Main Estimates 2008-2009

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Appearance before the Standing Committee on Access to Information, Privacy and Ethics

April 17, 2008
Ottawa, Ontario

Opening Statement by Jennifer Stoddart
Privacy Commissioner of Canada

(CHECK AGAINST DELIVERY)


Introduction

Thank you for the opportunity to speak on the Office of the Privacy Commissioner’s budget for 2008-09 and the activities we will be undertaking over the next year.

These last few years have been important ones for our office, as we strive for a more proactive approach to fulfilling our mandate of protecting and promoting the privacy rights of Canadians. The increased resources we received in 2005 have allowed us to:

  • Reduce our backlog of investigations;
  • Reduce the turnaround time to complete privacy impact assessment requests;
  • Increase the number of Commissioner-initiated investigations, such as our investigation into the TJX data breach, the U.S.-based operator of Winners and HomeSense stores;
  • Increase the number of audits that we have been able to undertake; and
  • Become actively involved in court litigation to protect and promote privacy rights in Canada.

Realizing a new vision

While conceptually we understood this new vision for the organization, we did not fully appreciate the challenge implementing it would entail.

We have come to recognize that we need to double our efforts to become more efficient in our investigations. This is partly due to contextual challenges, as well as our ongoing obligation under both Acts to investigate every complaint we receive.

Through our work, it has become apparent that more targeted and specialized communications and outreach activities are needed to foster privacy awareness among Canadians. We have begun the development of a social marketing campaign on children’s privacy online, and we have embarked on a regional engagement program to better understand the privacy concerns and awareness levels of citizens across the country.

We have recognized the need to address key issues in order to have real, positive, measurable impact in niche areas, identifying four priority privacy issues on which to focus efforts over the next three years:

1) information technology,
2) privacy and national security,
3) identity integrity and protection, and
4) genetic privacy.

These priorities will allow us to leverage resources across the organization, plan concerted and collaborative action with key stakeholders, build the necessary expertise and capacity, and adopt a deliberate, multi-faceted approach using a number of enforcement tools and research and education efforts to more effectively address these emerging privacy issues.

Finally, the implementation of the Federal Accountability Act has resulted in new responsibilities for our office. To handle these responsibilities, we have created an office to manage access to information and privacy requests, we are hiring additional investigators to handle new organizations now subject to the Privacy Act, and we are establishing an Internal Audit program.

Our priorities

In recognition of this new vision and our organizational challenges, we have identified five strategic priorities for the next year. These are:

  • Continuing to improve service delivery through focus and innovation;
  • Strategically advancing global privacy protection for Canadians;
  • Supporting Canadians to make informed privacy decisions;
  • Building a sustainable organizational capacity; and
  • Providing leadership to advance the four priority privacy issues I’ve mentioned.

Throughout the next year, we will continue the work we began last year in reshaping our organization to make it more modern, responsive and proactive.

A new Assistant Privacy Commissioner

Last year, I was pleased to welcome Elizabeth Denham, our new Assistant Privacy Commissioner. Elizabeth Denham succeeds former Assistant Commissioner Heather Black, who retired last year. She brings welcome experience in privacy management from the Alberta Office of the Information and Privacy Commissioner.

As the Assistant Commissioner with primary responsibility for PIPEDA, Ms. Denham is tasked with raising privacy awareness and ensuring legislative compliance among businesses.  She has led the organization’s regional engagement efforts, meeting with stakeholders and forging important relationships in the Yukon, Saskatchewan and Nova Scotia.

Building sustainable organizational capacity

We are currently updating our organizational human resource plan, in keeping with our objective of building a sustainable organizational capacity. Our plan has two main components: a staffing strategy that allows us to build our workforce, and a retention strategy to engage, develop and retain our staff.

Our human resource plan is ambitious – as you’ll note in the graph you’ve received, we need to substantially grow our organization to adequately address our organizational workload and manage the increasing demand for our services.

Addressing the investigations challenge

Nowhere is the demand for our services more prevalent than in our investigations branch.

Last year we reported to this committee on our efforts to chip away at our backlog of complaints. While the backlog for PIPEDA complaints has been substantially reduced, our backlog for complaints under both the Privacy Act and PIPEDA remains because we continue to face challenges attracting and retaining investigative personnel. Each year for the past two years, this branch has experienced a 40% turnover in staff.

Along with the staffing and retention strategies I’ve already mentioned, we are re-engineering our entire business process.

We are seeing more complaints involving technological and trans-border issues. There is an ever-increasing need for cooperation with our provincial and international counterparts. Our goal is to create a branch with the skills, knowledge, and processes to respond to these complaints efficiently and well.

We anticipate the re-engineering of our processes to be completed in 2009.

PIPEDA review

Our private sector privacy legislation, PIPEDA, is currently under review. My office has previously made submissions to this committee and Industry Canada concerning proposed amendments to the Act.

I would like to reiterate our support for a requirement that organizations notify their customers or clients in the event of a risk of significant harm. I also support a requirement that our Office be notified of breaches which are material in nature.

Global privacy issues

Last fall, Canada hosted the 29th Annual Conference of Data Protection and Privacy Commissioners under the theme of Terra Incognita, bringing together over 700 data commissioners and privacy experts from around the world to share ideas and knowledge.

Overall, the conference was deemed an overwhelming success by delegates, who left Montreal with a renewed sense of common cause and action.

One prevalent theme that emerged from our conference is that citizens around the world are increasingly concerned about when and how their personal information is shared across international boundaries.

To address this growing concern, we have made global privacy protection, with a strong dose of Canadian content, one of our five strategic priorities.

One country or jurisdiction alone cannot confront the phenomenon of outsourcing and the range of privacy issues that flow from it. At the international level, we have started this work to find solutions to the privacy issues implicit in trans-border data flows.

Conclusion

The environment in which our office operates continues to evolve, demanding from us that we evolve along with it so we may fulfill our mandate of protecting and promoting the privacy rights of individuals.

This next year promises to be a dynamic one for our organization. From our internal re-calibration of our business processes to our new outreach initiatives, the keyword for us is change.

While our current resources have allowed us to take on several major initiatives in support of our new vision, there are still gaps we need to fill and challenges we need to address – many of which I have mentioned today. In the coming weeks, I look forward to engaging you once more to outline how we plan to meet these outstanding challenges.

Our goal is to become a data protection authority that is modern, proactive, efficient, and sufficiently flexible to adapt to the realities around us, so that we may provide Canadians with the necessary assurance that their personal information is being respected and protected here, and elsewhere in the world.

I thank the committee once again for this opportunity to speak to you today, and will now take your questions.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: