Role and Operations of the Office of the Privacy Commissioner of Canada
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Standing Senate Committee on National Finance
February 16, 2005
Opening statement by Jennifer Stoddart
Privacy Commissioner of Canada
(CHECK AGAINST DELIVERY)
Thank you for inviting us to appear before this Committee to discuss the role and operations of the Office of the Privacy Commissioner of Canada.
I would like to start by providing a brief overview of the role, mandate and priorities of our Office. I will then turn your attention to some key privacy issues of concern in both the public and private sector and then will close by discussing the budget allocated to our Office to carry out our mandate under Canada's two federal privacy laws.
Role and Mandate of the OPC
Our primary role as the Office of the Privacy Commissioner of Canada is to be an advocate for the privacy rights of individuals. Privacy is a fundamental and necessary right in a democracy and is often described as the right to control access to one's person and information about oneself.
Effective protection of one's personal information requires a strong legislative and regulatory framework, independent oversight and monitoring.
It is in this context that we carry out our mandate to oversee the protection of personal information through the application of the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's new private sector privacy law and the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies.
Our Office plays an important role as a guardian of individuals' rights as set out in federal privacy laws, as a public educator, and as an adviser to individuals, government, businesses, and Parliament.
As an ombudsman, we work independently to investigate complaints, to make recommendations based on findings and to conduct audits under the two federal privacy laws. We also seek to publish information about personal information-handling practices in the public and private sector.
As an oversight agency we have a responsibility to be an advisor to Parliament, government and businesses on emerging privacy issues and to act as a public educator to promote greater citizen awareness and understanding of the protection of personal information.
Priorities of the OPC
When I arrived at the Office of the Privacy Commissioner, I set a clear goal of rebuilding the trust of Parliament and Canadians in our Office. I identified some key objectives, most notably to lead the Office's institutional renewal in the areas of human resources, planning, budgeting and reporting to Parliament.
I also set some clear priorities for helping organizations with the implementation of the last phase of PIPEDA to help them understand their obligations, and citizens their rights, under this new law. I will gladly discuss our accomplishments under this rubric.
Monitoring government initiatives to ensure that they take into account citizens' privacy rights and tracking trends and potential privacy encroachments of new technologies rounded out our priorities. I have taken a number of measures to enhance our capacity to assess and mitigate against technology privacy risks.
While we have made great progress on many of these initiatives, further sustained efforts to modernize our management processes and administrative procedures, are required to enable the Office to fully operate as a well-managed and efficient Parliamentary agency.
Our Office's most immediate priority is to stabilize its resource base, to complete our institutional renewal strategy and to submit a business plan with a formal submission to the Treasury Board of Canada by next summer.
Key Privacy Issues
Having oversight for two federal privacy laws enables our Office to assess emerging privacy issues of concern both in the public and private sector.
Looking ahead, the Office views the legislative reform of the Privacy Act as a key priority in the area of public sector privacy protection. No significant amendments have been made to the Act since 1983 and our greatest concern is that the Act no longer equips the Government of Canada with adequate standards to protect the privacy rights of Canadians in today's advanced security and technology "e-government" environment. Yesterday's OAG report on Information Technology Systems clearly reveals the need to thoroughly assess the privacy risks inherent to e-government initiatives.
We have defined formal advisory roles with the National DNA Data Bank and the Health Infoway. We are also pursuing our collaborative work, with the Canadian Association of Chief of Police/RCMP on national guidelines for video surveillance.
We are also carrying out an audit of the cross-border flow of Canadians' personal information and the impact this may have on their rights to privacy and closely monitoring the review of the Anti-terrorism Act to ensure that Canadians' privacy rights are protected to the utmost of our ability. We are also benchmarking our practices with other data protection authorities (France, UK, NZ, Australia, and with other Canadian jurisdictions).
We have met with the Minister of Justice and have discussed the long awaited reform of the Privacy Act and are currently pursuing discussions with his officials.
In the private sector, the experience of the first few years of application of PIPEDA appears to have been positive. The Act is becoming better known among an increasing number of companies and individuals.
Some compliance challenges still remain. The complaints we receive indicate to us that there are still areas where business practices could be improved and that technology still holds many challenges. We also need to examine the cross-jurisdictional realities of globalization of personal data. On this front, we are actively engaged in discussions with the OECD, the APEC as well as with National Data protection authorities.
Issues of consent, electronic health records and the increasing use of surveillance technologies continue to occupy our attention and the concerns of citizens.
Funding for OPC Operations
I would now like to summarize how the Office is funded to carry out its mandate.
At present, we, like all federal government departments and agencies, negotiate our budget with the Treasury Board Secretariat which then makes a recommendation to the Treasury Board ministers.
From 1983 to 2001, the Office was funded to fulfill its responsibilities under the Privacy Act; the budget for 2001-2002 was $4.4 million. With the enactment of the Personal Information Protection and Electronic Documents Act, the Office received an additional amount of $6.6 million per annum for three years. The three year limit on the approved funding recognized the fact that it was not possible to reliably forecast the workloads and resource requirements necessary after the full promulgation of PIPEDA.
While the original intent was that this Office would have submitted to Treasury Board by October 2004 a solid business case for securing stable long term funding, organizational issues which have been well documented in the recent past have not allowed us to meet that target. From an operational perspective, there was also a high degree of uncertainty surrounding the forecasting of future workloads and related resource requirements resulting from full implementation of PIPEDA. In the absence of long term funding — and a cogent business plan that would clearly articulate where investments were needed — the Treasury Board has continued to fund PIPEDA on a year to year basis from 2004 to 2006.
Both the Treasury Board Secretariat and our Office have agreed that now is the time to stabilize the funding of our institution and to submit a business plan which will address the appropriate level of financial and resource allocation required to carry out our mandate to protect the personal information rights of Canadians in accordance with two federal laws.
In closing, I would like to reiterate that the Office is on a solid path to remedying the issues of its past and is regaining ground in being a seminal force in protecting and promoting privacy.
I would like to thank this Committee for the opportunity to appear. Thank you very much for your time today.
I would be pleased to take your questions.
- Date modified: