ETHI Committee Meeting
Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.
For an advanced search, use Publication Search tool.
If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.
CANADA
Standing Committee on Access to Information, Privacy and Ethics
|
l |
|
l |
|
EVIDENCE
Thursday, June 5, 2008
[Recorded by Electronic Apparatus]
[English]
Good afternoon, colleagues.
Today, pursuant to Standing Order 108(2), we have our study of Privacy Act reform.
Our witnesses today are from Correctional Service Canada. We have Mr. Ian McCowan, assistant commissioner for policy and research, and Ms. Anne Rooke, director of access to information and privacy. Welcome to both of you.
I think you are well aware of the nature of our current order of business. I understand you have opening statements, which have been circulated to members.
I invite you to address the committee now .
Thank you very much, Mr. Chairman, and good afternoon to everyone.
I'd like to begin, if I could, with a brief overview of CSC.
CSC is responsible for offenders who have been sentenced to two years or more and for the supervision of offenders under long-term supervision orders. Our core contribution to public safety is achieved through the safe and secure custody of inmates, through the provision of programs and initiatives to assist inmates—
Point of order, Mr. Chair.
I don't mean to interrupt. It's just that I know this is a policy interest of Mr. Martin's and Mr. Hubbard's and that they would want to hear this. I was wondering if we could give them a few more minutes before starting, so that they could be included in the opening statement.
I understand your point. It's nice to allow all members to have the same courtesy. But the majority of members are here now, and I think we should proceed with our business. We only have a limited time.
I see that Mr. Martin is walking in the door now. I think we'll just carry on.
Our core contribution to public safety is achieved through the safe and secure custody of inmates through the provision of programs and initiatives to assist inmates to safely reintegrate right into the community, and by supervising offenders once they're conditionally released. CSC is a large organization operating 58 institutions, 16 community correctional centres, and 71 parole offices, 24 hours a day, seven days a week.
Over the course of fiscal year 2006-07, including all admissions and releases, CSC managed 19,500 different incarcerated offenders and 14,000 different supervised offenders in the community. CSC employs approximately 15,200 staff across the country and strives to maintain a workforce that reflects Canadian society. CSC's annual budget is approximately $1.9 billion.
Responding to both access to information and privacy requests poses particular challenges in the correctional environment. Like other organizations, we do this in a manner that fully respects privacy. However, we must also do this in the context of our overriding commitment to public safety.
The ATIP division, which ultimately reports to me and is led by Ms. Rooke, is the focal point for the application of the Access to Information Act and the Privacy Act in CSC. The ATIP division deals directly with the public in connection with ATIP requests and serves as the centre of ATIP expertise in enabling CSC to meet its statutory obligations under the acts. To that end, the division is responsible for ensuring that formal access and privacy requests are completed in a timely manner, and for promoting a culture of openness and accountability while ensuring that all appropriate safeguards are adhered to with regard to the handling of all personal information.
By the nature of its activities and legislated mandate, CSC handles a large volume of personal information and responds to a significant number of requests for information every year. In an average year, CSC receives between 7,000 and 10,000 privacy requests, with the exception of 2003-04, when there was a surge in the number of requests. With the exception of that one year, and during that year the number of complaints against CSC represented 65% of the total number filed with the Office of the Privacy Commissioner, between 2003 and 2007 CSC accounted for 18% to 25% of all Office of the Privacy Commissioner complaints.
This helps to clarify the information previously provided to the committee. I understand there was testimony that offenders represent 50% of the complaints filed with the OPC. The numbers that I gave you a moment ago are the correct numbers, and the OPC agrees with those numbers, that they're a more accurate reflection of CSC' s share of complaints that have been filed over the last number of years. I should note that those numbers include complaints that are filed by staff, offenders, and the public, all complaints.
With such a large volume of requests for personal information, it's not unexpected that CSC is ranked among the top institutions, including the RCMP and the Canada Revenue Agency, for the number of complaints filed with the OPC.
In light of the fact that CSC receives a vast number of requests every year, it's important to point out that the number of complaints against CSC represents, on average, only 2% to 10% yearly of the total CSC ATIP workload. Since 2003 there have been approximately 3,500 complaints recorded in the CSC ATIP database. Of these complaints, 91% were filed because the department did not meet the 30-day statutory time limit, or applied exemptions with which the requester did not agree.
As set out in section 12 under the Privacy Act, it affords the same right of access to all Canadian citizens or permanent residents. Indeed, our own statute, the Corrections and Conditional Release Act, paragraph 4(e), states that offenders retain all the rights and privileges of all members of society, except those privileges that are necessarily removed or restricted as a consequence of their sentence. As a result, offenders are entitled to request personal information held by CSC. CSC agrees with the Privacy Commissioner that complaints must be handled indiscriminately by government departments, even though an individual may simply have an axe to grind against a government institution.
As you know, the Privacy Act requires that the OPC and all federal departments deal with all complaints and requests when they are received. There is no mechanism at the present time to assess whether complaints are trivial, frivolous, or vexatious.
With regard to the proposed amendments to the Privacy Act, it would not be appropriate for us to comment on changes the Privacy Commissioner has put forward, the ten quick fixes. I understand these are what she deems necessary to carry out her duties.
Having said that, this is a brief introduction, Mr. Chairman. We will be pleased to answer any and all questions you may have.
Thank you, Mr. Chair.
Welcome. It's nice to have you with us today.
One of the things we've been talking about is creating new legislation around the Privacy Act. Witnesses we've had from various departments and agencies have expressed concerns over that, because they feel it will not give them the flexibility they have at present for the collection of data and other things they want to do. I would be interested to know how you feel about that as far as Correctional Service of Canada is concerned. Do you feel it would impinge on your flexibility?
I have a couple of thoughts. First of all, in terms of the policy ownership of the Privacy Act, my understanding is that the Treasury Board and the Department of Justice are basically the key stakeholders, and the Privacy Commissioner is obviously central.
We are in the position of a lot of other operational departments in that we'll operationalize whatever scheme Parliament seems to put in place.
I would say in response to your question that CSC is a little bit of a different department in some ways. We don't keep specific track of the exact number of requests that come from various categories, but because we have a large number of folks who are inmates in our system, those individuals frequently file privacy requests, largely about what's on their case management file. We're mandated by our statute to capture a large amount of information about all offenders, and there is actually a provision in our act that says that when get a request in writing, it should basically be processed in accordance with the terms of the Access to Information Act and the Privacy Act.
In terms of CSC as an organization, we're always going to have a large number of privacy requests, given the nature of our operations. Information is really the lifeblood of our business in terms of making decisions about offenders. It's always got to be up to date and it's always got to be as comprehensive as possible. There are always going to be issues around that, and I suspect we'll always be near the top of the list in terms of both the number of requests that come in and the number of complaints.
In response to your specific question, the Privacy Commissioner is putting forward these ten quick fixes. I read them with great interest.
What I'd say in response is that I don't feel we're in a position to comment on what the Privacy Commissioner feels they need to do their job. We will operationalize whatever Parliament decides is the appropriate scheme.
I don't think my question was quite about that. I felt it was more a question of whether you feel the flexibility that's in the system now has been advantageous to you. Do you feel that tightening up that system in terms of how we require that information and how we get it will impede you more?
We do not have great difficulties with the system the way it is right now. Again, in the context of what I mentioned a moment ago, we're an unusual department and we're always going to be near the top of the heap in terms of requests and complaints.
We've done two in the past year. On average, two is probably the number that we do. Of the two that we've recently done, one had to do with a telework situation and the other had to do with electronic monitoring.
The manager responsible for a new program or a new undertaking will assess whether a privacy impact assessment is required. They will first of all determine if personal information is involved in the new undertaking, and, if so, will do a preliminary privacy impact assessment to see whether a full-blown PIA is required. If so, we then strike a committee. We have representatives on the committee from various sectors, including legal, security, ATIP, and the branch or division that is introducing a new undertaking.
That you've only done two is a little interesting. I thought the number would have been higher. Do you have any problems with PIAs?
No. The ones we've done in the past two years have not been problematic.
Obviously our systems have been in existence for quite some time, and we're not necessarily collecting new personal information, which would explain why we haven't had that many PIAs to do.
Ms. Rooke, when the Canadian Bar Association was here, they talked about this idea of putting forward some legislation and making it tighter to get that information. They felt the two could be done--new legislation could be brought in, and flexibility could be built within the system.
You have just said, Mr. McCowan, that you feel the system works all right for you the way it is, but if it does get tighter and more legislation is brought into place, do you feel it would impede you? That's what I'm trying to get at. Do you think there would still be enough flexibility? I realize it depends on what that legislation is.
It depends a lot, I guess, on what the nature of the tightening is. I'm not sure we're really in a position to help you in terms of getting to the bottom of what you're after. I understand what you're asking, but it depends on the nature of the changes. Plus or minus, we're okay with the situation the way it is right now. That said, we'll obviously adjust as Parliament sees fit.
[Translation]
Thank you, Mr. Chair.
First of all, welcome to our witnesses.
I understand that you cannot make any comments about the amendments suggested by the Commissioner but I see that you deal with a large number of complaints and I would like to know why you are the ones dealing with them and not the Commissioner.
The complaints are dealt with by the Privacy Commissioner. Our role is to deal with the requests that we receive.
You receive requests for information, you read them and then you decide if they are in order. Am I right?
It depends on the request, obviously. If it is a request for access to personal information submitted by a staff member or an inmate, we ask that the relevant files be provided to us. We review the files and we will exempt some information, such as information involving a third-party. We review all the documents in order to be able to provide the applicant with all his personal information, except that which has to be excluded for security reasons, for example if that information involves a third-party or relates to legal advice.
Even members of the public can apply to you to have access to information? Do they not have to apply directly to the Commissioner?
No, they can apply directly to us. Members of the public can complain to the Commissioner if they have first applied to the department to get access to personal information. If they are not satisfied with the information provided, they can submit a complaint to the Commissioner.
We are talking about files that may be related to criminal activities or to individuals about which you have incriminating information.
Do you accept all the requests that you receive or do you apply some criteria that lead you to deny some of them immediately?
We look at the request in order to make sure that we understand correctly what the person wants. If it is not clear, we get in touch with the individual to ask for clarification. Then, we process the request.
You explained earlier that, once the documents are received by the institution, you review all of them according to the rules and you then give them to the applicant.
Do you give photocopies? Do you get them back later or is the individual allowed to keep them?
They are photocopies. Obviously, we keep the originals. If we did receive originals, we send them back to the institution. Sometimes, they send us copies for our review. In any case, the applicant does not receive the originals, we keep them.
If a person is in the habit of making regular requests in order to know if new information has been added to his file, do you apply the same process? A request is never rejected? You listen to the applicant before deciding if there is new information to be communicated?
I will now ask you a question which you may not be authorized to answer for reasons of confidentiality. Are there many people who request repeatedly their own documents?
What parts of your process could be improved? I am not asking what the Commissioner thinks should be improved. What could we do to facilitate your work?
Do you believe that you have enough staff? There is a thirty-day time limit. Do you manage to meet that requirement?
[English]
I'll respond to that one.
In the course of the last number of months we have actually allocated some additional resources to the access to information and privacy division. As Ms. Rooke mentioned, we had experienced some problems
[Translation]
in relation to deadlines and things of that nature.
[English]
So we have moved some additional resources over to do an adjustment, as it were, within the organization.
[Translation]
[English]
Thank you, Mr. Chairman.
Thank you for appearing.
I beg to differ when you say that you don't have any problems. We had this really neat book that was given to us by the Privacy Commissioner. It gives us a pretty good overview of what's taking place in the department. Page 71 lists the top ten institutions by the number of complaints received. Number one is Corrections Canada. It has 194. The next one is the Royal Canadian Mounted Police, at 141.
It's an interesting book, because before you get to that spot, it talks about things like examples of privacy complaints. I'm just trying to find these so I can maybe give you some examples. Here's one. A woman complained that Human Resources and Social Development Canada, HRSDC, violated her privacy rights. There's one about a gun owner the RCMP released. So that's the RCMP. Canada Revenue Agency is one of the top ones too. Here is an individual and CRA auditors. An employee complains about DNA disclosed.
There are a lot of examples, but there's absolutely not one example from Corrections Canada.
I don't have the actual costs of the Office of the Privacy Commissioner, but it's up beyond $10 million, I think. So when you break these complaints down and the cost of these complaints, just doing quick math, you're about a quarter of the cost.
I'm not pointing any fingers, and I'm not suggesting that you're not.... I think I was responsible for actually calling you here, because when I saw that, I thought that we had a problem. We need to know what the problem is. It's fine to say that this works that way and that works this way, but there is a problem here. It looks to me as if inmates are causing a whole lot of mischief—correct me if I'm wrong—and if that is the problem, then you need to tell us so we can do something to correct it.
We all are very much in favour of improving and rewriting, actually, the Privacy Act. But if we're going to be blindsided on this, you know, we need to know. You need to tell us, point blank, that we have a problem. If we have a problem, we can deal with it. I guess I'm asking you, what is the problem?
I understand where you're coming from. In terms of the response, I'd start where I was at a minute ago, just in terms of talking a bit about the context. If you go back over the last ten years, you're right. Historically we have been either at the top or near the top in terms of complaints. We're also at the top or near the top in terms of requests. We're in a situation where we have a high volume of requests, so there is some association with the number of complaints. That's part of the story.
Another part of the story is the nature of our operations in the environment. Some government departments reappear all the time at the top of the list in terms of requests and complaints, and it has to do with the nature of the operations. In terms of Corrections Canada, we're mandated by our statute to gather information about offenders in enormous detail. We have to know everything we possibly can in order to make the best decisions we can over a huge variety of things with respect to their incarceration.
As you can imagine, offenders are very interested in knowing what's on the file. As I mentioned before, there's a section of our statute that effectively means when they ask for information about their file it oftentimes will find its way to Ms. Rooke's shop as a request under the access act. Offenders are going to want to know what's on their file because it has to do with the decisions that are going to be unfolding. They want to know what it is Corrections Canada has.
But it's not just about offenders; it's also about victims. It's also about employees who are interested in this huge cache of information that we have. And I think we're unusual in that regard as a government department, because information is the lifeblood of our business. If we're going to do public safety well, we have to be on top of the information game in relation to every offender all the time. People are constantly trying to dip into that information pool from the various angles--sometimes victims, sometimes offenders. The majority are offenders, you're right. But the harsh reality is, we are always going to be making decisions about them and they are always going to be seeking some way to get access to the information we have on their files, which is basically fuelling the decisions that affect their lives.
When I asked this question to the Privacy Commissioner the answer was really not clear.
I have to ask you again. Do we have a problem? Do we have a problem with inmates? Are they messing around with the system? Are they using the system for their advantage? We need to know that. I understand what you're saying, but there seems to be something going on here that nobody wants to talk about. If that's not the case, then we need to understand it a bit better. I listened to what you're saying, but maybe I just have to lay it out. It seems to me like these guys are just messing with you and they're just doing everything they can to make your job more troublesome. I'm asking the question: Is that what's going on?
I'm going to express my own personal opinion here. From what I have seen of the system, we're not in a situation.... Perhaps I can recall. When I was in an earlier life I used to do civil litigation. One of the things that's available in front of courts is to get a designation for someone being a frivolous and vexatious litigant. It's a tough thing to get. You have to hit a very high standard before you get there, and I notice one of the ten recommendations actually dealt with something that was quite similar.
I haven't been through every single complaint that's been filed by inmates over the last number of years. My impression is that the large majority of them are not in that zone. The large majority of them are in “I want to know what is on my file”.
The best way to answer it would be if I could get Ms. Rooke to talk about the types of requests we often get from inmates. Would that be helpful?
Would this help? Could we give an undertaking to give you a summary of the types of requests in terms of what information banks--
I'm not talking about his name is John Doe and he's been charged with this, that, and the other. I don't need all that. I just want to know, this guy wants to know this.
I don't know if we could give you the specific requests, but we could certainly undertake to give you a synopsis of the types of things we get from inmates in terms of requests. Would that be helpful?
Yes, we have to see some of this. I can understand your job, and it's hard for you to say, but if there's something here we definitely have to see it, because this is clogging up the courts and this is taking enormous resources from the Privacy Commissioner a lot of the time. We need to know this. I'm just afraid that the way the questions are going we're skirting the issue. This is the reason you're here. We have to find out why you are number one on the complaint list.
I could understand why it would be the RCMP, possibly. Even the RCMP have the same types of problems, or possibly Revenue Canada. But I'm really puzzled why it's Corrections Canada.
Let me just add that if it's helpful, we can certainly give you a summary of the typical kinds of requests we get from inmates. If it's helpful, we can even map it to the information banks, to what specific things they normally are requesting.
We're at nine minutes now. You were on a good line, and I wanted to show a bit of latitude here.
Mr. Hubbard, we're now on the second round, so you will have five minutes.
Thank you, Mr. Chair.
Good afternoon.
It's hard to believe there are nearly 20,000 people incarcerated in federal institutions, according to your page 3, and you have 14,000 out on some sort of supervised parole. You have 15,000 workers and are costing nearly $2 billion a year to the Canadian taxpayer.
Unless I'm wrong, when a prisoner is incarcerated, when he goes to his first federal institution, a file goes with him. His future, in terms of getting early parole or in his relationship with the system, is dependent upon how that file is accessed, who puts things into it, and whether or not the information that's in there is correct concerning both parties that are involved.
It's very easy for a guard, for example, to put something into that file that would be a major factor in whether that prisoner would have a request for parole accepted after his minimum time has been served.
We have files that are there for the prisoners, but how does a prisoner get redress, if he's had difficulties with one or two guards who can put things into the file that the prisoner doesn't agree with? What access does he have to get his file seen, and secondly to get redress for something that he feels is not the true report of the situation that's been filed?
Perhaps I could deal with the first part, and I'll ask Ms. Rooke to deal with the redress issue.
As I mentioned before, the information we gather on inmates is really the lifeblood of our business. If we're going to make good public safety decisions, we have to gather all relevant information and keep gathering it constantly.
I take your point. Inmates are always going to be interested in what is on their file, because it's going to have a huge impact on the decisions that are taken about them. As a result, Ms. Rooke's shop is always going to receive, in decades to come, many requests for access to what's on the file. And when inmates are not satisfied with what they get back, I'm sure a complaint will follow.
But the bottom line is that the lifeblood of our business is information, and information on an inmate's file is of great interest to them. It's of great interest to victims too. There are many stakeholders involved, but that's very much our reality.
Perhaps Ms. Rooke might want to add some additional points on the redress issue.
Offenders who, after receiving their file as the result of an access request, feel that something on the file is not correct have redress to come back to us at ATIP to ask for a file correction. They also have redress under the CCRA to request that their file be corrected. So they have options when they dispute something that is on their file.
To go back to Mr. Van Kesteren's situation, why is the prisoner not satisfied when he sees the file, and what is the degree of his dissatisfaction? Why does he have to go to the commissioner to get information that apparently is not available?
When requests are made for access to the file, as you know a variety of exemptions can be applied. It's possible that information might be exempted for reasons of safety and security of the penitentiary. Inmates will perhaps be interested in knowing what that is, and that might result in a complaint.
It's the nature of our environment again. Ms. Rooke's shop is challenged with the delicate balance of fulfilling our focus on public safety and making sure we give proper balance to the exemptions in the act. Inmates are always going to be interested, and they're particularly going to be interested in exempted materials.
Did you want to add anything to that?
Just to go a step further—Dave, you were referring to the book—do some of your people get their knuckles rapped by the commissioner because you don't provide the proper access?
If you go back over the last decade of reports from the Privacy Commissioner, you will find examples where corrections has made mistakes in terms of the handling of personal information. Ms. Rooke can give you more details on this. But in situations like that, we work with the Privacy Commissioner's office to figure out how best to avoid repeating whatever it was that went wrong.
Thank you, Mr. Chair.
Thank you for coming.
For my first round, I have a few questions for you. First of all, I would like to know how long you've both been on the job in terms of access to information and privacy, whether it's with this organization or with other government organizations. Could you just fill me in on your history or your background, because you mentioned something else, sir, that's—
My track record is amazingly thin relative to Ms. Rooke's, as you probably will have gathered from the exchanges that happened earlier. I was with the justice department for 15 years, and for the last two years I've been with Corrections. Access to information and privacy is part of the policy and research group at the justice department.
I've been with the director of access and privacy for a year and a half. Prior to that I was with the Office of the Privacy Commissioner for seven years.
Is that right? Okay. Great.
I think Dave was one of the ones who was keen on having you here as a group. Part of our reasoning is we are looking for suggestions on improvements. In 1986 there was a review of this legislation—I think it was called “Open and Shut”, or something like that—and of access to information.
One of the things that interested me.... A prisoners' rights committee came here to speak to that. Is there such a thing now in the system? Do prisoners have a rights committee? If not, that solves the problem. Do they talk about access to their information as part of their problem?
I'm not aware of a prisoners' rights committee. The correctional investigator is part of our statutory frame, who will often advance a broad range of issues on behalf of offenders.
The other point, which is very interesting to me is that I looked up who the witnesses were. A former member of my riding was a witness here. Bill Kempling was a member of the House of Commons and he was a witness at a committee. I've only been here a couple of years, but I have never experienced that. I think I'm going to have to check with Bill's wife to find out what he was here for.
From a practical point of view, one of my questions is we're talking about making the privacy impact assessments part of legislation. From your department's perspective, can you tell me whether you use PIAs, how they're used, what their functions are if they're used, or is that further up the ladder?
As I said earlier, we do PIAs. In the past year we've done two. We don't do a lot of them. Our programs are very well ingrained, and we don't collect a lot of new information, which is where you would look at doing the privacy—
Privacy aspects.
What do you do with that information once you've done your PIA? Those two you did, what happened to them from a functional point of view?
They're submitted to OPC, the Office of the Privacy Commissioner, for them to review. If they have comments, we will assess those comments and make changes, if appropriate. Treasury Board is also involved in seeing the PIAs.
So the commissioner is recommending that this tool be legislated. Do you think that will make any difference to your organization and how they handle PIAs, whether it's legislated or not?
I really don't know how to respond to that until I see what the requirements would be. I can't imagine that it would have a serious impact on us.
When you do PIAs, the way you phrase it, maybe in your department you have a significant amount of private information on these individuals who are your clients, or whatever you want to call them. Based on your experience, are they different in your organization from what they would be in other organizations, or are they virtually consistent across the board from every group? Did you see them in your previous job, Ms. Rooke?
[Translation]
Thank you very much, Mr. Chair.
I apologize for being late. I was held up in the House on a metter that is important to all of us. As a matter of fact, I see that a few regular members of the committee are absent.
Mr. McCowan, you said that Ms. Rooke is the expert for balancing security concerns with the rights of inmates, did you not?
[English]
Yes, the bottom line is that in terms of the exemptions that are applied under the statutes, the vast majority of those exemptions, which involve some balancing of various interests, are done in Ms. Rooke's shop on the various requests.
[Translation]
A few years ago, I received a visit from representatives of the Union of correctional officers. At the time, they probably went to see all the official critics for labour issues. Their complaints seemed valid to me. They were complaining that they had been assaulted by some inmates and that, during those assaults, there had been some exchanges of organic liquid. Later on, they had been unable to get information about the health status of their assailants because that was personal information that was exempted. There seemed to be a lack of balance between the rights of the inmates and the rights of the correctional officers, the rights of the inmates to protect their personal information versus the rights of the correctional officers to protect their health. That issue has not yet been resolved. Correctional officers are looking at all sorts of avenues to find a solution.
Could not a solution be to include an exemption in the Privacy Act relating to the medical file of an assailant, be it an inmate or someone else?
[English]
As you may be aware, the Correctional Service of Canada was recently the subject of an independent review, and there were 109 recommendations that were given to the government with respect to a huge variety of issues for CSC. A couple of the recommendations dealt with the issue of mandatory testing of inmates, which is related to the scenario you are describing. I'm not aware of the specifics of the privacy determination that you're discussing from a few years ago, but I can indicate that it was an issue that was raised in the report that was recently done on the Correctional Service of Canada, and I know it's being looked at.
[Translation]
Very good.
You used the words “as you know” but I did not know. I did not know that Corrections Canada had tabled a report. Is that what you said?
[English]
Yes. If it would be helpful, we could get you some copies. It was an independent review of corrections done about last year. It was chaired by Rob Sampson and it resulted in 109 recommendations to reform the Correctional Service of Canada in a variety of ways.
[Translation]
As you said, one of those recommendations related to screening the inmates for diseases. Most of the time, inmates are aware of their health status. If they assault a correctional officer, they know that, in order to avoid any risk, that officer will have to be treated against AIDS or other infectious diseases, the nature of which I leave to your imagination. They also know that this will create anxiety and anguish for the officer himself and for his family. If they know that they have an infectious disease, their assault was aimed at harming the officer. The point is not to screen the inmates for diseases, because that information is probably already in their files. If an inmate has AIDS, I suppose that that information is already in the medical file. So, the solution recommended by correctional officers is that they have access to those medical files.
[English]
There are a number of different issues. It could be that the paper record that deals with whether or not an inmate has an infectious disease is somewhat dated. I think that's why when the panel looked at this issue they made some recommendations in terms of mandatory testing.
As I said, the government is looking at this issue. There was some support for this transformation agenda broadly in budget 2008. There has been no specific announcement on this point, but the government is looking at the range of recommendations in Mr. Sampson's report, and this is one of them.
Thank you, Mr. Chair.
I'd like to know a little more about the medical file piece in terms of the doctor-patient relationship. Unfortunately, in our country, the file still belongs to the doctor and not the patient, yet we know we've had terrible trouble with people having follow-up for serious conditions like HIV/AIDS as they come in and out of prison.
What do you do with the medical file? Does the inmate get a copy of their medical file when they leave prison? How do you handle this in terms of the medical record?
I guess my bottom-line question is why can't all these people see their files anyway? Why do we have to have ATIP?
I don't know the specific process for what happens with the doctor's file when an inmate leaves, but I can certainly undertake to find that out and provide the process to you, if that's helpful.
Once patients were able to look after their file, the doctors' charting changed a great deal in terms of smart aleck remarks and characterizing people in a different way from how they would if they knew that file was going to be viewed by the patient.
What is viewed to be the downside of letting every inmate see their own file?
To be honest with you, I'm not sure what the specific rules are in terms of access to medical files.
There could be a number of exemptions that apply. For example, there may be information about incompatibles. There may be information on the file that relates to third-party information. There may be information on security issues. There are a number of things in a correctional environment that require you to do some vetting before you just turn over the file.
So it's a balance between wanting to have as complete a file as you can, which captures all the information, and recognizing that in a correctional environment there are some things that can't just be turned over.
But can an inmate just ask the warden to see the file and have the exempted parts taken out, so that they actually know basically what's there, or do they have to go through all of the hoops to see even that?
For all of these requests, I guess I just want to know why we put this whole process in place if what they are going to see at the end has all the exemptions taken out?
In terms of what they'll see at the end, depending on the scenario, they'll see either most of it or perhaps all of it if there are no relevant exemptions. But just as we process every other document to make sure we respect third-party information, and make sure there's not a safety-security issue around, for instance, an incompatible, we have to make sure that the exemptions are properly applied and that the release of information can't lead to harm of another individual. There has to be some analysis brought to bear, and that's what Ms. Rooke's shop does.
I'm new to the committee, but I want to learn as we go along.
You'd probably have to be careful in terms of how you respond to proposed amendments to the Privacy Act. I'm still wondering if there is some comment you can make in a careful way in terms of how one could do it.
You've made some comments already that give me a bit of food for thought on that, but where there's no mechanism in place to assess whether they're trivial, frivolous, or vexatious, do you have any ideas coming from your law background, Ian? You've probably stayed awake nights and thought hard and long on this one. Do you have any ideas? There have to be good minds put to this one in terms of how you can sort this out, especially as it pertains to the corrections system.
Yes. Drawing from my days with the Department of Justice, one of the things new justice department lawyers often get are applications to the court to get people declared frivolous and vexatious. That's normally a job that's given to newcomers. So when I joined the Department of Justice, I did a few of them.
What I would say about that, just talking about it in a court context, is that it's a very high threshold you have to hit. You have to satisfy a judge that somebody has consistently abused their rights to do whatever it is, whether it's to file a lawsuit with the courts....
I don't know the exact parameters of what's being proposed by the Privacy Commissioner, and I wouldn't propose to comment on whether it is or isn't needed in terms of her fulfilling her mandate. I think that's very much for her—and I would suggest also, Treasury Board and the Department of Justice, given their policy responsibilities—to comment on.
What I would say is that from what I have seen, and I'd encourage Ms. Rooke to add in if she sees it differently, I'm certainly not aware that there's a huge flood of grievances that would hit the threshold, the high threshold that I remember from my legal days, of frivolous and vexatious.
I'm sure there are some where, if an exemption were brought into law, we'd use it, but we're not talking about the majority, by any stretch of the imagination, of the requests that we get from inmates that would fit into that category.
Ms. Rooke.
On that point, then, have you actually ever made a point, in any kind of systematic fashion, of chronicling or analyzing and looking at that to determine that maybe it doesn't meet these high thresholds--because as you say, it's a pretty high standard there--but something flags it for you, like there are dozens and dozens from any one person? Have you ever attempted anything, in any cursory fashion, in any manner at all? And secondly, would there be some merit to attempting to do some analysis of that?
It's not something I've turned my mind to, to be honest. From my year and a half of experience at Corrections Canada, I cannot say that I've seen anything that jumped out at me as fitting the category of trivial, frivolous, and vexatious.
Okay, so it's more anecdotal, unless it really jumps out at you. Obviously in your busyness of life, you look at the ones that come before you, but you haven't been able to go back prior to a year and a half in terms of the hundreds of complaints, really, to know.
You're giving us food for thought in terms of the things we should be looking at on our end, but from both of our perspectives, I take your point. We don't see all of them. I certainly don't. What we've given you is our best understanding of the lay of the land.
Oh, just two years as well. Okay.
For the most part, I take it you're in agreement with the Privacy Commissioner. As you say in your remarks, complaints must be handled indiscriminately by government departments, even though the individual may simply have an axe to grind against that government institution.
I've been asking this other background stuff, and I take it from what you say that you have a genuine concern about whether there might be something getting into the category of trivial, frivolous, and vexatious. But in your previous remark that these must be handled indiscriminately—I'll give you a chance to respond here and defend yourself—does that kind of suggest to me that you have a bias to say, “Well, maybe there's really very little point; because they have to be handled indiscriminately, somebody may or may not have an axe to grind, so why would we even look at whether it's trivial, frivolous, vexatious?”
I think the comment was just to say that the way the statutory frame works right now, all requests are treated equally and that's how we process them. What I meant by my earlier comment was that we don't systematically track, for example, the percentage or the number of requests that are associated with various categories: inmates, staff, victims.
What I'm taking as food for thought from our exchange here is that this may be something we need to get a better handle on in the future in terms of having a better statistical understanding of the breakdown of the requests that we receive.
Thank you, Mr. Chair.
I want to keep going on the same line here, because I see this as so important. We have to get to the bottom of this thing.
Please understand, I'm not pointing out any accusations. I know you're trying to do your job. Just help me understand this a little better.
Back in 1971, or something like that, I took a law class in high school—it goes back a long way—and I don't remember a lot, but I remember learning back then that if you went to prison, you lost your rights. I'm guessing that with the charter that all changed, in 1984. Am I right, Ian?
The charter certainly gives a broad range of rights to individuals in society, which obviously includes the category we're talking about. But in addition to that, there's a principle in our statute that offenders retain the rights and privileges of all members of society, except those privileges that are necessarily removed and restricted as a consequence of sentence. So our frame is similar to the discussion about the Privacy Act, in terms of all complaints being the same.
The Privacy Act probably evolved from the Charter of Rights and Freedoms. As we moved forward we recognized that people had rights to privacy. So here we have these fundamental points of democracy that we cherish as a nation. To me this really threatens what we're trying to do. We boil it down to money.
I was asking one of our aides, and he seemed to think the budget of the Privacy Commissioner was about $14 million--understanding that a lot of education takes place, and there's money spent there. I know, from another investigation that was done through the Ethics Commissioner, one of these things isn't cheap. We're talking about thousands of dollars when a report goes through. If there were 839 complaints in 2006-07 and the budget back then was $10 million, you're probably not out of line saying it cost about $8,000. It's huge. We can brush this aside and say that's the cost of doing business.
I think we're really not done. We need to know exactly what's happening. We need your help. We need you to tell us there's a problem here. This is where the problem is. Then if we're to make amendments and change the act to the better, I firmly believe we have to make some amendments to the act that correct this situation.
This is serious. We're talking about not only one-quarter of the cost, but one-quarter of the energy that's spent. We have to get to the bottom of this, and I don't think we've done that today. As Maurice was saying, as much as you can say, I understand you can't.... We need some help here. I really think we have to make some changes.
I'm hopeful that the additional information we've already undertaken to provide to give you some summary information will help to further the discussion.
At a high level, if we're going to make good public safety decision-making for Canadians, one of the key elements is having really good information about the cases in our system. So we're always going to be in the business of gathering as much as we can get, as recent as we can get, so we can make the best decisions possible.
I understand. If these are requests from the corrections officer, that's why we need to know this. If the majority of these are justified, then again we can see. But as Dr. Bennett said, if we're going to get these medical records, isn't there an easier way to do this? This is the sort of thing I'm trying to dig for. We have to get to the bottom of this, and maybe that means getting you back one more time.
I'm not sure of the extent that medical records play in this, but we'll undertake to get you some more information about that, and particularly about how they relate to when the situation on the file goes to the community.
On the decision-making we do, we have to get the best information and the most recent information we can. Because that fuels the whole range of decisions that are taken within our statutory framework, you are always going to have individuals who are affected by that, whether they are offenders or victims looking to get as much access to that information as they can. It's the nature of the beast.
Having said that, I take your point, and we'll certainly get you the information I promised. If you'd like to continue discussion we'd be pleased to do so.
Thank you, Mr. Chair.
I have a few more questions. Ms. Bennett just spurred me on to get a better understanding. As far as I know, I'm sure there's some place on the Hill that has some information on me.
It would be important for me to know, just from a hypothetical point of view, if this is the type of information that's in an inmate's file. If an inmate has racist tendencies, would that kind of information be in here? Would that determine who they might be bunked with in the cell? Are those the kinds of things that...?
Any information that's relevant to the management of an inmate's case is going to be in his file. Our statute requires us to basically gather anything that's going to have an impact.
So it doesn't list it out in the statute. It just refers to management, anything to do with it.
I'd like to know what kinds of things are in an inmate's file. Also, on the requests that you're getting, is it skewed to those who are there for a longer time, for more serious crimes, or does it not really matter?
I can only respond in terms of what our statute requires.
Section 23 of the CCRA requires us:
To take all reasonable steps to obtain, as soon as is practicable, (a) relevant information about the offence; (b) relevant information about the person's personal history, including the person's social, economic, criminal, and young offender history; (c) any reasons or recommendations relating to the sentencing or committal that are given or made by the court that convicts, sentences or commits the person, and any court that hears any appeal; (d) any reports relevant to the conviction, sentence or committal that are submitted to the court; and (e) any other information relevant to administering the sentence or committal.
I'm cutting a bit out here, but that's basically it.
This is the lifeblood of what we do. This is why we're unusual as a department. We have this grant, this rule that has been given to us by Parliament—and I think it's a sensible rule—that we learn as much as we possibly can about any given offender, so that we and the National Parole Board can make good decisions.
In your presentation today, you talk about 3,500 complaints in your database. They could be ATIP pieces too. A full 91% of the complaints have to do with not meeting the deadline or disagreements with the exemptions applied. Do you know what the breakdown is? Is it mostly one or the other?
Would these cases be double-counted? I'm making a complaint because I didn't get the 30 days, and then because this is since 2003, I complain that I don't like what I got.
It has been a resource issue, but we have now obtained additional resources for the ATIP shop, and we're hoping that this will assist us in improving our response times. We're in the process of staffing up, and there's a dearth of qualified people in the ATIP field. We're having to take people who may not have ATIP experience, and there's quite a training period involved.
I haven't yet read the Information Commissioner's new report. I know it just came out, but I haven't got through it. He was indicating that one of the things we're lacking in this country—and it's something that he would be interested in doing—is a proper training program for access to information employees. I'm very happy that a department is here that actually deals with it on a daily basis.
There's a new challenge in Ottawa right now: there are not enough people available to do this kind of work.
Thank you.
I have a question. As members of Parliament, we have done ATIP requests on different things over time, so we have some firsthand experience of this area, no doubt.
I recall at one point working with a staff member doing an ATIP request on a fairly serious matter, an issue of a politically sensitive nature. Because I was involved to some degree in the story, I did this ATIP request, and it came back with a lot of stuff blanked out. It was in respect to me, but I had some requests on a more general issue. But the explanation for this stuff having been blanked out was that it had involved someone else, and their consent or permission hadn't been obtained. So even the stuff that I think may have been in reference to me was taken out of there too, because in the sentence you'd have the other person's name and my name, and as a result you'd lose the whole sentence. That puzzles me.
If you have a scenario where a prisoner is requesting information on something, and maybe there's been some disciplinary measure or some interaction or altercation with a corrections officer, do you have to get the permission of that corrections officer?
Are you saying you don't have to?
There could be a safety or security reason for why information is exempted. It depends on the specifics of the case at hand.
Okay, so is this a rule of ATIP that applies just in respect to corrections, then, because they have this special status and their name is not personal or private?
Okay, so you're saying that's for anybody in an official security or corrections role? Because that certainly didn't apply in the case I'm sketching for you. This other person's name had to be.... Even the information I was seeking to obtain in respect of my involvement was shielded from me, because this person had a name and therefore none of it was provided. So I don't know how that works in this area.
But are you saying there are no problems with providing and divulging in an ATIP request...that you don't need the permission of the other person who's involved or described? Is this what you're telling me now?
There is a third-party exemption, but I think what Ms. Rooke is saying is that it doesn't apply necessarily if the individual is—how would you frame it—a public servant.
That's what I'm getting at. That's my question. Why do we have exemptions, and who exactly is being exempted, according to the part of the act or whatever she's reading here?
Yes, and we can forget my case and my example, but I thought the general principle of ATIP is that if it involves somebody else's name, and permission is not given, then you can't divulge it.
In this case, obviously, the corrections officer doesn't have....
Under the definition of “personal information”, the Privacy Act says that information about an individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual, including the fact that the individual is or was an officer or employee of the organization; the title, business address, and telephone number of the individual; the classification and salary range of the individual; and the name of the individual on a document prepared by that individual in the course of employment is not personal information.
But it's all in context. The name actually could be protected if, for example, it's part of some broader security concern. You have to look at it on a case-by-case basis. Sometimes they're severing partial sentences, as you say, so it's not a one-size-fits-all situation. You have to look at the specific document and apply the exemptions case by case.
No, I didn't hear you. Normally I can hear you quite clearly. But not this time.
So part of the report that the Privacy Commissioner has given us talks about what's happening from her perspective. On page 77, the report talks about Correctional Services: 11 discontinued, 9 not well founded, settled in course of investigation, 43 founded. If I understand what she's telling us here, these are complaints that, once you've done your work at Corrections, they've appealed to the Privacy Commissioner's office. In your old role you'd investigate. Is that correct?
So there would be an investigator assigned to that. Then when she says in her report they are discontinued, does that mean they found a resolution or the person has withdrawn the issue or passed away? What does it mean by “discontinued”?
When I was at the Office of the Privacy Commissioner, “discontinued” would be exactly as you said. It may be that the person is no longer interested in pursuing the complaint. It may be that the person cannot be located. Those are the types of situations.
Do you have a split on how many are internal clients and external clients? Do you know what the difference is? Is it heavier weighted to the inmate side than the victim side or the other way around?
Okay. Then the majority of them, obviously just by simple math, would be the majority of the complaints on top of that, I'm assuming.
Okay. So from a process point of view, when you get a request, you must meet this 30-day thing on some of them, obviously. Do you know what percentage you meet the 30 days on?
Well, we certainly want to improve. In the coming year we're going to try to get it up to 60%, and then as we get new staff in and get them trained, hopefully we can turn things around.
This is the resourcing thing we were talking about earlier. In order to get our capacity up, in order to meet these deadlines, we need more folks. It's a very competitive environment in Ottawa right now. We hope we have some additional resources in place to make some improvement.
You are funded for those. So it's not a money issue in a sense. It's about getting people and getting them trained and ready to go.
So you meet half, let's say, of the timeframe, so they can't really appeal based on not meeting the timeframe. So that should give the balance. Is there a process you have in place that, if you're not going to make the 30 days, you do anything to mediate the individual's request so they are not appealing? Or do you just let it go that you didn't make the 30 days and it's up to them whether they appeal that or not? Is there any system to try to reduce the number of appeals, even though you might not make the deadline?
They are. Many other people outside the system of corrections can get help from other people to do some of these things. Are they provided with any information on that, or do they just have to figure it out on their own? How do they know what to do? Is it well defined?
I'll come back to the line of questioning about the Privacy Act. Getting back to the example I was speaking of before, does the Privacy Act then require, in terms of protection of these other individuals...? Let's say that there is an altercation in a correctional institution. There is no problem in having the name of a guard or correctional officer put forward. But if there is another inmate involved in that request, is that, under the Privacy Act, guarded or not provided or divulged in terms of reading that file? That inmate requests and gets information, but it does not exclude the names of other inmates.
It all depends on the context of the situation. It's conceivable that the correctional officer's name could be excluded if there is a security basis for doing that. But I think Ms. Rooke was referring to the general rule vis-à-vis names.
Unfortunately, it does come down to sort of a case-by-case analysis. And the exemptions have to be applied--literally severing sentences, as you're aware--to determine whether any given piece of text needs to be excluded.
Yes, it's case by case, as you say. Some general rules apply.
Some would suggest, and I know that these accusations have been made at points here, that when you have the interaction of access and privacy at the same time, there is some degree of--I'll use the more positive word--subjectivity, obviously. Stronger words are used by others. When there are parts of sentences severed for the protection of the privacy of an individual, others would read that as denial of access or whatever.
To the issue of training people, I think I understood you to say that there is probably.... I have some friends I know who work in that area. They're soon to retire. They're on a part-time basis now. They're older people. They're sticking around longer. They like having a little control over their schedules and maybe not having full five-day weeks and that kind of stuff. That works for them. But we have the benefit of keeping these well-experienced people around.
In terms of training new people and giving them the skills over time, is there a shortage of funding? Or do we just need to get more people and have more aggressive recruitment in this area?
I have a couple of things, and then I'd encourage Ms. Rooke to add.
First of all, in terms of the problem, there is a shortage of people. You have to bring people on and train them, as you say, and not only in terms of the application of the two acts. In our case, you want them to learn about the Correctional Service of Canada and the correctional environment, because the exemptions are applied in a dynamic way. You have to understand how the institutions and the community operate to give the exemptions a proper life, for lack of a better way of describing it.
What we've done in the last year is acquire some additional resources, which are being moved into access to information and privacy. That will allow us to compete, for lack of a better way of describing it, with other government departments. If you're a well-experienced ATIP analyst, you can look around at the various government departments around town, and you can decide where it is you think you'd like to work. I think it was fairly clear that we needed to add some additional capacity. We've done that, and we're hopeful that this will result in improvement. If we're in front of you a year or two from now, we'll be able to report back that we've made some progress.
Describe for me, just very briefly--I think I'm on topic with this question--in terms of the training mode, at least within the department, how you prefer to do it or proceed with it. I assume that there is some training on the strictures, if you will. Is there a buddy system or a mentoring system? Describe for me what that training would look like such that you get somebody up to a pretty competent level or can at least turn them loose on these materials.
Our analysts are grouped into teams, and they report to a team leader who will guide the analyst. But we also assign mentors to the new staff, because our team leaders are extremely busy. So each new employee coming in as an analyst will have a mentor.
We are actually in the process of developing a training program, because we know that we're going to be bringing in new people to the ATIP field. So I have two people now who are developing a training program.
Corrections has quite a detailed program for all new employees that everyone would go through to learn about the correctional service.
Colleagues, I'm going to encourage you to please bring it back, and our witnesses as well. We are looking at band-aid solutions to the Privacy Act, as opposed to a discussion of operational ways that we do things. It would be very helpful if we could get some solid input or questions related to the order before us.
Point of order, Mr. Chairman.
I'm wholly new to this, and I do appreciate your being here. Unfortunately, I was not able to be here for the first part.
The point of order is that the brief says these witnesses feel it inappropriate for them to comment on changes that the Privacy Commissioner deems necessary to carry out her duties, and it strikes me that the questioning is moot.
An hon. member: That's not a point of order.
Order.
For the console operator, when I call “order”, I want all of the other mikes turned off, please.
An hon. member: Shame.
An hon. member: A point of privilege, then, Mr. Chair.
Please state your point of order, then. You have to state the standing order or the procedure that is not being followed.
No, there is no point of privilege.
Mr. Poilievre, you have the floor on debate or on the questioning of the witnesses, but please focus on our work.
In discussions around privacy and information, there is always a delicate balance, as you know.
I see here, Ms. Rooke, that you are responsible as the director for both access to information and privacy. At the agent of Parliament level, you will of course know that the role of Privacy Commissioner and Information Commissioner are separate. There has been debate about whether or not the two could go together, but the consensus of Parliament has been that they should be kept separate because there is an inherent tension between the two objectives, one being freedom of information, the other being privacy. In order to ensure that there never be a conflict between those two competing interests, they should have different offices.
Have you found in your role as director for access to information and privacy that you feel that tension in your job between the two?
No, actually, I haven't found the tension. We deal with the access requests and we will take into account the provisions of the Privacy Act as they apply under access and vice versa. So no, I haven't found that there is a tension.
Have you ever found access to information requests that would perhaps infringe on the privacy rights of an individual?
Order, please.
I have to raise a question of relevance. This is a discussion I've been involved with before in a special all-party committee that John Bryden had--the discussions about access versus privacy. Members will have to understand that we have to stick to the amendments to be considered or the proposals for consideration to the Privacy Act.
This is for the members and for the witnesses. We need to keep to the order of business, please.
Carry on, please, Mr. Poilievre.
Thank you.
We've dealt with this tension between access and privacy for a long time. The chair has some considerable insight into the question. He's just mentioned some of his background in that area. I thank him for that.
My question deals more generally with the way in which we as parliamentarians interface with Corrections Canada on questions related to privacy. Do you believe that Corrections Canada has opportunities to improve its transparency to Parliament in this regard?
If you don't understand the question, that's okay. We'll move to another question from Mr. Poilievre.
I'm not sure how to respond.
I think there are clear opportunities for us to improve our performance, which I think will lead to, I would argue, increased transparency in the interaction between our organization and Parliament. I think it's a basic building block of any organization. You can always do better.
I'm not sure if that's helping or not, but....
The Privacy Commissioner has recommended a number of changes for immediate reform to the Privacy Act. Do you agree that these changes are ones that can be made immediately to enhance the level of privacy protection in the public service?
As I said at the outset, I'm not sure we're in a position to assist you in that regard. The policy ownership of the Privacy Act is with the Justice Department and Treasury Board. I think it's split between the two, and of course the Privacy Commissioner.
Most of the reforms, as I understand them, the ten of them, are focused on what she sees as changes that would help her with her mandate. And I'm not sure that we're in a position to usefully comment on those.
Yes, okay.
Without showing your hand from a policy point of view, do you think that this is something our committee could do well to examine more of?
I don't know that I'm in a position to give you useful opinion. I think any time this committee examines the Privacy Act and debates whether or not adjustments are required is a good thing, but I don't think we have anything, in terms of an opinion, to offer you on this one.
Just a moment, please. I want to check this out.
Mr. Poilievre was the last one. We're now in round five and actually the first speaker is Mr. Hubbard.
Just a moment.
I'm going to recognize Mr. Hubbard, but I've heard a point of order. I'd like to hear it.
Mr. Poilievre, do you have a point of order?
Yes.
Mr. Murphy indicated that the chair was losing control of the meeting, and I just wanted to disagree with him on that.
Thank you, Mr. Chair. It's only my second time around. I've skipped the other rounds deliberately, hoping that we would get to committee business, which was the other part of our agenda this afternoon. Mr. Chair, we haven't gotten to that.
But for the witnesses, I hope they fully understand that this is a committee of parliamentarians who work together. We're called the committee on access to information--which we sometimes look at, and we hope to study quite soon--privacy, which we're looking at today, and ethics of members of Parliament.
With the ethics concept, of course, the ethics is that we are--
You ruled, sir, on relevance. This has nothing to do with questioning our witnesses to the study that we're engaged in.
Order, please.
I'm getting a bit concerned. People are getting a little frustrated, a little testy. We don't need that. We have business to do.
I want to advise members about a unique situation that has come up. I think it's important for us to be aware of this. It has to do with the role of public servants generally being viewed, as it says here, “in relation to the implementation and administration of government policy, rather than the determination of what that policy should be”.
It's one of the reasons the witnesses who come before us had to declare that they're not in a position to make any clear position statements. It is improper for them to do it. We've put them in an awkward situation. As a consequence, I think their presentation has dealt substantively with the question that was raised by Mr. Hiebert, that we're really concerned that such a high percentage of the complaints have come from this particular area, from the Correctional Service side.
I think the witnesses made it very clear in their opening statement where the numbers came from. I think it was very instructive to have that insight as to the reasons, that there may be some frustration within those who are incarcerated because there is information in their files they're not privy to.
Beyond that, I have been painfully aware, and I think the members have as well.... That's why the questioning has been more about ATIP and access than privacy. But I think we're getting pretty close to the point that we're not being constructive on the work before us.
I know members have been able ask questions of general interest to our witnesses, but my view is that they have not for some time now, for at least a half hour or so, been relevant to the work we're doing.
I'm going to continue with the list and allow members to ask questions, but I'm going to ask that the questions be relevant to our work. I am going to ask members to respect that. Just as a principle, when we do this work or any other work, the relevance should be there, not just using the time because you happen to have it. That's not respectful, either to the witnesses or to all honourable members.
Mr. Hubbard, I appreciate where you're coming from, sir. You have the floor. You have only used one minute of your time. You still have four minutes left. If you have questions for the witnesses that you believe are relevant to the work before us, please continue. If not, I will move on to the next honourable member.
Thank you, Mr. Chair.
We are dealing with the second part of the mandate of our committee, which is access to information and privacy. Ethics is the third part.
I would hope the witnesses can really appreciate what our committee has developed into today, because we're reported as being the highest ethical committee of the House of Commons.
It's disappointing, Mr. Chair, that we've allowed our witnesses to be badgered by questions that are not relevant to the topic for which they were brought here today. I do hope you'll certainly recognize that, Mr. Chair, and move on to the second part of our meeting, which is relevant to the progress of our committee.
Thank you, Mr. Chair.
I've been at committees where witnesses were badgered, and I certainly don't believe this.
I also thank you for coming and listening. I hope you heard the chair today, on television, talking about parliamentarians having the right to speak and ask questions, because he was quite eloquent about it. It was only about four or five hours ago, so hopefully he remembers it himself.
In regard to the Privacy Act, my question deals with cross-border information. When you say a third party has the right to ask you questions, does the justice department in the United States, for example, have the right to request information about a Canadian inmate?
The Chair: Is this an access to information matter?
Mr. Mike Wallace: It's about an individual's file. I don't know, and obviously they're not sure either. I'm asking a legitimate question.
Based on the criteria that the Privacy Commissioner has put out, one of the issues that's talked about is cross-border information. I'm asking about cross-border information. It has to do with the Privacy Act. It has to do with the individuals they are responsible for. It's completely in order, Mr. Chair.
Mr. Chairman, I don't have the full text of the Privacy Act before me. One of the things I'm trying to remember is who has the right to make a request under the access act and the Privacy Act. Off the top of my head, I can't be helpful in responding to that question.
Based on that response, obviously it's not something that happens, or doesn't happen very often. Normally, it's 50% of the individuals who are part of the system, or the other half are victims or family members who are making these requests, not foreign governments or anything like that. Is that right?
The majority of our requests are from inmates. There are other categories. You'll see victims. You'll see employees. You'll see other instances.
Personally, I'm not aware of the situation you're describing. Frankly, I'd have to look at the act to see whether it's even within the relevant legislative framework. I'm simply not sure.
Thank you.
An additional recommendation is that the Federal Court should be broad, to allow it to review all grounds under the Privacy Act, not only access. So based on Ms. Rooke's experience, that tells me that at present the law allows an inmate to.... If the 30 days pass and they make a complaint, now based on time or lack of access, at present, without making any changes, they have the right to appeal to the Federal Court.
Is that correct?
Okay.
Do you have standing at that court case, or is it only between the Privacy Commissioner and the inmate?
It depends. It can happen several ways.
If it would be helpful, we could give you some summary information about the litigation that we've been involved in over the last little while. Would that be helpful?
I would like to know that. I don't know how much it affects you. Does it go that far that often? Or is that something that isn't...?
I know you can't comment, and you mentioned that you don't want to comment on whether it's right or wrong, but the commissioner is saying that maybe the role should be broadened. She's also saying--she, in this case--that she should be able to say whether this is frivolous or not. In fact, the Minister of Justice was here and he indicated that this might be a bit of a conflict. How do you give the right to say that this is frivolous, and on the other hand broaden the opportunity to go to Federal Court on other issues?
I didn't know whether, from an organizational.... Since you're one of the big users of the system, or at least from the Privacy Commissioner's point of view, and that's how I'm treating you today.... We're dealing with the Privacy Commissioner. You're absolutely right that she, in this case, is responsible for the act. And that's what we're looking at making changes to. But I want to know how it works for those on the ground who actually have to do the work with it.
I don't think we have a view on the Privacy Commissioner's recommendation. My understanding of the policy responsibility, and I'm working from memory, is that it's partly Treasury Board and the justice department, and of course the Privacy Commissioner has views.
Thank you, Mr. Chair.
Mr. McCowan, returning to where we left off before I finished my round of questioning, is this a problem with the charter? Not problem, I made a poor choice of words. Is this a result of the charter? The problems we're engaged in today, is it as a result of charter guarantees? Correct me if I'm wrong, but the act is new--1991--and the charter came out in 1984. Let me put it to you this way: would we have had these problems in 1974?
My understanding of the situation is that the Privacy Act is basically the operative governing instrument, as much as the Access to Information Act is. There are some relevant charter considerations, but the main frame that's brought to bear on the various questions that have been discussed here this afternoon is the Privacy Act, and to a certain extent and support the Access to Information Act.
The reason I ask that is oftentimes.... I know we were working on a copyright bill, and that's probably going to come forward soon--I belong to a committee that studies that and makes recommendations. Oftentimes we look at other governments. Obviously this isn't something new. We asked you to come because we see a problem here. Have you ever looked at other governments? Have you looked at, for instance, the correctional services in France? France has excellent privacy legislation. How do they deal with it? Are they having the same problems?
What I was going to say was for the policy that's our responsibility, we look at other jurisdictions all the time. If somebody's got a good idea somewhere else in the world, we want to take that idea as quickly as we possibly can. I would imagine in a similar vein, the policy owners of this statute are also looking at other jurisdictions, as indeed I'm sure the Privacy Commissioner is.
Mr. Chair, I think that's something we need to look at too. We should look at the French laws and see....
The reason I say this is I flew with a criminologist, and I'm not.... I think we have more concerns. I think we've opened the can up a little bit. Is this something we're seeing in the courts with organized crime? Are they using this legislation? I guess that's my line of questioning. Is this legislation, this beautiful thing that we have, these rights that we've bestowed on all our citizens...? Are we being played a sucker by criminals, by inmates, by people who are in the courts who need to be charged with crimes?
What I'd say in response is that the legislation gives certain exemptions that allow, for example, for safety and security considerations to be taken into account. Our job, when we get requests, is to make sure we give those exemptions the proper definition. We work in an organization where public safety is job number one, and it's our responsibility to make sure we properly apply exemptions to the requests, wherever they come from.
I have some material downloaded from correctional services. I'm sure this is part of the problem. It talks about male front-line workers paired with female front-line workers. Regarding privacy, are there privacy requests as a result of searches and strip-downs and that sort of thing? If that were the case, don't we have simple solutions, such as in a female institution to stick female guards in there, and in the male institutions stick in male guards? Are there some corrections we could be making that are as simple as that?
I'm not aware of any quick fixes.
Ms. Rooke, certainly feel free to add on in terms of adjustments we could make to our operations that would significantly impact on privacy.
As I say, I think the gist of the majority of the ones we get are from offenders who want to know what's on their file because it's relevant to a variety of decisions that are being taken around them. That's the underlying reality.
You say the majority. Your same web page talks about privileged correspondence and reading correspondence. Are you getting complaints to the Privacy Commissioner about opening mail, for instance?
What about telephone calls? There's another issue here that talks about telephone calls between inmates and members of the public, saying they may be intercepted.
My first question is whether that is illegal. Can't you do that as correctional officers? Wouldn't it be a matter, as you were saying, Ian, of public safety, to listen in to make sure they're not asking relatives to...?
Ms. Rooke, feel free to join in.
I'm not aware of any quick fixes from a correctional perspective that would significantly reduce the number of privacy requests.
With respect to interception of various types of communication, we have a statutory and regulatory frame that governs what we can and can't do in that regard. But if you're looking for the bulk of the requests, it's about inmates and their trying to get access to their files because they want to be informed with respect to the decisions that are going to be taken about them in a variety of ways. That's the bulk.
Just hold my time for a second.
Before we get started, it's pretty warm in here. Could you ask the clerks or somebody to open the windows? I think we're all getting a little hot under the collar.
Unfortunately, they've already looked into that, and we can't.
Let us move on to Mr. Hiebert, please. We only have another thirteen minutes left in the entire meeting. We're adjourning at 5:30, as was put on our notice of meeting.
An hon member: Point of order, Mr. Chair.
The Chair: No.
We haven't started it yet, actually; you haven't said anything.
I just want to remind members that a point of order is not what you use when you want the floor because somebody else has it.
Some hon. members: Hear, hear.
The Chair: There must be a direct point of order that—and I'm going to read this—calls “attention to the departure from the Standing Orders or from the customary manner in which a committee has conducted its proceedings”. That is from Marleau and Montpetit, page 857. I don't want to establish a precedent wherein people just want to interrupt the proceedings with points of order.
Mr. Murphy, you have asked for a point of order. Please state the nature of the point of order before you get into debating it.
That's a question. That is not a point of order.
I'm going to Mr. Hiebert, for five minutes, please.
Thank you, Mr. Chair.
This is my first opportunity to ask a question....
I'm sorry. You probably can't hear me; there are too many people talking.
This is my first opportunity to ask a question, and I want to start by thanking the witnesses for being here today.
I want to begin by asking you this, Mr. McCowan. You mentioned that you've been with Corrections Canada for two years now, and in your opening remarks you stated that you're the assistant commissioner for policy and research. How is that related to the privacy side of Correction Services?
The policy and research sector has a number of different components. One of the components is the access to information and privacy division. It's just a question of how the organization organizes itself. In other government departments, the ATIP division turns up in different areas. Within Corrections Canada, the logical fit for us was within the policy and research group.
All right. That helps me understand things a bit better.
I'm not sure who mentioned—actually, I think it was Ms. Rooke who stated it—that in the past year you have done two privacy impact assessments. Why? What motivation was there to do these assessments? Currently under the Privacy Act it is not required; this is one of the things the Privacy Commissioner is requesting. In fact, she wants all government departments to do this—this is recommendation number 3. I know that Treasury Board has talked about something similar, but I wasn't aware that it was actually required of all departments.
Do you have legislation or regulations that cause you to do these impact assessments, or are you simply doing them from your own sense of responsibility or due diligence? What would be the motivation behind these?
It's Treasury Board policy. We are required to do privacy impact assessments when we start a new program that involves the collection, use, or disclosure of personal information.
Okay.
Are those privacy impact assessments the same in nature as what has been proposed by the Privacy Commissioner, or are they different?
What she's asking for is a PIA, a privacy impact assessment. What you're telling me is that Treasury Board currently requires a privacy impact assessment as a matter of policy. Is she asking for something that's already in place, or do you know if there's a difference between what she has proposed and what Treasury Board guidelines require?
I'm sorry, I'm not in a position to assist. I don't know the background of that particular recommendation.
Do you know if this requirement from Treasury Board has some of the other things that she's asking for, such as a necessity test? Does Treasury Board require a necessity test in terms of determining which information you must review or assess in your privacy impact assessments?
It's not set out as such. What I do know is that Treasury Board is currently, in fact, revisiting all of the ATIP policies, including the PIA policy, and they are developing a new one that will come into effect on April 1, 2009. Whether that will reflect some of the comments of the Privacy Commissioner, I don't know.
In terms of the necessity test, as I understand it, the first recommendation was to create a legislative necessity test that required government institutions to demonstrate the need for the personal information they collect.
We're in a slightly different boat, because we had the section in our statute that I read to you, and that basically outlines what we need to gather in relation to offenders. At least in terms of that portion of our information-gathering exercise, we have been given a code.
No, it's not so much framed as a necessity test. It's just that vis-à-vis offenders, we're told which things we have to gather. Parliament has given us a code of what we need to gather.
So it's in fact a necessity test. You don't have to justify it, because it's there as a requirement.
Okay.
Has Parliament also told you whether or not these inmates have a right to appeal? That's another thing the Privacy Commissioner is asking about.
The reason I'm asking these questions is that if this is already happening in your department, then perhaps it's not necessary for.... Is there a right of appeal?
The process is set out in the Privacy Act, not specific to us, such that if an individual has a problem with it, they can follow a certain recourse that ultimately may lead to the Federal Court, as I understand it.
Order.
Mr. Hiebert, thank you for the good questions with regard to those recommendations. That's an important issue for us.
Mr. Vellacott is our final questioner, for five minutes. Then before we adjourn I would like to make a statement to the members about where we go from here.
Mr. Vellacott.
Thank you very much, Mr. Chair.
In protecting the privacy of inmates and those in corrections facilities when they make a request for information, you also have to be guarded about what information is divulged on other individuals. If there's a denial, and they don't feel happy about that, and there is a complaint that is entered....
In fact, you indicate there are some 3,500 complaints recorded in that database, and 91% are filed because the department did not meet the 30-day statutory time limit. In that kind of second look at it, you bring in the initial person, but who else do you bring in when this complaint is tabled or rendered, or whatever? Who comes in to look at that complaint within Corrections Canada?
It's the Office of the Privacy Commissioner that conducts the investigation, not us, because the complaint is filed with them.
Well, they will notify us of the complaint. They will ask us for a response to the allegations, and they will conduct their investigation, which may include reviewing documents and interviewing witnesses.
But in terms of protecting the privacy of that individual, you will bring in the initial individual and you will get the advice of the more senior personnel as well, in responding to this indication that comes your way? Who will you involve when you're responding to the Privacy Commissioner?
Okay.
One of the recommendations is that she or he have the ability as Privacy Commissioner to refuse and/or discontinue complaints the investigation of which would serve little or no useful purpose, and which would not be in the public interest to pursue.
Can you comment on whether you agree?
I don't think we're in a position to comment. I defer to the Privacy Commissioner, Treasury Board, and Justice Canada on that.
Okay, I understand and accept that.
Is it not the case that those data protection statutes, the important statutes that authorize those oversight bodies to dispense with frivolous or vexatious complaints, to use the term from law, and so on, also provide that oversight body with the authority to make binding decisions subject to appeal?
I'm not familiar, in a global sense, with the various models that exist for administrative decision-making. I'm very familiar with the Federal Court model, but I can't help you with what models might exist elsewhere around this type of administrative decision-making.
Okay.
From your vantage point, again—and I realize you have your own little slice of things here—if so, then should consideration be given to order-making powers for the commissioner if that proposal were enacted into law?
I'm not sure we're in a position to offer an opinion on either whether it's needed or what exact frame it might take if this committee and Parliament decide to frame it. All I can tell you is that if it's put into the Privacy Act, we will certainly operationalize it and make sure it gets full life.
Okay, thank you.
I'm going to have to cut it off there. There are a couple of important matters I need to apprise the committee of.
No, we're finished; the meeting is over. The meeting is going to be over.
I just want to advise the committee that yesterday our regular clerk, Mr. Rumas, had a health incident and had to be taken to hospital, and that's why we have Mr. James Latimer here, who is going to be filling in until Mr. Rumas can return. We also have Miriam, who is also here to assist to make sure that things go smoothly. I just wanted you to know why Mr. Rumas wasn't here.
Flowing from that, you may have read in the papers today that Mr. Pratte, who is Mr. Mulroney's lawyer, did respond to Mr. Rumas with regard to our request for him to appear. You have been sent electronically, and I think it's before you now, the indication from Mr. Pratte, the lawyer, and my response, which I sent last evening. We don't have time to discuss anything further on that particular initiative. I'm told that we may be hearing of some developments very soon.
Unfortunately, we've been unable to get to the subject matter of the second half of our meeting, Mr. Hubbard's motion, but what I'm proposing is that we will continue this meeting, its agenda, at the start of the meeting on Tuesday as the first thing. We will also probably have an update for members with regard to Mr. Mulroney, and then the members may want to give some input on where we would go from there.
No witnesses have been scheduled for Tuesday. We were going to have Madam Stoddart, as you recall, but she has indicated she is not available that day, so we are going to start immediately with debate on Mr. Hubbard's motion. It is pursuant to the committee's order of June 3, resuming debate on the motion of Mr. Hubbard, which has already been moved. Debate was called, but the meeting was over.
That being said, this is our thinking, and I'll be consulting with the members should any developments arise on which I have to make some decisions in the interim, because I want all parties to be aware and part of whatever decisions we take.
Thank you.
We're adjourned.