Protecting the Privacy of Canadians: Review of the Privacy Act
Total Page:16
File Type:pdf, Size:1020Kb
PROTECTING THE PRIVACY OF CANADIANS: REVIEW OF THE PRIVACY ACT Report of the Standing Committee on Access to Information, Privacy and Ethics Blaine Calkins Chair DECEMBER 2016 42nd PARLIAMENT, 1st SESSION Published under the authority of the Speaker of the House of Commons SPEAKER’S PERMISSION Reproduction of the proceedings of the House of Commons and its Committees, in whole or in part and in any medium, is hereby permitted provided that the reproduction is accurate and is not presented as official. This permission does not extend to reproduction, distribution or use for commercial purpose of financial gain. Reproduction or use outside this permission or without authorization may be treated as copyright infringement in accordance with the Copyright Act. Authorization may be obtained on written application to the Office of the Speaker of the House of Commons. Reproduction in accordance with this permission does not constitute publication under the authority of the House of Commons. The absolute privilege that applies to the proceedings of the House of Commons does not extend to these permitted reproductions. Where a reproduction includes briefs to a Standing Committee of the House of Commons, authorization for reproduction may be required from the authors in accordance with the Copyright Act. Nothing in this permission abrogates or derogates from the privileges, powers, immunities and rights of the House of Commons and its Committees. For greater certainty, this permission does not affect the prohibition against impeaching or questioning the proceedings of the House of Commons in courts or otherwise. The House of Commons retains the right and privilege to find users in contempt of Parliament if a reproduction or use is not in accordance with this permission. Also available on the Parliament of Canada Web Site at the following address: http://www.parl.gc.ca PROTECTING THE PRIVACY OF CANADIANS: REVIEW OF THE PRIVACY ACT Report of the Standing Committee on Access to Information, Privacy and Ethics Blaine Calkins Chair DECEMBER 2016 42nd PARLIAMENT, 1st SESSION STANDING COMMITTEE ON ACCESS TO INFORMATION, PRIVACY AND ETHICS CHAIR BLAINE CALKINS VICE-CHAIRS DANIEL BLAIKIE JOËL LIGHTBOUND MEMBERS BOB BRATINA WAYNE LONG NATHANIEL ERSKINE-SMITH RÉMI MASSÉ MATT JENEROUX RAJ SANI PAT KELLY OTHER MEMBERS OF PARLIAMENT WHO PARTICIPATED WILLIAM AMOS MICHAEL V. MCLEOD MEL ARNOLD MARC MILLER RENÉ ARSENEAULT PIERRE PAUL-HUS KERRY DIOTTE MICHEL PICARD MATTHEW DUBÉ HON. MICHELLE REMPEL PIERRE-LUC DUSSEAULT FRANCIS SCARPALEGGIA JULIE DZEROWICZ MARK STRAHL DAVID TILSON CLERKS OF THE COMMITTEE Hugues La Rue Michel Marcotte LIBRARY OF PARLIAMENT Parliamentary Information and Research Service Michael Dewing Chloé Forget Maxime-Olivier Thibodeau iii THE STANDING COMMITTEE ON ACCES TO INFORMATION, PRIVACY AND ETHICS has the honour to present its FOURTH REPORT Pursuant to its mandate under Standing Order 108(3)(h)(vi), the Committee has studied the Privacy Act and has agreed to report the following: v TABLE OF CONTENTS PROTECTING THE PRIVACY OF CANADIANS: REVIEW OF THE PRIVACY ACT ..... 1 CHAPTER 1: INTRODUCTION ................................................................................. 1 1.1 Mandate......................................................................................................... 1 1.2 Review of the Privacy Act .............................................................................. 1 1.3 The need for reform ....................................................................................... 3 CHAPTER 2: TECHNOLOGICAL CHANGES ........................................................... 5 2.1 Purpose clause and definition of personal information .................................. 5 2.1.1 Purpose clause ................................................................................... 5 2.1.2 The definition of “personal information” .............................................. 7 2.1.3 The definition of metadata .................................................................. 8 2.2 Information-sharing agreements .................................................................. 10 2.3 Safeguarding personal information .............................................................. 14 2.4 Reporting breaches of personal information ................................................ 16 CHAPTER 3: LEGISLATIVE MODERNIZATION ..................................................... 19 3.1 Criteria for the collection, disclosure, use and retention of personal information ............................................................................................... 19 3.1.1 The Privacy Commissioner’s recommendation ................................ 19 3.1.2 Witnesses’ views .............................................................................. 19 3.1.2.1 Reduce the quantity of personal information collected ............. 20 3.1.2.2 Criteria for collecting personal information ............................... 21 3.1.2.3 The necessity test and the Canadian Charter of Rights and Freedoms ....................................................................................... 22 3.1.2.4 The addition of criteria for the sharing, use and retention of personal information ....................................................................... 22 3.1.2.5 Obligation for accuracy ............................................................ 24 3.1.2.6 The views of federal institutions ............................................... 25 3.1.3 The Committee’s recommendation ................................................... 26 3.2 The various overview models ...................................................................... 27 3.2.1 Overview models in the provinces and territories ............................. 27 3.2.2 The Privacy Commissioner’s view .................................................... 28 3.2.2.1 The Privacy Commissioner’s initial recommendation ............... 28 vii 3.2.2.2 The Privacy Commissioner’s modified recommendation .......... 29 3.2.3 Witnesses’ views .............................................................................. 31 3.2.3.1 Witnesses advocating for the order-making model .................. 31 3.2.3.2 Witnesses advocating for the hybrid model .............................. 32 3.2.4 The view of federal institutions ......................................................... 34 3.2.5 The powers of the Privacy Commissioner and Information Commissioner ........................................................................................ 34 3.2.6 The Committee’s recommendation ................................................... 36 3.3 Expand judicial recourse and remedies ....................................................... 36 3.4 Statutory mechanism for independently reviewing complaints .................... 39 3.5 Privacy impact assessments ....................................................................... 39 3.5.1 The Privacy Commissioner’s view .................................................... 39 3.5.2 Witnesses’ views .............................................................................. 40 3.5.3 The Committee’s recommendation ................................................... 42 3.6 Consultation on draft legislation and regulations ......................................... 43 3.6.1 The Privacy Commissioner’s view .................................................... 43 3.6.2 Witnesses’ views .............................................................................. 44 3.6.3 The Committee’s recommendation ................................................... 45 3.7 Provide the Office of the Privacy Commissioner with an explicit public education and research mandate ............................................................ 46 3.7.1 The Privacy Commissioner’s view .................................................... 46 3.7.2 Witnesses’ views .............................................................................. 46 3.7.3 The Committee’s recommendation ................................................... 48 3.8 Require an ongoing five-year review of the Privacy Act .............................. 48 CHAPTER 4: ENHANCE TRANSPARENCY ........................................................... 49 4.1 Grant the Privacy Commissioner discretion to publicly report on government privacy issues when in the public interest ............................ 49 4.1.1 The Privacy Commissioner’s view .................................................... 49 4.1.2 Witnesses’ views .............................................................................. 51 4.1.3 The Committee’s recommendation ................................................... 52 4.2 Share information with the Privacy Commissioner’s counterparts domestically and internationally ............................................................... 52 4.2.1 The Privacy Commissioner’s view .................................................... 52 4.2.2 Witnesses’ views .............................................................................. 53 viii 4.2.3 The Committee’s recommendation ................................................... 53 4.3 Discretion to discontinue or decline complaints ........................................... 54 4.3.1 The Privacy Commissioner’s view .................................................... 54 4.3.2 Witnesses’ views .............................................................................. 55 4.3.3 The Committee’s recommendation ..................................................