Appearance before the Standing Committee on Access to Information, Privacy and Ethics on the 2017-18 Main Estimates

May 4, 2017
Ottawa, Ontario

Opening Statement by Daniel Therrien
Privacy Commissioner of Canada

(Check against delivery)


Introduction

Mr. Chair, members of the committee:

Thank you for the opportunity to appear before you to discuss the 2017-18 Main Estimates. With me today is Daniel Nadeau, Chief Financial Officer and Director General of Corporate Services, and Patricia Kosseim, Senior General Counsel.

In the time allocated, I will discuss:

  • The sustained demands on our Office and the management of our financial resources;
  • Our policy agenda this coming year.

Sustained demands and management of financial resources

In recent years, the Office of the Privacy Commissioner of Canada has maintained its efforts to find efficiencies and make optimal use of existing resources of slightly more than $24M to be as effective as possible in addressing the privacy risks of an increasingly technological world.

This fiscal year will be no exception. Amidst competing demands, we will not lose sight of our mandate: Ensuring that the privacy rights of Canadians are respected and that their personal information is protected.

In 2017-2018, we will continue to fulfill our core mandate, which includes conducting investigations, examining breach reports, undertaking audits, reviewing Privacy Impact Assessments (PIAs), providing guidance to individuals and organizations and offering advice to Parliamentarians.

On the investigative side, we have become more efficient in part through increased use of early resolution to find appropriate solutions. In 2015-16, 38% of complaints were resolved in this manner under the Privacy Act and 50% under the Personal Information Protection and Electronic Documents Act (PIPEDA). As a result, our response time on average was seven months both for public sector and private sector complaints.

However, the number of complex files is growing, which is creating a backlog of complaints that are not resolved after 12 months. In the coming year, I intend to devote temporary resources to address this situation.

In 2015-16, we received 88 new PIAs and completed 73 PIA reviews in addition to opening 13 new consultation files. As you know, we would like to receive more PIAs and draft information sharing agreements, as we believe reviewing programs upstream is a good way to mitigate privacy risks.

In addition, we are taking steps to prepare for the coming into force of the breach provisions of Bill S-4, the Digital Privacy Act, which amended PIPEDA to mandate private sector organizations to report certain breaches to my office.

Public education and outreach are important activities to ensure Canadians are empowered to exercise their privacy rights and organizations are enabled to comply with their obligations. Last year, we revamped our website both in its structure and content to make it more user friendly. This year, we will continue to update its content to provide helpful advice to Canadians.

We will continue to offer guidance to specific industry sectors deemed to be in need of greater privacy awareness, as well as vulnerable groups such as youth and seniors. We will also provide new guidance for individuals, and we will continue to advance our privacy priorities on issues such as online reputation, the body as personal information, the economics of personal information and government surveillance.

Despite these efforts, we would need to do much more to ensure privacy rights are truly respected, a key condition for consumer trust and growth in the digital economy. Our goal would be to complete all investigations within a reasonable time, to engage in some proactive enforcement, to give proactive advice to government and to issue research-based guidance on most current and upcoming privacy issues.

In my annual report to be tabled in September, which will include our conclusions on improvements to the consent model and recommendations to amend PIPEDA, I will be able to bring more specificity to our compliance and proactive strategies, which in turn will inform a discussion on what might be an appropriate level of investments in OPC activities for the next few years.

Our policy agenda this coming year

I will turn now to some of the key issues we are seized with.

Consent

Last May, my Office released a discussion paper on issues related to privacy and consent. We then, through an extensive consultation process, sought input from industry, privacy experts and Canadians. As mentioned, our final report will be released in September and we will then work to implement the chosen solutions.

Online reputation

My Office has also launched a consultation and call for essays on the issue of online reputation as part of our efforts to address one of our strategic privacy priorities — reputation and privacy. We will share our policy position on online reputation before the end of the calendar year.

Legislative reform

My Office has long stressed the need to modernize Canada’s legal and regulatory frameworks.

While the introduction of Bill S-4 was a positive development, Canada’s federal private sector privacy law is now more than 15 years old and technology and business models have changed.

Our work on both consent and reputation will help inform the recommendations we will make to Parliament regarding reforming of the law.

On the public sector side, I would like to express my gratitude to members of this Committee for supporting my Office’s recommendations for modernizing the Privacy Act. My Office now looks forward to participating in the government’s review of the Act to ensure it meets the needs and expectations of Canadians. This work should proceed without delay.

Government surveillance

Issues related to government surveillance will also form an important part of our policy agenda in the coming year.

We note your recent report on the Security of Canada Information Sharing Act (SCISA) and again thank you for agreeing with many of our recommendations. We also note the Standing Committee on Public Safety and National Security (SECU)’s report on national security, which is largely consistent with yours on SCISA.

We await the measures the government will put forward to modify Bill C-51 to ensure Canada’s national security framework protects Canadians and their privacy.

We also have a number of investigations related to national security and government surveillance, and we are seeing heightened concerns from Canadians about privacy protections at the border and in the United States.

Further to the adoption by President Trump of Executive Order 13768 of January 25, 2017, I have written to Ministers to ask for confirmation that administrative agreements previously reached between Canada and the United States will continue to offer privacy protection to Canadians in the United States. Upon receipt of the government’s response, which I expect shortly, I will inform Canadians of my conclusions.

Conclusion

In closing, to face the sustained volume but increased complexity of our work, we will continue to make the most efficient use of our resources, as we have done in the past.

Thank you Mr. Chair and members of the Committee. I now look forward to your questions.

Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.

Note

Date modified: