2007-2008 Main Estimates
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Appearance before the Standing Committee on Access to Information, Privacy and Ethics
May 3, 2007
Opening Statement by Jennifer Stoddart
Privacy Commissioner of Canada
(CHECK AGAINST DELIVERY)
Thank you very much for inviting me to speak on the Office of the Privacy Commissioner’s 2007-2008 budget and the activities we are undertaking over this year.
You may recall that last time I appeared on Main Estimates I explained the new OPC vision and implementation plan for the next two years. Our top priority continues to be tackling our complaints backlog, but we are also putting an increased emphasis on education and prevention. We are now beginning the second year of a two-year implementation schedule for our Office’s comprehensive business plan.
The adequate level of funding reflected in this Main Estimates is critical to allow us to implement the business plan and to fulfill our mandate of protecting and promoting the privacy rights of Canadians on behalf of Parliamentarians. We take this job very seriously.
We believe the right to privacy is fundamental to other rights that are at the core of life in a democratic nation, including the right to autonomy, dignity and integrity of the person.
The environment in which our Office operates is evolving swiftly, largely because of technological change.
It is clear that a number of emerging issues are increasing putting privacy at risk. We’ve seen an exponential growth in the amount of personal data streaming around the globe. Technologies such as global positioning systems, biometrics, radio frequency identification devices (RFIDs) are also raising new privacy questions. In the aftermath of 9-11, government and law enforcement agencies are collecting and sharing more and more personal information in the name of national security.
The OPC has identified five strategic priorities over the coming year. In brief, these are:
- Improving and expanding our service delivery;
- Engaging with Parliament on privacy issues;
- Continuing to promote Privacy Act reform and a review of the Personal Information Protection and Electronic Documents Act (PIPEDA);
- Hosting the 29th International Conference of Data Protection and Privacy Commissioners; and
- Building organizational capacity.
Our overall goal is to become an even more proactive organization – one that focuses on identifying concerns and finding solutions for privacy-related issues before they become problems with personal and/or financial consequences.
A key part of improving our service delivery involves reducing complaint backlogs and improving response times of complaint investigations and privacy impact assessment reviews without compromising their quality.
We have been chipping away at our complaints backlog. As of the end of March, the backlog included 104 PIPEDA complaints and 372 Privacy Act complaints – down from 264 PIPEDA and 644 Privacy Act complaints a year earlier. Meeting our goal of eliminating the backlog by the end of this year is directly related to our ability to find investigators to fill current vacancies.
We are improving our service delivery by hiring new staff, increasing automation and using technology in processing files, and by streamlining our processes.
We will also continue to increase the number of audits we conduct into privacy systems and practices in both the public and private sectors. In this way, we can help prevent personal information breaches. We will see our audit activity increase from three or four projects a year to a total of eight planned audits to be initiated this year.
We are working on a number of new guidance materials to help organizations comply with legislative requirements and improve privacy management practices. These include an interactive e-learning tool providing retailers with information on how to protect customers’ personal information. As well, we recently prepared a “PIPEDA 101” DVD and are now drafting breach notification guidelines for the private sector.
Engaging with Parliament
The OPC is committed to providing sound legal and policy analyses and expertise to support Parliamentarians, at their request, in their review of the privacy implications of bills and legislation.
Promoting Privacy Law Modernization
A string of Privacy Commissioners, along with many other privacy advocates have long been calling for fundamental reforms to the Privacy Act. That law – created when people used typewriters rather than personal computers and when the Internet was merely a novel idea – is in desperate need of an overhaul. We will continue to promote such reforms at every opportunity.
The privacy standards that the private sector must meet are higher than those the federal government must meet. This is an unacceptable situation. The government should be holding itself out as an example.
Welcoming the Privacy World in Montreal
This September, Canada is hosting the 29th International Conference of Data Protection and Privacy Commissioners. This major conference – the premiere international privacy event of any year – will bring together approximately 500 of the world’s top privacy experts from business, public administration, science, the IT industry as well as governmental and non-governmental organizations. We expect to welcome some 60 data protection commissioners from five continents.
Under the theme “Terra Incognita,” this conference will be a great opportunity to demonstrate Canada’s leadership in the field of privacy. As a recent poll demonstrated, a majority of Canadians agree that the protection of personal information will be “one of the most important issues facing our country in the next two years.” Our conference in Montreal will take an in-depth look at cutting –edge issues related to privacy and the protection of personal information.
Building Organizational Capacity
We are in the midst of recruiting and hiring new staff to help us fulfill our renewed mandate. We are also working to train and integrate new and existing staff.
As you know, our Office went through a difficult period which took a toll on our human resources capacity.
Recruiting qualified investigators and auditors remains a challenge. We are competing with many other organizations for people with this kind of expertise. As part of our human resources staffing policies, we are recruiting outside of government. We are also looking both at retention issues and training people with less experience.
Our Office, like other government departments and agencies, uses contracting to bring in needed expertise to carry out our mandate. This approach is common throughout the federal government, particularly within small specialized organizations. It makes more sense and costs less money, for example, to contract the services of a number of outside experts on various IT and HR issues rather than to have on staff experts on all of those issues.
Recent legislative initiatives are expanding the responsibilities of our Office. Bill C-2, the Federal Accountability Act, will make our Office subject to both the Access to Information Act and the Privacy Act for the first time.
We see this as a welcome step towards greater accountability. It is impossible to estimate the number of requests we will receive under ATI and the Privacy Act. We are currently finalizing internal processes, however, we have already begun processing informal requests for information.
Another new responsibility for our Office will involve increased oversight of FINTRAC. Bill C-25, the Money Laundering Act, requires my Office to conduct a review every two years of measures taken by FINTRAC to protect information it receives or collects under the Act and to submit a report to Parliament.
We are currently assessing the full impact of all of these new responsibilities on our resources.
The coming year is going to be a very busy and exciting one for our Office. Hosting the international data protection conference is an important event for us, and for all Canadians. Canada is seen as an international leader on privacy issues and this is another way for us to share our expertise and experience. Our commercial implications in global trading patterns mean we have a vested interest in helping to develop compatible data protection standards across the world.
We will also be working energetically to continue implementing our business case by the end of the year.
The privacy landscape is still changing, and we need to change along with it. This is the key to meeting our raison d’être and primary objective: Protecting the privacy rights of Canadians.
- Date modified: