Large number of files mistakenly held in RCMP exempt data banks "disturbing," says Privacy Commissioner
Commissioner tables first special report to Parliament; raises serious concerns about data banks containing documents Canadians can’t access
OTTAWA, February 13, 2008 — An audit has found that many of the national security and criminal operational intelligence files sheltered from public access in the RCMP’s exempt data banks did not belong there, says the Privacy Commissioner of Canada in a special report to Parliament.
"These data banks have been crowded with tens of thousands of records that should not have been there," says Commissioner Jennifer Stoddart.
"Government transparency and accountability are fundamental concepts in democratic countries like Canada. Being named in a national security exempt bank file could have a harmful impact, particularly in a post 9-11 environment. For example, it could potentially affect someone trying to obtain an employment security clearance, or impede an individual’s ability to cross the border."
Exempt data banks serve to withhold the most sensitive national security and criminal intelligence information. Government departments and agencies which control these records will consistently refuse to confirm or deny the existence of information in response to an individual’s request for access.
Canadians should be able to see their personal information – except under limited circumstances, such as where the disclosure could threaten national security, international affairs or lawful investigations.
"The large number of documents held in these exempt banks when their inclusion was unwarranted is disturbing – particularly given the RCMP was advised of compliance problems 20 years ago and made a commitment to properly manage such banks " says Commissioner Stoddart.
"More than half of the files examined as part of our audit should not have been there."
The Privacy Commissioner announced during her appearance before the Maher Arar inquiry – where the sharing of personal information by police became a central issue – that her Office would audit exempt data banks held by federal government departments and agencies.
The audit findings are detailed in a special report tabled today in Parliament. This is the first time the Privacy Commissioner has used her powers under the Privacy Act to issue a special report.
RCMP’s Exempt Banks
The RCMP has two exempt banks: Criminal Operational Intelligence Records and National Security Investigations Records.
Of the files the Office of the Privacy Commissioner (OPC) tested, more than half of the national security files and over 60 per cent of criminal operational intelligence files did not warrant exempt bank status. Exempt banks are designed to hold only the most sensitive of such information. These files did not meet the threshold for inclusion in an exempt bank as set out in the Privacy Act and/or the RCMP’s own policy.
These findings are of particular concern given that, with few exceptions, the audit was conducted on files already examined by the RCMP as part of a recent internal review.
To illustrate, one seven-year-old file in the national security exempt bank detailed a resident’s tip that a man had gone into a rooming house and drugs might be involved. Police investigated, but found the man had simply dropped his daughter off at a nearby school and stepped out of his car to smoke.
RCMP Internal Review
While the OPC audit was proceeding, the RCMP conducted its own internal review, which has so far resulted in the removal of more than 45,000 records from the criminal operational intelligence exempt data bank. This review found varying rates of compliance:
- Almost 99 per cent of criminal intelligence exempt data bank holdings – more than 2,700 documents – at RCMP headquarters should not have been there.
- At B Division in Newfoundland and Labrador, roughly two-thirds of documents – close to 37,000 records – were incorrectly kept in the criminal intelligence exempt bank.
An internal review of the national security exempt data bank holdings at 13 divisions resulted in the removal of more than 1,400 files – more than 40 per cent of the files examined.
Notwithstanding the large number of records removed from the exempt data bank holdings as a result of the internal review, the OPC audit concluded both banks remain overpopulated.
"The problems are largely due to a general lack of awareness within the force of exempt bank policy and the absence of ongoing monitoring," says Commissioner Stoddart.
Past History of the RCMP Exempt Bank
In the late 1980s, the RCMP’s criminal operational intelligence exempt bank order was rescinded for non-compliance following another OPC review.
"That exempt bank order was reinstated with an understanding that the RCMP would adhere to guidelines for managing exempt bank holdings. Unfortunately, the RCMP has not met this commitment," the Commissioner says.
"While there is a clear need for exempt data banks to ensure highly sensitive information related to security and intelligence work is protected, privacy concerns must also be considered. Greater care must be taken to ensure that personal information is concealed in an exempt data bank only when absolutely necessary."
The Privacy Commissioner is satisfied that the RCMP is taking the audit observations and recommendations seriously and will take action to ensure its exempt banks comply with the Privacy Act and RCMP policy.
The OPC will examine how the RCMP has followed through on its plans to improve how the exempt banks are managed within the next two years.
The special report and a backgrounder are available at www.priv.gc.ca.
The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.
— 30 —
For more information, contact:
Colin McKay, Office of the Privacy Commissioner of Canada
Telephone: 613 995-0103