Section I - Privacy Commissioner's Message
I was appointed Interim Privacy Commissioner in July 2003. In the brief
period I have been in the position, my appreciation of the importance of privacy
as a fundamental right, at the heart of our basic freedoms, has grown
considerably. To protect privacy is to protect the values of a free society. It
is difficult to imagine an activity more deserving of support from public
resources. Accordingly, although I cannot take credit for performance in the
period preceding my appointment, I am pleased nonetheless to be able to report
to Parliament and to Canadians on how those public resources were used in the
promotion and protection of privacy.
Privacy in the federal public sector is protected by the Privacy Act.
This statute ensures that government institutions collect, use, and disclose
personal information only for purposes directly related to their operating
programs or activities. It gives individuals a right of access to information
about them held by government institutions. It also gives individuals, through
the Office of the Privacy Commissioner, a means to ensure that government
institutions comply with the Act, and to seek redress if they do not.
The Personal Information Protection and Electronic Documents Act,
enacted in 2000, extends privacy protection to the private sector. The PIPED
Act, as it is known, strikes a balance between individual privacy rights
and the needs of organizations to collect, use, and disclose personal
information. The Office of the Privacy Commissioner of Canada (OPC) oversees the
administration of the law and ensures that it is respected, and that redress is
available if an individual's rights are violated.
The PIPED Act began coming into force on January 1, 2001. At present
it applies to all personal information collected, used, or disclosed in the
course of commercial activities and employment by federal works, undertakings,
and businesses, and to personal information sold, leased, or bartered across
provincial or national boundaries. As of January 1, 2004, it will apply to all
commercial activities in Canada, except where provinces have enacted
substantially similar legislation.
Shortly after the end of the reporting period, the Standing Committee on
Government Operations and Estimates of the House of Commons began an intensive
examination of the operations of the OPC. This uncovered a number of serious
problems, and indicated the need for audits by both the Office of the Auditor
General of Canada (OAG) and the Public Service Commission of Canada (PSC).
By the time this Performance Report has gone to print, the audit reports of
the OAG and the PSC will have been tabled and they will have revealed serious
deficiencies in the former Commissioner's (Mr. Radwanski's) Office.
The OPC fully acknowledges the importance of the findings, conclusions and
recommendations in these audit reports, which clearly reveal a major breakdown
of external governance and internal control processes. The state of the
financial and human resources management practices must be reformed. These audit
reports will discuss how the rules and Public Service values were not properly
followed and how, in many ways, Canadians did not receive full value for money.
Serious allegations of misuse and abuse of public funds will also require
further probing by regulatory and law enforcement agencies.
As Interim Privacy Commissioner, I intend to act decisively on these issues,
with advice and assistance from the Treasury Board of Canada, the OAG and the
PSC, to correct the situation. To prevent a leadership and management deficit of
such magnitude from occurring again in the future, the OPC is developing the
appropriate institutional safeguards.
I wholeheartedly support the independent scrutiny, which I believe will help
us to rebuild the OPC, restore our relationship with Parliament, and regain the
full confidence of Canadians. I would ask Parliamentarians and Canadians,
however, not to let it overshadow the good work done in the past year by staff
of the OPC and reported here.
Section II - Context
Current environment
Challenges at the OPC
The Office of the Privacy Commissioner of Canada has undergone a difficult
period. The Standing Committee on Government Operations and Estimates of the
House of Commons investigation uncovered a number of problems that brought the
whole office into the media spotlight. The OPC has also undergone an audit by
the Auditor General of Canada and another by the Public Service Commission. At
the same time, there is much important privacy work to be done. The challenge is
to ensure that problems are corrected, while the overall credibility of the
organization and of its dedicated staff is not compromised.
The post-9/11 environment
Privacy is under assault as never before. Citing the heightened security
requirements since the September 11th tragedies, the Government has introduced a
variety of privacy-invasive initiatives. Never before has it been more important
to find the appropriate balance between privacy and security.
Canadians expect the Commissioner and the OPC to take a leadership role in
this critical debate - to bring privacy issues to the table, to raise awareness
of the issues, to negotiate effectively with the Government, and to encourage
organizations to rethink their approach to many of these initiatives.
The full implementation of the PIPED Act
The scope of the Personal Information Protection and Electronic Documents
(PIPED) Act, which is being implemented in stages, will
expand greatly in 2004. The PIPED Act currently applies to federal
works, undertakings, and businesses, such as airlines, banking, broadcasting,
interprovincial transportation and telecommunications, as well as to all
organizations that disclose personal information outside a province or the
country for consideration. On January 1, 2004, the Act will extend to
every organization that collects, uses or discloses personal information in the
course of a commercial activity except in provinces which have enacted
legislation that is deemed to be substantially similar to the federal law.
It is likely that many provinces will not have a substantially similar
provincial law by January 2004. A patchwork of coverage at the provincial level
is more likely. For both citizens and businesses, this may create confusion
about jurisdiction. In addition to its responsibilities in the federal public
sector and the federally-regulated private sector, the OPC will likely be taking
on the bulk of the responsibility for overseeing privacy rights in the much of
the private sector. Note that, to date, only Quebec has privacy legislation
deemed to be substantially similar to the federal law, although British Columbia
and Alberta have introduced legislation.
Increased awareness of privacy issues
Privacy is becoming a defining issue of this decade. A number of factors -
the September 11th terrorist attacks, new advances in privacy-invasive
technologies, open debate in public and in the media regarding the privacy
implications of new Government initiatives, among others - appear to have
contributed to an overall increase in awareness of and interest in privacy
issues in Canada. We expect this to continue increasing at a steady pace.
Privacy Impact Assessments (PIAs)
The introduction of electronic services by the federal Government through
programs such as the Government On-Line (GOL) initiative has also added to the
obligations and responsibilities of the OPC, and to the importance of
appropriate personal information-handling practices in this regard.
Respect for citizens' privacy is critical to the success of these new
services. The Government of Canada has initiated a new Privacy Impact Assessment
(PIA) Policy. This policy is intended to protect the privacy of Canadians in all
transactions with the Government by ensuring that privacy considerations are
built into government projects at the outset. Canada is the first country in the
world to make PIAs mandatory for all federal departments and agencies.
The OPC worked with Treasury Board Secretariat to develop the policy. We are
also responsible for reviewing all PIAs and offering comments to departments and
agencies, to help them build in privacy protections at the outset.
The Interim Privacy Commissioner has recently recommended to government that
it consider giving PIAs the force of law.
Raison d'être
To ensure that Canadians' rights, under Canada's privacy laws, are
respected.
The Privacy Commissioner of Canada is an Officer of Parliament who reports
directly to the Senate and House of Commons. The Commissioner is an advocate for
the privacy rights of Canadians whose powers include:
- investigating complaints and conducting audits under two federal laws;
- publishing information about personal information-handling practices in
the public and private sectors;
- conducting research into privacy issues; and
- promoting awareness and understanding of privacy issues by the Canadian
public.
The Commissioner works at arm's length from government to investigate
complaints from individuals, and to conduct compliance audits with respect to
the federal public sector and the private sector.
Canadians may complain to the Commissioner about any matter specified in
Section 29 of the Privacy Act. This Act applies to personal
information held by the Government of Canada.
For matters relating to personal information in the private sector, the
Commissioner may investigate complaints under Section 11 of the Personal
Information Protection and Electronics Documents (PIPED) Act. This
Act currently applies to federally regulated businesses across Canada
and to all businesses in the three territories. It also applies to personal
information that is sold across provincial and national boundaries for
consideration. On January 1, 2004, the PIPED Act will apply to all
personal information collected, used or disclosed in the course of commercial
activities by all private sector organizations, except in provinces that have,
by then, enacted privacy legislation that is deemed to be substantially similar
to the federal law.
As an ombudsman, the Commissioner prefers to resolve complaints through
negotiation and persuasion, using mediation and conciliation if appropriate.
However, the Commissioner has the power to summon witnesses, administer oaths
and compel the production of evidence if voluntary co-operation is not
forthcoming.
Organization
Following is the organizational structure of the OPC as it was in the
2002-2003 period. This structure is currently under review, as a consequence of
the audits by the OAG and the PSC.
The Privacy Commissioner is an Officer of Parliament appointed by the
Governor-in-Council following approval of his nomination by resolution of the
Senate and the House of Commons. The OPC is designated by Order-in-Council as a
department for purposes of the Financial Administration Act. As such,
it is established under the authority of schedule 1.1 of the Financial
Administration Act and reports to Parliament for financial administration
purposes through the Minister of Justice. The Privacy Commissioner is
accountable and reports directly to Parliament through the Speakers of the
Senate and the House of Commons on all results achieved.
Investigations Branch
The Investigations Branch is responsible for investigating, on behalf of the
Commissioner, complaints received from individuals under Section 29 of the Privacy
Act and Section 11 of the PIPED Act. Essentially, the OPC's
investigations serve to establish whether individuals have had their privacy
rights violated and/or have been accorded their right of access to their
personal information.
Where privacy rights have been violated, the investigative process seeks to
provide redress for individuals and keep violations from recurring. Through the
Privacy Commissioner, the Branch has the authority to administer oaths, receive
evidence and enter the premises of federal government institutions where
appropriate. The Commissioner can also examine or obtain copies of records found
in federal government institutions.
Privacy Practices and Reviews Branch
The Privacy Practices and Reviews Branch assesses how well organizations are
complying with the requirements set out in the two federal Acts.
The Branch conducts compliance reviews under Section 37 of the Privacy
Act and audits under Section 18 of the PIPED Act. As
well, the Branch is responsible for reviewing Privacy Impact Assessments (PIAs).
PIAs are conducted by federal government departments on all government projects
or initiatives that involve the collection, use and disclosure of personal
information, to determine the impacts of a proposal on an individual's privacy
and ways to mitigate or avoid any adverse effects.
The Privacy Act permits the Commissioner to randomly initiate a
compliance review of federal institutions. Paragraph 18 (1) of the PIPED Act
allows the Commissioner to audit the compliance of private organizations if the
Commissioner has "reasonable grounds to believe" that the
organizations are contravening a provision of the Act.
Through the Privacy Commissioner, the Branch has the authority to administer
oaths, receive evidence and, at any reasonable time, enter premises where
appropriate. It also provides assistance to public and private sector
organizations on fair information- handling practices with respect to any
initiative with privacy implications.
Communications and Policy Branch
One aspect of the Commissioner's mandate is to educate individuals and
organizations about privacy issues, thus increasing their awareness and
understanding. The Commissioner is specifically mandated under the PIPED Act
to conduct public education activities. To focus on this responsibility, the
Communications and Policy Branch was established in September 2000 to raise
awareness of privacy issues, to inform Canadian citizens and businesses of the
new private sector legislation, and to expand the OPC's research capability.
The Strategic Research and Analysis Division of the Branch is a centre of
expertise on emerging privacy issues in Canada and abroad, responsible for
researching trends, providing analysis on key issues, and helping to develop
policies and initiatives that advance the protection of the privacy rights of
Canadians.
The Branch's Inquiries Unit responds to inquiries from members of the general
public who contact the Commissioner and the OPC for advice and assistance on a
wide range of privacy-related matters.
Legal Services
Legal Services, headed by the General Counsel, provides specialized legal and
strategic advice and litigation support to the Privacy Commissioner with respect
to the Privacy Act and the PIPED Act.
Corporate Services
In previous years, the Offices of the Information and Privacy Commissioners
shared corporate services while operating independently under their separate
statutory authorities. These shared services were centralized in the Corporate
Management Branch.
Effective in the 2002-2003 period, the OPC established its own Corporate
Services - finance, human resources, information technology and general
administration - to meet the increased workload and demands of the OPC.
It is important to note that many activities related to Corporate Services
within the OPC, such as finance and human resources, were the subject of audits
by the Office of the Auditor General and the Public Service Commission. Many
problems relating to the management of the OPC have been uncovered and are in
the process of being corrected.
Section III - Performance Information by Strategic
Outcome
STRATEGIC OUTCOME 1 - Encouraging compliance
with fair information practices by both public and private sector organizations
through complaint investigations
Through the efforts of its Investigations Branch, the OPC seeks to promote
fair information management practices by both public and private sector
organizations in Canada in accordance with two federal privacy laws - the Privacy
Act, which was enacted in 1983 and the Personal Information Protection
and Electronic Documents (PIPED) Act, which took effect on January 1, 2001.
The Branch investigates complaints under both laws from individuals alleging
that their personal information has been mismanaged, or that they have been
denied access or correction rights accorded them under these Acts.
The Branch also responds to inquiries from the general public and from
government institutions, private sector organizations, and the media who contact
the OPC on a wide variety of privacy-related issues. It also conducts reviews of
public interest disclosures of personal information under the Privacy Act,
as well as incidents of mismanagement of personal information under both Acts.
This program activity is very much a reactive one rather than proactive,
driven mostly by external factors. A number of issues - for example, the
re-assessment of border security, new anti-terrorism measures as a result of the
September 11th tragedies, the progressive implementation of the Government
On-Line initiative - have translated into heightened awareness of issues and,
therefore, more contact with the OPC in the form of complaints or simply
inquiries about privacy rights.
The breadth and scope of the workload involved in complaint investigations,
or the results achieved, cannot easily be anticipated or measured. At times, one
complaint can precipitate a significant change in an established and
far-reaching policy or practice, but only after many months of difficult and
resource-consuming investigation and negotiation with the respondent. On the
other hand, the investigation of dozens of individual complaints about a
particular issue, while equally resource-consuming in terms of workload, may or
may not uncover any significant evidence of wrongdoing in terms of violations of
privacy law.
The Investigations Branch works with officials of respondent government
institutions and private sector organizations, as well as with the complainants
and other witnesses who have information that is required in order to conduct a
thorough investigation/review. The strength of these working relationships
ultimately contributes to the effectiveness of the OPC's investigations.
Resources used
The resources used in 2002-2003 for Strategic Outcome #1: Encouraging
compliance with fair information practices by both public and private sector
organizations through complaint investigations are approximately $5.4
million and funded activities in the Office of the Privacy Commissioner of
Canada's Investigations Branch. This total also includes some related expenses
shared by the Branches. There was a total of 35 staff in the Investigations
Branch for the period - a Director General, a Deputy Director General, five
Senior Privacy Officers, twenty privacy officers, three Intake Officers, two
Writers/Analysts, one Administrative Officer and two support staff.
Outcomes achieved
The OPC's investigations serve to ensure that complainants' fundamental
privacy rights are respected.
Our interaction with officials in the respondent departments and
organizations serves to educate them on the principles of individual privacy
rights and on their own obligations and responsibilities to adhere to the
requirements of federal privacy laws. The implementation of recommendations or
corrective measures taken as a result of the OPC's interventions during
negotiations to resolve complaints can prove beneficial to all Canadians, not
just the complainant, reaching those who may be either directly or indirectly
affected by the information management practices of government institutions and
private sector businesses.
For example, several investigations of PIPED Act complaints against
various institutions in the banking industry identified weaknesses and
inconsistencies in policies and procedures relating to consent. As a result, the
banks agreed to re-vamp their guidelines for obtaining informed customer consent
in a manner consistent with the Act. These positive results can have a ripple
affect to the benefit of all Canadians who interact with this industry.
As outlined in the OPC's 2002-2003 Report on Plans and Priorities, the OPC
focuses on pre-empting problems through consultation and assistance with
government institutions, rather than resorting to formal mechanisms of
compliance. The OPC is also focused on promoting compliance with fair
information principles outlined in both federal privacy laws.
This past year, the OPC received 1,642 complaints under the Privacy Act.
In keeping with established patterns, over 85% of the complaints received in
2002-2003 were lodged against a group of 10 departments and agencies. Several of
these respondents routinely appear on the OPC's "top ten list," year
after year. (For more information on the OPC's "top ten list," see the
OPC's Annual Reports to Parliament.) The trend since the Privacy Act
came into effect in 1983 has shown an annual average increase of 10% in the
number of complaints received. This past year, however, saw a 35% increase over
the previous year.
The OPC also received 332 complaints under the PIPED Act for the
same period, a 144% increase over the 136 complaints received during the
previous fiscal year. One significant factor in comparing the statistics under
both Acts is the number of complaints received about the tardiness of
private sector organizations in responding to access requests for personal
information. Over the years, 30-35% of Privacy Act complaints concerned
time limits, whereas there have been very few under the PIPED Act, with
the result that the number of complaints received is far lower than anticipated.
Individuals have so far shown much more concern about the management (or lack
thereof) of their personal information by private sector organizations than in
obtaining access to the information these organizations have about them.
Nevertheless, given that the PIPED Act has been in force for
slightly more than two full years, it is not yet possible to establish any
trends. The significant rise in complaints, particularly regarding the
collection, use and disclosure of personal information, is undoubtedly as a
result of the public's increased awareness of the Act since it came
into force on January 1, 2001. We anticipate that the complaint intake for
2004-2005 will also rise considerably with the full implementation of the Act.
During this reporting period, the OPC concluded 3,483 complaint
investigations under the Privacy Act and 176 complaint investigations
under the PIPED Act.
It is important to note that the figure for Privacy Act complaints
is unusually high because it includes 2,323 complaints related to the Canada
Customs and Revenue Agency's (CCRA) disclosure of personal information on
Customs' E-311 declaration cards to Human Resources Development Canada (HRDC).
Following its review, the Supreme Court of Canada ruled that the disclosure was
permissible under section 8(2)(b) of the Privacy Act and as a result,
the complainants were subsequently informed that their complaints were not
well-founded.
Over the years, the OPC has struggled to provide faster service to Canadians
without compromising the thoroughness of its investigations. However, the
concern about the turnaround time of its investigations remains unresolved, with
the exception of time limit complaints. Despite attempts to ameliorate its
system, the number of complaints received by the OPC continues to exceed the
number of investigations completed. A shortage of investigators with heavier
caseloads than they can manage has contributed to the OPC's inability to meet
expectations and, in recent years, resources were reallocated to other areas in
the OPC. The OPC expects to request additional funds from Treasury Board in
order to help address this problem. The service standards will also be assessed
in the next couple of months with a view to determining the extent to which they
should be modified. These anticipated improvements will ultimately help to
ensure that Canadians receive faster service from the OPC with regard to the
completion of complaint investigations.
The PIPED Act requires the Commissioner to report his findings on a
complaint within one year of its receipt, and it specifically allows for the
resolution of complaints by means of dispute resolution mechanisms such as
mediation and conciliation. Although there has been a great deal of success with
dispute resolution mechanisms in Privacy Act investigations, even
though that Act is silent on the issue, the investigators have not so
far used this mechanism in the context of PIPED Act investigations. The
OPC expects to strengthen its capacity to actively promote mediation in the
future, with a return to a more ombudsman approach to resolving complaints.
Since private sector organizations need to gear up in order to comply with
the PIPED Act, which comes fully into effect on January 1, 2004, the OPC has
provided case summaries of findings under the Act, to provide guidance and
information to businesses on the application of the Act.
Incident Investigations
The OPC also conducted 32 incident investigations of mismanagement of
personal information under the Privacy Act and five under the PIPED
Act during 2002-2003, brought to our attention from various sources. Most
times there is no identifiable complainant but nevertheless the incident
warrants further review by the OPC to determine how and why it occurred. These
investigations, not unlike complaint investigations, serve to ensure appropriate
corrective measures are taken to prevent a reoccurrence and ultimately enhance
privacy protection for the benefit of Canadians.
Reviews of Public Interest Disclosures
Section 8(2)(m) of the Privacy Act allows the head of a Government
institution to disclose personal information without an individual's knowledge
or consent if there is a clear overriding public interest in doing so - either
because it outweighs the individual's right to privacy or because it would
clearly benefit the individual. Under section 8(5) of the Act, the
Privacy Commissioner is to be notified in advance of any proposed disclosures.
The OPC received 70 notifications during the reporting year. For example, in
several instances the RCMP relied on this provision to issue a media notice to a
particular community that a violent offender at high risk to re-offend has been
released so that the local residents could take appropriate precautions.
The OPC's role is to review the information at issue and assess whether, from
a privacy perspective, there are any concerns about the disclosure and to
determine whether the individual should be advised of the disclosure. These
reviews serve to ensure that government institutions exercise their discretion
with sensitivity and awareness of the invasion of privacy that results from such
disclosures, given that they cannot otherwise be justified under any of the
permissible disclosure provisions of the Act.
In sum, in 2002-2003 the OPC has fulfilled its mission to conduct
investigations under both the Privacy Act and PIPED Act,
encouraging compliance with fair information practices by both public and
private sector organizations, for the ultimate benefit of Canadians.
STRATEGIC OUTCOME 2 - Safeguarding the right to
privacy of Canadians through audits and reviews
Context and background
To safeguard Canadians' right to privacy, the OPC has been conducting
compliance reviews under section 37 of the Privacy Act since 1984.
Since January 1, 2001, the OPC has had the mandate to conduct audits of the
personal information management practices in the Canadian private sector under
section 18 of the Personal Information Protection and Electronic Documents
(PIPED) Act. Since May 1, 2002, the OPC has reviewed Privacy Impact
Assessments (PIAs) and Preliminary Privacy Impact Assessments (PPIAs) under the
Treasury Board's PIA policy. In order to further safeguard the right to privacy
of Canadians, the OPC's Privacy Practices and Reviews Branch provides federal
government organizations and private sector organizations with advice on
compliance issues, and the privacy implications of new and existing programs and
practices. The OPC consults with and advises government institutions and private
sector organizations regarding initiatives, which may have an impact on the
privacy rights of Canadians.
Resources
The resources expended for Strategic Outcome #2 were approximately $3.3
million and funded activities within the Privacy Practices and Reviews Branch.
This total also includes some related expenses shared by the Branches. The staff
complement in the PP&R section declined from 11 to 9 during the year
2002-2003 because of departures. As of March 31, 2003 the staff complement
included: a Director General for the Branch, a Director PIA, five Review
Officers, one Project Officer and one Administrative Assistant.
Outcomes achieved
In conducting its compliance reviews under the Privacy Act, the OPC
ensures that Canadians' personal information is safeguarded - that it is
collected, disposed of, used and disclosed by government institutions according
to the "fair information principles", as outlined in sections 4 to 8
of the Act. Audits under the PIPED Act ensure that private sector
organizations comply with the10 privacy principles contained in Schedule 1 of
the Act in protecting their clients' and employees' personal information. The
OPC's review of PIAs and PPIAs ensures that the best practices for the privacy
protection of Canadians' personal information are built in from the ground floor
for major government projects. The aim of the OPC's other consultative and
advisory work is to ensure that organizations integrate fair information
practices into their new initiatives involving the personal information of
Canadians.
As an ombudsman, the OPC's non-confrontational approach to privacy audits
consistently produces better outcomes for the protection of Canadian's personal
information than would a more confrontational method. Based on cooperation,
respect and transparency, this approach is successful in resolving issues before
they become complaints and correcting underlying problems before they impact on
the privacy of Canadians. The OPC's independent oversight role generates public
trust and credibility for organizations that are working to improve their
personal information-handling practices. Such public trust is the cornerstone to
the success or failure of many multi-million dollar government initiatives.
Another contribution that OPC makes is to strengthen organizations'
understanding of privacy issues. Increased privacy awareness within
organizations works to the advantage of the organization and Canadians, by
reducing areas of conflict and disagreement.
Although the Commissioner has the same powers with respect to audits that are
available for privacy investigations, for example, to summon witnesses,
administer oaths, and compel organizations to produce evidence, these powers
would only be used as a last resort.
In its work to safeguard Canadians' right to privacy, the OPC's compliance
reviews and audits rely upon various investigative and analytical techniques to
measure privacy compliance and to develop recommendations:
- Research of public and specialized source information
- Review of OPC files related to the institution
- Review of relevant statutes, regulations and jurisprudence
- Obtain legal advice when necessary
- Review of organization's administrative policies and practice documents
- Review of organizational structure and delegation of authority
- Review of information systems
- Review of security systems to protect personal information
- Review of random sample of files containing personal information
- Structured interviews with front line and management staff based on fair
information principles
As per the OPC's 2002-2003 Report on Plans and Priorities, we continue to
improve our internal policies and procedures with relation to monitoring and
profiling the personal information management practices of organizations.
Following are a few brief examples of compliance reviews conducted by the
OPC's Privacy Practices and Reviews Branch:
Firearms Program
The Firearms Act requires the collection of a large amount of highly
sensitive personal information about Canadians. The OPC continues to receive
complaints from some of the 2.3 million firearm owners in Canada and from some
Members of Parliament. Over the past year, the OPC has been conducting an
ongoing review of the personal information-handling practices of certain aspects
of the Firearms Program to ensure that they were meeting their obligations to
protect Canadians' personal information and has been consulting with the office
of the Solicitor General of Canada to ensure that any changes to the program do
not impact negatively on the privacy rights of Canadians.
Review of post-September 11th initiatives
In the fall of 2001, the Government of Canada introduced a series of
anti-terrorism measures in response to the tragedy of September 11, 2001. The
Budget of December 2001 provided funding of $7.7 billion over the following five
years for specific departmental initiatives to combat terrorism. Many of these
initiatives could involve an impact on the privacy of Canadians personal
information, due to the collection, use and disclosure of sensitive personal
information.
A survey of Post-September 11th initiatives was conducted by OPC in 2002 to
determine which initiatives represented potential privacy risks to Canadians.
The OPC conducted reviews of the Communications Security Establishment, Canadian
Security Intelligence Service and the Royal Canadian Mounted Police in order to
review the institutions' collection, use, retention, disposal of and disclosure
of Canadians' personal information and to determine if any of the initiatives or
changes limit or infringe on Canadians' privacy.
Although these reviews are ongoing, they have provided an excellent
opportunity for OPC to promote privacy protection within these organizations and
to verify the impact of law enforcement and intelligence operations on the
privacy rights of Canadians. As many initiatives are in the implementation
stage, it is an important and effective time to discuss privacy enhancements
with these institutions where appropriate.
Immigration and Refugee Board Compliance Review (update)
In July 2003, the Immigration and Refugee Board (IRB) provided the OPC with
an update on its follow-up to the compliance review completed in April 2002.
Along with its response, the IRB submitted a work plan listing our
recommendations, the responsibility centres, the estimated timeframes, the
proposed action plan and a completion date for the implementation of each of the
64 recommendations that we made in our compliance review report.
The IRB has agreed to provide the OPC with a more comprehensive update in the
Fall of 2003. The OPC will also follow up on the implementation of the report's
recommendations.
Canadian Nuclear Safety Commission Compliance Review (update)
In October 2002, the Canadian Nuclear Safety Commission (CNSC) provided the
OPC with its initial plan to implement the recommendations made in an OPC
compliance audit in March 2002. Of the 49 detailed recommendations, CNSC has
responded and agreed to corrective action to14 in its "short term action
plan." By August 2003, the CNSC had implemented all the corrective action
mentioned in its "short term action plan".
CNSC found it necessary to hire an outside consultant to re-vamp its security
and classification system and to provide training to its staff before it could
take corrective actions pertaining to several of the remaining 35
recommendations. CNSC will respond to the remaining recommendations in its
"mid-term" and "long-term action plan" in the Fall of 2003.
It is anticipated that some resolutions related to information technology may
take up to three years to implement.
The OPC will continue to monitor the progress of implementation.
Assessments of Human Resources Development Canada Databank Review
Committee Submissions
In the 2000-2001 Departmental Performance Report, it was described how, under
mounting public pressure, Human Resources Development Canada (HRDC) made the
decision to dismantle the Longitudinal Labour Force File and to implement a
review process and a governance protocol for all policy analysis, research and
evaluation activities involving the connection of separate databanks. This
review process involved consultation with the OPC to examine such projects.
In the 2002-2003 fiscal year, comments have been provided on an additional 10
HRDC data match submissions, including the projects concerning unemployment in
the fishing industry, community employment, Canada Pension Plan Disability
Vocational Rehabilitation, student loans and employed truck drivers among
others.
The OPC has continued to customize its assessment tool to facilitate timely
reviews of the HRDC submissions. The tool ensures that the reviews are thorough
and that the principles of fair information practices as specified in the Privacy
Act are respected. As a result of OPC's reviews, HRDC has improved the
wording of its contracts with third parties to ensure that it clearly states
that personal information remains under the department's control and subject to
the protections of the Privacy Act.
Audits under the PIPED Act
Section 18 of the PIPED Act also provides the authority to carry out
audits of personal information management practices in the private sector if
there are "reasonable grounds to believe" that a private sector
organization is contravening a provision of the Act. During 2002-2003,
no private sector audits were undertaken because no matter had been brought to
the attention of the Commissioner that would constitute reasonable grounds for
an audit.
Other advice to government institutions and private sector organizations
The OPC also provides informal assistance and advice to numerous government
institutions and private sector organizations on the importance of safeguarding
the privacy rights of Canadians and the privacy implications of their
initiatives. OPC has been involved in consultations with organizations such as:
Equifax, Canadian banks, pawnbrokers, Elections Canada, the Department of
Justice, Public Works and Government Services Canada, Indian and Northern
Affairs and the RCMP.
The OPC's advice has led to changes such as:
- increased privacy accountability within organizations;
- limiting the collection of personal information to that which is strictly
necessary;
- stricter safeguards limiting access to and the use of personal information
based on the need to know principle; and
- improvements to the security measures used to protect personal
information.
Privacy Impact Assessments
In April 2002, Treasury Board launched the Government of Canada's new Privacy
Impact Assessment (PIA) Policy, which took effect on May 2, 2002. Under the PIA
Policy, federal government departments and agencies must conduct PIAs on all new
government initiatives that involve the collection, use and disclosure of
personal information. The Policy's objective is to demonstrate the Government of
Canada's commitment "to protecting the personal information of
Canadians" by ensuring that "privacy principles are being taken into
account when there are proposals for, and during the design, implementation and
evolution of programs and services..."
To ensure a comprehensive and current understanding of the privacy
implications inherent in proposed or redesigned programs and services, the
Policy requires that government institutions furnish a copy of all PIAs
conducted to the Privacy Commissioner of Canada for review and comment. The
Policy further states that, at the Privacy Commissioner's discretion, the
Commissioner may "provide advice and guidance to institutions and identify
solutions to potential privacy risks."
In response to the Privacy Commissioner's new duty under the Policy to
receive and review PIA submissions from departments and agencies, the
Commissioner created a sub-division within the Privacy Practices and Reviews
(PP&R) Branch dedicated to assessing PIA reports and providing expert advice
to departments and agencies on how to best realize the Policy's core objectives.
The PIA Division currently possesses a staff complement of four, comprised of a
Director, a Project Officer, and two Project Review Officers. Two other Project
Review Officers from the PP&R Branch have recently been called on to assist
in handling the mounting volume of reports the Division is now receiving.
During 2002-2003, the PIA Division has received 33 final PIAs, that is to say
reports submitted with the approval of the head of a government institution, 9
of which have run the full review and consultation process, culminating in the
Commissioner's conveyance of satisfaction that the privacy risks associated with
each project have been identified and adequately addressed. In addition to final
PIAs, the OPC has received 13 Preliminary Privacy Impact Assessment (PPIA)
reports. PPIAs are, for the most part, draft PIAs submitted to the OPC for
review and comment before being sent to the departmental head for approval and
official submission to the OPC.
In almost every submission received to date, the OPC has identified omissions
or oversights that have required remedial attention. The OPC's recommendations
have resulted in design modification to systems and changes to information
management practices that have substantially improved their compliance with
established privacy principles, hence ensuring that Canadians' privacy rights
will ultimately be safeguarded by these projects.
For example, in the case of Citizenship and Immigration Canada's on-line
status query service (E-CASQ) the Privacy Commissioner recommended that clients
wishing to benefit from the service should be advised of the risks of using
shared computers and of the tools that individuals can use to minimize their
exposure to privacy invasion. The Commissioner's recommendation was accepted,
resulting in modifications to the information kit sent to clients wishing to
register with the service.
Similarly, in the case of Treasury Board's own Government On-Line (GOL),
Secure Channel, Build 3, Load 2 project, consultations with the OPC resulted in
modifications to the implementation plan that, in the opinion of the Privacy
Commissioner, have contributed to a system and service significantly more
compliant with established privacy principles. Build 3 Load 2 will allow
individuals to change their mailing address for income tax reporting purposes
on-line and constitutes the first GOL application that will make full use of the
Public Key Infrastructure (PKI) certificate service.
Given the newness of the PIA Policy, omissions and oversights in the
preparation of PIA reports are to be expected. That said, there is clear
evidence that departments are taking their responsibilities under the Policy
seriously, and that consultations with the OPC are producing tangible results.
Consequently, during his appearance before the Standing Committee on Government
Operations and Estimates of the House of Commons on September 22, 2003, the
Interim Privacy Commissioner recommended that Parliament consider amending the Privacy
Act to give the PIA Policy the force of law.
In sum, in 2002-2003 the OPC has fulfilled its mission to perform compliance
reviews and audits, and has also actively participated in the PIA process, and
by so doing, has assisted organizations in applying both the Privacy Act
and PIPED Act for the benefit of Canadians, in order to further
safeguard their privacy rights.
STRATEGIC OUTCOME 3 - Increasing public
awareness and understanding of privacy issues
Context and background
The government has demonstrated its recognition of the importance of, and a
commitment to, proper privacy protection mechanisms in Canada with the
establishment of federal privacy laws in the public, and now the private,
sectors, as well as with its new Privacy Impact Assessment (PIA) Policy for
government projects and programs, described earlier in this report.
The post-September 11th environment has a strong influence on the OPC's
communications approach. Through public awareness activities, the OPC has been
informing Canadians of the need for an appropriate balance between privacy and
security, and encouraging governments and organizations to rethink the
privacy-invasiveness of some of their initiatives.
Businesses in Canada are gearing up for the implementation of the PIPED
Act on January 1, 2004. Many of these businesses and organizations have
questions or concerns about the effect that the Act will have on their
industry. The Privacy Commissioner is specifically mandated under the PIPED
Act to conduct public education activities to deal with these issues. The
OPC has undertaken some communications activities to respond to this need, but
clearly much more work on public education is required to ensure that businesses
are aware of their responsibilities, and Canadians are aware of their rights,
under the new law.
It is important to note that the focus of the former Commissioner (Mr.
Radwanski) on public sector issues had a negative impact on the OPC's ability to
achieve objectives related to private sector issues, to maximize its reach to
citizens and businesses on the important issue of the pending PIPED Act
at such a critical time - before its full implementation.
Resources
The resources used in 2002-2003 for Strategic Outcome #3: Increasing
public awareness and understanding of privacy issues are approximately $3.5
million and funded activities in the Communications Division, the Strategic
Research and Analysis Division, and the Inquiries Unit. This total also includes
some related expenses shared by the Branches. There was a total of 23 staff in
the Communications and Policy Branch - a Senior Director General for the Branch
and her executive assistant; as well as five employees in the Communications
Division including a director, communications advisors and administrative
support; nine employees in the Strategic Research and Analysis Division
including a director, policy analysts and administrative support; and nine
employees in the Inquiries Unit including a manager, inquiries officers and
administrative support.
The Interim Commissioner is reviewing the mandate, structure and resources of
this division so as to refocus efforts on education and more effective
communications and outreach initiatives.
Outcomes achieved
The Communications and Policy Branch has worked to conduct research, generate
public discussion and help to raise awareness of a number of important national
privacy issues. In addition to this, other branches of the OPC, such as the
Investigations Branch and the Privacy Practices and Reviews Branch, have
contributed to increased awareness of privacy rights and obligations.
The former Commissioner (Mr. Radwanski) and other OPC officials made use of
speaking engagements and special events in order to raise awareness of federal
privacy laws and a variety of other privacy issues among Canadians, businesses
and associations. Over the period of this Report, the OPC received close to 150
requests. The former Commissioner and other senior staff delivered more than 49
speeches, reaching thousands of event participants. Many of these speeches
focused either on the importance of balancing privacy and security issues in a
post-September 11th environment, or on gearing up for the PIPED
Act. It is important to note that speaking engagements - particularly the
domestic and international travel and hospitality costs associated with the
speaking engagements of the former Commissioner (Mr. Radwanski) - were the
subject of intense scrutiny by and concern from the Standing Committee on
Government Operations and Estimates of the House of Commons, as well as the
report of the Office of the Auditor General. The speaking engagements strategy
is under review.
Media relations activities played a significant role in helping to generate
an effective public debate and discussion on important national privacy issues
in 2002-2003, such as the CCRA "Big Brother" database of Canadians'
air travel patterns, biometric national identity cards, and other proposed
anti-terrorism and security measures. During the 2002-2003 fiscal period, the
OPC issued 25 news releases and media advisories, granted hundreds of media
interviews and also responded to hundreds of media requests for information.
This work generated significant media coverage of privacy issues, and ultimately
very supportive editorials and columns on key issues in major daily newspapers,
reaching Canadians across the country and around the world. Much of this media
relations work focused on public sector issues, as opposed to concerns of the
private sector. Much more work must be done to utilize media relations
activities as a cost-effective means of reaching out to Canadian businesses,
through targeted media, to help them get ready for the implementation of the
Act. Plans are underway for targeted media relations activities of this nature
in the Fall/Winter 2003.
During the 2002-2003 fiscal year, the OPC also continued its publications
program. Material, including two guides to the PIPED Act - one for
businesses to help them understand their obligations and another for citizens to
help them understand their rights under the Act - as well as fact sheets,
bookmarks, posters, etc. are available in hard copy upon request and available
on the OPC Web site. During this period, the OPC disseminated more than 23,000
copies of these educational materials to better inform Canadians, businesses and
associations.
As mentioned above, all of the OPC's materials are available on the Web site
and traffic has been increasing steadily. Over the period of this report, there
was an average of approximately 50,000 visits to the Web site per month. Among
the key sections accessed on the site was the business guide, an indication that
businesses are looking to the OPC for information to help them gear up for the
implementation of the PIPED Act. Anecdotal evidence suggests that this
guide has been well received by this audience, although there is currently no
statistical evidence to substantiate this claim. The OPC plans to build
benchmarks and evaluation mechanisms into its communications activities in the
future, in order to better evaluate their effectiveness.
In order to further raise public awareness and understanding of privacy
issues, and to respond to a demand for more information on this subject, the
OPC's Inquiries Unit responds to inquiries from the general public, government
institutions and private sector organizations who contact the OPC on a wide
variety of privacy-related issues. The OPC responds to thousands of inquiries
per month from individuals who contact the OPC for advice and information on a
variety of issues related to personal privacy - issues that are becoming
increasingly multifaceted and complex in nature.
The OPC's Strategic Research and Analysis Division also provides a
significant contribution to public awareness initiatives. This division serves
as a centre of expertise on privacy issues in Canada and abroad. It is
responsible for researching trends, providing analysis on key issues, and
developing policies and positions that advance the protection of the privacy
rights of Canadians. In the 2002-2003 period, the Division provided this
expertise to the Commissioner and the OPC, supporting a number of activities
which helped to raise awareness and understanding among Canadians of privacy
issues, including consultations with key stakeholders, providing expertise and
content for speeches, developing positions on a variety of issues, and creating
material for appearances before House of Commons and Senate committees, etc.
Under the former Commissioner (Mr. Radwanski), this Division did not focus
sufficiently on policy and primary research. The OPC plans to reinvigorate the
activities of this Division in this regard - activities which will also have an
impact on public awareness initiatives, and other important initiatives within
the OPC.
Earlier in this section, we mention that other Branches, such as the
Investigations Branch and the Privacy Practices and Reviews Branch, have also
contributed to raising awareness of privacy issues. During the course of
investigations, for example, our interaction with officials in the respondent
departments and organizations serves to educate them on the principles of
individual privacy rights and on their own obligations and responsibilities to
adhere to the requirements of federal privacy laws. Through this, we help to
strengthen organizations' understanding of privacy issues. Increased privacy
awareness within organizations in this manner works to the advantage of the
organization and Canadians, by reducing areas of conflict and disagreement.
In sum, in 2002-2003 the OPC conducted a series of activities to increase
public awareness and understanding of privacy issues. In our view, however, the
OPC did not fully meet expectations in this regard - particularly the
expectations of the business community. As well, Canadians did not receive full
value for money spent in this regard. Much more work needs to be done in order
to help Canadian businesses understand their obligations and responsibilities,
and citizens their rights, under Canada's new private sector privacy law.
Section IV - Government-Wide Initiatives
This section of the Report provides an update regarding the OPC's activities
in the 2002-2003 period as they relate to two government-wide initiatives - the
Government On-Line Initiative and Modern Comptrollership.
It is important to note that, because of the small size of this organization,
the fact that it does not have significant assets and equipment, and because of
the nature of the organization - often working at arm's length from government -
the OPC has not been in a position to contribute to a number of government-wide
initiatives and the content in this section is therefore limited.
Government On-Line
In the 2002-2003 period, the OPC made a significant contribution to the
Government On-Line (GOL) Initiative. In April 2002, the Treasury Board launched
a new policy whereby new and existing programs and services, including and
especially important for the GOL programs, must now undergo a Privacy Impact
Assessment (PIA) - in effect, a feasibility study from a privacy perspective. In
addition to working with Treasury Board on the policy, the OPC has developed a
process whereby it reviews all PIAs and offers comments to departments and
agencies at the early stage of program development, to help ensure that these
programs and services are respectful of Canadians' privacy rights.
The OPC has also conducted an analysis and recognizes, however, that there
are elements of its communications (i.e., the Web site), which do not fully meet
the standards of the Common Look and Feel Program. This is an area the OPC is
looking to address in the future, resources permitting.
Modern Comptrollership
In the 2002-2003 period, the OPC committed to the Treasury Board's Modern
Comptrollership initiative. The OPC has completed the Modern Comptrollership
capacity assessment. The audit reports of the Auditor General and the Public
Service Commission clearly identify serious deficiencies in financial and human
resource management. The OPC concurs with the findings in these reports. The OPC
is committed to the Modern Comptrollership Initiative and will use the Modern
Comptrollership framework as the basis for the action plans that will flow from
the recommendations of the OAG and PSC audits. The corrective measures
implemented will comply and dovetail with the Modern Comptrollership initiative.
Section V - Financial Performance
Financial Performance Overview
In the OPC's 2002-2003 Report on Plans and Priorities (RPP), planned spending
was indicated as $11.2 million. Through Supplementary Estimates and Treasury
Board Vote 5, 10 and 15, the OPC received and additional amount of $0.7 million,
for total authorities amounting $11.9 million.
Actual spending for the 2002-2003 fiscal year amounted to $12.2 million. The
result is an over-expenditure of the OPC's total authorities in the amount of
$234,000.
Over-expenditure
The OPC exceeded its appropriations by $234,000 due to following:
- Changes in accounting practices, in order to be consistent with the
principles of accrual accounting in the federal government; and
- Travel, hospitality and communications expenditures.
Financial Summary Tables
The tables in this section contain summaries of financial information under
three headings:
- Planned Spending - the planned spending at the beginning
of the fiscal year as set out in the 2002-2003 Estimates - Report on Plans
and Priorities;
- Total Authorities - the level of spending authorized by
Parliament, including the Supplementary Estimates and transfers from
Treasury Board (Votes 5, 10 and 15), to take into account the development of
priorities, increased costs and unanticipated events; and
- Actual Spending - the amounts actually spent in the
2002-2003 fiscal year as indicated in the Public Accounts.
Table 1: Summary of Voted Appropriations
The following table indicates the level of spending authorized by Parliament,
including the Supplementary Estimates and other authorities.
The difference between planned spending and total authorities can be
explained mainly by the additional appropriations received in the fiscal year.
(see note below)
Financial Requirement by Authority
($ millions)
|
|
|
2002-2003
|
Vote |
|
Total Planned Spending
|
Total Authorities
|
Total Actual Spending
|
|
Office of the Privacy Commissioner |
|
|
|
45 |
Operating Expenditures |
9.3 |
10.4 |
10.7 |
|
Grants and Contributions |
0.5 |
0.0 |
0.0 |
(S) |
Contributions to Employee benefit Plans |
1.4 |
1.5 |
1.5 |
|
Total Department |
11.2 |
11.9 |
12.2 |
Note: Total authorities are:
- Main Estimates - $9.8M
- Supplementary Estimates B - $0.3M
- TB Vote 5 - $0.2M
- TB Vote 15 - $0.3M
- TB Vote 10 - $0.1M
- Contributions to Employee Benefit Plans - $1.5M and
- reduced by a transfer to the Office of the Information Commissioner (Vote
40) - $(0.2M)
Table 2: Comparison of Total Planned Spending to
Actual Spending
The following table indicates, in detail, the allocation of total planned
spending, the authorities (in italics) and actual spending (in boldface) for
2002-2003, by business line and the nature of the spending. The differences
between planned spending and total authorities by business line can be explained
mainly by the additional appropriations received in the fiscal year (see note
below)
Departmental Planned versus Actual Spending by Business
Line
(millions of dollars)
|
Business Lines |
FTEs
|
Operating
|
Capital
|
Grants & Contributions
|
Total Gross Expenditures
|
Less: Respendable Revenues
|
Total Net Expenditures
|
Protection of Personal Information - Federal Public
Sector |
Planned Spending |
45 |
3.9 |
- |
- |
3.9 |
- |
3.9 |
Total Authorities |
|
4.6 |
- |
- |
4.6 |
- |
4.6 |
Total Actual Spending |
40 |
5.2 |
- |
- |
5.2 |
- |
5.2 |
Protection of Personal Information - Private Sector |
Planned Spending |
45 |
5.5 |
- |
0.5 |
6.0 |
- |
6.0 |
Total Authorities |
|
5.8 |
- |
- |
5.8 |
- |
5.8 |
Total Actual Spending |
40 |
5.6 |
- |
- |
5.6 |
- |
5.6 |
Corporate Services |
Planned Spending |
15 |
1.3 |
- |
- |
1.3 |
- |
1.3 |
Total Authorities |
|
1.5 |
- |
- |
1.5 |
- |
1.5 |
Total Actual Spending |
23 |
1.4 |
- |
- |
1.4 |
- |
1.4 |
Total Cost |
Total Planned Spending |
105 |
10.7 |
- |
0.5 |
11.2 |
- |
11.2 |
Total Authorities |
|
11.9 |
- |
- |
11.9 |
- |
11.9 |
Total Actual Spending |
103 |
12.2 |
- |
- |
12.2 |
- |
12.2 |
Costs of Services Provided by Other Departments |
Total Authorities |
|
|
|
|
|
|
1.1 |
Total Actual Spending |
|
|
|
|
|
|
1.1 |
Net Cost of the Program |
Total Authorities |
105 |
11.9 |
- |
- |
11.9 |
- |
13.0 |
Total Actuals |
103 |
12.2 |
- |
- |
12.2 |
- |
13.3 |
Note: Total authorities are:
- Main Estimates - $9.8M
- Supplementary Estimates B - $0.3M
- TB Vote 5 - $0.2M
- TB Vote 15 - $0.3M
- TB Vote 10 - $0.1M
- Contributions to Employee Benefit Plans - $1.5M and
- reduced by a transfer to the Office of the Information Commissioner (Vote
40) - $(0.2M)
Table 3: Historical Comparison of Total Planned
Spending to Actual Spending
The table below gives an historical overview of spending by business line. It
also includes a comparison between total planned spending for 2002-2003 and
actual spending in the Public Accounts.
Historical Comparison of Departmental Planned versus Actual Spending
by Business Line
($ millions)
|
|
|
2002-2003
|
Business Line |
Actual
2000-2001
|
Actual
2001-2002
|
Total Planned Spending
|
Total Authorities
|
Total Actual Spending
|
Protection of Personal Information - Federal Public Sector |
7.4 |
8.8 |
3.9 |
4.6 |
5.2 |
Protection of Personal Information - Private Sector |
- |
0.6 |
6.0 |
5.8 |
5.6 |
Corporate Services |
1.9 |
2.0 |
1.3 |
1.5 |
1.4 |
Total |
9.3 |
11.4 |
11.2 |
11.9 |
12.2 |
Note: Total authorities are:
- Main Estimates - $9.8M
- Supplementary Estimates B - $0.3M
- TB Vote 5 - $0.2M
- TB Vote 15 - $0.3M
- TB Vote 10 - $0.1M
- Contributions to Employee Benefit Plans - $1.5M and
- reduced by a transfer to the Office of the Information Commissioner (Vote
40) - $(0.2M)
Accrual Based Financial Statements
Over the past several years, as part of the Financial Information Strategy,
the Receiver General for Canada and departments have worked to put in place new
financial information systems and to acquire the accounting expertise required
to implement full accrual accounting. Overseeing this initiative, the Treasury
Board Secretariat also developed the necessary accounting policies and training
programs to implement full accrual accounting government-wide.
National and international accounting standards bodies, and the Auditor
General, strongly support full accrual accounting. It is the accounting practice
already used by many provinces and by foreign governments such as the United
States, Australia and New Zealand. Under full accrual accounting, an entity's
financial statements provide a more comprehensive and up-to-date picture of its
financial situation and better reflect the impact of economic events and
decisions made during the fiscal year. Better information means improved
transparency and accountability.
At a government-wide level, Budget 2003 was prepared on a full accrual basis
and the 2002-2003 summary financial statements, presented in the Public
Accounts, are also on a full accrual basis.
Publication of accrual-based financial statements in Departmental Performance
Reports is being phased in for departments and agencies. Departmental
corporations began presenting accrual-based financial statements in Volume II
Part II of the 2001-2002 Public Accounts of Canada.
In 2003-2004, the Office of the Privacy Commissioner will report accrual
financial statements based on generally accepted accounting principals.
Section VI - Supplementary Information
1. Legislation Administered by the Privacy
Commissioner
The Privacy Commissioner has an oversight responsibility to Parliament for
the:
Privacy Act |
R.S.C., 1985, ch. P21, amended 1997, c. 20, s. 55 |
Personal Information Protection
and Electronic Documents Act |
2000, c.5 |
2. Statutory Annual Reports and Other Publications
The Commissioner's annual reports on privacy issues are available on the
Commissioner's Web site.
- Privacy Commissioner's 2002-03 Annual Report. Ottawa:
Minister of Public Works and Government Services Canada, 2001. Available on
computer diskette and hardcopy from the Office of the Privacy Commissioner
of Canada, Ottawa, Canada K1A 1H3; (613) 995-8210 and on the Office's Web
site.
- 2002-03 Estimates: A Report on Plans and Priorities.
Ottawa: Minister of Public Works and Government Services Canada, 2001.
Available through local booksellers or by mail from Public Works and
Government Services - Publishing, Ottawa, Canada K1A 0S9.
- 2003-04 Estimates: A Report on Plans and Priorities.
Ottawa: Minister of Public Works and Government Services Canada, 2001.
Available through local booksellers or by mail from Public Works and
Government Services - Publishing, Ottawa, Canada K1A 0S9.
- Office of the Privacy Commissioner of Canada Web site: www.privcom.gc.ca
3. Contact for Further Information
Anne-Marie Hayden
Director, Communications
Office of the Privacy Commissioner of Canada
Place de Ville, Tower B
112 Kent St., Suite 300
Ottawa, Ontario
K1A 1H3
Telephone: (613) 995-0103
Facsimile: (613) 995-1139
|