Skip to main content Start of content

ETHI Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content






Standing Committee on Access to Information, Privacy and Ethics


NUMBER 011 
l
1st SESSION 
l
42nd PARLIAMENT 

EVIDENCE

Tuesday, May 3, 2016

[Recorded by Electronic Apparatus]

  (0845)  

[English]

     Good morning, colleagues. We have a very important meeting ahead of us today. Pursuant to Standing Order 81(4), we have the main estimates, vote 1 and so on, that we have to get through.
    For those of you who are new to this, it is a parliamentary procedure that we must do in order to approve funding for various departments and agencies, and this committee is responsible for the various commissioners and their offices.
     We're very glad to have with us this morning Mr. Therrien, the Privacy Commissioner, who is here again, for I think the third time since this committee resumed after the last election.
    Commissioner, I'll get you to introduce Mr. Nadeau and Ms. Kosseim as we go on.
    Colleagues, at some point today we might have to take some time for committee business. What I would suggest is that we do about 50 minutes with each commissioner, if that's okay, and leave about 15 or 20 minutes at the end in order to deal with committee business.
     If we do 50 minutes with each commissioner, that should work, as long as the other commissioner comes 10 minutes early. We can let Ms. Dawson know that.
    We'll turn it over to you, Commissioner. Give us your opening remarks on the estimates and let us know what's going on. Then we'll move to questions. Thank you, and welcome.

[Translation]

    I am very pleased to be here again, this time, to talk about our office's main estimates. With me today are Daniel Nadeau, our chief financial officer, and Patricia Kosseim, senior general counsel and director general, legal services, policy and research.
    In my allotted time, I will discuss the technological evolution of the digital economy and its impact on privacy; our plans for the year ahead; and the challenges we face going forward given our current level of funding.
    As you may know, our funding has remained stable in recent years at approximately $25 million annually, and no increase is expected in the near future. Yet our investigations workload is increasing and we have a number of new responsibilities relating to advances in technology.
    The digital economy is evolving quickly as a result of constant technological innovation. This is a reality that affects many government regulators. This trend, however, has had a disproportionate, indeed revolutionary, impact on the field of privacy. When the Privacy Act came into force in 1983, computers were not mainstream. When the Personal Information Protection and Electronic Documents Act came into force in 2001, Facebook did not even exist.
    Smart phones, cloud computing, big data and the Internet of Things, to name but a few data-rich technologies, all raise significant and highly complex privacy issues. Keeping up with all these changes has been a real struggle.
    Despite its limited resources, my office has nonetheless effected much positive change for Canadians. Through sound management practices, we have optimized our resources and restructured our activities. Even though this has allowed us to realize significant efficiencies, we are unable to keep pace with demand. For example, despite our best efforts, by the end of fiscal 2014-15, a total of 291 out of an inventory of 759 active Privacy Act files were already more than a year old. In other words, 38% of complainants had not received a reply a year after filing a complaint. Our surveys show that 90% of Canadians feel they are losing control of their personal information. They expect to be better protected.
    Turning to the year ahead, technology allows businesses and governments to collect and analyze exponentially greater quantities of information. But with great reward comes great risk. I am referring to government and corporate surveillance and massive data breaches, which occur on a regular basis.
    As you know, breach reports to my office are growing year over year, particularly since 2014, when federal government reporting of material breaches was deemed mandatory under Treasury Board policy. Moreover, Bill S-4, An Act to amend the Personal Information Protection and Electronic Documents Act and to make a consequential amendment to another Act, known as the Digital Privacy Act, will soon make reporting by private organizations a legal obligation. Unfortunately, we have not received any additional funding to address these new responsibilities.
    At this time, we are only able to cursorily review, advise, and follow up on all but a few of the breach reports we receive. We expect this problem to continue in the years ahead.
    The increased complexity of Privacy Act investigations, owing to technology and the interconnectedness of government programs, is also putting added pressure on our compliance activities, with the result that too many are not completed in a timely way.
    That being said, looking ahead, my office will try to confront these realities head-on as we embark on a number of ambitious initiatives related to the new privacy priorities, which I've spoken to you about before.

  (0850)  

[English]

     As part of our government surveillance priority, we are carefully reviewing how information-sharing is occurring between federal institutions for the purposes of national security following the passage of Bill C-51, the Anti-terrorism Act, 2015. We hope our review will inform the upcoming public debate on how to amend that legislation.
     In keeping with our reputation and privacy priority, we are consulting widely on matters related to online reputation as we work to establish a position on such things as the “right to be forgotten” in the Canadian context.
    Under our economics of personal information priority, we are examining the current consent model, the efficacy and even viability of which many are now questioning in the context of modern technologies. Our aim there is to identify potential improvements, to implement those that fall within our legal framework, and to recommend legislative changes where necessary.
    We will also offer new guidance to businesses and individuals on privacy protection, paying special attention to small and medium-sized businesses, as well as vulnerable groups such as children and seniors.
    We also look forward to working with Parliament in the year ahead to update the Privacy Act.
    That Canadians would feel uninformed about their privacy rights and not able to control their personal information is hardly surprising given the speed and breadth of technological change. In my view, improving public education and regulatory protection through OPC guidance and industry codes of practice, in addition to completing investigations in a timely way, are all critical to meeting public expectations and maintaining trust in the digital economy.
    For example, we've been unable to fulfill our statutory role to encourage private sector organizations to develop industry codes of practice. We would also like to be able to offer timely guidance to Canadians on fundamental issues such as big data and the Internet of things. We're also concerned about our ability to invest in key public education tools, such as the web, and in drawing the public towards these tools to help address privacy knowledge gaps amongst Canadians.
    Furthermore, it is critical that we increase our capacity to monitor and research technology in order to better understand how it affects privacy, and that we promote privacy-enhancing technologies.
    In closing, it is clear that technology has fundamentally changed the privacy landscape, and for us as a regulator, it is imperative that we stay ahead of these changes. I'm confident that the strategic priorities we have chosen position us well for this task. Still, new regulatory responsibilities and an ever-growing investigative workload have added to expectations of my office. Ensuring we can continue to provide Canadians with the level of privacy protection they expect while also maintaining their trust in government and the digital economy remains our primary goal, but it is one that is increasingly challenging to achieve, given our current funding levels.
     I would, therefore, welcome a discussion on whether additional funding for my office would be appropriate to do what is expected of us by organizations, by Canadians, and of course, by Parliament.
    I look forward to your questions.
    Thank you.
    Thank you very much.
    We will start with Mr. Erskine-Smith.

  (0855)  

    I don't know if I have a full seven minutes, but I'd be happy to start.
    Thanks very much. You've listed a number of items you wish you could do. I don't see an estimated cost. Presumably you can't do those extra items under the existing budget. I think the proposed budget for this coming year is the same as the budget you had.
    Is there an estimated cost for the wish list of items you have at the end here?
    In our view it would be in the order of $4 million to $5 million.
    I note that in your comments there are a number of active privacy files already more than a year old. There's obviously a bit of a backlog. Is there an estimate of what costs there might be to complete that backlog to catch us up to date?
    On that particular aspect, it would be around or under $1 million. The things we would like to achieve that we feel we cannot achieve under the current budget can be divided in part into investigative activities, including analysis of breach notifications. That would be around $1 million. Then there is policy working with industry to develop clearer, more detailed codes of practice and developing more guidance ourselves, as well as some public education tools.
    Overall we're talking about $4 million to $5 million, including about $1 million in investigative or compliance activity.
     The $4 million to $5 million at the outset, to my first question, would include catching up the backlog. Is that right?
    Yes.
    Okay. Perfect.
    You mentioned Bill C-51. We don't know what the amendments will be, if any, to the previous legislation, but at one point the previous Liberal caucus had proposed a review of the sharing provisions every year, that there would be an annual report to Parliament from your office.
    I'd be interested to know, have you turned your mind at all to what costs that might impose upon your office?
    As you know, we are proceeding with a review of how Bill C-51 is being implemented under current funding. I think that this is a priority area, but there may be limits to how broad that review would be.
    With additional money we would be able to look at the practice of more departments, but we're going to do a review of certain departments with current funding.
    We've estimated that with roughly half a million dollars we could review a sizable number of departments in terms of their practice. My answer to your question would be we're doing the best we can with the current funding and we will do a kind of report similar to what was envisaged, but with relatively few departments in scope, to do—
    Is there a percentage of those departments that you would be looking at?
    As I indicated at a previous meeting, we've sent a survey to all departments to determine exactly where best to focus our efforts. We're still at the point of analyzing how many of these departments we will look at. But clearly, with no funding it's going to be a handful of departments. Again, with more funding we would be able to do a more thorough job for more departments.
    For the purposes of our knowledge, do you have a sense of when that review will be completed?
    It's going to probably take two years or so. This fall I intend to make public the results of our initial survey to departments, so that will give a certain sense of how Bill C-51 is being applied on the ground, but there will not be much in-depth analysis of the types of information because we're not there. That will likely be for the next phase.
    You've set out in general terms where your office is at. Obviously, the budget looks to be relatively unchanged, $22 million or so operating budget. Perhaps, for the purposes of those of us who are less familiar with how that $22 million gets used, can you walk us through some of the line items and where you see there are going to be changes from last year to this year in terms of how that $22 million gets spent?
    Sure. As I said, the budget is around $25 million. It's $24.5 million in total, $22 million requiring approval by Parliament and another $2.5 million representing statutory forecasts for employee benefits that do not require additional approval by Parliament.
    Of that amount of $24.5 million, around 69% is spent on personnel and 29% on operating expenditures. There is 2% of the budget which is spent on a contribution program for which we're responsible.
    In terms of broad activities within the office, compliance activities—that would be investigations under the private and public sector laws and the audit and review group responsible for the C-51 review that we're undertaking—that represents roughly 46% of the budget.
    Research and policy development represents roughly 14% of the budget. Public education and outreach, 10%, and internal services, 30%.

  (0900)  

    My last question is with respect to the backlog. Obviously, there are a number of priorities, but when you have that backlog growing and our experience on the access to information side is that it appears there is an even more worrisome backlog, is there any opportunity within the existing budget to move resources around and clear out that backlog, or is it your view you simply need more resources, period?
    We've done quite a bit and we have tried to address the backlog. For instance, on the productivity of our investigative group looking at cases under the Privacy Act, the public sector, their productivity has doubled in the past five years through various means, by trying to resolve more cases through early resolution, by focusing on the investigations of greater risk. Through a number of means, then, in the past five years we have doubled our productivity, yet we still have that backlog. We are continually trying to attack that issue, but I think there's a limit to what we can do.
    Thank you very much.
    Mr. Jeneroux for seven minutes, please.
    Thank you, all three of you, for being here again today.
    To continue on the line of Mr. Erskine-Smith's questioning, really, the theme that I got throughout your presentation was that technology is the main driver of a lot of the backlog or delay, highlighting things like Facebook and going back to 1983 or 1984, I think you mentioned. How does approving this budget get you one step closer to catching up to technology?
    It seems like we would constantly be behind the pace that technology develops. However, is there something here that gets you closer to the backlog? Is there something that gets you almost ahead of the game in some respect? I'm looking at not just your one-year vision, but maybe your five-year to ten-year vision on how you can do this so you can best mitigate a backlog now but also going forward.
    I would start with the issue of the backlog in the investigation of complaints as part of our workload generally. I've explained how, through various measures, we have succeeded in doubling our productivity. What I have to do also is devote sufficient resources to investigations and increasing productivity, but I also have a mandate to promote understanding of privacy, which includes guidance, public education, and so forth. Frankly, with the increase in the number of complaints in recent years, the share of the work the office devoted to investigations has increased proportionately, and I have a statutory obligation to respond to complaints. That's okay, but there's a cost to that. The cost is that we're able, proportionately, to spend less time on public education and guidance. We have not been able to work with industry sectors to develop codes of practice.
    I think that when you look at statistics around the fact that 90% or so of the population constantly say that they are highly concerned with privacy, and the majority, not surprisingly, of the population feel that they do not understand privacy issues, then we need to spend time on investigations, closing the backlog, and giving service to Canadians in that respect, but we also need to do a better job of informing the public and companies of their rights and obligations under privacy legislation. I need to find the right balance in all of this.

  (0905)  

    Along with that, then, if I'm reading the main estimates on page 210 correctly—and granted, these are my first estimates here, like many around the table—it reads that the public outreach in the estimates was around $3.1 million last year, and only $2.5 million of that was spent, indicating that you need to do a better job of getting that message out there, or that there needs to be more money. Again, if I'm reading this correctly, there's enough money for that. However, if it wasn't being used.... That's what I'm getting at.
    I'll ask my colleague Daniel Nadeau to explain the difference between the $3.3 million and $2.4 million. What may be at play is this question that public education is a statutory responsibility, but if we have complainants, they need to be heeded. There may be a transfer of funds. That's certainly what I see at the macro level in the activities of the office, that certain activities on the more proactive side, public education and policy, have been diverted or reassigned to investigations in the past few years because we don't want people to wait too long for the outcome of their complaints.
    Do you have anything to add?
     I'm guessing you're looking at the main estimates, and I have a caution there. You're looking at expenditures from the main estimates of 2014-15, 2015-16, and 2016-17. The numbers fluctuate. But the caution is that a different methodology has been imposed on us by Treasury Board in how we account for internal services. It may mean that the figures have changed, but in real terms I think what the commissioner has just described is what we're facing.
    Okay.
    Could you touch on the increase of $125,000 at the end of the term transferred to CRTC. Elaborate a bit on that, just so I'm clear.
    When CASL was adopted, we reached an agreement with the CRTC to fund the equivalent of one person, one employee, for intelligence and analysis leading to certain enforcement activities under CASL. After implementation of this new legislation, we thought that this resource should be used internally, as opposed to within the CRTC, so we recuperated the equivalent of $125,000.
    All right, good.
    We'll move on to Mr. Blaikie.
    Thank you for coming back to the committee.
     We've talked a bit about the backlog already, so I don't want to belabour it. You mentioned that complaints have been on the increase. Do you anticipate that the number of complaints will continue to increase? What do you think this would mean for the percentage of your budget allocated to investigation?
    If you look at the complaints made over the past five years under the Privacy Act, the public sector law, the number has quadrupled. This includes two phenomena for which we have generic approaches: individuals who make a large number of complaints, and issues that result in a large number of complaints made by several individuals.
    If you discount these two factors, which we manage differently, the increase is still sizable, around 40% to 50% over the past five years. The workload has increased significantly. We've dealt with it, in part, through reallocation from other sectors and preventive activities. We've also undertaken a rigorous examination of our procedures. We have used more early resolution, fewer cases with full complaints but still leading to a good resolution for complainants. We're constantly looking at our processes.
    We will continue to do that with or without new funding. We've been able to double production in the past five years, so there may be some productivity gains. At some point, however, I think we're going to hit a wall.

  (0910)  

    How many of the current complaints are for the public sector and how many are for the private sector? What's the breakdown?
    There are more complaints for the public sector law than for the private sector. For the public sector, it's over 1,000 per year; for the private sector, it's in the hundreds per year.
    My understanding is that with Bill S-4 you'll be anticipating an increase in the number of investigations relating to the private sector. Is that right?
    Yes.
    Can you give us a concrete example of complaints that aren't being addressed in a timely fashion? What would be an example of the kinds of complaints sitting in the backlog right now? What kinds of issues are not being addressed because you don't have adequate resources?
     The complaints that tend to take longer are obviously the most complex ones, and that too is related to technological change. In the public sector, a trend in the past few years has been that with technology it's easier for departments to share information, and they manage information in a horizontal way now, as opposed to in a silo.
     That leads to questions around whether the information is being shared by departments appropriately, legally under the privacy legislation, and so on and so forth. You see that in national security, but also in border management or in other social programs. Information is shared more and more.
    It is these kinds of issues that take longer to investigate, as opposed to the more transactional complaints, where an individual wants access to his or her file in a given department. That, we can do fairly quickly, but the more complex, systemic types of investigations take longer.
    If you had the resources and time to be able to pursue the project of developing industry codes of practice, what could Canadians expect to see as a kind of tangible benefit from that in their everyday lives? What could they hope to gain by having those codes in place?
    I would start with the statistic I gave you, which is that 90% of Canadians are very concerned about their privacy protection, and the majority of Canadians do not know what their rights are. There are many reasons for this, including the fact that privacy policies of companies, as all of us have had the occasion to read or not read, are long, complex, and not very informative. What is a consumer to do about reading this kind of information? People do not understand what happens to their information; they click without knowing what happens to their information.
    With a code of practice in a given sector, in the insurance sector, say, or the banking sector, the tangible impact would be that consumers as a class would be better informed in a given sector about what generally happens to their information in the industry in question. It would address directly the gap in knowledge of consumers, which perhaps might lead to greater trust by consumers in the industry in question.

  (0915)  

    That's great. Thank you very much.
    I want to get one bit of clarification before I move to Mr. Bratina, if that's okay.
    Mr. Therrien, I believe you responded to Mr. Blaikie's question about where the bulk of your work lies. I believe that in your original answer you said that more of your work lies with the private sector, not the public sector, but when you gave us the numbers, it seemed to be that the public sector was larger and was more work than the private sector.
    In numbers, there are many more investigations in the public sector than in the private sector. The actual numbers in the recent year were 1,700 complaints under the Privacy Act in the public sector, and 309 under PIPEDA in the private sector.
    Right, so you have more complaints under the public sector—
    Mr. Daniel Therrien: Yes.
    The Chair: —but there's more work under the private sector.
    No. I'm sorry for the confusion. There are more complaints under the public sector. Therefore, there are more investigations in the public sector.
    Are the growth and demand coming more from the private sector or from the public sector?
    In both. It's actually both.
    They're about the same? They're tracking evenly?
    Yes.
    Thank you for that clarification.
    Mr. Bratina, please.
    Thanks very much for joining us today.
     There is a statement in your comments that to me really stands out, which is, “Unfortunately, our lack of funding for these activities is adversely impacting our ability to effectively deal with breaches.” How serious a problem is that in terms of court actions and so on? For instance, how many of the investigations actually lead to court actions?
     Also, would you comment on how many of the breaches would be criminal in nature versus somebody throwing into the garbage a bag that happens to have in it all of the information of the Privacy Commissioner or members of Parliament?
     Could you comment on the seriousness of this inability to effectively deal with breaches?
     Sure. I would start with the fact that very few of these cases lead to court action. I'll distinguish between the public and the private sector again.
    Under the public sector rules, there is now a directive from the Treasury Board that mandates departments to notify my office and the Treasury Board when there is a significant or material breach in a department. We've not been funded to do that work, so we had to reallocate from other places. Essentially there is one person in the office who deals with these cases.
    We receive reports from departments. In the public sector there are roughly 300 of these breach notifications every year. There is one person to review these reports at the office. We look at what the department tells us in terms of the nature and the potential impact of the breach. We give some advice, but with few resources the examination is relatively superficial.
    On the private sector side, there is no obligation at this point for companies to notify us. Some companies notify us voluntarily. Under Bill S-4, which was adopted by Parliament last year, when regulations are adopted, there will be a legal obligation for companies to notify us, but again, there will be no funding. We're talking about hundreds of notifications per year given to our office. We have one person on the public sector side and one on the private sector side to look at these. By necessity we review fairly superficially what the departments tell us or what the companies tell us.
    To add to this, as you know, there are other statistics out there that suggest there are many more breaches than those our office is actually notified about.
    I think the issue of breaches is a significant problem. We do what we can with these two people who are devoted to these analyses. Given the importance of the issue of breaches, it's a concern for me that we have as few resources as we do to devote to these issues.

  (0920)  

    To continue on with regard to resources, are you aware of new technologies coming online that would be useful to you? Do you have resources to evaluate, within the government, the kinds of technologies that might make the job easier, strictly in terms of technology? Obviously it sounds as though you're short-staffed in terms of examining these breaches. Are you aware of any technologies that you would consider if you had the budget to do so?
    We actually have a technological lab comprising four or five people all together, but they serve the office generally. For breaches there are one or two technologists who spend time on the analysis of these breaches, so we're not without capacity on the technological side.
     But these technologists serve for breach analyses as well as for other investigations, policy work, guidance, etc. At the end of the day, we do give guidance to departments and companies. Among the advice we give is to make better use of technology. Encryption is an important part of the protection that companies and departments can use. So we're not without capacity altogether, but as we know, people are concerned about breaches, which we hear about almost on a daily basis, in either the private or the public sector. We have the capacity we have, which I think is too little.
    With regard to the $4 million or $5 million that you suggested—and I know it's kind of a ballpark, blue sky figure—would you be able to prioritize within that envelope of funding what you would take first, second, and third? Is that something that would be helpful to us in terms of a priority for future needs or immediate needs that have to be addressed? Would there be a priority list?
     It's not a ballpark figure. We've done a bit of analysis leading to that number. It's difficult to give an answer on priority but if you define the activities as point one, reducing backlogs and compliance work generally; point two, policy guidance including working with industry to develop industry code of practice; point three, public education, the first two would be a priority but it would be a shame because Canadians deserve to be better informed. If I had to choose, I would put public education in the third category.
    I appreciate the comment on how you arrived at that number. We tend to blue sky a lot of things. That's very helpful, thanks very much.
    Mr. Kelly, please.
    I want to return to part of your answer to Mr. Erskine-Smith's question when he asked about the line-by-line breakdown on the budget. You mentioned 30% of the budget going to internal services. I see that broken out here. Can you elaborate on how that fairly large item within your budget breaks down? What are some of the major and perhaps minor items that fall under that roughly 30%?
    I'll ask Mr. Nadeau to give the breakdown of the proportion within that range of activities. Thirty per cent for internal services may seem high, but you have to look at this issue in context. First of all, it's less than other agents of Parliament by and large and other small organizations. Thirty per cent may be higher than what you would see in a larger department but as a small organization, we're subject to the same reporting and oversight activities including an external audit committee, the comptroller general, etc.
    We have the same reporting obligations and because we're smaller in proportion, it takes more people to deliver. I'm not suggesting for one minute that there should be less oversight or reporting, it's a very good thing but the price to pay for that when you're a small organization is that proportionately, you're going to spend more time on these issues.
    Mr. Nadeau.

  (0925)  

    In the breakdown, if you want, by type of activity, you'll find informatics, IMT, information management and technology; the bulk of the money is there. You'll also find your typical sections or functions such as finance, human resources, strategic planning, and there's also the management overhead of the organization.
    We follow the methodology provided to us by central agency to be able to report similarly from one organization to the other. One of the cautions I would bring to that is that what you'll find in this reporting methodology in smaller organizations is that the costs are often highly centralized as opposed to larger organizations where some of these things are decentralized. You may find in a larger organization a human resource advisory function, a financial advisory function that is within the programs; a number of expenditures related to your IT is within the programs. Whereas for our organization, for efficiency reasons, we centralize all these things within internal services, which might explain the figure of 30%.
    I understand fully what you're saying about the obligations and responsibilities of your organization, the burden this puts on you when you are a small organization. It immediately led me to think of some of the suggestions that other witnesses have brought forward about combining the offices of Privacy and Access to Information. They would probably give us a similar response to how internal services take up a significant portion of their budget.
    Would the combining of the two offices allow for cost savings in internal services that could be put into investigative activity or responding to the backlog of complaints or other activities that are really important?
     That's a very good question. We haven't looked at this in exactly these terms, but over the past few years we have done a lot of work in trying to merge certain functions or have common services with other agents of Parliament. For instance, many of us are now housed in the same building, and we share certain services like libraries, and so on and so forth.
     We haven't looked at this in the context of a merger of internal services with the Information Commissioner, per se. We've looked at it more broadly with other agents of Parliament. There's been quite a lot of progress there, but we have not looked at this issue specifically. It's possible that there might be some savings. We've gone in a similar area in looking at this from an agents of Parliament perspective, so we think we've gained a lot of that efficiency already.
     If necessary, we could look at this question.
    Thank you.
    Mr. Long.
    Thanks for coming, and it's good to see you again.
    My background is business. I've run many businesses, and the budgeting process is something we go through as business owners every year. Certainly, with respect to my hockey team, the budget process had many layers. Whether it was physiotherapy, equipment, game night, sponsorship, or sales, they would all come back to me with their own budgets. Then there would certainly be a budget review period.
    Again, I'm a proud Liberal, but I'm certainly fiscally conservative.

  (0930)  

    You should come over here.
    No, thanks.
     That being said, the budgeting process is very important, obviously, and it needs to be challenged. As the leader of my organization, I did a lot of challenging of that budget.
    There have been great questions today about different things you want and don't want. We talked about technology. But I'm more interested in the budgeting process you go through as a leader of your organization: how you come up with it, how you challenge it, and most important, how personally and directly involved you are in the process.
    We have, I think, quite a rigorous process leading to the conclusion of our annual budgets. I am personally involved in these various steps.
    It starts with defining the corporate priorities of the organization. There's a discussion among managers several months before the beginning of a fiscal year. There are the strategic priorities that you know about, the four that I've mentioned. Every year there is a series of more administrative operational types of corporate priorities that are set for the organization. We discuss that as a group. I'm involved personally and I approve the corporate commitments or priorities. Then, once that is done, that leads the various branches to align their priorities, activities, and budget.
     There is a discussion around this time of year to make sure that the budget asked for by each branch is aligned to our priorities. That, too, is discussed as a group, but I decide at the end of the day, based on fairly rigorous discussions, how much each branch will be allocated.
     As well, there is a central reserve that we allocate, based on the priorities of the day.
    So, there is a challenge back. There is a process where you will challenge back people's budgets asking for increases.
    Yes.
    Raj, you have a couple of minutes.
    Thank you very much for coming here.
    I have two questions. The first one is to Mr. Nadeau.
    Bringing up the topic of internal services, I noticed here in the strategic outcome and program section that your 2014-15 expenditure was $7.99 million. Then in 2015-16 it went to $5.7 million. Then the 2016-17 main estimate is back to $7.3 million. Can you explain the discrepancy as to why the money went down?
     As mentioned earlier, there was a significant change in the methodology to account for internal services within the federal government. Treasury Board Secretariat issued guidelines on what should be seen within any internal service program activity, which has led to a shift over the years, so that explains partly that.
    Another explanation is that 2014-15 was the tail end of the Office of the Privacy Commissioner's move. We moved our offices from downtown Ottawa to downtown Gatineau. As a result of that, at the tail end of this, there was a bit more internal services expenditures to account for the move, which was a corporate expense. That explains the fluctuations over the years.
    You expect your expenditure to be roughly the same as 2014-15, around $7 million.
    Yes, again because of the change in methodologies.
    Mr. Therrien, I have a question for you. Being a former small-business owner, over the last 21 years we didn't get much advice on privacy protection. The only advice I received as a pharmacist was that there would be privacy protection under the concept of medical privacy. You said part of what you would like to do is provide new guidance for small business enterprises. What kind of guidance would you provide, or what do you think that sort of outreach would be?

  (0935)  

    It will depend a lot on our consultations with the organizations in question. One thing we've launched in the past year is the consultation process with small and medium-sized businesses. We've approached a number of these sectors to start a conversation. We have an idea in terms of the investigations we conduct following complaints. That gives us an idea of the types of issues and the types of sectors that would benefit from guidance.
    The accommodation sector, for instance, is one we're focusing on. Investigations give us a hint, but we also want to talk to these sectors so our advice is concrete, practical, tangible, and meets the reality on the ground. That's the stage we're at currently.
    We can come back to you, Mr. Saini, if you have some more questions.
    It's now time for Mr. Jeneroux, for up to five minutes, please.
    Going back to some comments you said earlier about finding efficiencies between the agents of Parliament, I know in the public side certain departments have moved to shared services in doing a lot of similar IT, purchasing of pens, or—I'm not sure what goes into that amount of detail—participating in a bulk buying model. Have you guys gone into that much detail in terms of having one IT supplier for all of you, and one guy who comes in and fixes the fax machine for all of you?
    I'll start, and I'll ask Daniel Nadeau to complete the answer.
    We have arrangements with different agents of Parliament on different issues. With IT, we have certain arrangements with certain colleagues, and on other things we have other arrangements with other colleagues. We have these discussions all the time, and when we think bilaterally or collectively that there is an efficiency to be gained, we try to implement that.
    I'll let Mr. Nadeau finish.
     I would add that we share things on three levels. One level is from a facilities perspective. The second level is from a systems perspective. The third level is from a knowledge perspective.
    On the knowledge side, as agents of Parliament, we get together at minimum on a monthly basis. As CFOs, for example, we have a conversation on a monthly basis as to what is going on, what the areas are where we could share certain things, either intelligence or resources, and things of this sort. There is an ongoing conversation at that level, which is quite useful.
    On the facilities side, as the Commissioner mentioned earlier, two years ago four of us, four of the seven agents, moved into the same building. We have started sharing a number of things, whether a common mailroom, a common knowledge centre, or a library. We share boardrooms, for example. There are a number of things we share from a facility perspective.
    From a systems perspective, again, we are always looking for efficiencies that can be made. We share the same financial system with the Office of the Information Commissioner. There are a lot of conversations that happen at that level.
    We are web-hosting the platform for the Lobbying Commissioner, whom you will be talking to shortly as part of these sessions, I am guessing. We are always on the lookout for things that may be beneficial for the organization.
    When we look at these things, I would say that our lens is threefold. First, are there cost savings to be made? Second, can we improve the services to one another? Third, can we reduce our exposure risk? Again, it is not easy having a small amount of resources dedicated to some of these key functions.
    Often what we'll find is that the service level will improve or the risk will be reduced as a result of that. Cost savings, not so much...but as a result of it often we are better served, or we can at least have a decent level of service for our clients within our respective organizations.
    Does that also include a staffing perspective? I apologize; I haven't been to your facility. Is there a front desk person who answers the door for everybody? Is there a common IT person? Have you gotten into that level?

  (0940)  

    In some aspects.... For example, on the IT side, our premises are shared with the Office of the Official Languages Commissioner. The IT folks for both organizations are sitting together. They share best practices, tools that we buy, and so on. There is always a conversation going on at that level.
    Another example, which I didn't use, is that we share, with the same organization, the same regional office location, within the Toronto area. We have an office in the greater Toronto area, and so does OCOL. We are within the same area.
    On security measures, for example, when you get into our building, there are a number of things that are shared from a security perspective with the other agents.
    We are constantly looking at that to see if we can make our dollars go a little further and to make sure, as you said earlier, that we can reinvest them on the program side.
    Thank you.
    I think Mr. Saini wanted to follow up some more.
    Now with Bill S-4, you are going to have more reporting, breach reporting, that will come from the private sector.
    Just for those of us who are not well-informed of the protocol, just so we understand where the resources should be allocated, can you give us a very brief overview of the way a breach flows thorough the system once it is reported, so we know what components are involved in assessing that breach?
    The notice that we currently receive voluntarily, which will be mandatory once Bill S-4 comes into force, comes into our PIPEDA investigation group. There is one person who receives these notices. In the notice from the organization, the company describes certain facts and tries to assess the impact. We review that. We give advice to the company.
    When the case is particularly of concern, as we have seen in some cases, we can actually start an investigation, which is in the broader group of investigators within the PIPEDA group.
    The vast majority of breaches will lead simply to reading the report given to us by the company in question and giving advice—or not, depending on the situation. In a minority of cases, a full investigation will occur.
     Is that the same as in the public sector?
    Roughly, yes.
    What are the repercussions? Are there criminal charges that could be laid at the end of it? Or is it just more advice and strategic advice to the company or the organization on how to correct the situation?
    It's strategic and operational advice on how to mitigate and try to reduce this type of occurrence. If we saw what looked to us to be criminal activity, we would report it to the police but we would not investigate ourselves.
    Thank you.
    I don't see any other questions coming from the committee. We have a few minutes left.
    Is it okay with the committee if I ask a few questions?
    Some hon. members: Agreed.
    The Chair: One of the things that always piqued my curiosity, Mr. Commissioner, in the 10 years that I've been sitting around these committee tables is when we're dealing with internal services.
    I'm going to ask you some questions about internal services. It's $8 million to support $17.5 million worth of activities. From the information I have in front of me, I can't drill down, so can somebody drill down for me and tell me exactly what kinds of things internal services would be?
    I'll ballpark these figures here. You have about $3 million that will be for the IM and IT components of the organization.
    I'll just qualify. Earlier I said we centralize a number of functions. From an IT perspective, for example, we have tools and applications internally that service our programs. We have staff who support the delivery of these tools to make sure that the investigators have them. These work directly with the programs. For example, on the information management side, you'll have people who will receive all the complaints. They will handle them by scanning them and putting them into the system. Those are overhead costs but they are still part of the program.

  (0945)  

    It's not part of the compliance stuff?
    No, but it's sitting in internal services basically.
    We're looking at about $3 million of folks there. Part of it is true corporate and part of it is program-related.
    As well, you'll have about $1 million that's dedicated to the financial function. I'll remind you that as a small organization and as an agent of Parliament we are audited by the Auditor General of Canada, which is unlike other smaller organizations. Because we're independent and autonomous it's part of the oversight of the organization, so we need to have strict and rigorous financial controls. I'm not saying that other small organizations don't have them. It's about $1 million from a finance perspective. You'll have as well about $0.5 million for strategic planning, audit, evaluation, and performance measurement. On that, again, as a small organization and an agent of Parliament, we have an audit committee that is made up of external members. That's part of the oversight of being a small organization. We have costs related to that that other small organizations do not have.
    We'll have the oversight and management of the organization that's going to be about $1 million. This will include things like access to information, for example. It will also include the commissioner's office and things of this sort, the assistant commissioner, and so on. From memory I think we're around—
    You're at $5.5 million right now.
    Yes, $5.5 million.
    There is all the administrative side of things as well as security. That's about $0.5 million.
     What do you mean by “administrative”?
    We have on-site a number of functions that will include, for example, staff for health and safety, staff who will handle the day-to-day administration, facilities, management, and things of this sort.
    It's just running the building and looking after things.
    Yes.
    What do you have for human resources?
    Thank you. I knew I was missing one.
    We have about $1 million for the human resource budget.
    One of the things that we do, again, is we centralize the training budget within the organization, which again shows up in internal services, but it would probably be better reflected within the programs. Everybody has a small amount of money, about $1,500 per person, for training for any given year.
    That accounts for about $7 million.
     That's close. In the estimates, your mains for 2015-16 were only about $5.7 million, and your mains for 2016-17 are $7.3 million, so we're close.
    I've just got a question for you on HR. What's your ratio of employees to HR staff, do you know?
    We have about nine staff within the HR unit for about 185—
    Mr. Daniel Therrien: Two hundred now.
    Mr. Daniel Nadeau: Yes, so about 5% of our staff is HR.
    What's that ratio?
    It's 20:1.
    It's 20:1. You're aware that the private sector does that at about 50:1, right?
    Again, it's a small organization, and there are a number of oversight functions. Some of the staff is dedicated to just reporting to central agencies on a number of our performance items during the year, so we have to consider that. We have a staff that looks after pay as well. We still have pay within our office. Some others have pay that's handled centrally by Miramichi. Once you account for all these things, I think that brings the ratio a little closer to what the private sector may have.
    Okay, I appreciate that.
    Mr. Therrien.
    You're rightly focusing on internal services. I can tell you that I have also focused quite a bit of questioning on internal services myself.
    I would say two or three things. One, remember we're a small organization. In terms of IMIT, which is a big part of the internal services budget, about $3 million, one may ask if there would be efficiencies with Shared Services. We have had some conversations with them, and all of these conversations have led both parties to think that there would be no savings from that perspective.
    We have referred a number of times this morning to the external audit committee. If you want to pursue the question of possible savings and whether we're doing all the right internal services, I would encourage you to speak to the external audit committee independent advisers on financial management within the OPC.

  (0950)  

    All right, I appreciate that. That's good advice.
    I have a few more things that I want to get off my chest.
    I'll just leave with the one quote that I've left many different times. I'm sure you all know who Oscar Wilde is, and one of my favourite quotes of all time is, “The bureaucracy is expanding to meet the needs of the expanding bureaucracy”. It sounds to me like the Shared Services and the internal services are doing as well as can be expected. I'm hoping that we can find that.
    Mr. Blaikie, I'll get to you before we go. I think you have one more question.
     One thing I'll leave you with, and one thing that I can't believe didn't come up in this committee, is that we've been hearing from virtually every province that they have actually a dual role between the privacy commissioner and the information commissioner. When we take a look at the fact that your budget is rolled in with the Information Commissioner's and we have internal services for both organizations and so on, we've never had that conversation. I know it probably isn't a comfortable conversation, but I know it's probably one that's going to come up at some point in time as a conversation. I have no idea what the government of the day is going to do on that, but it would have nice to have some time to pursue that.
    Mr. Commissioner, we thank you very much.
    Thank you, Mr. Nadeau and Madam Kosseim, for coming again today.
    We are going to have a discussion later on today about resuming the privacy study, I think, as we go through some of the scheduling. I know that you've made yourself available to come in. I'll share that information with the committee. We look forward to resuming that very important piece of work.
    We thank you for your time, sir.
    We're going to suspend for a few minutes and then we'll bring the Ethics Commissioner forward. Thank you.

  (0950)  


  (0955)  

     Colleagues, let's resume. We have about another 50 minutes, if we can.
    We're glad to have the Ethics Commissioner here.
    Ms. Dawson, we appreciate your being available to talk about the main estimates. We look forward to your opening remarks. Please introduce the colleagues you have with you here.
    If we could wrap up at about a quarter to the hour, we should be able to do the little bit of committee business that we need to deal with in the time remaining. We look forward to going over the estimates with you.
    Again, welcome to the committee.

[Translation]

    Mr. Chair, honourable members of the committee, thank you for inviting me to appear before you today as the committee considers my office's budgetary submission for the 2016-17 main estimates.
    With me today is Lyne Robinson-Dalpé, director of advisory and compliance, and Denise Benoit, director of corporate management.

[English]

    When I appeared before you last February, I reviewed the mandate and activities of my office and our interactions with the committee. Today I will briefly describe my office's organization and operations, and the accountability framework within which it operates, before discussing our current budgetary requirements and highlighting some of our activities in the past year.
    I've organized my office into five divisions to best support my mandate to administer the act for public office holders and the code for members of the House of Commons.
     Advisory and compliance is the largest division, reflecting my primary goal of helping members and public officer holders meet their obligations through education and guidance. This division provides confidential advice to public office holders and members, reviews their confidential reports, maintains internal records of that information, and administers a system of public disclosure. In 2015-16 our advisory and compliance staff had close to 4,000 communications with members and public office holders.
    The communications, planning, and outreach division coordinates education and outreach activities. It also contributes to policy development, compiles research, conducts public communications and media relations, and coordinates my office's interactions with Parliament and external organizations. Although the major focus of my office is on the prevention of conflicts of interest, we also investigate possible contraventions of the act and the members' code.
    The investigations division has a leading role in this area. In 2015-16 my office dealt with 36 investigation files. I initiated most of those files myself, many on the basis of communications from the general public.
    The legal services division also plays a critical role in our examinations and inquiries, and provides strategic legal advice on all facets of the work of the office.
    The corporate management division oversees the development and implementation of internal management policies and the delivery of services and advice on human resources, finance, information technology, information management, and the management of office facilities. It also administers our shared services agreements.
    Finally, my own team in the commissioner's office provides general administrative and logistical support for the office. The number of staff provisions in my office totals 49 across all divisions. Two vacant positions remain. My office is an entity of Parliament, and is therefore not generally subject to legislation governing the administration of the public service or to Treasury Board policies and guidelines. I've ensured, however, that our resource management practices are informed by the principles followed in the public service and in Parliament. Those principles are reflected in an internal management framework that I will discuss in a few moments.
    In order to provide some context for my current budgetary submission, I note that after its first year of operation, my office was allocated an annual operating budget of $7.1 million. That remained unchanged for five years. We have returned some funds to the federal Treasury at the end of each year. Those surpluses have resulted, in part, from such cost-saving practices as not always staffing vacant positions immediately, and maintaining a budgeted reserve. I maintain a reserve to cover unexpected operational pressures and to internally fund projects and initiatives that lead to greater efficiencies.
     There were lapsed funds again in 2015-16, mainly because certain positions were vacant for a period of time and because there were no major projects that needed to be funded from the reserve. I was able to proactively offer an overall budget reduction of 1.4% in 2013-14, and the same in 2014-15, when a budget of $6.94 million was approved for my office.

  (1000)  

     Last year, I sought and received a slight upward adjustment of $6.95 million to cover an increase in contributions to the employee benefit plans as determined by the Treasury Board.
    For 2016-17, I am seeking a budget of $6.97 million. Again, the slight variance compared to last year is directly due to an increase in contributions to the employee benefit plans. This amount will enable me to continue to fulfill my mandate and further strengthen the effectiveness of my office by implementing strategic priorities in key areas such as client service, outreach, and information management.
    I have again budgeted a reserve, but a smaller one than last year. In 2016-17, my office could be asked to help to pay for the implementation of a new financial system, and this project would be funded from the reserve.
    Given the nature of my mandate, salaries are by far the largest expenditure. Non-salary expenditures are mostly related to the standard costs of running an office and the costs of our shared services agreements with external partners. Through such agreements, we benefit from the expertise of the House of Commons, the Library of Parliament, and Public Services and Procurement Canada in various areas, resulting in greater efficiency.
    In 2015-16, my office continued to strengthen the internal management framework that helps to ensure the effective, efficient, and economical use of public resources. Among other measures, we implemented a policy on internal control and a directive on account verification.
     We also continued to follow good management practices in other areas of our operations, including information management and information technology. We implemented an internal policy on information management and a related guide. Working with the House of Commons IT team, we launched an online portal for reporting public office holders and members of the House of Commons to submit their public declarations electronically.
    Although we're not bound by Treasury Board policies on performance measurement, as a good governance practice we have developed a performance measurement framework that we are now starting to implement.
     We continue to be transparent. We publish detailed financial information on our website, and our annual financial statements are audited by an independent auditor.
    The workload of my office increased significantly as a result of last fall's federal election, which resulted in a large turnover of ministers, parliamentary secretaries, ministerial staff, and members of the House of Commons.
     We communicated with departing reporting public office holders about their post-employment obligations under the act and worked with incoming reporting public office holders and members to help them complete the initial compliance process under the act and the members' code. Just over a third of the members have completed this process. All new ministers and parliamentary secretaries have completed the process within the timeline set out in the act, and we are processing the ministerial staff as they continue to be appointed.
    My office participated in the members' orientation program, the House of Commons service fair, and a Library of Parliament seminar. I also offered presentations to all caucuses in the House of Commons and made presentations to the Liberal and Conservative caucuses.

  (1005)  

[Translation]

    I have touched on some of the activities and initiatives undertaken by my office in the last fiscal year. Later this spring, I will release my annual reports under the Conflict of Interest Act and the members' code, which will provide detailed information about these activities and initiatives. I will be pleased to discuss my annual report under the act with the committee, if it so wishes.
    In closing, I wish to thank the committee again for inviting me to discuss my office's budgetary submission for 2016-17.
    I will now be pleased to answer your questions.

[English]

    Thank you very much, Madam Commissioner. We appreciate that. I'm sure you'll get some very good questions.
    Mr. Erskine-Smith, please, for up to seven minutes.
    Thanks very much.
    On your request for around $7 million, perhaps we can just walk through where that $7 million would go and if there are any differences over the previous year. Could you give us a sense, line by line, of where the $7 million will be allocated?
    Thank you very much. I will ask my corporate manager, Denise Benoit, to do that.
     Our biggest expenditure is salary. So $4.6 million, plus the equivalent employee benefits plan, goes for salaries, which leaves the office with $1.6 million for non-salary expenditures. Most of the non-salary is spent on covering the cost of shared services agreements. We have, as the commissioner mentioned, one with the House of Commons for IT; we have one with the Library of Parliament for payments and external reporting; and we also get our compensation services from Public Works. That, in total, comes out to almost $600,000. Then the other major expenditures would be professional services where we go and seek them, whether it's for our security or classification services. Whenever there is a specific expertise that is required and we go outside, that's where we spend for professional services. Of course, there are the standard expenditures of running an office. It's definitely not travel. We only spent, I think, $6,000 in travel over the last year. It's more, as I said, whether it's telecommunications or just the standard supplies, the standard expenditures for an office.
    The $4.6 million in salary, how many individuals are employed?
    We have 49 positions of whom six are executives and the rest are staff.
    In your view, is that enough staff, not enough staff, too many staff?
    It's just about right. We actually have only 47 there at the moment. There's a little bit of uncertainty in my world as to how many investigations we're going to have although it seems to have evened off a fair bit, so there's not a lot of uncertainty. This year there will be continuing extra work because of the significant change of government. It will carry on into the next year; in fact, we're into the next year now. I think it's about right.

  (1010)  

    Just so I get a better sense of how that staff time is allocated—I'm probably missing something—there is initial compliance work, maintaining compliance, then there are investigations and review and penalties imposed. Am I right that last year there were fewer than 40 new investigations?
    Yes, that's about the order of investigations, between 30 and 40, usually in the mid-30s.
    So for 49 positions there were fewer than 40 investigations. What is the majority of an individual's time spent on?
    The investigations are handled by the investigations section and there are only three or four individuals in there. One is off on maternity leave at the moment.
    Then the remainder.... We have six executives so we're down to 43, and three to four individuals so we're down to 39 to 40 positions. What do they spend their time on? How is that time allocated?
    The largest section is the advisory and compliance. They are 37% of our personnel and 26% of our budget in fact. They're slightly under 20, maybe 16 , 18, 17, and they do a number of the tasks. They save the reports, and they are the ones who get the questions from the individuals, and we get lots and lots of questions either by phone or by writing. That's the bulk of our staff right there.
    Okay. For example, there is the initial compliance work that has to be done in the first 60 to 120 days. That would be a significant amount of work, I suppose, with the incoming members.
    Ms. Mary Dawson: Yes.
    Mr. Nathaniel Erskine-Smith: But after that, does the work not die down significantly?
    It's taking a certain amount of time for.... This particular year, it's particularly busy because, for example, ministerial staff continue to be appointed so their 60 and 120 days are moving forward and through the year. There was that plethora of members and we only have a third of them finished by now. They don't have the same level of deadlines as under the act. Then once we get through that cycle, of course, there are the annual reviews for everybody. They will start before we're finished, I suspect, with this round. Then there are also changes in people's portfolios and changes in their life that we deal with throughout the year. We get, as I say, many questions for advice.
     Is it fair to say that there are waves of work? What I'm trying to get at is if there's an initial compliance period and that takes up a significant amount of time, would it make a certain sense to increase resources at that time, and then you'd ultimately decrease resources later on?
    Yes, we brought on three terms, I think it was, in anticipation of the new government, not knowing what it was going to be, and we needed those three terms. But all those terms will end.
    And that does affect the 49 positions that you referred to?
    Those are not counted in the 49.
     I see. So in your view the 49 positions are necessary for ongoing compliance work.
    Right.
    I doubt this is the case, but in my previous life I had to docket all of my time. That doesn't occur here, so we don't have a good sense of exactly how individuals' times are allocated.
    No, we don't do that.
    All right. We'll now move to Mr. Kelly, for up to seven minutes, please.
    I want to build on some of the answers you gave to Mr. Erskine-Smith about the personnel and how time is allocated. Specifically, I've heard from other members a certain degree of frustration from time to time in dealings with your office over getting clear answers to questions about potential conflicts of interest on things like attending events, or the acceptance of gifts of nominal value as matters of protocol, or unsolicited items that people send to offices, these kinds of things.
    Some members are frustrated that they have a hard time getting a hard and fast answer as to whether something is required to be disclosed or not, whether something is a matter of public interest or not.
    It would seem to me that you have a fairly large department of people. Are these frustrations around clarity a matter of resources and not having the people available, or is it a training issue or a need for a better understanding of rules and how to communicate them?
    Could you comment on whether you think your resources are adequate and how these concerns that some members have could be better addressed?

  (1015)  

    Gifts—mainly the things you've raised—have been the biggest problem since I started this job. There are split feelings, I think, amongst MPs in particular, but amongst others—because of course, my largest group is the reporting public office holders and the public office holders. There are mixed feelings about the legitimacy of the rules, and there's a certain amount of resistance to what the rule is, I find.
    It is a complicated subject because each decision has to be taken on the basis of the individual's connections with other people or with the people giving the gifts. I have an extensive set of guidelines, about 10 pages long, under the act. With respect to the code, I have tried to get guidelines. I have actually left guidelines with the procedures committee, which looks after the MPs' code, to consider, because under the code they have to be approved by the committee. I have done everything I possibly can to get guidelines out there.
    Frankly, I think the resistance is more on what the rules are than on how they're being administered.
    I'm not sure I understand what you mean by “resisting”. When you say there's resistance out there, who is resisting what?
    Well, you hear it; you hear muttering, frequently. When I come to committees, quite often I hear comments about people being offered a shrimp at a cocktail party and whether they should accept it or not. There are a lot of facetious comments made about the gift rules. I have always said there are normal courtesy rules. If something's worth under $25 or $35, I'm not going to worry about it normally—and I've put all those sorts of things in my guidelines.
    The other thing that's raised gifts to the fore this year is that the lobbying commissioner put out some rules on gifts, and the lobbyists have gotten quite excited about them. In her rules, there's a cross-reference to my act, so we're getting a lot of requests from lobbyists as well to interpret our rules, and of course, you can't interpret them generally for lobbyists because each individual member has a different relationship with various lobbyists.
    It's a complicated subject.
     It would seem your challenges are around the legislation itself, not resources.
    The legislation leaves room for a bit of interpretation. I know that from time to time one has considered putting forward a limit of $50, for example, or something where you don't have to worry if it's under that. I proposed that to the procedures committee at one point saying if they really hate these gift rules, they should do something about it if they want to. The trouble is you can't say this is the rule and this is what we're abiding by, and then complain about it when you have to abide by it.
    I don't want to get too fixated on gifts themselves.
    Okay. Anyway, that's a problem area.
    The concerns I've heard from members are more general and go beyond these fine lines around trivial items. That's more where I wanted to make sure we identify whether it's a matter of resources or other issues that have generally caused members frustration around getting clear answers to questions that come up.

  (1020)  

    We are extremely good at answering questions very quickly. Maybe they're not getting the answers they want to hear. But we do not delay getting answers out, and we've got the resources.
    In the interest of—I know you're on a budget here for time, we'll—
    Mr. Blaikie, please, you have up to seven minutes.
     I'll pick up on that briefly without belabouring the point. From some of the concerns I've heard, where the issue we're talking about today about resources and the nature of the answers come into play, or where they interact, some MPs feel if they're going to make a request to get clarity on whether a gift is appropriate or not and the answer that comes back is it may or may not be, it depends on the circumstances, I think a lot of MPs feel they already knew that. They would like your office to be a place where they can get that clarity and the answer that comes back often just repeats the vagueness that was the trigger for the request in the first place.
    I wonder if they had a specific instance in mind when they came. The problem is we can't give a generic answer. But if they ask if they can accept a chesterfield from so-and-so lobbying firm, we'll give them an answer. It's the specificity of the questions that we need as well in order to answer.
    With respect to the resources, we have enough resources. It's not a resources problem, it seems to be a perception problem somewhere.
    Okay.
    One of the discussions we had earlier with the Privacy Commissioner was around some of the internal services items, being able to share those costs with other offices. Do you engage in a lot of sharing with other offices for some of those basic things?
    We've mentioned we have contracts with various entities that will supply services for us. We're part of Parliament and the other offices are not. We've got a different structure, so there's not an obvious person for us to share services with.
    With the new government there's been a lot of talk about setting a higher standard and higher bar when it comes to accountability, openness, and transparency. Are you anticipating any changes to your mandate that might require changes to the level of resources?
    There was a five-year review of my act, almost five years ago now. I made a number of proposals and none of them have been met under the act. Interestingly under the code, which is not your mandate here, a whole bunch of amendments were made in June as a result, which I was very pleased with.
    With respect to the act, there were hearings, a report was made, and no action has been taken.
    Has anyone from the new government been in touch with you to indicate there might be action now, or something coming in—
    Not to date.
    Okay. Thank you very much.
    Thank you very much.
    We'll go now to Mr. Massé, please, for up to seven minutes.

[Translation]

    Hello, Madam Commissioner. Thank you for being here again today. It is greatly appreciated.
    In your opening remarks, you mentioned a number of vacant positions in your organization. I would like to hear more about this.
    How many vacant positions are there and which sectors are they in? How do you determine whether these positions are necessary? Perhaps a review of your organization is in order to ensure that it can adapt to a changing environment.
    There are currently only two vacant positions. We are in the process of determining whether they are necessary.
    Ms. Benoit, would you like to add anything?
    As the commissioner said, there are only two vacant positions right now. We have combined the roles of these two positions with those of an existing position because they were similar and the two roles could be combined into a single position.
    In another case, we have someone on an acting basis. We are currently determining what the level of the position should be. The commissioner's approach is that a position is not automatically filled when it becomes vacant. We are reviewing the need for the position in question and looking for a more efficient or different way of performing the roles.
    How many indeterminate and term or casual positions are there? You said you have used a few term positions to respond to certain files, as has been the case in recent months. How many indeterminate and term positions do you have?

  (1025)  

    Nearly all of our positions are indeterminate.
    Ms. Robinson-Dalpé, do we still have term positions?
    There used to be three term positions in the advisory and compliance division, but the people left and the positions became vacant. Employees have since been appointed to these positions.
    Managing a large workload is always a challenge for a small organization. We hope the plan we have implemented will allow us to achieve these objectives. Some good candidates have joined our team, but there were not enough candidates on the list, unfortunately. That is why we launched another competition to recruit additional resources for a certain period.
    Thank you.
    My next question will be more general.
    What are your priorities for the coming year or two? How will you measure your progress on these priorities?
    We continually strive to improve the services we offer clients. This is a priority. We also constantly strive to improve how we communicate with members and public office holders. Those are our key priorities.
    What measures are you implementing to deliver on these objectives and priorities?
    I will ask Ms. Benoit to answer.
    In her opening remarks, the commissioner noted that we are implementing a performance management framework. We have in fact established the main roles and priorities for our organization.
    We have started gathering data, which is largely quantitative for now, but we hope to gather qualitative data. We have just started doing this, but once we have gathered data for over a year, we will be able to identify ways of improving performance, for instance, in response times when a member contacts our office.
    We record the number of requests received, but we know we have to do more. We have to look at our record on meeting deadlines. My colleague has in fact established client-service standards.
    We need to gather sufficient data over more than a year in order to produce a report. At our management meetings, we have started receiving reports and are able to identify trends and weaknesses.
    We recognize the importance of performance management. In the initial years, the commissioner's office established a framework, policies, and procedures. After eight years, we know what we need to improve our performance.
    Very well.

[English]

     Mr. Bratina.
    Thank you.
    What's the salary range of your employees, not the executives, but the 49 or so. Where would they be?

[Translation]

    I will let you answer once again, Ms. Benoit.

[English]

    The largest group that we have are the advisers, the analysts. In that group, the salary range is from $72,000 to $87,000.
     Have there been any fair market value reviews on those jobs? They could be lower, they could be higher. What's that process?
    We have a different classification structure. We use a company, Hay, which is a well-known company.
    It's been a number of years now where we've done a really thorough study, but when we compare with positions with similar responsibilities in the public service we know that we're still within the range because we're able to attract qualified candidates when we post employment.
    When it comes to economic increases, of course, we monitor what is being negotiated in Parliament by the House of Commons, and this is what the commissioner will usually give because all our employees are non-represented, so whenever there is something negotiated in Parliament that is the economic increase that is given to our employees.

  (1030)  

    Is there a standard annual increase or cost-of-living increase?
    Exactly. The economic increase, as I said, is usually based on what is being negotiated in the public service or in Parliament.
    You haven't done a review recently, but are you confident that you're paying in the correct range?
    We are, just because, as I said, we're able to attract good candidates when we post employment opportunities.
    And where would I send my...? No, I'm only kidding.
    Thank you.
    Voices: Oh, oh!
    We'll accept that as your resignation, Bob. It's too bad; we're starting to get to like you.
    Just to follow up on Bob's question, if I may, the number you quoted, Madame Benoit, was that the total compensation package for employees? Does that include pay and benefits, or is that just pay?
    That's pay.
     Okay. Thank you.
    We'll now move to Monsieur Jeneroux, please. We'll start the five-minute round.
    Thank you for being here again with us.
     just have one comment and then one question, and if we can afford time back to the committee, that would be wonderful.
    We just had, as you saw, the Privacy Commissioner here in front of us. He provided, as part of his annual report, a breakdown of how much time it takes to do investigations, some that he's declined to investigate, and some where they have initiated from, and so on and so forth.
    I don't see that in your annual report. This is again just my comment. It would be nice to know some of that. I recognize they're all different in terms of each instance; however, so are his, and in his he provided an average breakdown of that. It would be nice to see that in the upcoming, highly anticipated annual report from your office.
    I can give you some figures right now.
    Sure, we don't have a great amount of time, but go for it.
    Basically we have two kinds of files. We have files that we open up and look at, and then for other files we proceed with a full-fledged investigation or examination.
    With respect to the files that we look at and don't proceed with, our average is 47 days. For the ones that we have to proceed with officially and give a report, it's 264 days. The medians there are 15 and 264.
    Okay. Wonderful.
    Is that coming from a public document, or is that internal?
    No, it isn't a public document at the moment.
    And just as a comment, it would be nice to reference that publicly.
     In the Prime Minister's mandate letter he put forward the perception of conflict of interest. You've asked for a slight increase, largely just because of the benefits, if you will. With the number of investigations we've seen already in this short term of Parliament, most of them seem to have been referencing that mandate letter in terms of the perception of conflict of interest. They then go to your office, and I guess there is no ruling on the perception because it's outside of your code. However, it would seem to me that a number of these instances are coming to you because of that very perception of conflict of interest that's been put out in the act.
    I would think that if we've already seen a number of particularly high-profile ones come to you, there would continue to be that increase, and without a ruling from you addressing that, I don't anticipate seeing them stop.
    Maybe you could comment on that.
     Because the majority of the cases we're given don't result in an investigation, I have gone out of my way in the last two or three years in my annual report to look at the nature of those various issues. In the previous report and the one to come, you'll get a sense of what those issues were that came to me and why they were not proceeded with.

  (1035)  

    We'll see specifics on the justice minister and the agriculture minister, then.
    You won't see specifics. You'll see without naming people. Where we've not opened a true investigation—they're called examinations—we don't talk about the people involved, people whose files have not been reported on. You will probably recognize some of the issues.
     I know Mr. Saini and Mr. Erskine-Smith have questions.
    We'll start with Mr. Saini.
    Thank you very much for coming here again, Ms. Dawson.
    You said that when you give a decision on a matter, you give it on a specific question on a specific topic. When there is some frustration, or when there is a lack of clarity, it's usually because it's a generic question.
    Yes, but I also issue no end of general advisories.
    If a member comes to you, whoever that member is, and they give you specific questions about a specific event, with specific details about that event, and you render a judgment, that is rendered based on the specificity of the event, right?
    It is based on the information we've been given about it.
    You make a public decision, or is that—
    No, that's personal information. That's private advice.
    If you choose not to pursue something after an investigation you've done, it's based on a clear question, on the specifics of the case, right?
    Yes, but if I don't have the facts I think I need to make a decision, I may go into a full-fledged examination.
    When a member comes to you and you clear them for an event or for certain things, that means you've fully looked at that question with the full details in front of you, and if you don't have the details, you would question that member for more information.
    Yes, I almost always, depending on the way the thing came in, give them a written response. I say, on the basis of the information they give me, which is x, y, and z, that this is my decision.
    It must in some cases be frustrating for you if there are people who don't take your advice or who don't accept your determination of an event or a case. It must be frustrating to some extent, is it not?
    If I hear that they didn't accept it and it was advice not to do it, then I would open an investigation.
     I mean publicly. Once you come to a conclusion on a certain case, and other people talk and they say this and that, it must be frustrating, especially since you've done the investigation for that event or for that case.
    Yes, there is a lot of misinformation out there.
    Thank you. I have no more questions.
    My question will require only a yes or no.
     I've read some criticisms, which I don't accept, that of all the people who are complained about, only a very small minority are found guilty. In fact, most complaints uncovered in the media are public, because there aren't audits of the activities of members.
    For clarity, I understand you wouldn't audit every member, but do any spot audits occur?
    No.
    When you talk about auditing, you're usually auditing an institution or something. These are individual people with personal lives. To audit every MP as to what the heck they're doing—and it's not just their financial affairs, it's what they're doing—would take a huge organization. It would seem to me that it would not be well received.
    It's just a yes or no question about spot audits. The answer is no.
    I have a question or two.
    How many people roughly—I know it fluctuates—fall under the category of the legislation, whether they're public office holders, members of Parliament, ministers. How many people does the legislation capture?
     The act is somewhere around 2,500, I think. The code is somewhere around 308, or whatever your numbers are.
    We're at 338, right? We're looking at just under 3,000 people that you're....
    Yes, 2,500.
    Okay, 2,500 people. Is that plus 300, or including the 300?

  (1040)  

    Including, but they're increasing still, of course.
    That's right, it fluctuates, I understand that.
    Especially with the ministerial staff, it's going to come up.
    It's going to change.
    That's all I wanted to know. Thank you very much.
    Madam Commissioner, and your colleagues, thank you very much for coming.
    We will not be taking a decision on the estimates until we've heard from the other two commissioners next week. We'll be reviewing the votes and deciding whether we're going to fund you for another year, but your chances are looking good.
    We'll leave you with that.
    Thank you very much, colleagues. We can go straight into committee business, if that's okay with you.
    I wanted to advise you on the upcoming schedule, and remind you this Thursday we have the Honourable Scott Brison coming here with Jennifer Dawson to talk to us about access to information and other items.
    This time next week, starting on Tuesday, we have Madam Legault and Madam Shepherd, the last two commissioners we haven't heard from yet, in regard to the estimates. We're only going to do one hour for those two commissioners.
    We also have Jennifer Dawson and Sarah Paquet to come in for one hour to give a presentation on the access to information review.
    Next Thursday, we have three witnesses coming in to testify on access to information.
    On May 17, we have the ATIP coordinators panel and Shared Services Canada coming in. That will be our last meeting with regular witnesses.
    On May 19, we'll hear from Madam Legault. She'll be our last witness to wrap up the testimony. We'll spend one hour with her, and then we will have instructions to the analysts for an hour. That will take us up to the May long weekend break.
    When we come back on May 31, we have the Independent Statutory Review Committee from Newfoundland, with Mr. Clyde Wells, Jennifer Stoddart, and Mr. Letto. They will be talking to us about aspects of both because their study dealt with the privacy and access to information commissioner for Newfoundland. They can provide us with any new information on how they went through their review, and the analysts can simply alter their report then.
    That would be a nice segue into moving toward the Privacy Commissioner.
    I would like to leave the 2nd, 7th, and 9th free for discussions and deliberations on the report. If we're done earlier, then we can move to the privacy, probably as early as the 9th. The Privacy Commissioner has made himself available on the 14th, 16th and the 21st. Sorry, from the 21st to the 23rd I think he's going to be away at a conference.
     He said to me he would be willing to change his schedule. I would suggest to you colleagues, we always want to have the commissioner as a last witness to wrap things up.
     Is it the intention of the committee to try and wrap up the Privacy Commission study before we rise as well? Is there any rush on this? I'm trying to get a sense around the room.
    I would say no.
    We can start filling up with witnesses and see how it goes. Then we can have the Privacy Commissioner in the fall, or something like that, If we need to wrap things up at that particular point in time.
    All right.
    Is there any other business that the committee would like to discuss?
    Yes, Mr. Lightbound.
    I'd like to move the motion that was sent on April 22, 2016, of which you received a copy.
    Is this the motion in relation to orders of reference for the House in respect to bills, and it says, “The clerk of the committee shall” etc.?” Is that correct?
    Exactly correct.
    Colleagues, do you all have a copy of that motion in front of you? Is there any discussion? I'm going to ask the clerk. You should all have a letter from Ms. May. You should all have a copy of the letter as well, in regard to this motion.
    I'm going to open up the floor to discussion.
    Mr. Lightbound.
    I'm ready to vote.
    That was quick.
    Anybody else want to discuss this?
    Mr. Blaikie.
    Yes. I wanted to say I've heard a bit about the reasons for the motion, but obviously not today. I think it might be helpful to understand better why it is the government thinks it's a good idea, or government members on the committee might think it's a good idea, to pass such an amendment.
    I'm not personally convinced. The arguments I've heard have to do with letting independent members into the committee process. I would argue they have more ability to participate meaningfully in the legislative process at report stage.
    While this would grant them the ability to move amendments at committee, they're otherwise able to move amendments at report stage. They would get to vote on their own amendments at report stage, which they're not able to do at committee because they're not voting members of the committee.
    Other independent members would be able to address the amendments of other independent members at report stage, which is not the case in committee.
    I'm not convinced by the argument this empowers independent members any more. I think it's probably better from a parliamentary point of view to allow them to continue moving their amendments at report stage.
    There is no argument for the motion at the moment at this table anyway. I'm not compelled by no argument. I suspect I wouldn't be compelled by the argument were it given.
    I'm probably not going to be supporting this motion.

  (1045)  

     Is there anybody else who would like to speak to the motion?
    (Motion agreed to [See Minutes of Proceedings])
    The Chair: Is there anybody else who needs to bring anything to the attention of the committee? No?
    The meeting is adjourned. We will see you on Thursday.
Publication Explorer
Publication Explorer
ParlVU