division concluded that the identity of the individuals who expressed views about Mr. Pirie was their own personal information and should not be disclosed to Mr. Pirie.

Status

The Information Commissioner filed an appeal arguing that the identities of individuals who commented about Mr. Pirie during the review process are the personal information of Mr. Pirie under paragraph (g) of the definition of personal information in the Privacy Act. I was granted leave to intervene at the Federal Court of Appeal in support of the Information Commissioner's position. The matter was heard on June 4, 2002 and the Court's decision was released on June 21, 2002.

The Federal Court of Appeal agreed with the Information Commissioner and me that the identities of the persons interviewed should be disclosed to Mr. Pirie. The Court observed that the names of the interviewees were personal to both Mr. Pirie and to the interviewees, but that one interest must prevail over the other. The Court looked at the private and public interests at stake, and concluded that both mandated the disclosure of the names to Mr. Pirie. This decision is not being appealed to the Supreme Court.

Mertie Anne Beatty et al. v. the Chief Statistician et al.

This is a recent application brought by a group of Canadian citizens who seek access to the 1906 census returns for the provinces of Manitoba, Saskatchewan and Alberta. The applicants seek an order compelling the Chief Statistician to transfer the 1906 census returns to the National Archivist, and an order directing the National Archivist to make the returns available to the public for research purposes in accordance with section 6 of the Privacy Regulations.

Status

The application was filed on February 5, 2002, and I was one of the named respondents. All arguments have now been filed. A hearing date has not been set.

[Back to Table of Contents][Part Two][Part Three]