Balancing Privacy, Confidentiality and Accountability
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
The Institute for Public Administration of Canada Annual Meeting
August 26, 1997
St. John's, Newfoundland
(Check against delivery)
First things first. Thank you for the opportunity to return home, be it ever so briefly. For those of you who have come from away, should I slip back into my old speech pattern, and pace of delivery, and you lose the thread, wave furiously. I'll do what I have to do in the office and wait for everyone else to catch up.
My first task is to explain how the federal model for balancing privacy and accountability work. At the federal level, freedom of information and privacy are two separate statutes, each with their own commissioners. I work for the Privacy Commissioner and so my remarks will focus on personal information, access to it by the individuals concerned, and when its disclosure can be justified. One quick aside before we begin: this is not "privacy versus accountability". Protecting individual privacy is all about ensuring accountability, government accountability for its actions concerning the individuals it serves. Something to keep in mind.
Western democracies have paid a good deal of lip service to the "right to know" principle. But until as recently as about 20 years ago, only a handful of governments acknowledged in statute that the people who pay the bills have a right to look over the shoulders of the people who spend the money. Freedom of information and privacy legislation are just two of the tools with which the electorate holds the state accountable.
This has forced a sea-change in public administration which many of you may have experienced. Certainly the years of the silent, almost invisible and very secretive mandarinate are over. Some mourn the passing of that era and the complications the new one brings. Others argue there has also been a steady erosion in the quality of public management, but that is the subject for another panel and another day.
I have two quick observations before I give you the substance. First, despite its initial sex appeal (and greater visibility on the front pages of the newspapers), freedom of information applications take a back seat to personal information requests in many jurisdictions. Obviously this varies from one department or ministry to another but overall it comes down to this: most people are interested in what concerns them personally. For example:
- Why was my application for the pension supplement turned down?
- Why didn't I get the job?
- What right does the government have asking me how I bring up my daughter?
These are the questions that, to paraphrase Walter Cronkite, "illuminate most people's lives". And these are the questions that privacy legislation answers. In the 13 years of the federal legislation, requests for personal information have out-numbered freedom of information requests by more than five to one.
The second observation; privacy issues will pop up in the most unexpected places. We cannot assume that by putting in place a mechanism to handle information requests we have prepared ourselves to cope with protecting personal information. If you doubt me, you may remember a news story about Alberta government employees' personal information being discovered on a hard disk. The disk had been removed from a government computer, repaired and then sold in a local computer store. No one had thought to make sure it had been purged of data. Similar incidents have happened to federal departments.
So my opening caution to you is when it comes to privacy issues, expect to be surprised.
I want to describe briefly for you how one piece of privacy legislation works, the federal Privacy Act. Although not all comprehensive act are the same, they are based on the same principles.
Then we can turn to recognizing the privacy issues when they come--as come they will in any public administration. And finally we'll discuss how to deal with those issues. And when I say "discuss", that is precisely what I mean. I don't propose to stand here and lecture you. I am going to describe some actual cases, drawn both from our files and those of provincial commissioners. Then, with your help, we'll analyze the issues. We may even come to some agreement on how to deal with the case.
But first, a little history. The federal Privacy Act was put in place more than 14 years ago, largely to deal with the impact of new information technology. In fact, its precursor was a 1972 study by the departments of Justice and Communications entitled "Privacy and Computers". Even 25 years ago, it was evident to the authors of the report that here was an immensely powerful and useful technology whose incidental impact could be to open the book on our lives.
Keep in mind that this was before the advent of local area networks, data warehouses, electronic notebooks and widespread use of modems. And, of course, it was also long before the Internet.
One conclusion of that report was that rules were needed to make government accountable for its handling of clients' and employees' personal information. The first attempt was some limited personal information rights in Part IV of the Canadian Human Rights Act.
However, the push for freedom of information legislation, and growing concern about the far-reaching impact of technology, made the early 80s ripe for a proper privacy act, one which included a fair information code. Since both acts deal with information rights, the Privacy Act and the Access to Information Act were drafted and passed in one bill in 1982.
The two acts share a common goal, making government more transparent and accountable by providing information to the people it serves. This means giving the public access to general government information. It also means providing individuals access to their own personal information held by government institutions. The added and vital feature of the Privacy Act is its rules which govern the entire life cycle of information management.
In summary, the Act limits government collection, use and disclosure of personal records. It sets out individuals' rights to see and correct their personal information. And it puts in place an independent ombudsman to investigate complaints and to monitor government compliance with the act.
The flip side of this coin, the Access to Information Act, deals with access to general government records, everything from public opinion polls to policy documents to committee minutes, but, with few exceptions, not to personal information. In fact, a recent Supreme Court decision makes it clear that once information is judged to be "personal", that is, about an "identifiable individual", it must be dealt with under the Privacy Act.
Arguably the most essential purpose of the Privacy Act in an age of electronic data processing is that fair information code. The code is intended to prevent government from assembling detailed profiles of its citizens by limiting its collection of personal information to only that mandated by law. It requires government to tell us why it needs the information, how it will use the data and it prevents other uses without our consent. And it obliges government to ensure that the information is as accurate and up-to-date as possible.
Probably the most reassuring of the code's protections is its limitation on disclosure of our personal information without our consent. Of course, there are exceptions to this rule. Privacy is not an absolute right; sometimes it must give way to other pressing needs. For example, personal information may be disclosed to comply with other acts of Parliament, to comply with a warrant or subpoena, to an MP who is helping a constituent with a problem, or to law enforcement agencies conducting legal investigations.
One important exception frequently, and perhaps conveniently, forgotten by government departments is the ability to disclose personal information when the head of the institution believes that the public interest in disclosure "clearly outweighs" any invasion of privacy. Keep this in mind the next time you hear someone claiming that the Privacy Act prevents them from releasing information about, for example, the escape of a dangerous offender. The heads of federal institutions have all the discretion they need to make the decision. Sometimes the Privacy Act is simply a convenient scapegoat.
Frankly, "Privacy Act" is a misnomer. Actually, it is data protection legislation. The Privacy Act does not deal with the growing surveillance and monitoring in our society, cameras in apartment buildings and on street corners, hackers on the Internet. Nor does it attempt to grapple with the broader notions of a right to a private life, or as American Justice Brandeis described it, "the right to be let alone". And the federal law applies only to the federal government. It does not cover Parliament, the courts, some Crown corporations or the federally-regulated private sector.
Several provinces have comparable legislation; for example, Ontario, British Columbia and Quebec. Other provincial laws grant access to personal files but have no fair information codes, they don't limit collection, use and disclosure. And PEI has no privacy law. Quebeckers have the best package; their privacy is protected in the Civil Code, their Charter of Rights and even the private sector is covered by their provincial privacy law.
The comprehensive laws, like the federal, Ontario and B.C. laws, are based on the same set of principles that appear in virtually all privacy laws world-wide. I would like to explain these in a bit more detail using the federal act as an illustration.
Keep in mind that the federal act defines "personal information" as information about an "identifiable individual, recorded in any form".
Now to the principles:
- The act limits collection of personal details to those required by a legally mandated program. Government agencies cannot gather interesting personal tidbits and amass detailed profiles of their staff and clientele. They must focus their collection on the information needed to operate the program.
- Government must collect the information directly from the individual, whenever possible, unless the individual consents to an indirect collection or the disclosure is allowed by the act. There is an exception, collection need not be direct if that would lead to gathering inaccurate information or defeat the purpose or prejudice the use of the information. Obviously, the RCMP doesn't call up the local drug dealer to begin establishing its investigation file.
- The government institution must explain why the information is being collected and how it will be used. Then it may use it only for that purpose, or one which is "consistent".
- Any information an agency gathers for an administrative purpose must be kept long enough to ensure that the individual has a reasonable opportunity to examine it. The National Archivist advises departments on appropriate retention schedules but, generally speaking, personal records are kept for a minimum of two year.
- The organization must take all reasonable steps to make sure that the information is as accurate, up-to date and complete as possible.
- Government must prevent disclosure of personal records to anyone who has no right or need to know. This imposes obligations such as limiting the managers and staff who can have access to personal records, as well as securing paper files, electronic information systems and physical premises.
Finally, the act requires the government to manage the disposal of this information, that is, how it is to be destroyed. You would be staggered by the number of times old personal records end up in garbage bags in alleyways, in old filing cabinets, in garbage dumps, or the modern equivalent, on old hard and floppy disks at your local computer store.
In addition to making government live by this fair information code, the act also gives us the right to examine those personal records kept by government agencies. There are, of course, a number of specific exceptions. Among these are information in the files of specified investigative bodies, information subject to solicitor-client privilege, information obtained in confidence from other levels of government and foreign states, and information about other people.
And to keep the whole process accountable, the act gives us the right to complain to an independent ombudsman, the Privacy Commissioner. The Commissioner is appointed by Parliament, not the government, for a fixed term of seven years. He reports directly to Parliament through the Speakers. He may report at any time he considers the matter sufficiently urgent. And he may investigate on his own initiative; he does not need to wait for a complaint. He has substantial powers to enter premises, interview individuals and compel the production of documents. In fact, he has all the powers of a superior court of record.
Having said all that, the Commissioner is an ombudsman. He cannot order a resolution. His role, like that of all ombudsmen, is to resolve the disputes. The carrots are his reasonableness, his non-threatening powers and a generally cooperative approach. His sticks are his credibility, his independence, his knowledge and, should all else fail, public criticism and the resulting embarrassment. And the Commissioner holds the ultimate stick in cases when he thinks someone has been improperly denied access to personal information and he cannot pry the information loose, he can ask the federal court to review the government's decision.
Thank you, all.
Report a problem or mistake on this page
- Date modified: