Privacy Commissioner supports call for internal audit of Correctional Service Canada
OTTAWA, November 26, 2013 — The Correctional Investigator of Canada, Howard Sapers, has recommended in his annual report issued today that Correctional Service Canada conduct an internal audit of its practices and procedures to protect personal information. In light of this recommendation, Privacy Commissioner of Canada Jennifer Stoddart issued the following statement:
We are very pleased that the Correctional Investigator has called for an internal audit. Year after year, our own Office has identified serious privacy concerns with respect to Correctional Service Canada (CSC).
This agency consistently accounts for the largest number of complaints received by our Office. In 2012-2013, for example, we received 284 complaints related to CSC. Since our first Annual Report in 1983-1984, we have investigated well over 11,000 complaints against the organization.
The persistently high number of complaints can, in part, be explained by the nature of CSC’s mandate. Some 15,000 offenders are incarcerated in Canada’s federal penitentiaries.
That being said, we have seen too many cases of preventable and unacceptable privacy violations.
For example, in our last annual report, we noted that a CSC Security Intelligence Officer dropped a USB key containing the unencrypted personal information of more than 150 offenders in a schoolyard.
In an earlier case, we dealt with a complaint that details of inmates’ medical appointments were openly posted in a penitentiary. In another instance, records that showed which inmates were HIV positive were left unattended on a cart accessible by other inmates.
The most disturbing incidents are those where an inmate’s physical well-being or life are put at risk. For example, because of an administrative error, records which showed the names of confidential prison informants and others were released to another inmate who was incarcerated at the same institution and with ties to a criminal organization.
We are encouraged by recent improvements by the CSC and hope the organization will accept the recommendation of the Correctional Investigator as a way to identify further areas requiring improvement.
About the Office of the Privacy Commissioner of Canada
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman and guardian of privacy in Canada. The Commissioner enforces two federal laws for the protection of personal information: the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to organizations engaged in commercial activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan and the Territories. Quebec, Alberta and British Columbia each has its own law covering the private sector. Even in these provinces, PIPEDA continues to apply to the federally regulated private sector and to personal information in interprovincial and international transactions.
- 30 -
For more information, please contact:
Office of the Privacy Commissioner of Canada
NOTE: Journalists are asked to please send requests for interviews or further information via email.