Office of the Privacy Commissioner of Canada Banner

Common menu bar links

Institutional links

Resources

Reports and Publications

OPC Guidance Documents

Annual Reports to Parliament

Audit Reports

Accountability Reports

Other Publications

Annual Reports to Parliament

[Back to Table of Contents][Part Two][Part Three]

Annual Report to Parliament 2002-2003

Part One - Report on the Privacy Act

Introduction

The Privacy Act, which has been in force since 1983, protects individuals' privacy with respect to personal information held by federal Government institutions. The Act governs how federal institutions collect, use, disclose and dispose of personal information, and it gives individuals rights to request access to and correction of their personal information. It also sets out the Privacy Commissioner of Canada's duties, responsibilities and mandate.

The Privacy Commissioner receives and investigates complaints from individuals who believe their rights under the Act have been violated. The Commissioner can also initiate a complaint and investigation himself, in any situation where there are reasonable grounds to believe the Act has been violated.

As an ombudsman, the Commissioner's first priority is to resolve complaints to the extent possible, through mediation and negotiation if that becomes necessary. But the Act also gives the Commissioner broad investigative powers - he can subpoena witnesses and compel testimony, enter premises to obtain documents and conduct interviews. Obstructing an investigation is an offence under the Act. While the Act does not grant the Commissioner any order-making powers, the Commissioner can recommend changes to the way Government institutions handle personal information, based on findings in a complaint.

The Commissioner also has a mandate to conduct periodic audits of federal institutions and to recommend changes to any practices that he considers not being in compliance with the Privacy Act.

The Actrequires the Commissioner to submit an Annual Report to Parliament on the activities of his Office in the previous fiscal year. The current Report covers the period from April 1, 2002 to March 31, 2003 for the Privacy Act.

Investigations and Inquiries

The Office's Investigations and Inquiries Branch is responsible for investigating complaints received from individuals under section 29 of the Privacy Act (and section 11 of the Personal Information Protection and Electronic Documents (PIPED) Act, which is discussed later in this Report).

Essentially, these investigations serve to establish whether individuals have had their privacy rights violated and whether they have been accorded their right of access to their personal information.

Where privacy or access rights have been violated, the investigation process seeks to provide redress for individuals and prevent violations from reoccurring.

The Privacy Act gives the Commissioner the authority to administer oaths, receive evidence and enter premises where appropriate, and examine or obtain copies of records found in any premises.

We are pleased to note that we have had voluntary co-operation to date, and all complaints brought before the Commissioner and his predecessors have been resolved without having to use these formal investigative powers.

The Investigations and Inquiries Branch also responds to thousands of inquiries annually from individuals and organizations contacting the Office for advice and assistance on a wide range of privacy-related matters.

Complaint Investigations Closed

April 1, 2002 to March 31, 2003

2001-2002:	1,673
2002-2003:	3,483

Complaints under the Privacy Act

During the current reporting year, this Office received 1,642 new complaints. Approximately 43% were filed by individuals alleging that their access rights under the Privacy Act had been violated; 24% concerned allegations that the confidentiality provisions of the Act with regard to collection, use, disclosure, retention and disposal of personal information had not been respected; and the remaining 33% were about the tardiness of Government institutions in responding to requests for access to personal information.

More than two-thirds of the total received were lodged against five federal Government institutions - Correctional Service of Canada, the Canada Customs and Revenue Agency, the Royal Canadian Mounted Police, the Department of National Defence, and Citizenship and Immigration Canada.

The former Commissioner issued findings on 3,483 complaints during the year. It is important to note that this figure includes 2,323 complaints related to the Canada Customs and Revenue Agency's (CCRA) disclosure of personal information on Customs' E-311 declaration cards to Human Resources Development Canada (HRDC).

At issue was whether there was sufficient authority to justify the use of personal information collected by the CCRA for one purpose - to declare goods a traveller is bringing into Canada - for use by HRDC for a totally unrelated purpose - in an investigative data match program to identify returning travellers who were fraudulently receiving employment insurance benefits while outside the country.

The matter had been referred to the Court for an opinion on whether the disclosure was authorized by section 8(2)(b) of the Privacy Act and section 108 of the Customs Act and whether the use of that information by HRDC as evidence against the individuals contravened their rights under the Canadian Charter of Rights and Freedoms.

The Supreme Court of Canada ruled that the disclosure was permissible based on its interpretation of these provisions of the Privacy Act and the Customs Act. The Court also upheld the lower Court's decision that, based on the limited nature of the information disclosed, there was no reasonable expectation of privacy and as a consequence travellers had not been denied their right under the Charter to be secure from unreasonable search or seizure. On that basis, the former Commissioner was required to report to the complainants that their complaints were not well-founded.

Of the remaining 1,160 completed cases, 486 dealt with access matters, 293 dealt with collection, use, disclosure, retention and disposal of personal information, and 381 dealt with time limits. The 3,483 complaints were concluded as follows:

Not well-founded	2,711
Well-founded	371
Well-founded/resolved	77
Resolved	13
Settled	235
Discontinued	76

Definitions of Findings under the Privacy Act

Not Well-founded: A finding that a complaint is not well-founded means that the investigation uncovered no evidence to lead the Commissioner to conclude that the Government institution violated the complainant's rights under the Privacy Act.

Well-founded: A finding that a complaint is well-founded means that the Government institution failed to respect the Privacy Act rights of an individual. This would also be the Commissioner's finding in a situation where the Government institution refuses to grant access to personal information, despite our recommendation that it be released. In such a case, the next step could be to seek a review by the Federal Court of Canada.

Well-founded/Resolved: The Commissioner will find a complaint to be well-founded/resolved when the allegations are substantiated by the investigation and the Government institution has agreed to take corrective measures to rectify the problem.

Resolved: Resolved is a formal finding that reflects the Commissioner's role as an ombudsman. It's for those complaints where well-founded would be too harsh to fit what essentially is a miscommunication or misunderstanding. It means that this Office, after a full and thorough investigation, has helped negotiate a solution that satisfies all the parties.

Settled during the Course of the Investigation: This is not a formal finding but an acceptable means to dispose of a complaint when the investigation is completed, and the complainant is satisfied with the efforts of this Office and doesn't wish to pursue the issue any further. The complainant retains the right to request a formal finding. When that happens, the investigator re-opens the file, and submits a formal report, and the Commissioner reports the findings in a letter to the complainant.

Discontinued: This means that the investigation was terminated before all the allegations were fully investigated. A case may be discontinued for any number of reasons - for instance, the complainant may no longer be interested in pursuing the matter or cannot be located to provide additional information critical to reaching a conclusion. The Commissioner does not issue a formal finding in discontinued complaints.

Summary of Select Cases Under the Privacy Act

CIC was collecting income tax information from Canadian employers

Three individuals who wished to employ live-in caregivers from the Philippines complained to this Office that the Canadian Embassy in Manila was asking them to provide sensitive income tax information before it would issue visas to their prospective caregivers. The individuals were worried about sending tax documents containing their social insurance numbers (SINs) and detailed information about their financial situation to a foreign country, especially with identity fraud having become such a major concern.

Citizenship and Immigration Canada (CIC) explained that the Live-In Caregiver Program (LCP) brings qualified caregivers to Canada in situations where there are no Canadians or permanent residents available to fill certain positions. Canadians wishing to hire a caregiver from abroad are required to have their job offer validated through Human Resources Development Canada (HRDC) and to sign a form declaring that they can financially support the person they will employ.

After the job offer was validated by HRDC, the Visa Section of the Canadian Embassy in Manila asked the prospective employers to send their Notice of Assessment for the last two years, their T-4 slips and a letter from their employer confirming employment.

CIC claimed that the information was necessary to determine the bona fides of an employment offer and to confirm that the employers were financially capable of supporting a caregiver.

When questioned about its authority to collect income tax information for the purpose of issuing visas to third parties, CIC referred to section 203 of the Immigration and Refugee Protection Regulations. A review of that document indicated that the visa officer must determine if the job offer is genuine and if the employment of the foreign national is likely to have a neutral or positive economic effect on the labour market in Canada.

In the previous Annual Report, the former Commissioner stated his position concerning the collection of income tax information without legislative authority. He explained that he found it untenable that an income tax return can be demanded from an individual for a purpose other than that required by law. Canadians should never be required to compromise a fundamental right in order to do business with the Government.

This Office presented those arguments to CIC and, as a result, the Embassy in Manila confirmed that it has ceased asking for income tax information for the purpose of issuing visas to live-in caregivers.

CCRA collected medical information for tax purposes

We received a complaint from a family who alleged that the Canada Customs and Revenue Agency (CCRA) had improperly collected their personal information from a provincial medical insurance plan. The family moved to Africa for three years and before leaving Canada the husband consulted with the CCRA and was told that, for tax purposes, he would be considered a non-resident during his absence from the country. Yet upon returning to Canada he was told that he did not meet the requirements for non-resident status and was taxed accordingly. He later obtained his personal information following a Privacy Act request to the CCRA and learned that it had asked the provincial insurance provider for all medical records about him, his wife and his children-including records originating some eight months prior to their departure for Africa and almost 2 1/2 years after their return to Canada.

We established that in order to qualify for non-resident status for tax purposes the CCRA must be satisfied that an individual has sufficiently severed ties with Canada after moving to another country. The CCRA relies on provisions of the Income Tax Act as its authority to obtain sufficient information in order to assess non-residency status. It routinely conducts inquiries when assessing an individual's status, including verifying whether the individual continues to make claims under a provincial medical insurance plan during the time absent from Canada. The fact that an individual made such a claim could be an indication that all ties with Canada had not been severed.

The former Commissioner was satisfied that the CCRA had the necessary authority under the Income Tax Act to collect personal information about each family member from the province in order to make a determination on their residency status. Nevertheless, he was concerned about the extent of the medical information collected, particularly the information for the periods of time both before the family left the country, and after it returned. CCRA officials did not disagree with the concern that requesting medical information for the 2 1/2-year period after the family's return was excessive.

Under the circumstances, the former Commissioner determined that the CCRA collected more personal information than was necessary and, as a result, had exceeded its authority under section 4 of the Privacy Act. He found the complaints well-founded and recommended that the CCRA destroy the information that it obtained from the province.

Inadvertent disclosure of sensitive medical information by ATIP

Personal health information - information about the state of our bodies and minds - is arguably the most private information of all. When that information is not treated with the utmost care and confidentiality, the consequences can be disastrous. A case in point: an individual submitted an Access to Information Act (ATIA) request to a Government institution for all documents concerning the appointment of another Government employee to a specific position. The names of the two individuals were only vaguely similar. Yet because the departmental Access to Information and Privacy (ATIP) office's analyst had not taken care to properly read the individuals' names when processing the ATIA request, an assumption was made that the requester and the appointee were one and the same individual. Thus, virtually all the information in the staffing file was disclosed to the ATIA requester - a small amount of third party information was removed. The file contained information about the appointee that was extremely private in nature - extensive medical and financial information, information about his family, his own employment and education history, and his home address and telephone number. It was also discovered that there was an uncomfortable history between the two individuals and that the requester had subsequently used some of the appointee's medical information to conduct his own personal inquiries about the appointee.

Following an investigation the institution readily admitted the error, apologized to the individual for what had occurred and gave him a copy of the same package the requester received so that he could see exactly what information about him had been improperly disclosed. The institution also asked the requester to return the information and to not keep any copies of it. While he returned the information, there were no assurances that copies had not been kept. Even had assurances been given, the damage had already been done and the appointee's personal information had already been further disclosed by the requester.

The former Commissioner accepted the fact that the situation occurred as a result of careless human error, but was appalled that the mistake was made at all Ð especially by the very people within the institution who are supposed to be the resident experts on the protection of personal information. Had the appointee's personal information been reviewed with the care it deserved this grievous violation of his privacy rights would never have occurred.

Disclosure of criminal past to offender's family members

An individual complained to this Office that a Correctional Service Canada (CSC) employee disclosed information about his criminal past to members of his family (including his young children who were previously unaware of their father's past) and to the public. A number of years ago the individual had been incarcerated in the same federal institution where the officer worked and he alleged that the officer disclosed confidential information obtained in the course of his duties.

The individual had also filed a complaint with CSC, which in turn conducted its own investigation. From the outset, the complainant never wavered in his statements that the officer disclosed his personal information. The officer maintained that it was not he who made the remarks, but rather a friend who was present at the time the disclosure took place - an individual he refused to identify either to us or to CSC. All of our efforts to locate the friend met with negative results. Still, based on all of the information we gathered during our investigation, the former Commissioner was prepared to find that the rights afforded the complainant under the Privacy Act had been violated as a direct result of the officer's actions. Indeed, CSC concluded that the officer had contravened its Code of Discipline and that he failed to observe the provisions of the Privacy Act; he was subsequently suspended for 15 days without pay.

Before rendering his final decision in the matter, the former Commissioner questioned CSC's rationale for concluding that a three-week suspension was appropriate to the circumstances. It was only then that we learned that new developments in the case had caused CSC to reverse its decision and withdraw the officer's suspension. Given the disciplinary action meted out to the officer, his friend had come forward saying that it was he who had disclosed the complainant's personal information, not the officer. While not fully convinced of the friend's credibility - and despite apprehensions in that regard - CSC nevertheless withdrew the suspension.

In light of this new information we conducted further inquiries but found no reason to believe the friend's version of events. Based on the evidence we obtained, the former Commissioner concluded that it was the officer who disclosed the individual's personal information and that his friend likely only came forward because the repercussions to the officer turned out to be greater than anticipated. The former Commissioner therefore found the complaint well-founded and asked that CSC reconsider the reversal of its decision.

The former Commissioner also advised CSC that it should have advised our officials that the officer's friend had finally come forward after all of the attempts of both CSC and this Office had failed to find him. The former Commissioner considered this to be an extremely important development, one which caused CSC to reverse its initial decision and one which could obviously have had a direct bearing on his decision. CSC was well aware that we had an active investigation into the allegations made by the complainant and, in the former Commissioner's view, CSC should have immediately alerted our officials to the change of events. The former Commissioner received assurances that this was an isolated incident which would not reoccur.

Even a public record should be protected

An individual received an envelope, by courier and addressed to him, containing the Canada Pension Plan (CPP) appeal documents of another individual. He believed that the other individual must have received his own appeal information in error.

Our investigation into this matter confirmed these fears. The other individual had indeed received the complainant's appeal information from HRDC. The mix-up was the result of a lack of attention when the documents were inserted in the envelopes to be sent out.

Section 8 of the Privacy Act limits how Government institutions may disclose personal information. In essence, institutions may not disclose personal information to third parties without the consent of the person to whom the information relates, unless one of the permitted disclosures set out in section 8(2) of the Act applies.

HRDC explained that the information about the complainant that was disclosed consisted of documents that had been filed at the Federal Court and thus were part of a public record. Since section 69(2) of the Privacy Act states that section 8 does not apply to personal information that is publicly available, HRDC contended that it had not contravened the Act by sending out the information to the wrong individuals by mistake.

The former Commissioner disagreed because the complainant's information was not disclosed from a public record. The fact that it could be found in a public record does not negate the fact that HRDC disclosed the complainant's information to someone who had no need to know. On that basis, the former Commissioner concluded that the complaint was well-founded.

As a result of the complaint, HRDC apologized to the individuals, re-sent to them the information that had been misdirected and revised its mailing procedures to minimize the chances of a reoccurrence.

Unauthorized disclosure of a SIN

We investigated an individual's complaint that Human Resources Development Canada (HRDC) improperly disclosed his social insurance number (SIN) to a private investigator.

The complainant had filed a lawsuit against an insurance company that he believed had mishandled his insurance claim. During the court process he discovered that the insurance company had hired a private investigator to delve into his financial affairs. He obtained a copy of the investigator's report, and noted references to inquiries conducted at HRDC, and the information obtained as a result of those inquiries. Dissatisfied because of HRDC's apparent lack of willingness to address his concerns about this breach of his privacy, the individual eventually turned to this Office for assistance.

We established during the investigation that an employee of HRDC had queried the complainant's file in the Social Insurance Register (SIR) system during the same time period that the private investigator had conducted his inquiries. Although the complainant reported his concerns to HRDC, it did not pursue the matter further until he indicated that he intended to subpoena HRDC employees to testify in court in his suit against the insurance company. At that time he asked for a copy of HRDC's investigation file concerning the disclosure of his SIN and any information related to the action taken by HRDC in that regard. It was only at this point - almost ten months after he first reported his concerns Ð that HRDC decided to conduct an internal inquiry to determine whether, or how, his SIN may have been compromised.

It was clear from the evidence obtained during our investigation that the HRDC employee had obtained access to the individual's SIN without justification and disclosed it to the private investigator. The evidence also pointed to the possibility that the employee had also gained access to approximately 40 other client files on the SIR system for which there were no related HRDC case files that would require the employee to query their SIN files.

The former Commissioner was concerned with HRDC's lack of conviction in handling the individual's complaint about the disclosure of his SIN when he first brought it to their attention. They failed to take any action other than to issue him a new SIN, despite the fact that several officials were aware of the incident long before he complained to this Office. The former Commissioner was equally concerned that despite the seemingly adequate systems capabilities, HRDC managers do not routinely monitor the SIR system to identify and deal with any activities of a suspicious nature or that cannot otherwise be justified as part of an employee's duties.

The former Commissioner concluded that HRDC was responsible for its employee's improper disclosure of the individual's SIN to the private investigator, and that it had as a result contravened the confidentiality provisions of the Privacy Act.

In response to this finding, HRDC undertook to mitigate the damage to the extent possible. The Deputy Minister sent a letter of apology to the complainant, and implemented measures that will significantly enhance the security of personal information in the SIR database, and enhance monitoring of employees' access to the SIR. We are confident that this will improve HRDC's abilities to protect the personal information under its control and prevent any further violations of client privacy.

HRDC also decided to refer the matter to the Royal Canadian Mounted Police for criminal investigation - the employee was eventually fired by HRDC for the breach of security.

Statistics Canada census taker not responsible for disclosing personal information to banks

An individual alleged that Statistics Canada sold her name and address to financial institutions that then sent her unsolicited mail. The individual travelled frequently for extended periods and maintained a post office box. She was staying at a recreation vehicle park at the time of the 2001 census and the census taker explained to the individual that she would have to use the park address for the purposes of the census, which she did. Within a couple of months, she began to receive unsolicited mail addressed to her at the park. As she had only used that address for the census, it seemed logical to her that Statistics Canada must have sold or otherwise provided the address to the financial institutions.

We examined one solicitation that the individual had received and contacted the bank that had sent it to her. Using the code displayed on the form letter, the bank was able to determine that it had obtained her name and park address from one of the largest list management companies in Canada, which handles more than 500 mailing lists representing some 25 million names. Its officials confirmed that the complainant's information was contained on one of the mailing lists which had been created and updated from information obtained from provincial telephone companies across Canada.

This detail prompted the individual to recall that she had a telephone installed at the park. While her telephone bill was sent to her post office box address, she had to provide the telephone company with the address of the park in order to have the telephone installed and serviced. It became apparent that it was the telephone company and not Statistics Canada that had disclosed the individual's name and address to the list broker, which in turn provided her information to the banks.

During the investigation, the list broker was asked to remove the individual's name from the mailing list, which it did immediately. However, the individual was alerted to the possibility that while her name would not be on an updated list, old lists held by the list broker's customers might still contain her information, and thus she might continue to receive solicitations. The former Commissioner urged her to contact those companies directly in order to remove her name from those lists. He also reminded the complainant that her name could be included in other lists in the future if, for example, she applies for credit cards, completes contest forms or purchases magazine subscriptions.

Time Limit Complaints

Under the Privacy Act, Canadians have a right of access to their personal information held by Government institutions and, by law, institutions must respond within 30 days after the request is received. Institutions can, however, extend that time limit to a maximum of an additional 30 days, but only under two specific circumstances: if meeting the 30-day time limit would unreasonably interfere with the institution's operations, or if consultations are required which cannot reasonably completed within that time.

The number of complaints related to time limits being exceeded by federal institutions for providing personal information to citizens increased to 541 this year, compared to the 428 that were reported for the previous fiscal year. We closed 381 of these complaints, of which 302 were well-founded.

There were more complaints about the personal information-handling practices of Correctional Service Canada (CSC) than any other federal Government institution. Of the 177 complaints against CSC that we completed, 159 were well-founded. Although CSC increased its staff and streamlined its procedures, a delay problem in responding to requests for personal information continues.

The number of time limit complaints against two institutions dropped significantly in comparison to last year, whereas those against four others increased:

Canada Customs and Revenue Agency:	down from 85 to 31
Human Resources Development Canada:	down from 57 to 16
Correctional Service Canada:	up from 125 to 233
Royal Canadian Mounted Police:	up from 16 to 71
Department of National Defence:	up from 35 to 58
Citizenship and Immigration Canada:	up from 40 to 49

One factor that continues to hamper the ability of institutions to respond to requests within the prescribed time limits is the complexity of processing audio and videotapes.

Institutions sometimes record interviews conducted for administrative or criminal investigations. Since the Privacy Act applies to personal information that is "recorded in any form," individuals can ask for copies of their information on those tapes. It is a time-consuming process to listen or view tapes and then to identify and sever the information that requesters are not entitled to receive, often because it constitutes personal information about other individuals. The Department of National Defence is one of the organizations that records interviews, and it has recently acquired new equipment in an attempt to simplify the process of reviewing and severing information on tape.

Requests for voluminous investigation files also account for some delays in responding in a timely manner.

Transmittal of information by fax

Although we discourage institutions from sending personal information by fax, we realize that they are used regularly by institutions for the purposes of expediency in getting information to its destination.

One of our investigations uncovered a problem with the manner in which a Government institution was keeping a record of the personal information it was sending by fax. Fax cover sheets indicated the number of pages sent, to whom, by whom and on what date, but the institution could not identify, after the fact, which specific documents or pages had been transmitted. In other cases, the institution was not able to identify what it had received by fax from other areas in the institution.

It is imperative that institutions keep a record of the use and disclosure of personal information under their control. Except in limited circumstances, individuals have the right to know which documents containing their personal information are sent to whom and why they are disclosed.

A solution to this problem is to list the documents sent or received on the transmittal cover sheet itself. This will ensure transparency, document the flow of information and assist us in our investigations.

Processing original files versus photocopies

Some Government institutions have denied individuals access to their personal information, thus contributing to the rising number of complaints to this Office, because the departmental Access to Information and Privacy (ATIP) offices are increasingly relying on photocopies provided by their program areas, rather than working with original documents, when processing requests. The problem with this arrangement is that ATIP analysts cannot be certain that what they are given represents all the information the individual is seeking.

When this Office receives a "denial of access" complaint, we ask to see the original file to compare it with the information processed by the ATIP office. Often we have discovered that the ATIP office did not have all the information contained on the original file-because someone did not think it was relevant or had removed internal notes, or simply because the backside of double-sided documents had been missed when the documents were photocopied.

The subtle nuances that can only be appreciated when viewing original files are also lost. Photocopies do not reveal the use or meaning of different coloured forms or highlighting of significant passages, and may not capture the exact placement of post-it notes with comments. Nor do they include the paperclips that explain why certain documents are grouped together or why they are out of chronological order. These elements are essential to understanding the context of the file and to decide whether the personal information can be released to the individual.

Having our investigators review original files eliminates any misgivings that the institution may not have located all the requested information, and also gives us the unequivocal certainty that we require to ensure access has not been denied.

Although some program areas would rather not surrender their original files, particularly those with ongoing administrative activities, we suggest that they retain a photocopy for their own use for the few days it takes the ATIP office to review the original file. We also urge ATIP co-ordinators to reclaim their responsibility for the quality of responses they send to individuals by working with original files only.

Incidents under the Privacy Act

Incidents of mismanagement of personal information that warrant further review by this Office are sometimes brought to our attention. We conducted 32 such reviews last year.

As an example, last summer, following an office relocation from one building to another in Ottawa, Human Resources Development Canada's (HRDC) Disability and Benefits Appeal Branch staff discovered that two computers were missing. Although HRDC, following an investigation by its Security Division, was unable to determine exactly what had happened, it is believed that the computers were stolen when they were left unattended while waiting to be loaded into the moving trucks. It has been suggested that since both computers were new, they were taken because of their monetary value and not for what they contained. The theft was also reported to local police, but they were unable to find the missing computers or the perpetrators.

Our investigators ascertained that the computers had not been packed in boxes, but simply placed on moving trolleys without being secured in any way. They also determined that one HRDC employee was responsible for ensuring that all items were removed from their original location to the loading area, but no one actually supervised the physical transfer of items from that location to the moving trucks parked outside the building.

Although the computers were never found, HRDC was able to determine, by means of back-up computer tapes, that they contained the full names, social insurance numbers (SINs) and medical information of dozens of Canada Pension Plan (CPP) disability benefits recipients. Therefore, HRDC decided to notify those recipients about the theft.

During our review of the incident, however, we noted that an additional 38 individuals whose surnames and SINs appeared on documents had not been notified. Since this would be sufficient personal information to possibly identify these individuals, we asked HRDC to notify them of the theft as well, which it did.

We also recommended that HRDC implement additional security measures to ensure that this does not reoccur, specifically that it ensure that all personal information is removed from hard drives of computers before they are moved from one location to another; and that additional staff be present during moves to ensure adequate security for any personal information that is affected by the move.

In another incident, an individual informed this Office that documents he received from a small claims court relating to his suit against a Port Authority included personal information relating to other individuals, specifically their credit card account numbers.

Our staff determined that when the Port Authority filed its Statement of Defence in small claims court, it included a copy of a daily cash and deposit report and a cash deposit receipt. These documents identified other individuals along with their account numbers, invoice numbers, credit card numbers, and amounts paid to the Port Authority.

In its defence, the Port Authority believed that it had no choice but to file complete, unvetted documents with its Statement of Defence to comply with court procedures. As part of its defence it needed to present the information relevant to its financial transactions with the plaintiff, and was under the impression that it could not remove any information relating to the other individuals named in those documents.

When this Office made inquiries with the small claims court, we learned that it would in fact accept partial or severed documents. The Port Authority therefore could have removed all information not relating to the plaintiff when it filed its documents in court, including the personal information about the other individuals. We brought this matter to the attention of the Port Authority and, as a result, it has undertaken to have the information relating to the other individuals removed from the court's file. The Port Authority also contacted the concerned individuals to advise them that their personal information was included in a public record.

Public Interest Disclosures

Paragraph 8(2)(m) of the Privacy Act allows the head of a Government institution to disclose personal information without an individual's knowledge or consent if there is a clear overriding public interest in doing so - either because it outweighs the individual's right to privacy or because it would clearly benefit the individual. Under section 8(5) of the Act, the Privacy Commissioner is to be notified in advance of any proposed disclosures.

This past year, the former Commissioner reminded a couple of institutions, following a review of their notifications, that the discretion to disclose personal information in the public interest should occur on an exceptional basis, where the disclosure cannot be justified under any of the other permissible disclosure provisions found in the Act.

It had become increasingly evident that some institutions were using the provision on a systematic and routine basis, with little apparent thought as to whether there was indeed an overriding public interest at the time. This was troubling because the situation seemed to play little or no part in the decision-making process. Often there had been no evaluation to assess what was of public interest and whether that interest should override the individual's privacy rights. As an individual rarely, if ever, has a chance to challenge the decision, it is critical that the decision-makers act in a judicious manner and ensure they have all the relevant information before making a fair determination.

However, of the 70 public interest disclosure notifications we received during the year, one was clearly warranted: the decision of the Department of National Defence (DND) to share with Veterans Affairs information regarding approximately 2,500 individuals involved in chemical warfare experiments.

From World War II to 1992, Defence Research and Development Canada (DRDC), a branch of DND formerly known as the Defence Research Establishment, compiled a list of DND members it had exposed to various chemicals as part of its chemical warfare research program. The members were volunteers, but some may not have been aware they were part of the experiments.

As a result of a recent investigation by the Office of the Military Ombudsman, DND felt that the DRDC's information would be useful to Veterans Affairs in identifying veterans who could be entitled to benefits. The information included the individual's last name and initials, the name of the chemical administered, the date administered and the location. It also included some service numbers but no dates of birth, which left it impossible for DND to positively match all of the individuals to its employee records.

The DRDC had not copied this information to the service or medical files of the affected employees, and DND hoped that Veterans Affairs would compare the information with its records to identify any matches in its inventory, and get in touch with the individuals. The intent was that Veterans Affairs could review the cases of those veterans who claimed to have been exposed to noxious substances, including anthrax, but were refused financial assistance because there was no evidence on their service or medical files to support their claims.

The former Commissioner readily agreed with DND's decision. The benefit to the individuals was evident-Veterans Affairs could help to resolve benefit entitlement issues as well as to assist in the diagnosis and treatment of disease resulting from exposure to toxic substances.

Top Ten Departments by Complaints Received

April 1, 2002 to March 31, 2003

Organization	Total	Access to Personal Information	Time	Privacy	Other
Correctional Service of Canada	456	106	233	117	0
Canada Customs and Revenue Agency	205	127	31	47	0
Royal Canadian Mounted Police	200	101	71	28	0
National Defence	130	51	58	21	0
Citizenship and Immigration Canada	107	52	49	6	0
Human Resources Development Canada	85	38	16	31	0
Canada Post Corporation	71	37	13	21	0
Justice Canada	65	47	13	5	0
Canadian Security Intelligence Service	57	48	8	1	0
Canadian Nuclear Safety Commission	36	1	0	35	0
Others	230	100	50	80	0
Total	1642	708	542	392	0

Completed Investigations and Results by Department

April 1, 2002 to March 31, 2003

Organization	Well-Founded	Well-Founded/ Resolved	Not Well-Founded	Discon- tinued	Resolved	Settled	Total
Agriculture and Agri-Food Canada	2	1	1	2	0	5	11
Canada Customs and Revenue Agency	37	14	878	6	8	46	989
Canada Mortgage and Housing Corporation	0	0	0	0	0	2	2
Canada Post Corporation	17	4	11	6	0	8	46
Canadian Heritage	0	0	1	0	0	0	1
Canadian Human Rights Commission	0	0	1	0	0	0	1
Canadian International Development Agency	1	0	1	0	0	0	2
Canadian Nuclear Safety Commission	0	0	35	1	0	0	36
Canadian Security Intelligence Service	5	2	18	0	1	0	26
Canadian Space Agency	2	0	0	0	0	0	2
Citizenship and Immigration Canada	33	4	28	13	0	28	106
Commission for Public Complaints against the RCMP	0	0	5	0	0	0	5
Correctional Service of Canada	189	17	42	11	1	65	325
Environment Canada	0	1	2	3	0	0	6
Farm Credit Corporation Canada	1	0	0	0	0	1	2
Finance Canada	0	1	0	0	0	0	1
Fisheries and Oceans Canada	1	3	4	1	0	0	9
Foreign Affairs and International Trade Canada	0	0	5	0	0	0	5
Freshwater Fish Marketing Corporation	0	1	0	0	0	0	1
Health Canada	2	1	6	1	0	1	11
Human Resources Development Canada	19	7	1568	6	2	6	1608
Immigration and Refugee Board	4	4	13	0	0	1	22
Indian and Northern Affairs Canada	1	0	2	0	0	3	6
Industry Canada	0	0	1	0	0	1	2
Inspector General of the CSIS	0	0	2	0	0	0	2
Justice Canada	4	1	11	1	0	7	24
National Archives of Canada	1	0	1	1	0	3	6
National Defence	25	7	10	7	1	14	64
National Parole Board	0	0	1	1	0	3	5
Office of the Chief Electoral Officer	0	0	0	1	0	0	1
Office of the Commissioner of Official Languages	0	1	0	0	0	1	2
Privy Council Office	0	1	5	0	0	0	6
Public Service Commission of Canada	1	0	2	0	0	1	4
Public Works and Government Services Canada	3	0	0	0	0	3	6
Royal Canadian Mounted Police	20	5	41	12	0	28	106
Solicitor General Canada	0	0	6	0	0	0	6
Statistics Canada	0	0	6	0	0	6	12
Transport Canada	1	2	0	2	0	1	6
Treasury Board of Canada Secretariat	0	0	2	0	0	0	2
Vancouver Port Authority	0	0	0	1	0	0	1
Veterans Affairs Canada	2	0	2	0	0	1	5
Total	371	77	2711	76	13	235	3483

Completed Investigations by Grounds and Results

April 1, 2002 to March 31, 2003

	Well-Founded	Well-Founded/ Resolved	Not Well-Founded	Discon- tinued	Resolved	Settled	Total
Access to Personal Information	14	72	228	36	5	131	486
Access	14	71	221	33	5	129	473
Correction/Notation	0	1	7	3	0	0	11
Language	0	0	0	0	0	2	2
Inappropriate Fees	0	0	0	0	0	0	0
Privacy	56	4	2445	17	8	86	2616
Collection	7	2	831	2	7	19	868
Retention and Disposal	4	0	4	0	0	13	21
Use and Disclosure	45	2	1610	15	1	54	1727
Time Limits	301	1	38	23	0	18	381
Correction/Time	2	0	0	0	0	0	2
Time Limits	287	1	29	23	0	18	358
Extension Notice	12	0	9	0	0	0	21
Other	0	0	0	0	0	0	0
Total	371	77	2711	76	13	235	3483

Origin of Completed Investigations

April 1, 2002 to March 31, 2003

Province/Territory	Number
Newfoundland	14
Prince Edward Island	3
Nova Scotia	59
New Brunswick	52
Quebec	2247
National Capital Region-Quebec	22
National Capital Region-Ontario	96
Ontario	396
Manitoba	83
Saskatchewan	55
Alberta	167
British Columbia	273
Nunavut	0
Northwest Territories	0
Yukon	4
International	12
Total	3483

Inquiries under the Privacy Act

April 1, 2002 to March 31, 2003: 5,183

We will attempt to provide a breakdown of these inquiries by subject in future Annual Reports.

Privacy Practices and Reviews

Section 37 of the Privacy Act empowers the Commissioner to initiate compliance reviews of the personal information management policies and practices of federal institutions. This means that, at the Commissioner"s discretion, he can audit them to determine whether they adhere to the fair information practices set out in sections 4 to 8 of the Act. The Privacy Practices and Reviews (PP&R) Branch may evaluate the compliance of organizations with the requirements of the Privacy Act.

In the aftermath of September 11, 2001, a number of federal Government departments and agencies received significant funding increases to allow them to implement changes to combat terrorism and enhance national security. To assess the impact that these anti-terrorism measures are having on individual privacy, the Office initiated reviews of the personal information handling practices at the Royal Canadian Mounted Police, the Canadian Security Intelligence Service and the Communications Security Establishment. The reviews will be completed in the upcoming fiscal year.

A number of programs and activities established by federal Government institutions and agencies provide for the disclosure of personal information about Canadian citizens and residents to departments and agencies of the United States government. During this fiscal year, the Office initiated an examination of agreements, arrangements and memoranda of understanding between Canada and the United States that include provisions for the sharing of personal information. Eighteen departments and agencies were selected for this examination and a review will be completed in the upcoming fiscal year.

In addition to reviewing and auditing, our Office advises federal organizations on compliance issues and the privacy implications of new and existing programs and practices. The Office"s PP&R Branch has been involved in numerous consultative efforts with Government departments, including the Treasury Board of Canada Secretariat, Elections Canada, Statistics Canada, Human Resources Development Canada, Indian and Northern Affairs Canada, and Health Canada, to name a few.

These consultations often involve reviewing new information management proposals, such as data-matching initiatives, the creation of databases and information-sharing arrangements with other organizations. It is important to note that the Commissioner"s role in such issues is an advisory one. The Commissioner does not in any way provide formal approval for such initiatives, which would compromise his impartiality during subsequent investigations or reviews.

As described in our earlier reports, HRDC developed a review procedure to deal with policy analysis, research and evaluation activities involving the linking of separate databanks. Part of this procedure includes consultation with our Office. During the past year, the Office has analyzed and commented on close to a dozen HRDC submissions, including the Evaluation of HRDC Work Sharing Program, the Evaluation of Labour Market Information Services, and the Canada Student Loan Program Needs Assessment and Loans Disbursement Datasets Project.

One project that the department sent our Office, the Employer and Industry Activity System, was submitted as an undertaking involving databank connections. Upon review, our Office concluded that the project involved more than simply the linking of existing databanks. Rather, it would result in the creation of a new databank that would be used on an ongoing basis. It was never contemplated that this type of project would be dealt with through this process. As a result, we advised HRDC that the matter would be more appropriately dealt with by way of a Privacy Impact Assessment (PIA), which entails a more rigorous review. PIAs are discussed in more detail in the following section of this Report.

We have continued to notice an improvement in the detail and completeness with which HRDC"s submissions address privacy issues. In our last Report, we expressed a concern that HRDC provided limited information regarding contracts with outside parties, and we said that HRDC should strengthen the contractual obligation of those parties to protect the privacy of personal information under their temporary stewardship. Although some of the submissions we received did not fully meet expectations, the department has improved in addressing this concern over the past year.

Privacy Impact Assessments

On May 2, 2002, the Secretariat of the Treasury Board of Canada issued a new directive requiring federal Government departments and agencies to undertake a Privacy Impact Assessment (PIA) for all new programs or services that raise privacy issues. Canada is the first country in the world to make PIAs mandatory for all federal departments and agencies.

For more than a year prior to that date, the Office had been urging the Government to put a PIA Policy in place, in order to ensure that privacy considerations are built in at the outset of projects and not as an afterthought. In developing this Policy, we congratulate the Government for implementing the Policy and for recognizing that respect for citizens" privacy is critical to the success of all its programs and services, including the Government On-Line initiative.

New and existing programs and services with potential privacy risks must now undergo a PIA - in effect, a feasibility study from a privacy perspective. This includes significant redesigns of existing programs when the redesign involves a new or increased collection, use or disclosure of personal information, new data-matching, contracting-out or other changes that potentially raise new privacy concerns.

A PIA is designed to provide federal Government departments and agencies with a consistent framework to forecast a proposal"s impacts on privacy, assess its compliance with privacy legislation and principles, and determine what mitigating measures are required to overcome the negative impacts. If done correctly, a PIA is a way to avoid extra costs, adverse publicity, and the loss of credibility and public confidence that could result from a proposal that is not privacy friendly. It is also a way to raise awareness and understanding of privacy principles, both internally and among citizens.

The conduct of a PIA is a shared responsibility. As the Treasury Board Policy states, PIAs are co-operative endeavours, requiring a variety of skill sets, including those of program managers, technical specialists, and privacy and legal advisors. Although the deputy head of a federal institution, department, or agency is responsible for determining if a PIA is required, several Government departments have set up internal committees to review departmental projects to determine whether a PIA is required. Given the multi-disciplinary nature of the exercise, this strikes us as a sensible approach.

Of particular significance is the fact that the Policy requires departments to inform the Office of all proposals for new or modified programs and services that raise privacy issues. Departments must also consult the Office while preparing a PIA to ensure that privacy risks are identified and that mitigating actions to deal with those risks are appropriate. By reviewing the documentation in co-operation with institutional officials, our Office is then able to provide advice and guidance to institutions and identify solutions to potential privacy risks.

The Commissioner"s role is not to approve or reject projects that are assessed in the PIAs, but rather to assess whether or not departments have done a good job of evaluating the privacy impact of a project or proposal.

To take on this new responsibility, we created a new division within the PP&R Branch devoted entirely to analyzing and providing comments on PIAs submitted for review.

During the period of this Report, our Office received 17 PIAs and 12 preliminary PIAs (PPIAs), and has been consulted on several projects that would require PIAs. Based on discussions with the Treasury Board Secretariat (TBS) and other federal Government departments and agencies, we expect to receive more than 50 PIAs over the next fiscal year.

Most of these initiatives or projects involve the electronic delivery of services to individuals through the Internet, so the privacy risks come from a variety of sources, including systems characteristics, technical infrastructure and design of the on-line service or program.

Five of the 17 PIAs we received were prepared prior to the TBS Policy being introduced, and thus did not adhere to the policy requirements or the guidelines associated with the Policy. As a consequence, most were either returned to or withdrawn by the submitting departments to be revised in accordance with the Policy. So far, eight PIAs received have run the full course of the review process.

While the majority of reports received to date from departments are PIAs, we have witnessed over the course of the year a growing number of Preliminary Privacy Impact Assessments (PPIAs). We believe this trend reflects an inclination on the part of departments to adopt a more cautious and phased approach to the development of their PIAs, given their unfamiliarity with the process and the probable lack of in-house expertise in this area. Where departments are facing a fixed and impending deadline for implementation, we have been advising those departments to directly draft their PIA to expedite the review process.

So far there has been no PIA, and certainly no PPIA, where our staff has not found it necessary to go back to the submitting department for additional information. Some commonly omitted elements include:

a project implementation schedule;
a complete inventory of data elements collected and used (information may be described, but not itemized);
an adequate description of the business process;
a data flow chart, or one that is complete; and
an adequate description of the information security infrastructure associated with the project.

In addition to this, background documents commonly missing include:

draft agreements, where third party service providers are involved;
Threat and Risk Assessment (TRA) reports, where conducted;
project feasibility studies, where conducted;
project management plans, as they relate to project design; and
technical specifications relating to system design.

There are also a number of common problems which we have observed in the privacy analysis. They include:

confusing privacy with security and confidentiality;
seeing the PIA process as essentially a privacy compliance audit exercise;
failure to link identified risks with specific design elements of the project;
proposed mitigating measures not addressing the risk identified; and
proposed mitigating measures for risks that have not yet been identified.

Although these problems and omissions reflect the unfamiliarity of departments with the PIA Policy, it should be noted that we are now beginning to see a general improvement in the quality of the PIAs we are receiving.

If there are lessons to be drawn from our experience of the last eleven months, one is the need for greater education on how the PIA functions as a risk management tool. Another is the need for departments to notify and involve the Office at the earliest possible stage in the development of the PIA.

Given that there is a need for organizations to have a better understanding of the PIA Policy, we advise Government officials to contact the Treasury Board Secretariat or to visit its Web site at www.tbs-sct.gc.ca for more information.

In the Courts

Section 41 of the Privacy Act allows an individual, following the results of an investigation of a complaint by the Privacy Commissioner, to apply to the Federal Court for review of the decision of a Government institution to refuse the individual access to her personal information. From the time the Privacy Act came into force in 1983 to March 31, 2003, approximately 130 applications for review have been filed in the Federal Court. Eight of these were filed in the year ending March 31, 2003.

Section 42 of the Privacy Act allows the Commissioner to appear in Federal Court. The Commissioner can apply to the Federal Court for review of the decision of a Government institution to refuse access to personal information if he has the consent of the individual who requested the information. The Commissioner can appear before the court on behalf of an individual who has applied for review under section 41. Or, with leave of the court, he can appear as a party to any review applied for under section 41.

There are currently no applications under the Privacy Act in which the Commissioner is actively involved. However, the Commissioner also participates in litigation that arises outside of the Privacy Act. Following is a summary of litigation involving significant privacy issues in which the Commissioner has been involved.

Mertie Anne Beatty et al. v. The Chief Statistician et al.

Federal Court File No. T-178-02

This issue was brought before the Federal Court of Canada by a group of Canadian citizens seeking access to the 1906 Census Returns for the Provinces of Manitoba, Saskatchewan and Alberta pursuant to section 6 of the Privacy Regulations.

The Offices"s position has always been that disclosure of the 1906 census information is prohibited by the confidentiality provisions in the Statistics Act, and that legislative amendments should, therefore, be explored as a means of compromise.

Status

The Application was filed in February 2002. Following a review of the legislation, the federal Government decided that the information could, in fact, be released and did so. Bill S-13 was later introduced in order to retroactively modify census laws to allow access to records and address privacy concerns. Accordingly, the Application was discontinued.

Canada Post Corporation v. Privacy Commissioner of Canada

Federal Court File No. T-233-02

On January 14, 2002, the former Commissioner determined that Canada Post"s use of its National Change of Address (NCOA) service contravened the Privacy Act in two ways. First, Canada Post contravened section 5(2) of the Act by failing to specify to NCOA applicants its intention to disclose new addresses to mass mailers and direct marketers for a commercial purpose. Then it contravened section 8 by failing to obtain the consent of individuals for the disclosure of their new addresses to mass mailers and direct marketers.

Status

On February 13, 2002 Canada Post filed an Application alleging that the former Commissioner had exceeded his jurisdiction in applying sections 5 and 8 of the Privacy Act. On April 4, 2002, however, Canada Post agreed to add a box on its form enabling individuals to provide consent for this activity. The issue thus became moot, and Canada Post discontinued its Application on April 14, 2002.

Privacy Commissioner of Canada v. Attorney General (Canada) et al.

British Columbia Supreme Court File No. S57566

In June 2001 the Office received a complaint regarding the installation of Royal Canadian Mounted Police (RCMP) surveillance cameras in the downtown core of the City of Kelowna, B.C. After an investigation, the former Commissioner determined that by recording continuously rather than recording only selective incidents related to law enforcement activities, the RCMP is unnecessarily collecting information on thousands of innocent citizens engaged in activities irrelevant to the mandate of the RCMP. It was concluded, therefore, that the video surveillance in Kelowna was in contravention of the Privacy Act.

The RCMP informed this Office that the continuous video recording of the surveillance camera was terminated on August 28, 2001. Instead, the area under surveillance would only be videotaped if a violation of the law was detected. While this put the use of the surveillance camera into compliance with the letter of the Privacy Act, which technically only applies to information that is "recorded in any form", it was the former Commissioner"s opinion that a continuation of the video camera surveillance even without continuous recording was insufficiently respectful of the spirit of the Privacy Act and of the privacy rights of Canadians.

On June 21, 2002, the former Commissioner filed a Statement of Claim in the Supreme Court of British Columbia, requesting declarations from the Court that this generalized video surveillance was unconstitutional, contravening the Charter, as well as Canada"s international human rights obligations. From March 12 to 14, 2003 there was a hearing on the federal Government"s motion to dismiss the case. The court held that the Commissioner lacked the legal capacity to bring the action.

Status

On July 4, 2003, the newly-appointed Commissioner announced that he had instructed counsel to withdraw its appeal into the case. Although the Commissioner and this Office continue to have a variety of concerns regarding video surveillance of public places by public authorities, continuing this particular action was not perceived as a useful way of spending public funds.

Information Commissioner of Canada v. Commissioner of the RCMP et al.

Supreme Court of Canada File No. 28601

A list of the career postings of four Royal Canada Mounted Police (RCMP) officers was requested under the Access to Information Act. The Commissioner of the RCMP refused to release the information on the grounds that it revealed employment history and thus was personal information as defined in section 3 of the Privacy Act. The Information Commissioner argued, however, that paragraph 3(j) of the definition of personal information in the Privacy Act states that information relating to the position or functions of Government officers or employees is not personal information for the purposes of section 19 of the Access to Information Act.

Status

The Supreme Court of Canada released their unanimous decision on March 6, 2003. The Court very clearly stated that information may be personal and yet still fall under the rubric of section 3(j) where it reveals general characteristics associated with the position or functions held by an officer or employee of a federal institution. The Supreme Court felt that none of the information requested pertained to the competence or characteristics of the employees. It therefore ordered that the following information be released for each of the named individuals: a list of historical postings, status and dates, a list of ranks and dates those ranks were achieved, and the years of service and anniversary date of service.

The decision of the Supreme Court limits the application of paragraph 3(j) of the definition. Even though this Office had argued for a narrower interpretation of the exception, the decision of the Supreme Court is not unreasonable.

[Back to Table of Contents][Part Two][Part Three]