Reports and Publications

ARCHIVED - Audit Reports

[Back to Table of Contents][Previous Section][Next Section]

Review of the Personal Information Handling Practices of the Canadian Firearms Program


Top of Page Table of Contents FINDINGS & RECOMMENDATIONS - PART I

For a List of all Recommendations, refer to Appendix A.

Top of Page Table of Contents ACCESS & CORRECTION

One of the purposes of the federal Privacy Act is to give individuals a "right of access" to information about themselves held by a government institution. This includes, but is not limited to, a right to request correction of the information. Such a right is considered to be a fundamental element of fair information practices. This right is found in most personal information protection acts, including the new Personal Information Protection and Electronic Documents Act.

Under section 7(5) of the Firearms Records Regulations, an individual who wants personal information amended shall submit an application in writing to the Registrar or to the CFO in the province or territory in which the record was created. The Firearms Act and the Regulations do not provide individuals an explicit right of access to their information unless it is for the purpose of correcting their information.

In April 1997, a Parliamentary Sub-committee recommended that mediation mechanisms be established, on an administrative basis, to allow applicants the opportunity to challenge allegedly false or inaccurate information without resort to court action. The Government did not accept this recommendation because, in its view, investigative techniques already exist to ensure that decisions are not based on false or inaccurate information. While DOJ agreed to examine the investigative process to see if improvements should be made with a particular focus on privacy, the Government believed that mediation after the fact would not be appropriate and could be incompatible with the overriding safety objectives of the legislation.

The Canadian Firearms Centre Web site (www.cfc-ccaf.gc.ca/general_public/factsheets/privee_en.) states that "Any personal information collected under the new firearms legislation is protected by the basic principles of fair information practices found in the federal Privacy Act and in provincial privacy legislation." Despite this claim, all Canadians cannot easily obtain access to information collected as part of the Firearms Program particularly given the multi-jurisdictional nature of the Program.

In the case of the seven opt-out jurisdictions (AB, SK, MAN, NWT, Nunavut, Yukon and NFLD), all records are administered federally, and thus subject to the Privacy Act. However, the Program records relating to the six opt-in jurisdictions (BC, ON, QC, NB, NS, PEI) are held by three levels of government (federal, provincial and municipal), and thus subject to a patchwork of privacy legislation. Even at the federal level the personal information holdings for this Program are held at various locations.

The dispersed holdings result in an uneven application of access rights. In March 1999, the Federal Chief Firearms Officer Services (FCFO) for the 5 opt-out jurisdictions in the Northwest Region issued its own Access and Privacy Requirements Bulletin and prepared a draft Personal Information Policy Statement. Though the FCFO should be commended for this initiative, no consultation took place with the RCMP/Access to Information and Privacy (ATIP) office or with DOJ/ATIP. As a result, ATIP officials from the RCMP and DOJ are not in agreement with some of the policies and procedures outlined in the FCFO Bulletin in terms of what is and what is not considered personal information that a client would be entitled to receive and whether formal or informal requests should be submitted to CFOs or directly to the federal ATIP offices.

At this time, each partner, in responding to access requests, is processing the records in its custody and referring applicants to the other likely holdings (federal, provincial and/or municipal). For example, DOJ/ATIP is only processing CPS and CFC records (including CFRS extracts relating only to licences), and referring requests relating to the registration of firearms to RCMP/ATIP.

In addition, several problems exist with respect to requests for access and correction to records held in FIP. Any requests involving the FIP database are automatically referred to the RCMP for response. However, in turn, the RCMP is only processing FIP records that have been entered by the RCMP. When a request for a FIP printout is received at RCMP/ATIP and the information was entered by another police force, the RCMP exempts all the information referring to that entry as received in confidence because the RCMP does not know the circumstances for the entry, the sensitivity of the information, or other relevant details of the entry. The individual is then referred to the local police agency where a separate additional access request must be made. This results in delays due to individuals being referred from one office to another, and there are no established procedures to cancel, correct or remove unsubstantiated/innocuous FIP hits or those that fall outside of the requirements of section 5 of the Firearms Act.

Also, for example, an Ontario resident who applies for a firearms licence and registration certificate and who has been subject to the three levels of screening (primary, secondary and tertiary) would have to submit separate access requests to DOJ (Central Processing Site and Canadian Firearms Centre), the RCMP (Canadian Firearms Registry and FIP), the Ontario Provincial Police as well as to at least one local police agency. A fifth request may also be required if the CFO or Area and Local FO in Ontario also obtained additional information from a police agency outside the province. This is a tremendous burden on individuals who simply want access to their records collected under the Firearms Act.

Since not all provinces, territories and municipalities come under privacy legislation comparable to the federal Privacy Act, this results in uneven protection of individuals' privacy and rights of access and correction with respect to the Firearms Program records. For example, Prince Edward Island does not yet have any privacy law in place and only a handful of provinces in Canada have extended their privacy legislation to their municipalities (see Appendix F).

The variations in the existing Memoranda of Understanding among the partners and levels of government have led to inconsistencies with respect to the control and ownership of the personal information - thus resulting in different access and correction procedures (see Appendix G).

Top of Page Table of Contents Personal Information Request Protocol

In April 1997 following Parliamentary Committee recommendation, the Minister of Justice undertook to negotiate information sharing agreements that would ensure that the federal Privacy Act would apply in cases where no provincial and territorial legislation exists. However, there are still no such agreements in place. As a temporary measure, DOJ issued in October 1999 a Personal Information Request Protocol to all provincial and territorial CFOs. The Protocol sets out DOJ's position with respect to ownership and control of Program records and how access requests "should" be processed.

According to DOJ's Protocol:

  • though the CFRS is staffed and operated by federal employees, "ownership" of its contents is not possible since the information contained in the CFRS can be entered, modified and retrieved by all federal, provincial and territorial partners;
  • a document is under the "control" of a government institution if it is within that institution's power to produce it; the ability to produce a record would encompass not only those records which that institution has custody of or is in direct possession of, but would also include records that are generally available to that institution including any record which that institution may access or retrieve by way of agreement;
  • the nature of information sharing and gathering in the CFRS and the provisions of the Firearms Act giving reciprocal rights of access to the CFOs and the federally-appointed Registrar, give every partner the ability to produce the information; therefore everyone potentially has control of the information and is subject to personal information requests;
  • all records received by the Central Processing Site (CPS) are stored on behalf of DOJ; the CPS is operated by federal employees and therefore all information within its control is subject to the federal Privacy Act; this includes original applications, primary screening as well as results and limited remarks of secondary and tertiary screening entered in CFRS;
  • any other investigative records gathered during secondary and tertiary screening are not under federal control and thus not subject to federal privacy legislation;
  • personal information requests received by DOJ are processed in accordance with the Treasury Board Guidelines on Privacy and Data Protection; DOJ consults with all parties concerned before a decision is made to release a record; for example, consultations are held whenever a request is received for information that has been entered into the CFRS by a provincial and territorial partner;
  • DOJ informs a requester that the provincial or territorial institution may have information relevant to their request; and
  • in cases where a request is received by the province/territory and there are relevant records stored at CPS, the provincial and territorial CFO will request those records directly from the federal CPS site.

Although the Protocol begins to capture the complexity of the ownership and control issues as well as the access problems, it fails to acknowledge the key issues with respect to the personal information holdings, sharing arrangements and actual practices. Among other things, the Protocol needs to:

  • recognize the information holdings at the RCMP Canadian Firearms Registry (CFR);
  • differentiate between the 7 opt-out jurisdictions (federally-administered) that do fall within the federal Privacy Act and the 6 opt-in jurisdictions (provincially-administered) that do not, especially regarding secondary and tertiary screening records;
  • address how individuals residing in PEI can obtain access to their information given that there is no comparable privacy legislation for that "opt-in" province;
  • provide guidance to provincial and territorial CFOs as to whether or not tertiary field investigation files held by municipal police agencies should be gathered in response to access requests; and
  • it should address all the access and correction issues associated with the FIP records.

The Protocol also raises an interesting point. While the provincial and territorial CFOs can pull records from the federal CPS site for processing access requests received at that level of government, DOJ cannot pull provincial and territorial records to process requests received at the federal level.

Recommendations:

  1. All the existing Memoranda of Understanding (a.k.a Service Agreements) should be reviewed in order to standardize the control and ownership clauses.
  2. DOJ should follow through on its promise to negotiate information sharing agreements with the provinces and territories. These agreements should apply to both electronic and hardcopy records and should also apply to the Firearms Interest Police (FIP) database as well as all federal, provincial and municipal police information retrieval systems. This would ensure that the personal information collected for the Firearms Program is protected in accordance with the intent and spirit of the federal Privacy Act and the principles of fair information practices, and that the Act applies in cases where no parallel provincial and territorial privacy legislation exists. In the event of a conflict between the federal Privacy Act and the provincial privacy acts (e.g. no correction rights at the provincial level), the agreements could expressly state that the federal Privacy Act would prevail.
  3. In the interim, until DOJ puts in place appropriate information sharing agreements, the DOJ Protocol should be revised to:
    • recognize the information holdings at the RCMP Canadian Firearms Registry (CFR);
    • differentiate between the 7 opt-out jurisdictions (federally-administered) that do fall within the federal Privacy Act and the 6 opt-in jurisdictions (provincially-administered) that do not, especially regarding secondary and tertiary screening records;
    • address how individuals residing in PEI can obtain access to their information given that there is no comparable privacy legislation for that "opt-in" province;
    • provide guidance to provincial and territorial CFOs as to whether or not tertiary field investigation files held by municipal police agencies should be gathered in response to access requests; and
    • it should address all the access and correction issues associated with the FIP records.
  4. Mechanisms should be in place to ensure that individuals have easy access to FIP records and the ability to correct or place a notation to file relating to disputed FIP entries.
  5. Consideration should be given to creating a single access and correction point at the federal level. Given that the Program is administered through a federal statute, the provinces are fully funded by the Government of Canada, and that overall accountability for the Program rests with DOJ, individuals should not have to go to as many as 4 to 5 different places to obtain access to their personal information. This should be negotiated as part of the information sharing agreements.
Top of Page Table of Contents Personal Information Banks in InfoSource

InfoSource is a publication issued by the Treasury Board Secretariat for the purpose of assisting Canadians in identifying and locating their personal information holdings within federal government departments and agencies.

During the course of our review, DOJ provided a draft description of a new personal information bank (PIB) entitled "Firearms Program Records", which was to be issued in InfoSource. It stated:

"This bank contains applications and other information related to: the ownership, registration and use of firearms; the importation, exportation and other movement of firearms; the licensing of businesses and other entities; and the licensing of individuals under the Firearms Act and related Regulations. ...Information is this bank may be maintained in hard copy, on microfilm, and in automated form in the Canadian Firearms Registration System."

This description in this PIB did not begin to capture the extent to which sensitive personal information is being collected (i.e. medical and criminal records). Also, it did not reflect the role of the RCMP and other partners, which could prove quite confusing not only to applicants but to the ATIP community as well.

In September 1999, the RCMP notified the Privacy Commissioner under section 9(4) of the Privacy Act of its intention to update bank CMP PPU 005 - Operational Case Records - to recognize that FOs have access to the RCMP's automated Operational Case Records by way of the Police Information Retrieval System (PIRS). This proposed new "consistent use" is addressed later in this report as there are collection issues with respect to giving FOs full and open access to PIRS data.

In the 1999/2000 version of Info Source, the RCMP listed personal information bank CMP PPU 035 - Firearms Registration/Legislation Records, which covered only its previous responsibilities under the Criminal Code including maintaining the Restricted Weapon Registration System (RWRS) and the old Firearms Acquisition Certificates (FAC). There was no mention of the RCMP's new responsibilities and personal information holdings as a result of the Firearms Act (i.e. CFR, FIP, Verifiers' Network, etc.).

But then, subsequent to our Preliminary Report in September 2000, both DOJ and the RCMP issued new personal information banks in the 2000/2001 publication of InfoSource - JUS PPU 199 Canadian Firearms Program and CMP PPU 037 Canadian Firearms Registration System, respectively. While both departments should be commended for preparing such detailed bank descriptions, some problems remain. For example:

  • While DOJ's new PIB indicates that requests related to the Firearms Interest Police database (FIP) should be directed to the RCMP, the RCMP has not created a PIB for FIP (contrary to previous undertakings) nor is there a mention of FIP in its new CFRS bank.
  • There is no mention by either DOJ or the RCMP about the personal information gathered relating to the qualifications of verifiers.
  • In DOJ's new PIB, it states that "Details of interviews and reports are held by the provinces and territories." But, this is not always the case since DOJ administers the Program for opt-out provinces and territories and maintains the records at the federal level. Only later in the PIB does it talk about the opt-in and opt-out differences. This can be quite confusing as it creates uncertainty as to whether they should apply federally, provincially or municipally, or to all three jurisdictions in order to obtain access to their personal information.
  • In DOJ's new PIB, it also states that "For PEI and the opt-out provinces...requests must be made to Justice Canada". But, immediately after it states that information collected by municipal or provincial police forces is not under the control of DOJ. Again, this is contradictory and could prove quite confusing to the average citizen. In addition, it remains unclear as to why all the records held in PEI would be under DOJ's control since this is an opt-in province. Also, this contradicts DOJ's other statements that residents in PEI can obtain access to their personal information at the provincial level.
  • In DOJ's new PIB, it also states that requests relating to training records should be sent to Justice. It remains unclear if DOJ has control over all training records - opt-in and opt-out jurisdictions.
  • Finally, it remains undetermined what personal information is being collected by CCRA since January 1, 2001.

Recommendations:

  1. Before DOJ and the RCMP can finalize their personal information bank descriptions for Info Source, they need to resolve a number of issues associated with access and correction rights such as control of both hardcopy and automated records held in the various jurisdictions.
  2. Any bank(s) in InfoSource should differentiate between DOJ holdings (i.e. CPS, CFC, CFOs in opt-out provinces and territories), those of the RCMP (i.e. CFR and Verifiers' Network), as well as those of the "opt-in" provinces.
  3. Any bank(s) for the Firearms Program should describe CFRS and CFRO as well as the types of information collected for eligibility screening (i.e. criminal, medical, etc.) including the various sources such as references, guarantors, doctors, spouses, employers, CPIC, FIP, PIRS, etc.
  4. The RCMP's Operational Case Records bank (CMP PPU 005) should specify to what extent FOs have access to the records via PIRS - an issue addressed as part of this review.
  5. The Firearms Interest Police (FIP) database must be reflected in InfoSource.
  6. The personal information relating to the qualifications of verifiers should also be recognized in InfoSource.
  7. DOJ's bank description should clarify who has control over all training records - for both the opt-in and opt-out jurisdictions.
  8. The new PIBs should also establish what personal information is being collected by CCRA since January 1, 2001, and refer to another PIB if necessary.

Top of Page Table of Contents COLLECTION

In addition to the large amount of personal information collected on application forms (see Findings and Recommendations - Part II of this report), the Firearms Act gives FOs very broad powers and discretion to investigate and gather additional information about applicants. Under section 55 of the Firearms Act, FOs have the right to ask applicants for additional information, or to conduct an investigation by contacting the applicants' references, photo guarantor, spouse, neighbours, aboriginal elders or leaders and others to determine if a licence should be issued. This next part of the review focuses primarily on the collection of information during secondary and tertiary screening.

Top of Page Table of Contents Police Information Retrieval System (PIRS)

PIRS is the RCMP's automated information management system that captures data on individuals who have been involved in investigations under the Criminal Code, federal and provincial statutes, municipal by-laws and territorial ordinances. In addition to details of an event in a brief synopsis (maximum of 240 characters), PIRS contains limited information relating to investigations and criminal histories. Unlike CPIC, which essentially contains factual information (e.g., charges and convictions), PIRS may also contain information provided by witnesses, victims and other associated subjects that can be highly subjective, as well as the names of the witnesses, victims, and acquaintances of the accused individual. PIRS also differs from CPIC in that it contains information on occurrences and incidents that never resulted in charges. Operational Statistical Reporting System (OSR) codes identify all occurrences on PIRS in terms of the nature of the event for statistical profile purposes, while the police case number and originating agency (ORI) number are identified in FIP entries for use by FOs.

Initially, with the creation of the FIP system, PIRS was intended to be used by CFOs and their staff strictly as a pointer directing them to the originating agency's occurrence report, and only following a FIP hit showing a PIRS file. Then, in 1998, the RCMP informed the CFOs that their staff would be provided with full PIRS query access, but with the following conditions outlined in an MOU:

  • the PIRS data base is to be used only by authorized personnel with an enhanced security clearance and who have had appropriate training on the use and limitations of the system;
  • under no circumstances are eligibility decisions to be based solely on information retrieved from the PIRS data base; the records in PIRS are by no means exhaustive in nature and it is incumbent on each CFO and his/her staff to confirm the contents of any record with the originator prior to considering any action;
  • PIRS queries are to be limited solely to information that is necessary for eligibility processing, investigations and proceedings under the Firearms Act, Criminal Code or court order; and
  • subject queries should include appropriate subject information such as surname, given names, sex and date of birth, to limit the search to appropriate responses.

However, it was not until a year later (in September 1999) that the RCMP notified the Privacy Commissioner, as required by section 9(4) of the Privacy Act, of its intention to amend the "Consistent Uses" portion of the Operational Case Records bank in Info Source to reflect that FOs were granted full access privileges to the records by way of PIRS.

Providing FOs with full access to PIRS raises a number of concerns:

  • PIRS records have data quality problems. The PIRS Policy Centre, within the RCMP, has expressed a concern that decisions are being based on records that frequently contain inaccurate accounts of investigations, including inaccurate subject status codes. Section 6(2) of the Privacy Act requires that all reasonable steps are taken to ensure that personal information used to make an administrative decision about someone is as accurate, up-to-date and complete as possible.
  • Despite RCMP PIRS Policy, the information found on PIRS is not being verified with the contributing agency most of the time. Due to workload requirements, FOs are only checking the contributing agency file if a licence application requires a more in-depth investigation or if the application will be refused based on PIRS data. If the FO is satisfied that the information obtained on the PIRS terminal is not a match to the client, or that the information falls outside of section 5 of the Firearms Act (not a threat to public safety), the originating police agency's file is not verified.
  • PIRS contains information about "associated" subjects that are not CFRS clients (e.g., witnesses, victims, etc.). Thus, FOs are routinely privy to considerable personal information that is normally not relevant to their decision-making process.
  • Since the RCMP and all police agencies contributing to PIRS already screen operational case files to identify PIRS entries with relevance to section 5 of the Firearms Act for automatic flags in FIP, FOs should only consult PIRS as a result of a FIP hit and by using Screen 20 along with the police case number and originating agency (ORI) code provided in FIP. However, FOs have full and open access to PIRS. Checks that are not a result of a FIP hit are done using screen 22 instead, which only requires name and date of birth.

While the CFOs in the Northwest Region insist that they cannot function without PIRS, the CFO in Ontario does not have a PIRS terminal nor does that CFO see the need for one. Through an informal arrangement, the Ontario CFO has the Nova Scotia CFO check PIRS an average of six times a week. Even though Ontario has a high volume of licence applications the CFO can function well using this intermediary. In response to our Preliminary Report, in January 2001 Justice officials explained that Ontario has a limited need for PIRS because that province has a parallel system called OMPPAC (Ontario Municipal Provincial Police Automation Contact). However, our review confirmed that other provinces, like some in the Northwest Region, also have parallel police information retrieval systems but still insist on using PIRS as well. We are not convinced that PIRS terminals are needed in all of the jurisdictions.

Within the RCMP community the use of PIRS has been an extremely sensitive issue. Some RCMP officers support the FOs' use of PIRS while other RCMP officers are opposed. The RCMP ATIP and IT groups are adamant that tighter controls need to be in place to limit the use of PIRS by FOs, and that all PIRS data should be verified with the originating agency. Some RCMP officers have even indicated that PIRS terminals should be removed completely from CFO sites to ensure that the RCMP does not lose control over the use of this "police" data.

Recommendations:

  1. PIRS terminals in CFO and FO offices should only be available for those jurisdictions that do not have parallel police information retrieval systems.
  2. Access to the PIRS database should be tightened by restricting FOs to limited, specific and relevant information only. FOs should not be granted open and full access to PIRS.
  3. Since the RCMP and agencies contributing to PIRS already screen Operational Case Files to identify entries relevant to section 5 of the Firearms Act for flags in FIP, FOs should request PIRS checks only following a related FIP hit. As such, all searches on PIRS should be conducted using Screen 20 only and with the case number and originating agency (ORI) code as a search tool.
  4. FOs should be restricted from using Screen 22 (which allows searches by using only the name and date of birth). This screen is used for more general and wider searches by law enforcement agencies. FOs already have access to CPIC for this purpose.
  5. Since it is technically possible to restrict access to PIRS to certain screens, FOs should be restricted from having access to information about associated subjects (e.g. witnesses and victims) linked to CFRS clients. In those rare cases where information about associated subjects is required, Firearms Officers should request this information directly and in writing from the RCMP.
  6. All PIRS information used by a FO to make an administrative decision about an individual who has been positively identified as a CFRS client should be verified with the contributing agency-regardless of whether it is an approval, refusal or revocation process.
  7. Verification should be made to ensure that the PIRS database is used only by authorized personnel with an enhanced security clearance, followed by a refresher course on the appropriate use and limitations of the system.
  8. Retention and disposal policies should be instituted to extend retention periods of originating agency files as a result of any activity linked to FIP PIRS data.
  9. Similar to the well-developed CPIC audit functions, the RCMP should establish and implement an automated PIRS audit function to ensure that complete, up-to-date and accurate information is gathered on PIRS and to ensure the proper use and protection of PIRS data by FOs.
  10. The existing Memoranda of Understanding with each province and territory specific to the use of PIRS data should be amended accordingly, and related national policies and procedures should be drafted.
Top of Page Table of Contents Provincial and Municipal Police Information Retrieval Systems

Similar to the use of the RCMP's PIRS database, access by FOs to provincial and municipal police information retrieval systems (i.e., Ontario's OMPPAC, Regina's IRIS, etc.) is intended to ensure that all relevant material is available to assist FOs in making informed decisions about CFRS clients. However, caution should be exercised to ensure that only the information that is needed to administer the Firearms Act is exchanged between local police agencies and FOs.

It was also noted that the MOU between the Ontario Ministry of the Solicitor General (OPP/CFO) and the Ontario Police Services Board fails to cover the use of the police information retrieval system in Ontario called OMPPAC.

Recommendations:

  1. Similar to the recommendations made with respect to PIRS, the same access restrictions should be applied relating to all police information retrieval systems in Canada that are used to make decisions about individuals under the Firearms Act.
  2. Likewise, any Memoranda of Understanding relating to the provincial and municipal police information retrieval systems should be amended accordingly, and the specific databases used by FOs should be covered in the MOUs.
Top of Page Table of Contents Firearms Interest Police (FIP)

In order to meet the objective of section 5 of the Firearms Act, the FIP database was created in 1998 with five years of back data from police agencies for the purpose of flagging individuals who might not be eligible to hold a firearms licence. These are individuals who have been involved in incidents of domestic violence, threats of violence, harassment, etc.; individuals with warrants for arrest; and individuals who have been refused licences and authorizations or who have attempted to bring firearms into or out of Canada without proper authorization. Any act of violence or threat of violence related to criminal activity, mental illness, or a history of violent behaviour, for example, can be entered as a flag in FIP even though it may not have resulted in criminal charges (see 3rd page of Appendix E).

The problem with FIP is not the amount of information it holds about individuals-the amount is limited and factual (name, date of birth, incident code and number). However, the data captured during the initial inception of FIP varies because different police agencies had different incident reporting codes for similar police incidents. As a result, in some cases, the database contains entries on individuals who should never have been flagged as they do not meet the ineligibility criteria under section 5 of the Firearms Act. A FIP hit sometimes directs the FO to unsubstantiated and derogatory information, unproven charges or allegations, hearsay, records that are older than 5 years, incidents and charges that have been cleared or acquitted, duplicate entries as well as information about witnesses, victims of crime and various other associated subjects. People are unaware that they are being flagged in FIP as possible risks to public safety. Also, inaccurate information on FIP or information that has already been the subject of a previous investigation and cleared, is used over and over.

In January 2001 in response to our Preliminary Report, DOJ indicated that a new software application has since been implemented to reduce the problems associated with the extraction and upload of incorrect data to FIP. DOJ continues to work towards establishing and implementing common police agency extract standards and procedures. For example, as a result of one of our recommendations, the extract codes were recently modified in an effort to ensure that information on subjects who are simply "associated" with FIP files (e.g. witnesses and victims) will no longer be included in FIP. While the problems have been reduced, they are not eliminated due to the five years of back data that was first used for the upload.

Like any other record maintained on CPIC, the originating agency, or contributor, has the capability of manually adding or deleting a record from the FIP file. The audit requirements of the CPIC policy manual dictate that a record must exist in the police agency database to support the FIP entry on CPIC. Police agencies that create an entry in their local police index and subsequently remove the entry because the suspect was cleared, are also obliged to remove the FIP entry from CPIC. Should an error come to the attention of a FO during the course of an investigation, the FO is supposed to contact the originating agency. It is up to the agency to make a determination if the record is no longer relevant and to make the necessary corrections. The RCMP claims responsibility for only those records entered on FIP by RCMP detachments.

At this time, neither the RCMP nor DOJ has a framework or methodology in place to verify how many of the FIP records fall outside of the requirements of section 5 of the Firearms Act. In addition, outside of the formal channels under the Privacy Act, there is no way of knowing how many times a FIP file has been subject to a correction request (formal or informal). Each contributing agency would have to be canvassed to determine how many police occurrence reports have been subject to correction requests and whether any related FIP entries have actually been corrected. There is no way of knowing if all 900 plus contributing agencies are keeping such records.

Recommendations:

  1. Since DOJ's Canadian Firearms Centre is responsible for issues respecting data quality on FIP and in conformity with section 6(2) of the Privacy Act (accurate, complete and up-to-date information), there should be an auditing framework to verify the validity and accuracy of FIP records.
  2. The Canadian Firearms Centre FIP Project Team should continue to work towards establishing and implementing common police agency extract standards and procedures, and a copy of the report(s) of improvements should be provided to the Privacy Commissioner.
Top of Page Table of Contents Social Insurance Number (SIN)

Initially, the Canadian Firearms Centre applications for possession and acquisition of licences required applicants to list two types of identification. The application forms, which are issued by DOJ, provided the following examples to applicants: "passport, driver's licence, health card, birth certificate, social insurance card, citizenship certificate, landed-immigrant document or other similar document". The Canadian Firearms Program is not listed as an authorized user of the Social Insurance Number in the Treasury Board's 1989 Policy on Data Matching and Control of the Social Insurance Number, nor is the use of the SIN authorized under the Firearms Act or its Regulations.

We are pleased to report that, during the course of our review, the forms were redesigned and the reference to "social insurance card" has been removed.

Top of Page Table of Contents Collection from Credit Reporting Agencies

The FOs' Investigation Guide, prepared by the Ontario Transition Team, indicates that confirming information in the application can include searching or consulting Credit Bureau files. Though the licence applications ask if an individual has experienced a bankruptcy, we question why FOs need to search Credit Bureau files, how frequently these files are being searched and for what specific purpose.

Recommendations:

  1. Policies and procedures should be implemented regarding the collection of personal information from credit reporting agencies, and a copy should be provided to the Privacy Commissioner.
Top of Page Table of Contents Telephone Monitoring at the Central Processing Site (CPS)

Employees' telephone conversations are being monitored randomly at the CPS in Miramichi for quality checks and performance appraisal purposes. A report is usually written and then shared with the employees concerned; however, a recording of the actual conversation is not retained. Currently, only DOJ FOs are provided with a written notice that they must sign. The remaining 280 HRDC employees are simply told of the telephone monitoring when they are hired.

At this time there is no recorded message to callers informing them that their conversations may be monitored. Although this is something that management was addressing as a result of our review, there was no intention of giving an opt-out by switching callers to a "clean" line should privacy concerns be raised. Though the calls coming into the CPS 1-800 line are not being recorded and tapes are not collected, local police are apparently of the view that all calls need to be recorded and retained because CPS receives at least one threat each month.

In response to our Preliminary Report, in January 2001 DOJ agreed to undertake the following recommendations that will require follow-up by our Office:

Recommendations:

  1. All employees (DOJ and HRDC) should receive the same written notification that their conversations may be monitored for quality checks and performance appraisal purposes.
  2. The system should generate an automatic message to CFRS clients to inform them that their conversations may be monitored. Clients should have an opt-out and be transferred to a "clean" line should privacy concerns be raised.
  3. Specific procedures and policies should be in place to establish if and when recordings will ever be retained. For example, if a manager refers to a monitored call as supporting information in a performance appraisal or a disciplinary note, then there would be a requirement to record and keep that conversation. Also, the policies and procedures should mention any other situations that may warrant recordings, such as monitoring abusive callers that end up becoming law enforcement matters.
Top of Page Table of Contents Information Obtained from Former Spouses

Applicants are required to provide information relating to any former spouses or partners. These former spouses or partners are notified and asked whether they know of any reason why the applicant should not be granted a possession acquisition licence. Also, spouses sometimes provide information through the 1-800 line, which may trigger an investigation. Between December 1, 1998 and September 2, 2000, the new spousal notification line had received over 10,200 calls. While this may be an easy way for an applicant's spouse (or others) to share concerns about public safety, in cases where former spouses or partners harbour ill feelings toward the applicant, this could result in inaccurate or totally false information being collected. In all cases, the CFO evaluates the concerns expressed which may result in a refusal.

Also, while exemptions exist under most privacy legislation to protect the safety of individuals and the sources of information, the information could be made available to applicants.

Recommendation:

  1. There should be consistent national policies and procedures addressing both the collection of information from spouses as well as the disclosure of information about them.

Top of Page Table of Contents DISCLOSURE

Top of Page Table of Contents Disclosure to Employers

Business licence eligibility is contingent upon the employees' eligibility to possess firearms. This is the case, for example, in the armoured car industry where all the guards are required to have licences. As part of the duties of a CFO, a business owner would be advised that his/her licence eligibility is in jeopardy when one of the employees is no longer eligible to hold a licence under the Firearms Act. According to internal policy within the Federal Chief Firearms Officer Services in the Northwest Region (opt-out jurisdictions), the name of the employee would be released to the business owner, but not the circumstances surrounding the refusal/revocation. The business owner can interview the employee to determine why he or she is no longer eligible but that is between the employer and the employee. The practice adopted by the Northwest Region is a reasonable balance between the administration of the Firearms Act and the Privacy Act.

Recommendation:

  1. Policies and procedures should be instituted at a national level to ensure that best practices are in place in all 13 provinces and territories with respect to the disclosure to employers to ensure that their employees' privacy is respected in situations of refusal or revocation of firearms licences.
Top of Page Table of Contents Disclosure to Local Police Agencies

It was noted in the Memoranda of Understanding between the Federal Chief Firearms Officer Services in the Northwest Region and their local police agencies that "full disclosure to each other of all relevant information" is encouraged and that the "CFO agrees to provide information to the police on the result of any information into the eligibility of a person to possess a firearms licence". It appears that such releases are few and far between and done informally and verbally between FOs and local police. The necessity of disclosing the results of firearms licence applications to local police agencies who are not administering the Firearms Act is questionable, especially since police officers have access to the Canadian Firearms Registry On-line (CFRO) database for law enforcement purposes.

In response to our Preliminary Report, in January 2001 DOJ agreed that any routine disclosures across Canada about firearms licence application results to local police agencies should be discontinued unless it is for law enforcement purposes.

Recommendations:

  1. The Memoranda of Understanding between the Federal Chief Firearms Officer Services in the Northwest Region and their local police agencies should be amended to reflect that disclosures to local police officers who are not FOs should be for law enforcement purposes only, and a copy of the revised MOUs should be provided to the Privacy Commissioner of Canada.
  2. The Memoranda of Understanding in all other provinces should be reviewed and amended accordingly, and a copy of these MOUs should also be provided to the Privacy Commissioner of Canada.
Top of Page Table of Contents Disclosure to Chief Firearms Officers

DOJ officials at the CFC and CPS were automatically notifying, within 72 hours, provincial and territorial CFOs of any access request made under the Privacy Act, even when these other jurisdictions had no interest in the records being sought. CFOs said that they did not want to risk an improper disclosure by DOJ officials that could potentially interfere with an ongoing investigation.

However, if an application for a licence passed primary screening and there were no CPIC or FIP hits, there should not have been any reason to consult the province to see if there would be any objection to the release of the information to the applicant. Only in those cases where secondary and tertiary screening was required, or where the province is or was involved in some form of lawful investigation of relevance to the Firearms Act, would there be a need to consult with the respective CFO.

In response to our Preliminary Report, in January 2001 DOJ confirmed that this notification was discontinued during our review. CFOs are now only notified of a Privacy Act request on a need to know basis- that is if there had been or still was some form of lawful investigation pertaining to the applicant-the disclosure of which could prove injurious to their investigation or to the administration of the Firearms Act.

Top of Page Table of Contents Disclosure to Public through Appeal Process

In a Parliamentary Committee appearance in 1997, the former Privacy Commissioner suggested that an administrative appeal process be created to deal with any appeals against a refusal of application. We continue to believe that requiring all unsuccessful applicants to challenge refusals in a court of law could result in the public disclosure of personal information that may or may not be accurate or truthful.

Recommendation:

  1. An administrative process should be created to review decisions and all supporting information in private. The court process could be retained as a final level of appeal.

Top of Page Table of Contents PROTECTION & SECURITY

Section 8(2)(f) of the Privacy Act provides that personal information may be disclosed under an agreement or arrangement between the Government of Canada and the government of a province or territory for the purpose of administering or enforcing any law or carrying out a lawful investigation. Section 8(2)(f) accommodates practices whereby personal information is exchanged between federal police, security and investigative bodies and their counterparts, both domestically and internationally.

The Treasury Board (TB) "Policy on Privacy and Data Protection" requires that disclosure under section 8(2)(f) be made in accordance with a formal, written agreement or arrangement. Similarly, the TB "Government Security Policy" stipulates that departments must ensure, through written agreements, the appropriate safeguarding of sensitive information shared with other governments and organizations. At a minimum, such MOUs should contain:

  • a description of the personal information to be shared;
  • the purposes for which the information is being shared and is being used;
  • a statement of all the administrative, technical and physical safeguards required to protect the confidentiality of the information, especially in regard to its use and disclosure;
  • a statement specifying whether information received or disclosed by the federal government, or in the hands of provincial and municipal agencies, will be subject to the provisions of the Privacy Act (i.e. access and correction/notation); and
  • a statement that the sharing of the information shall cease if the recipient is discovered to be improperly disclosing the shared personal information.

With such a dispersed information-sharing program, there are obvious physical, personnel and information technology security requirements. Though DOJ has not yet issued information sharing agreements, the existing "service" agreements contain some security-related clauses.

For example, clause 13.0 of the 1998 MOU between the DOJ and Human Resources Development Canada stipulates that both parties share the responsibility of ensuring that "security measures implemented for the safeguarding/privacy of DOJ information will be in accordance with the applicable federal/provincial information access and privacy legislation." Schedule F of the agreement, to which clause 13.0 of refers, provides that HRDC employees:

  • shall not disclose personal information to anyone;
  • shall not use the personal information for any purposes other than those provided for under this contract;
  • shall not make any copy of the personal information except with the written consent of DOJ;
  • shall return all personal information and any copy thereof at any time, at the request of DOJ;
  • shall take whatever action is necessary to ensure that all additional individuals hired to complete the work under this contract are made aware of, and fully comply with, all provisions of this clause; and
  • HRDC will not collect any personal information, as defined in section 3 of the Privacy Act, on behalf of the DOJ.

This last bullet is rather odd given that the primary role of the HRDC staff at the Central Processing Site in Miramichi is to collect personal information from CFRS clients on behalf of DOJ. In response to our Preliminary Report, in January 2001 Canadian Firearms Centre officials explained that the intent of this clause is to ensure that HRDC does not collect personal information for its own purpose and that the clause should be phrased differently.

Clause 12.0 of the 2000 MOU between DOJ and the RCMP indicates that both DOJ and the RCMP are collectively responsible for ensuring that such "security measures implemented for the safeguarding/privacy of DOJ information will be in accordance with the applicable federal/provincial information and privacy legislation." Clause 12.0 further provides that the RCMP "will ensure implementation and compliance of the standards for the transport and transmittal of sensitive information in accordance with Government Security Policy. DOJ will be responsible for the destruction of sensitive information or will provide a certificate authorising the RCMP to destroy sensitive information." Sensitive information is not defined.

These agreements are not "information sharing agreements" as defined in the Treasury Board policies. Consequently, these agreements do not conform to the conditions for the sharing of personal information stipulated in those guidelines. The MOU establishes the broad framework or architecture within which powers will be exercised for the purpose of administering the Firearms Act. The collection, use and disclosure of personal information within this scheme are but one component in the overall administration of the Program, not the subject of the agreement itself. It is clear in many instances that specifics relating to protection of personal information between the parties would be worked out later, as the need arises.

Though the Review Team conducted only a preliminary review of the security measures instituted by the Canadian Firearms Centre and some of its partners, it would appear that adequate physical, personnel, and information technology security measures have been instituted to protect personal information against unauthorized disclosure. The security measures include:

  • the use of physical barriers, security zones, and containers to restrict access;
  • the use of secure telephone lines;
  • explicit staff responsibilities and security procedures for the processing, storage, transmission and disposal of sensitive information;
  • enhanced reliability checks of all employees;
  • specific procedures in dealing with clients. For example, retail outlets are able to find out if they can have clearance to sell a firearm to a specific customer, but they do not have access to information about why a particular clearance is not granted;
  • RCMP Threat and Risk Assessments have resulted in high level configurations and security domains (designated Protected B); advanced technology to protect the CFRS against tampering or unauthorized entry (i.e. encryption for business-to-business transfers);
  • the use of software, hardware and operating system access controls by both the RCMP (CPIC/FIP and PIRS) and the DOJ (CFRS); each type of user has a different level of access; only the federal, provincial and municipal jurisdictions have access to CFRS; no one in the private sector has access to CFRS; and
  • data on the number and types of firearms owned is separate from the owner's name and address, and is protected by a unique firearms identification number so that even if a security breach takes place, it would be difficult to link the two categories of data.

It was noted at the Central Processing Site in Miramichi that limited use was being made of unsecured fax machines. Also, transfers of non-restricted, restricted and prohibited firearms applications can now be submitted by fax to CFOs. This service is available for transfers involving a licensed business (i.e. business to business, business to individual, individual to business and consignment sales).

Recommendations:

  1. Justice has so far provided Privacy Act awareness sessions to CPS staff only. Though employees at CFO sites appear to be aware of their obligations with respect to the protection of personal information in their custody, such training should be instituted program wide and to all employees on a regular basis. This should go beyond the privacy training provided with respect to the use of RCMP databases such as CPIC and PIRS.
  2. A security audit framework should be developed for the CFRS, while audits of the CFRO and FIP should be covered by way of the CPIC audit cycles. These audits should be instituted as soon as possible.
  3. Policies and procedures should be implemented relating to the transmission of personal information by fax.
Top of Page Table of Contents Verifiers' Expanded Role

The role of the 3,500 volunteer verifiers has increased in the past year in order to assist in the processing of a high volume of applications. In addition to verifying firearms to record the accurate description on the registration forms, the role of the verifier now includes assisting individuals in completing licence application forms and turning them over to the Central Processing Site.

Recommendations:

  1. Policies and procedures should be implemented to ensure that the necessary security measures are in place with respect to the handling of personal information by volunteer verifiers.
  2. All volunteer verifiers should receive privacy training.

Top of Page Table of Contents RETENTION & DISPOSAL

The Firearms Act and the Firearms Records Regulations set out the rules regarding the retention and disposal of records in the custody of the Canadian Firearms Registry and Chief Firearms Officers (see Appendix E). To summarize:

  • registration certificates that are issued or revoked, which are kept in the Canadian Firearms Registry (RCMP), are retained indefinitely, while registration certificates that are refused are destroyed 10 years after the last administrative action;
  • all processing records pertaining to licences and authorizations that are kept in the Canadian Firearms Registry or by Chief Firearms Officers are destroyed 10 years after the last administrative action; and
  • all other records are kept until the death of an individual, including:
    • records related to the Canadian Firearms Safety Courses, equivalency tests or certification (as being skilled in the use of firearms);
    • records of prohibition orders (unless the orders have expired and the individual meets firearms safety course requirements);
    • information about prohibition or protection orders from the criminal justice system (conditions related to bails, probation orders or parole, etc.).

During the course of our review of the Program's personal information handling practices, discussions were initiated regarding records management responsibilities. However, it would appear that DOJ has not yet put in place any specific practices, policies or procedures to meet the retention and disposal requirements and, as such, a number of issues remain outstanding.

Recommendations:

  1. DOJ should implement as soon as possible, and report to the Office of the Privacy Commissioner, the specific policies, procedures and practices to meet the prescribed retention and disposal requirements of the Firearms Act and Regulations as well as the Privacy Act and Regulations.

[Back to Table of Contents][Previous Section][Next Section]