Appearance before the House of Commons Standing Committee on Access to Information, Privacy and Ethics on the Main Estimates 2010-2011

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

April 27, 2010
Ottawa, Ontario

Statement by Jennifer Stoddart
Privacy Commissioner of Canada

(Check against delivery)


Introduction

Thank you for the opportunity to speak to your Committee about the 2010-2011 budget of the Office of the Privacy Commissioner of Canada, and our plans, priorities and activities for the new year.

I am joined by Assistant Commissioners Elizabeth Denham, who is responsible for the Personal Information Protection and Electronic Documents Act, and Chantal Bernier, who oversees our activities in relation to the Privacy Act. Also with us is Tom Pulcine, our director general of corporate services.

First, permit me to say that I greatly appreciate the positive and productive relationship my Office has enjoyed with this Committee, and the unwavering support you have shown for our goals, our initiatives and our evolution. I will address all three in short order.

Human Resources

As you know, Mr. Chair, the Office of the Privacy Commissioner of Canada has undergone a great deal of change over the past seven years.

Thanks to stable and appropriate funding from Parliament, we have been able to attract and retain the full complement of managers and employees needed to carry out our agenda.

For example, we hired and trained more than a dozen investigators to help us tackle a serious backlog of complaint files.

We also bolstered our in-house expertise in the all-important area of technology, with targeted hiring of some very knowledgeable people.

And we have reached out to younger people, so as to inject a level of energy and vibrancy into our organization.

Accomplishments since last Main Estimates

Permit me to mention some of our major activities over the past year.

Last week, as you may recall, we joined data-protection authorities from around the world in expressing deep concerns about Google Inc. and other global technology leaders for introducing new applications without due regard for the privacy norms and laws prevailing in other countries.

Last July, we published our findings in an investigation into the privacy policies and practices of Facebook, highlighting concerns about the company’s transparency with respect to its use of personal information.

On the public-sector side, we worked with the Integrated Security Unit of the Vancouver Olympic and Paralympic Games to ensure that privacy rights were respected – before, during and after the Winter Games.

We also scrutinized the many new security measures affecting international travellers, particularly the full-body scanners now being rolled out at Canadian airports. 

And we, along with our provincial colleagues, alerted Parliamentarians to the privacy concerns in legislation aimed at giving Canadian law enforcement, national security agencies and others broader powers to acquire digital evidence to support their investigations.

Backlog

We are pleased about the recent resolution of a longstanding backlog of complaints investigation files older than a year. The backlog problem had grown to unacceptable proportions in the past several years.

With targeted funds that we received from Parliament in 2006, we were able to hire new investigators, appoint key people to streamline the intake function, and re-engineer entire systems and processes.

The backlog has now been eliminated. Moreover, we have put in place new measures – such as an emphasis on early resolution of complaints – to ensure we do not fall behind again.

With the complaints backlog out of the way, we can now focus on more systemic issues, and better service to Canadians.

Four policy priorities

We can also reflect on the bigger picture: the current and emerging challenges to privacy, in this country and globally, and how our Office can continue to make a difference in the lives of Canadians.

In that context, we continue to advance our work in the four policy issues that we anticipate will most dramatically affect privacy in the years ahead: National security, information technologies, genetic technologies, and the integrity of people’s identity.

We have been deepening our understanding of these important issues through comprehensive research, increased public education and participation in policy discussions with a wide range of experts and other stakeholders.

Over the past year we have also been examining our other core activities to ensure we are serving Canadians in the most effective manner.

For instance, we are retooling our processes for auditing compliance with our two acts. We are also transforming the way we review Privacy Impact Assessments so that our activities are guided more explicitly by analyses of risk and alignment with our identified priorities.

ECPA

With an eye to better service delivery, we were also encouraged by Parliament’s progress on ECPA, the Electronic Commerce Protection Act. While Industry Canada has the lead on this initiative, my Office, the Competition Bureau and the CRTC would share an oversight role.

I know that Assistant Commissioner Elizabeth Denham appeared recently to discuss the supplementary estimates attached to this initiative and we appreciate your support of those estimates. 

Thanks to amendments to PIPEDA embedded in the legislation, ECPA would give me the authority to be more selective in the investigations we pursue, thus enabling us to focus on more complex or systemic issues.

Another laudable aspect of ECPA was that it would deepen our capacity to share information with other data protection authorities, in Canada and abroad. Collaborative enforcement has become essential in this globalized world, where data flows unimpeded across borders.  The need for collaborative enforcement was made clear with last week’s joint initiative related to Google.

For these and other reasons, we sincerely hope this bill will be reinstated and passed during this Parliamentary session.

Legislative reforms and alternatives

We also look to your support for other measures that would allow us to better deliver on our mandate.

For instance, while we accept that amendments to the Privacy Act are not moving forward at this time, we are implementing a range of administrative alternatives.

For example, we are helping to improve privacy training among public servants, encouraging data breach notification as the norm across government, and ensuring that all Privacy Impact Assessments, or PIAs, embed an assessment of necessity, a bedrock principle of privacy protection.

To underline our impact in the latter area, I want to note that the number of PIAs submitted to us rose from 64 in 2008-2009 to 102 in the past fiscal year. We have also been reaching out to departments and agencies, individually and through a very successful workshop, to make sure they understand what we expect a good PIA to include. 

Under PIPEDA, meanwhile, we look forward to further amendments that would make breach notification mandatory, as a means of better protecting the personal information of Canadians.

Consumer consultations

PIPEDA also enters another review period next year. To inform this process and further our understanding of key emerging issues with important impacts on privacy, we are about to launch groundbreaking consumer consultations on the online monitoring, tracking and profiling of consumers by business, and cloud computing technologies.

All of you were sent invitations to these consultations, which will be webcast across Canada. The first is Thursday in Toronto, with Montreal following in May and Calgary in June.

Communications and outreach

Indeed, we have been working hard to expand our Office’s presence across Canada.

A quick scan of our website will reveal a plethora of fact sheets, guidelines, videos, youth competitions, blogs and other products. You can follow us on Twitter.

In an approach supported by Parliament, we are also expanding our presence in the regions. We have bolstered our presence in Atlantic Canada and increased our activities in Quebec and the West.

We are also establishing a satellite office in Toronto. Like Parliamentarians and many of our stakeholders, we feel this is a sensible initiative, since so many of the companies we regulate under PIPEDA are headquartered there. We will be making use of existing resources for this work.

Conclusion

Mr. Chair, I have touched on but a handful of our activities over the past year, and our plans for the year ahead. But I hope I have been able to show how we are pursuing our corporate priorities, which are about  

  • improving service to Canadians
  • helping individuals, organizations and institutions make informed privacy decisions
  • advancing global privacy protection for Canadians
  • furthering our priority privacy issues
  • and strengthening our internal capacity so that the Office can continue to carry out its mission for many years to come.

I also understand Members are interested in the issue of video surveillance. We would be happy to elaborate, and have brought some materials, such as our guidance on video surveillance for public and private sector organizations.

And, of course, we welcome any other questions you may have. Thank you, Mr. Chair.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: