Skip to main content Start of content

ETHI Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at

Previous day publication Next day publication
Skip to Document Navigation Skip to Document Content

House of Commons Emblem

Standing Committee on Access to Information, Privacy and Ethics



Thursday, November 24, 2016

[Recorded by Electronic Apparatus]



     Good morning, colleagues. We are very pleased to be wrapping up our study on the Privacy Act today.
     We have waited to the end to invite the ministers responsible for the legislation we've been reviewing. We're very fortunate to have with us today Minister Brison, the President of the Treasury Board, Minister Wilson-Raybould, our justice minister, and with them, their staff: Ms. Dawson, Ms. Wright, and Ms. Khanna.
    We appreciate your being here. You're slated to be here for the first hour Please help us in our deliberations and give us your insights.
    Perhaps we have opening remarks from both of you for up to 10 minutes, and in the order I have on the agenda. If that's okay, we'll start with Minister Wilson-Raybould.
    This is my first time before this committee, and it's a pleasure to be here this morning. I look forward to some discussion after we present our opening remarks. Thank you for welcoming my departmental officials.
    As you know, and as you've been studying, the Privacy Act is a quasi-constitutional law that affects almost all activities of government. It has not been substantially reformed since it came into force in 1983.
    You might approach Privacy Act reform by asking two questions. First, does the act contain the right principles for Canada in the 21st century? Second, does it feature the right rules and mechanisms to put them into effect? My remarks will focus on how we can move Canada forward in answering these two questions.
    When we think about reforming the 1983 Privacy Act, our first instinct may be to focus on the impacts of changes in technology. Those changes can seem dizzying. Big data finds unprecedented ways of harnessing information. The Internet of things promises to cover human environments in a web of coordinated sensors and processors. The growth of artificial intelligence brings new ways of solving complex problems, and with quantum computing on the more distant horizon, there is the possibility that in our lifetime we will see an explosion of processing power with effects we can only dimly imagine.
    Speculation about technology is exciting. It can also be scary. It might provide the push for law reform, but it does not provide the direction. Instead, I want to talk with you about two unchanging landmarks from which we can take our bearings for the review of the Privacy Act. They are trust and connection.
    When you look at strong communities, democratic institutions, and functioning markets, one thing is clear. When people connect through relationships and networks based on trust, they can achieve great things, and great things should be in store for Canada. We are poised to be an open, secure, inclusive, prosperous, creative, and democratic information society. I am proud to be part of a government that is working on these goals.
    To achieve them, Canadians need to connect with each other, with civil organizations, and with other democratic institutions. To connect, we need to be able to trust. When we connect with government online to seek information or a service, we need to be able to trust that the information we supply will be treated reasonably and respectfully, according to the law. We need to know that we can trust the connected systems that allow us to travel, communicate, enjoy safe food, and receive government benefits. We need to be able to trust that connecting with government will never make us vulnerable to manipulation or unjustified intrusions on our privacy.
    Because ours is a democracy in which we collectively set rules for governments, we need to understand what governments do with information about us. The Privacy Act sets a basic framework for the protection of privacy in Canadians' relationships with government.
    I agree with successive privacy commissioners, academics, organizations, parliamentarians, and Canadians who say that this basic framework in the Privacy Act is long overdue for a thorough review. That is why I have asked my officials in the Department of Justice to lead concentrated work, alongside other departments, towards modernizing the act.
    The way I see it, privacy is not a drag on government institutions that are trying to achieve other important goals. Instead, privacy is a social good that makes all our collective projects better and more likely to succeed. Our government understands this.
    The mandate letter handed to me by the Prime Minister asks me to ensure that our government's policy goals can be achieved with the least possible interference with the rights and privacy of Canadians. I will work closely with my colleague, the President of the Treasury Board, who is responsible for the way the act is implemented across government. I will also work closely with my other colleagues whose portfolios use personal information as they serve Canadians. I hope to continue what this committee has started by connecting with Canadians of all groups and generations as we review the Privacy Act.


     In your study, I encourage you to tackle some of the tough questions, always focusing on connections based on trust. For example, how should the act, which was designed to be technologically neutral, take account of the changes in technology? How can the act also serve us amid global, federal, provincial, and territorial flows of information in the service of important Canadian projects? How could the principles in the act guide government innovations to find new ways to serve Canadians better?
    I think these questions are worthy of your committee's study. Eminent witnesses have appeared before you, such as the Privacy Commissioner, professional organizations, officials from other jurisdictions, government representatives, and accomplished academics. You are well equipped to influence the government's review of the Privacy Act and to effect the development of the law.
    I encourage you not only to make recommendations but also to state considerations, questions, and areas for further study. I very much look forward to the results of your deliberations and your excellent—I'm assuming—report that's going to come forward and inform the work I'm undertaking.
    Thank you, Mr. Chair.
    Thank you, Madam Minister.
    Mr. Brison.
     I'm pleased to be back at your committee. I'm pleased to have with me today Joyce Murray, the Treasury Board parliamentary secretary, as well as Jennifer Dawson, the deputy chief information officer at Treasury Board.
    The Privacy Act governs personal information-handling practices of government institutions. It applies to all the personal information we collect, use, and disclose about individuals or federal employees. It gives Canadians the right to access their personal information held by a government institution and gives them the right to request that the information be corrected if something is in fact inaccurate.
    The Privacy Act, as my colleague, the Minister of Justice said, came into effect in 1983.


    Since the 1980s, advances in technology have provided many new ways of collecting and using personal information. Protecting this information is something we take very seriously, and it’s our responsibility under the Privacy Act to do so.


    As the justice minister pointed out, we know the act needs modernizing. Treasury Board, as the administrator of the act, will be working closely with the justice minister, who will be leading this review. We will look forward to your committee's work to provide recommendations on how we can, among other things, modernize the law for the digital age.
    The Treasury Board oversees the administration of the act across government. The Minister of Justice plays an important role, as the Privacy Commissioner of course reports to Parliament through the justice minister. Our two departments work together to support about 240 government institutions that are subject to the act. I would like to take a moment to break down some of the key statistics around the administration of the Privacy Act.
    Canadians submitted more than 67,000 requests for their own personal information in 2014-15. That has been increasing by about 4% per year since 1983. Seventy per cent of the personal information requests were responded to within 30 days. Another 11% were completed within the permitted 30-day extension.
    In 2014-15, government institutions reported 206 material privacy breaches to Treasury Board or TBS. A material breach involves sensitive personal information and could reasonably be expected to cause injury or harm. The secretariat receives and reviews reports of material privacy breaches by federal institutions, and we support institutions in the follow-up to these breaches. In April 2016, I stated that the government will work with the Office of the Privacy Commissioner to improve breach reporting, and TBS is currently engaging with the office to strengthen reporting of material privacy breaches.
    Also, within the secretariat, we set policies on how the act is to be administered, we provide support to government institutions as they carry out their responsibilities under the act, and we monitor their performance. We collect data from all government institutions and publish it in an annual statistical report on the administration of the act. This strengthens or contributes to accountability and transparency in how Canadians' personal information is protected and managed.



    In my mandate letter, the Prime Minister asked me to ensure Canadians have easier access to their personal data.
    In Budget 2016, we committed to two measures to do just that. First, we’re creating a simple, central website, where Canadians can submit requests for information about themselves to any government institution.


     Secondly, we will not only make it easier to request personal information, but we will improve the speed of the government's response. There will be a 30-day guarantee for fulfilling such requests. If the response takes longer than 30 days, government institutions will have to provide the requester and the Privacy Commissioner with a written explanation for the delay, and we'll work with the Privacy Commissioner to develop new policy directions to implement this.
    The fact is, we need to find the best ways to balance Canadians' need for better services with protecting their privacy. In closing, let me emphasize that balancing openness and transparency with protecting personal data is part of modernizing government in the digital age. We're continuously working to ensure that citizens' personal information held by government is well managed and that they have easy and timely access to it.
    We are looking forward to working with parliamentarians and to your report. We are also looking forward to the justice minister's lead in terms of reforming the Privacy Act. During that period, we'll be working closely together to provide advice from the perspective of Treasury Board in terms of our role once that report is completed.
    Thank you, Mr. Chair.


    Thank you, Minister Brison.
    We'll now proceed to our rounds of questioning.
    We'll start our seven-minute round with Mr. Saini, please.
    Good morning, both of you. I warmly welcome you and your officials to this committee.
    I want to start with a bit of a broad question. One of the things you've both mentioned in your opening statements is about how important it is to modernize the act, but I also think there's an element of efficiency we should have when creating new policies, so I have just a general question, and maybe I can get your comments.
    Do you see any value in having government departments consult at the outset of that policy-making process with the Privacy Commissioner regarding any policies that will affect the privacy of Canadians, as compared to at the end, when the Privacy Commissioner may be brought in to audit the policy? It's about working in concert from the outset to make sure there are no problems, that everything is smoothed over, and that there's an efficiency process, as opposed to the commissioner coming in at the end, once the policy has been drafted, and then having to audit that policy and make changes afterwards.
    Maybe I can speak to that initially.
     In terms of looking at the Privacy Act and in terms of potential law reform, I see great value in engaging with a whole host of individuals, including the Privacy Commissioner. I have had the opportunity to meet with him already on a number of occasions. I see value in continuing to do that throughout the course of our studies and investigations into what potentially could be most appropriate in terms of reform.
    Likewise, I see tremendous value in receiving the report from this committee. We'll consider that in depth. As I said, I've already instructed my officials to start to do substantive studies around potential areas of law reform, and then further, at the end, included within this process, to do a substantive review of the Privacy Act as it is right now with an eye to modernization, to ensure that we engage with Canadians. It's my intention to do so in a substantive way.
     I think the idea of doing privacy impact assessments on any new initiative makes a lot of sense. I know that the commissioner is interested in that approach. We would recommend to any government department or agency that they take him up on that, in the same way that a government department or agency, in considering something, can check in with other commissioners, including access to information or the Information Commissioner, as an example.
     I think it's far better from a governmental perspective and from a citizen's perspective that we take into account their advice pre-emptively, as part of the implementation or development of a new policy, than in the form of a report that is usually pointing out what went wrong. It would make more sense, because this this is what they do every day. They are experts in these areas. The Privacy Commissioner has a lot of expertise within his shop, so it commends itself to me, the recommendation he has made, that we would engage him as part of the process of developing policy.
    The second question I have is on the public education mandate. I think the Privacy Commissioner has also spoken about the fact that maybe he should have a greater ability to provide information to Canadians and to explain to them exactly what their privacy rights are. Do you think that should be encouraged in the powers he has, in the powers of the office, to make sure that Canadians understand what their privacy rights are and what the limitations or advantages are?
    Jody will want to add to this, but one of the things we have in the digital age is the ability as a government to disseminate information broadly to Canadians much more easily than at any time in our history. The ability for us to put that information out there so that Canadians can understand their privacy rights and the policies that protect them is there. It makes sense that we communicate that transparently. That makes a great deal of sense to me.


    I will underscore what my colleague has said. I think the role that the Privacy Commissioner can play in and around education is incredibly important. I believe that one of the recommendations was to bolster that education role so that individuals can have a substantive understanding with respect to their rights and as they relate to our institutions of government. I think it's an important role that should be considered in a concrete way.
    There's one final question I wanted to ask. As you know, part of the debate during the study we did on access to information, and which is currently ongoing, is to decide what powers we should give to the commissioners, whether it be the Information Commissioner or the Privacy Commissioner. Do you think each office should have the same powers? Or should there be a separation whereby one may get full order-making powers and another might use the hybrid model? Do you think it's advantageous to give them both? Or should there be a difference in the powers of each office?
    My colleague can speak to considerations with respect to the Information Commissioner, but again, I do recognize some of the recommendations that the Privacy Commissioner has put forward, certainly on the importance of the role that he plays in and around education and the international work he undertakes in terms of reviewing what's happening in other jurisdictions. Having said that, I again recognize that he has made some recommendations in terms of additional powers.
     I certainly am open to your deliberations and considerations therein. A movement toward additional enforcement powers for the commissioner would be a fairly dramatic change in terms of the legislation, but it's not one that certainly wouldn't be something to consider as you deliberate and study. Certainly, my officials are looking at that as well.
    My understanding—and, of course, the justice minister will be leading the reform of the Privacy Act—is that in March I think the Privacy Commissioner recommended improving the ombudsman model. He mentioned the Newfoundland and Labrador model, I think, at that time, and in September, I think he spoke of an order-making power. This is something that I hope you as a committee, in your deliberations and in your report, will take a look at the models—
     I think he made that comment based on the fact that the Information Commissioner wanted full order-making powers.
    Hon. Scott Brison: Okay.
    Mr. Raj Saini: That was in response to some of the commentary she made.
    I look forward to your report.
    Thank you very much.
    Moving on, our next questioner is Mr. Jeneroux, please, for seven minutes.
    Thank you very much.
    Thanks to you and to your staff for preparing for today. I really appreciate your coming before us.
    I can't help myself, Minister Brison. With some of that logic, you would think that you would contact the Ethics Commissioner before you would have a type of fundraiser—or perhaps not. But I promised that I wasn't going to get too partisan today, so I'll just leave that to linger out there, if you will.
    I want to talk about some of the comments you made here earlier. You said that 67,000 people have requested their information, and that has been increasing by 4.5% per year. In one of the recommendations from some of the witnesses we've heard from, they've suggested opening this up to outside of Canada. I'm hoping that we can get some of your thoughts on that, particularly based on the 70% of people who are seeing the 30-day commitment right now.
    I think the justice minister will have something to say on this, but the primary function would be to serve our citizens. Improving the efficacy of our service to our citizens, wherever they live in the world, I think ought to be the primary function. I think we can make significant improvements before we open up to anyone anywhere in the world.
    That's my instinct on this, Matt, so that's where I would focus initially. Strengthening our response times, both in the quality and the timeliness of our response to Canadian citizens, would be the focus. That's my instinct.


    Thank you for that question.
    I agree with my colleague. Universal access is something that has been discussed, and recommendations have been made. Certainly, there's the general principle—and I acknowledge the general principle—that individuals should be able to understand and know what information government institutions have on them, subject to some strict exceptions. From my understanding, in terms of the discussion that has been had around this, there is a resource consideration that needs to be taken into account. We would be very open to and welcoming of the feedback you might have in this regard.
    Thank you.
    There's a question I struggle with, and that I've struggled with here: how much do we put into the act in terms of the technology advancements we're seeing? It comes down to the “we don't know what we don't know” argument.
    I'm curious as to your thoughts on this, both of you. Do we take a specific path and say that this type of technology is what we're going to cover, or do we leave it broad and open to interpretation and perhaps put some of that into the policy around it?
    It's a good question.
    It definitely is a good question. In my opening remarks, I was speaking about how quickly technology advances. This is certainly something that you could delve into more deeply and have a discussion on. We would welcome that discussion from this committee. As introduced back in 1983, the Privacy Act was intended to be technologically neutral so as to account for the rapid changes that occur over time, with the Privacy Act setting the broad framework for the relationship between government institutions and individuals concerning their information.
    Again, we'd be very open to and welcoming of any suggestions or guidance in that regard.
     If I may, I'll add just one thing. As you know, we're currently reviewing the Access to Information Act, and we'll be coming forward in the future with new legislation on that. With both of them being introduced in 1983, the Privacy Act and the Access to Information Act, technology has affected both of them in different ways. One of the things we're looking at in terms of the Access to Information Act is having a full review every five years after we introduce the legislation in 2017: having a full review in 2018 and every five years after that, such that we're never in a place where it's as dated.
    That applies to the Access to Information Act. The Treasury Board is taking the lead role in terms of the reform, but it applies very much to access to information. I don't know to what extent, but I think it's good governance to have periodic reviews of acts, particularly given the rapidity of change in terms of technology and information technology. It's something that makes a lot of sense.
    Just to be clear then, you would support a five-year review of the Access to Information Act, but the Privacy Act not so much?
    I look forward to your report. I'm saying that this is something we have proposed in terms of access to information. Again, my colleague, Minister Wilson-Raybould, is leading on the whole area of the Privacy Act.
    I appreciate how many times you've said you're looking forward to our report. I hope we don't disappoint, Minister.
    I hope so too. It's almost Christmas.
    Okay. We'll target Christmas.
    I have about 30 seconds left. Quickly, in terms of the timeline for reforming the Privacy Act, Minister, are you able to comment on the work you've been doing in parallel with our committee and how we can feed into some of that?


    Sure. I wish I could give you a timeline, but recognizing that the act hasn't been updated for 30 years, I certainly think we all can appreciate the necessity of taking the time to ensure that we're doing a substantive review, certainly of the reports. As I've said, my officials are undertaking that substantive review. There is a working group that has been put in place.
     Recognizing the mandate letter that I have from the Prime Minister, I will ensure that we've appropriately engaged with all stakeholders and Canadians and that we take account of the reports and recommendations from the Privacy Commissioner and move forward in a thoughtful and concentrated way to reform the act.
    I have one quick comment. I hope you'll consider the work we're doing here. I think your side of the table would agree that we've done a substantial amount of outreach to stakeholders, and hopefully we're not parallelling a lot of that.
    I appreciate your time.
    Thank you very much.
    We now move to Mr. Blaikie for seven minutes.
     Thank you, Ministers, for being here with your staff, and thank you to Parliamentary Secretary Murray for spending some time with us today.
    My first question is for the Minister of Justice. Recently, the courts ruled that CSIS had been gathering and retaining the personal information of Canadians for 10 years and failing in its duty of candour to the courts with respect to that collection of personal information and its retention. An assistant deputy minister of yours went so far as to provide an opinion that CSIS was in keeping with the rules. That opinion, the court stated, was not factual.
    I'm wondering what it is that you're doing today to ensure that kind of incident is not going to be taking place again. I'm wondering what kind of changes you believe should be made to the Privacy Act or other acts in order to ensure that that doesn't happen again.
    Thank you for the question.
     Certainly, I recognize the judgment that came out with respect to CSIS and information. My department and the Minister of Public Safety take the judgment incredibly seriously, obviously have read it very closely, and will uphold the decision.
    I work closely with the Minister of Public Safety in many different areas. I know that he has publicly spoken about this matter. I have the utmost confidence in him to ensure that he's working with CSIS to address what the judgment has said. He's gone so far as to speak to looking at the directives he has provided. Again, I will support him in that in any way. Our government is committed to ensuring that we are open and transparent.
    Well, I think many Canadians outside of government also recognize that decision but are concerned in terms of knowing what in particular is going to be done to ensure this doesn't happen again. It's great to have a kind of general commitment to not having it happen again, but if it was a failure of law, then presumably there are legislative changes that ought to be made in order to ensure that it doesn't happen again.
    Is it your opinion that the law wasn't right and should enable this collection? Or is it your contention that the law was good here and there was a failure at the staff level, either within CSIS or within your department, to interpret that law property? If so, what's the proper follow-up for that? What are you actually saying to staff in terms of ensuring that this doesn't happen again?
     I think people want to know what concrete measures are being taken in order to ensure that it doesn't happen again. I think we agree at the high level that we need to recognize decisions that courts make here in Canada, but that doesn't tell us very much. What concretely are you doing within your department? Should we be considering changes to the Privacy Act here in order to help ensure that it doesn't happen again?
    Again, I guess I would acknowledge your questions and your probing for details, and certainly I would expect that you appreciate, like other Canadians, that we have taken the judgment incredibly seriously and are following up.
    In terms of concrete steps, as I've said, I will continue to work with the Minister of Public Safety. He certainly has engaged with CSIS on this and is reviewing their activity and his direction, and that's in the broader context as well.
    Leaving aside the potential law reform with respect to the Privacy Act, together we are engaged in a substantive and comprehensive review of our national security framework, and the discussions contained within the green paper that we put out have 10 items for discussion. I would encourage people to participate and be involved in that consultation and certainly—


    I'm going to jump in, because we only have seven minutes.
    —that would and could be brought up.
    On a specific legislative issue, one thing we've heard here is that there's some ambiguity—a kind of systematic ambiguity—about whether the Privacy Act trumps other acts. There's a provision in the Privacy Act that says it applies subject to any other provisions of any other acts of Parliament or regulations thereof, and we're looking at that, especially in the context of our other study of the Security of Canada Information Sharing Act.
    In your opinion, where there's a conflict between those two acts, do you believe that the Privacy Act should take primacy over SCISA, or do you see the interpretive burden cutting the other way?
    In terms of what we're speaking about, of the Privacy Act being a general framework to oversee something on the order of 240 government institutions, I think this is definitely a conversation that we're having today and that we're going to continue to have, recognizing that this broad framework in terms of the Privacy Act covers security agencies as well. In the context of having discussions around the national security framework, I believe in that, and I would encourage individuals and parliamentarians to engage in that consultation and provide input with respect specifically to the national security review.
    That's part of the issue: whether subsection 5(1) of the Privacy Act provides a loophole so that, given SCISA, the broad Privacy Act framework doesn't apply to our security agencies in the way it should because they can bypass it if they're authorized under SCISA.
    That's part of what's at issue here. I'm curious to know if you have a more specific opinion as to whether it's the view of government that the Privacy Act ought to apply in these situations first and foremost, or whether it's acceptable that other laws can bypass that broad privacy framework and allow agencies to disregard it?
    My colleague has assisted in providing me with some of the words from the Minister of Public Safety in follow-up to the commissioner's comments and recommendations. He reminded ministers from 17 institutions that collect information under SCISA of their obligations relating to privacy impact assessments.
    Mr. Daniel Blaikie: All right—
     That's your time, Mr. Blaikie.
    We'll now move to the last of the seven-minute rounds before we move to the five minutes.
    Mr. Erskine-Smith, please.
    Thank you, Ministers, for being here.
    I want to pick up where Mr. Blaikie left off to some extent with respect to SCISA and bulk data collection and retention.
    Why I mention SCISA in the context of the Privacy Act is that both in the context of SCISA and in the context of the Privacy Act we talk about standards of collection, retention, and disclosure, and specifically the necessity standard. We had the Privacy Commissioner before us, who said that the most important change you would make is a necessity standard for collection across all government departments.
    I wonder, Ministers, if you could speak to the importance of that standard and whether we can see that standard becoming law within our mandate.
    Maybe I could speak to that briefly and then hand it over to the Treasury Board president.
    I know that this has been, as you've said, a recommendation coming from the commissioner. There are jurisdictions in the country that do have that necessity requirement: Alberta, Quebec, and Ontario. It's something that we're open to consideration and reflection on.
    The government's policy is that government institutions ought only to collect information that is actually necessary or required. We want to ensure that—and the Privacy Commissioner has provided advice, as will your committee—we only collect and only retain personal information that is required but is also in accordance with the Privacy Act and all policies.
    Again, the report from the committee will help guide us on that, but the general policy of only requesting information that is necessary is an important guiding principle.


    Yes, although we had committee testimony with respect to that standard in the context of SCISA, and we had government agencies saying that disclosure on the basis of relevancy is important, but of course, there's the collection of the recipient agencies. It depends upon their mandate. CSIS has a “strictly necessary” mandate, but other agencies don't in fact have that necessity standard as recipient agencies. There's probably a problem there if we don't heed the Privacy Commissioner's words and import the necessity standard across the board.
    Speaking of mandates, again this gets to Justice Noël's decision, but we had Professors Forcese and Roach come before us and say that it's very important that we make crystal clear that receiving recipients must operate within their existing mandates and legal authorities, and that agencies put in place protocols for ensuring the reliability of shared information, as per the Arar commission recommendations.
    I wonder, Ministers, if you would have something to say in response to the professors.
    Thank you for the question.
    Certainly, I cannot speak with authority with respect to what was presented, but I understand that this is being dealt with in the context of the broader national security framework and is contained within the green paper that has been distributed. I would put it over into that discussion.
    That's a fair point.
     I was thinking more of putting it in the context of the Privacy Act specifically, rather than in SCISA per se. It gets to the final authority, as it were, between SCISA and the Privacy Act. Perhaps the Privacy Act would make it crystal clear for the recipient agencies that when information is shared, not only must it be necessary for their mandate, but they'd have to operate strictly within their mandate, given that we have seen, at the very least, some worrisome behaviour from agencies.
    I want to get to the resources for review. We have a lot of information sharing among government agencies. We have the Office of the Privacy Commissioner, with respect specifically to SCISA sharing, which has had some difficulties in obtaining all information from departments. We talk about whether the Privacy Commissioner's office has sufficient resources to do an adequate review of information sharing. Should they have the power to compel the deletion of unreliable information? If not the Privacy Commissioner, should we be looking at, in the context of SCISA, as we have heard, a super-SIRC type of body that would be able to look at information shared among government agencies?
     How do we tell Canadians and show Canadians that we have a review body that is seized with this and ensure that privacy is in fact being adequately protected?
     Again, this is the same answer that I provided the last time. These are discussions that will be had and that we have heard in and around the round tables we've been conducting. I support Minister Goodalein terms of these reviews, but in terms of the information sharing now, if it is with respect to different institutions, I would look to my colleague to speak to that.
    Also, broadly, on behalf of the government, one of the commitments we made and which Minister Goodale was helping to lead is the parliamentary committee to oversee all security activities. I think that parliamentary committee will bring us in line with other members of the Five Eyes, our partners in security globally. It will also have the power to oversee and to provide advice on some of these matters. It's important.
    We mentioned technology earlier. Governments have technology, and international criminal organizations have technology, so the sharing of information needs to be done in a way that is consistently respectful of privacy—


    To that point, Minister—
    —but also recognizes the operational issues in facing high-security threats from time to time. That is a balance between security and liberty, and that is one that we take seriously as a government.
    I was driving more at the resource question of the Privacy Commissioner. That is one body we have to review the adequacy of the protection of privacy with respect to the sharing of information. Does the Privacy Commissioner currently have adequate resources to do that job without a super-SIRC type of body and without the parliamentary committee currently up and running? Is there a gap in review that the Privacy Commissioner could fill with more resources?
    I'll just confer with the officials.
    The Privacy Commissioner is undertaking that review already. In the end, in responding to all of your comments, I would recognize that substantive oversight is important in the different circumstances you were speaking about. How that is going to manifest or be addressed, and the recommendations that are going to be provided from this committee and others that we're engaging with in respect to the Privacy Act, are ongoing, and we will consider all options about how the rule of appropriate oversight can be bolstered.
    Thank you.
    Thank you very much, Mr. Erskine-Smith.
    We're going to move to the five-minute round. Before we do, though, I want some clarification. I'm going to exercise a bit of the chair's prerogative here.
    Minister Wilson-Raybould, you talked about the green paper and the dialogue that's going on to discuss the issues that were brought up by Mr. Erskine-Smith. As we're about to prepare a report for you, could you just elaborate for this committee on the discussions and how those discussions weave into what our committee might be doing? I think we need to focus on what would augment the discussion that's currently going on. Is there any further clarification that you can provide to this committee so we can make sure we're giving you what you need in the context of having another conversation that sounds like it's doing some of the work that this committee is actually doing?
    I appreciate the question and your seeking clarification. I recognize that the questions have been relevant to the national security consultations that are taking place and to the green paper that has been issued in that regard. That consultation is continuing. Obviously, that's incredibly important, and I'm supporting Minister Brison in that regard.
    With respect to the specific review of the Privacy Act and the broad framework in terms of our government institutions and their relationship with individuals and information, I would very much welcome a focus on that, leaving aside the consultations we're undertaking with respect to the national security framework.
    Very well. Thank you very much.
    Now we'll move to Mr. Kelly for the five-minute round.
     Start us off, sir.
    Thank you, Mr. Chair.
    Several of the Privacy Commissioner's recommendations include requiring government departments sharing information under the act to complete a privacy impact assessment and to conclude written agreements on how they're to use the information.
     We're going to be talking about supplemental estimates in the later part of our meeting with respect to the Information Commissioner. Mr. Brison, as the guardian of the purse within government, can you address or comment on the costs of this, of what would be the requirement of privacy impact assessments? Has any thought been given to that?
     I don't have what a specific cost of a privacy impact assessment would be, but it strikes me as being good governance that, as we're introducing legislation or changes in policy, this would be an outreach that could potentially save government money in avoiding errors in the future. I don't see that conducting a signal check, an assessment with the engagement of the Privacy Commissioner, would add to it significantly.
    I would want to have a discussion with him and with his office about what an increase in the level of activity could mean for them. It strikes me that the level of activity may not increase, but that it would front-end-load his office's work. It may not increase the actual burden in their shop, but it would increase the efficacy of their intervention, because it would be earlier on.


    There's a hope and an expectation that it will lead to lower costs, but there has been no real consideration yet.
    Well, there are lower costs, but there is also better efficacy and better governance. We would consider both.
    The commissioner's third recommendation is to make reporting of privacy breaches mandatory. Can either of you comment on both the cost and benefits of implementing mandatory reporting and what steps would be necessary to ensure that the act of reporting does not compound damages to individuals who have suffered a breach of privacy?
    Just generally, I can speak to that. Certainly, I am open to that recommendation from the commissioner in terms of considerations around law reform, but I would look to the president to speak about how that works right now in terms of policies between different institutions and reporting.
    Government institutions are currently required to report, in writing, material privacy breaches to TBS and to the Privacy Commissioner. We are open to suggestions in terms of whether to expand beyond that, but material breaches are ones that have a potentially harmful impact on people, and moving beyond that would be a significant increase.
    For instance—I was asking this question when I was being briefed on this—what would be an immaterial privacy breach? As an example, if a citizen requests a Canada Food Guide and it's mailed to the wrong address inadvertently, that is, in some way, a breach of their privacy, but was there any material impact upon the individual? The incidence of those kinds of breaches dramatically outnumbers the incidence of material ones.
    Always in government, we want to be focusing on activities that actually benefit people and to be getting better at those. Focusing on strengthening our response to material breaches and reportage of material breaches strikes me as an area where we still can do better.
    Thank you very much, Mr. Kelly.
    We now move to Mr. Bratina.
    That leads me to my question. It has to with the seriousness of the Privacy Act, because legislation that has serious consequences.... You could say that in some places you're liable to be hanged for treason, whereas for singing the wrong words to the anthem, the punishment probably wouldn't be as bad.
    As a municipal councillor and mayor, the most serious thing I was confronted with was about drinking water. Let me read to you the consequences for a municipal councillor:
The Safe Drinking Water Act, 2002 includes a statutory standard of care for individuals who have decision-making authority over municipal drinking water systems or who oversee the operating authority of the system. This can extend to municipal councillors. There are legal consequences for not acting as required by the standard of care, including possible fines or imprisonment.
    What I'm looking for is strong wording in the Privacy Act that relates to breaches and consequences. I'm hoping that the government will be open to a review of how seriously we take these breaches and what consequences ultimately might be applied.
    I'd be interested in your comments on that.
     I appreciate the question and the comments.
    Certainly, I think that in looking broadly at the review of the Privacy Act and reflecting on some of the comments I made in my opening remarks, the integrity of the Privacy Act and the review we're undertaking is dependent on, and wants to bolster, the trust that personal information data will be held in a secure manner, and that where there are breaches of the act, there is consideration of the appropriate remedies.
    I'm certainly open to.... Again, not to sound like a broken record, but we really are at the investigative stage in understanding what's available in terms of the overview, renewal, and modernization of the Privacy Act as to what would be most appropriate. I'm very happy to receive feedback in that regard. To underline that, I think we need to ensure that individuals have trust that the governing institutions are appropriately managing and securing the data they acquire and have vis-à-vis the individuals.


    That's my point. You said it well at the beginning. You said that trust is the underpinning of all of this. Technology is going to change, and there could be technological lapses and inadvertent sharing of information, because someone wasn't clear that we shouldn't really be telling this other country about this person.... I think it's a requirement of their understanding of their mandate to know that there are serious consequences. You had better be very careful when you move this information around, because if you do the wrong thing, there will be a consequence.
     I'm not even suggesting what the consequence should be, but I'm wondering whether we have the strength in language currently, or whether that's something that we should approach in our deliberations, as to how to move the Privacy Act to the next generation.
    You're talking beyond just the policy, but in terms of the enforcement of the policy, of it having the teeth, with real accountability for those who have the personal information of Canadians and what they do with it. We're open to that.
    The other thing I would hope is that as a committee, when you're doing your report, you're looking at other countries and best practices. We can sometimes benefit from that, as well as with regard to protocols around how to deal with not just the reportage of breaches, but also how you hold people accountable for this.
    That's my question. Thank you.
    We have very limited time left.
     Mr. Lightbound, do you have a quick question?
    Thank you, Mr. Chair.
    We've talked about how the act was supposed to be technology neutral. We've heard stories, for instance, of CSEC collecting metadata of Canadians in Canadian airports back in 2010. Those stories were revealed by the CBC. We assume that the explanation that CSEC would have for it is that metadata is not personal information per se, and they can therefore collect it.
    Do you think it would be appropriate in the Privacy Act to include metadata so that it will be considered personal information and clearly defined as such?
    Again, I would recognize that we're looking to do a substantive review of the Privacy Act as a broad framework as it relates to all of the governing institutions. I know that discussions around metadata are occurring within the national security consultations.
    We're looking at the Privacy Act and managing the potential reform that we're going to undertake to keep it applicable to all of the governing institutions. Having it become specific to individuals, whether it's with security agencies or otherwise, would be challenging when looking at that broad framework.
     Just to clarify, Jennifer has informed me that the Privacy Act does not explicitly address metadata, because it was done in 1983, but that metadata does meet the definition of personal information in the act, so it would apply in terms of that.


    I guess this is the challenge of ever-evolving and changing technology and identification.
    Yes. It's not an easy thing to keep up with the technological changes. To write technologically neutral language is going to be one of the challenges that your department is going to face, Madam Minister, and I'm sure the committee is going to provide you with some excellent recommendations.
    Colleagues, there is not enough time to start another five-minute question, so I would like to thank the committee members for their excellent questions.
     Thank you very much to both our ministers and to the staff for appearing today. This concludes the witness list that we have for the review of the Privacy Act.
    Mr. Blaikie, I'll get to you in a second.
    I will let colleagues know that we will be reviewing the Privacy Act next week. We will be considering the draft report. We will be getting the draft report tomorrow.
     It will not have had time to go through verification of the interpretation of both the French and English versions. Normally the analysts would do that, but in an effort to get the report in the hands of the committee members as soon as possible, before next Tuesday, you will have both a French and an English version, and it will not have yet been verified that the language is the same. Please don't get hung up on that. We'll deal with that next week. The analysts will come on Tuesday to talk about any differences in the language of the report.
     Focus more on the content of what is there, and we'll begin those deliberations.
    Thank you very much.
    Mr. Blaikie, before we suspend, did you...?
    Thank you. Yes.
    Before we get started with the next witness, I want to move the motion for which I gave notice on Tuesday:
That the Standing Committee on Access to Information, Privacy and Ethics, pursuant to Standing Orders 108(2) and 108(3)(h)(vii), undertake a study of the Conflict of Interest Act and other initiatives which relate to the ethical standards of public office holders; that the witnesses invited to appear before the committee in relation to this study include Jon Dugal, Coordinator of Development and Events for the Liberal Party of Canada to testify about his role in the organization of private fundraising events involving Cabinet Ministers; and that the committee report its findings to the House of Commons.
    Thank you very much, Mr. Blaikie.
    We do have the Information Commissioner waiting, colleagues, so I hope we can deal with this expeditiously.
    As you moved the notice of your motion last Tuesday, I asked the clerk to provide me with some guidance on this.
    My initial review of it, in consultation with the clerk, is that the motion is very much on the very edge of being admissible, on the grounds that Standing Order 108(2) does not actually apply to the ethics committee mandate, so in order for this to continue before the committee, I need an amendment to the motion that would make the motion more admissible.
    Mr. Kelly, is that what you are...?
    Yes. I have an amendment to the motion, which is that the Standing Committee on Access to Information, Privacy and Ethics
pursuant to Standing Order 108(3)(h)(vi), undertake a study on certain provisions of the Conflict of Interest Act in regard to public office holders' participation in fundraising activities, and that the Coordinator of Development and Events for the Liberal Party of Canada be requested to testify before the committee on this matter.
     Just to be clear, Mr. Kelly, I'll take a look at this.
    Mr. Kelly, your amendment is a fairly substantive change to the motion that's currently presented by Mr. Blaikie. The section referring to 108(3)(h)(vii) would appear to make the motion closer to being admissible, because that fits within the mandate of the ethics committee; however, your amendment also changes other significant language here, and I'm going to look quickly to Mr. Blaikie to see if he accepts that the premise of this doesn't substantially change the intent of the motion as he intended it before the committee.


    I'm satisfied that the changes in wording don't change the substance of the motion.
    Mr. Lightbound, go ahead.
    I move that the debate be now adjourned and that we vote.
    Hang on.
    All in favour?
    I have a point of order.
    Mr. Blaikie.
    Are motions to summarily cut off debate on a motion before the mover has even had a chance to motivate the motion in order?
    Are you asking...?
    I'm asking, as a mover of a motion, do I have the right to motivate my motion before we proceed to vote?
    To speak to the motion, is that what you...?
    Well, I assumed that you were going to speak to it. I moved to Mr. Kelly for an amendment. That was the speaking order that I had. I apologize if I didn't give you an opportunity to speak to your motion, but I—
    My impression was that I would get an opportunity to motivate but that you were intervening quickly on an issue of whether the motion was in order. Presumably, if the ruling was that it was not in order, then I wouldn't have the opportunity to speak to a motion that was not in order. It was important to decide, first of all, whether the motion was in order, before I motivated for a motion that was out of order.
    The motion was likely not going to be in order until I acknowledged Mr. Kelly, who moved an amendment to your motion, which moved the motion more closely back in order. As a matter of courtesy, I checked with you to make sure that the changes Mr. Kelly was making would not substantially change the intention of your motion. We are now discussing the amendment to the motion, so we are no longer actually talking about your motion. Had I ruled, there would have been no opportunity for you to even address the motion, because I would have had to rule it out of order.
     Then, on the speakers list, I had Mr. Lightbound, who is now asking for the debate to be adjourned. This is a dilatory motion. There is no debate on this.
     As the chair, if I have failed in some way, Mr. Blaikie, I apologize, but as we have a dilatory motion and I've acknowledged Mr. Lightbound, I have to accept.... It's a non-debatable motion, and it has to be dealt with accordingly. I have to take the recording of this at this particular point in time.
    Well, then, I would ask that we have a recorded vote at least.
    Okay. We can do that, certainly. I'll ask the clerk to call the roll.
    (Motion agreed to: yeas 6; nays 3)
    The Chair: That motion is carried.
    Mr. Blaikie.
     Is there then an opportunity to speak to the motion before we have a ruling on its admissibility? I think what's important here is that we do have opportunities in good faith to change the wording of the motion. It's important, I would think, for all members of this committee that we have the opportunity to hear about how some of these events have been organized, so that the government has an opportunity to explain how they've been organizing these activities and whether they're appropriate. I don't see a reason why any members of the committee wouldn't want to have a discussion about this. It's an important issue in the Canadian public eye at the present time.
    I think those who are involved in organizing these events have a lot to tell Canadians about whether they're appropriate. If it's a matter of simply making other changes to this motion in order to hear that conversation and give the government the opportunity to explain whether they're doing anything untoward to Canadians, then we should avail ourselves of that opportunity. We've had up to 80 of these events that have been organized, so there's a number of them. It's been a issue in the House. It's been an issue in the media. We've been getting the same answer from the government. I think it would be good to hear from someone from the Liberal Party who might be able to add new information.


    Mr. Blaikie, the debate on this has been adjourned. Your motion and the amendment to it have not been defeated. We have not actually had the question on this. We will have opportunities to discuss this, but because the motion that was moved by Mr. Lightbound, and accepted and adopted by the majority of the members on this committee, has adjourned the debate on this particular issue, I'm now obligated, as the chair, to move on with the agenda that we have today.
    Did it not close debate on the amendment and not the motion? I'm just seeking clarity.
    That's an interesting question.
    On the advice of the clerk, the debate is adjourned on the amendment. It's considered part of the original motion, so it's adjourned for this particular....
    Colleagues, we have the Information Commissioner here. If we're going to—
    Very quickly, sir.
    I want to echo my colleague's thoughts here. We've seen a lot of these in the media, and it's an incredible opportunity that I think the government side has right now to be able to bring this forward and discuss it here at committee. We're seeing minister after minister go through these fundraisers, these pay-for-access schemes, and they have a chance here to bring and talk about—
    On a point of order—
    Mr. Lightbound.
    —we have 45 minutes left, we have the Information Commissioner here, and we've passed the dilatory motion, which means we should move on at this point.
    You are correct, Mr. Lightbound.
    Madam Legault, we have to move on with our discussion today. We have 45 minutes left. We appreciate your being here today to discuss the supplementary estimates (B), and we welcome your opening remarks on that. I'm not going to get into the details of it, because we have a short amount of time.
    Madam Legault, the floor is yours.
    My remarks are very brief. In fact, my colleague is handing out a deck that I'll be referring to as my opening remarks.


    Good afternoon everyone.


    Thank you for asking me to appear today. I'm here with Layla Michaud, my acting assistant commissioner and chief financial officer.
    Mr. Chair, I'm here to ask you to approve a request for additional funding, which was included in supplementary estimates (B) tabled on November 3.


    To assist the committee in makings its decision this afternoon, I've prepared a series of slides on the Office of the Information Commissioner’s complaint inventory reduction strategy. These slides explain the objective of the strategy, the purpose of requesting additional funding, how this strategy will be implemented, and the intended results.


     If you would be so kind as to turn to the first slide in the short deck that I've provided you, essentially you'll see that the request for additional funding was made to the Treasury Board, and the purpose is strictly to reduce the inventory of complaints at the OIC. The Treasury Board supported the request for additional funds for one year. The funding that is being requested is for fiscal year 2016-17, and it is really a fit-gap measure that was put in place pending the possible introduction and passage of amendments to the Access to Information Act.
    The funding that has been awarded, or that is subject to approval today, is strictly to be allocated to investigations. The objective is very specific: we have been required to complete 2,361 complaints. This is a very precise number, and the number is really based on our historical performance in terms of how many complaints we handle per individual, per investigator, and so on. That's why the number is very specific.
    We started the inventory with 3,000 complaints, just slightly over that. We are expecting to receive close to 2,000 new complaints this year, based on our current projections, and we have three-quarters of the year done. With the augmented investigative capacity with the additional funding, we would close over 2,000 files, and that would leave a remainder of about 2,600, so that's essentially a reduction of about 500 complaints. If the funding is not approved, then the inventory will increase to over 3,600 complaints.
    What we have done so far, Mr. Chair, is cash-manage, essentially, pending the decision of this committee. We have hired a mix of full-time employees and consultants, and we have provided comprehensive training to these FTEs. We have managed to secure some additional space for these additional people with the goodwill of Elections Canada, which is housed in the same office as we are. That's also a temporary measure, but we're not paying for this office space at this time, thanks to Elections Canada. Part of the funding was to upgrade the IT network to service the additional people.
    As for what we are doing in terms of monitoring the results, we have very fixed closure targets every month, which we follow. I meet with my senior team basically every week. We also review the results on a monthly basis at the executive committee, which is composed mostly of our directors of investigations. We also submit the results of our progress to our audit and evaluation committee. By the way, a representative of the Auditor General also sits on our audit committee on a regular basis, so they're also apprised of this. That's relevant because, should the funding be approved, the Auditor General will also review how the money has been spent and allocated.
    If you look to the last slide with a graphic, I included the graph because, as you can see, in red, it basically shows the performance we've managed to achieve so far in anticipation of this funding's being rolled out for the entire fiscal year. You can see the difference that a few additional people have made in our closure rate.
    The next steps, really, are the approval or not by this committee of the supplementary (B)s. We will be reporting on the results of this initiative to this committee and to Parliament via our annual report or, obviously, at any time that this committee would like us to report.



    Thank you again, Mr. Chair, for the opportunity to explain what is happening in terms of the funding requested in the supplementary estimates (B), which must be voted on.
    We're ready to answer your questions.


    Thank you, Madam Commissioner.
    Monsieur Massé, vous disposez de sept minutes.


    Ms. Legault, thank you for participating again in the work of the Standing Committee on Access to Information, Privacy and Ethics. It's very much appreciated.
    I'll start by asking you a more general series of questions.
    Obviously, it's my first opportunity to look at these numbers. I understand that, in the supplementary estimates (B), you want an additional $3.3 million, which represents an increase of about 30% of your current budget.
    Can you provide more details on staff distribution? How many additional human resources do you plan to hire? Have you already hired additional staff? If so, are they casual employees or consultants?
     I can certainly provide more details.
    It was a bit complicated because the budget hadn't been approved yet. It's almost December and the situation is somewhat complex.
    When determining the amount needed during the year, we calculated the cost of hiring 20 investigator employees. These employees would be permanent, temporary or contract. Eight consultants were also included in the plan. Amounts were allocated to supplementary legal aid services for investigations. An amount was also allocated to the computer network. As a result of the extra staff, we had to increase our network's computing capacity. Lastly, the $220,000 represents the additional benefits. This money doesn't come back to us.
    To date, I think we've hired 16 people, including permanent, term and contract employees. Moreover, 17 consultants were incorporated into the Office of the Commissioner. We remained within the available budget. However, since we couldn't hire as many permanent employees as we had wanted as a result of the annual funding, we managed the situation this way.
    Not all the employees started working at the same time. They needed training so that they could conduct investigations. We have a case management computer system. Everything is computerized, and the employees need training. That's why we brought them in gradually, in groups. We just hired one final group last week. We currently have stable staff. If the requested budget isn't approved today, we'll need to start reducing our staff.


    I gather that you've already started building your capacity to meet your objectives. In terms of professional services, an additional $1.8 million has been requested to pay the consultants you mentioned. I assume those are the 17 investigators hired through a contract service.
    Since it's a temporary measure, we can't hire permanent employees. We can't hire them on a long-term basis.
    As a result, the request was submitted to the Treasury Board. The goal was to find a way to quickly absorb the increase in staff and to prevent the increase from having an impact over the long term.
    Will this desired funding increase be permanent once approved? If not, will it be part of a supplementary budget covering a specific year and period?
    This funding request applies only to 2016-17.
    Currently, the obvious difficulty is the government's announcement of proposed amendments to the Access to Information Act. Since we don't yet know the nature of the amendments, we can't predict their impact on the Office of the Commissioner's budget. In the meantime, the goal is to reduce the current inventory as much as possible, especially if the Office of the Commissioner must change the way it works. It's important to eliminate as much of the inventory of old files as possible to be able to deal with newer files.
    I'm quickly reading your proposal. Can you shed more light on your objectives for the inventory? Once the additional staff is in place, including the consultants and other employees, and with the help of the supplementary budget, what's your complaint inventory reduction goal for the end of the fiscal year? How many complaints will you have processed if everything is approved and if all the consultants are hired?
    We started the year with slightly more than 3,000 files in the inventory. We're now down to about 2,800 files. This means that we have managed to absorb all the new files and that we have reduced the inventory by about 200 files. By the end of the year, we plan to have reduced the inventory by about 450 files and to have absorbed the files submitted in the meantime. As this time, we expect to receive 1,900 new complaints during the year. This means that we'll have 4,900 files to process and that 2,800 or 2,600 outstanding files would remain. That's our goal. To date, we're on target. We've made a great deal of progress, and we're truly delighted. We're starting to reduce the inventory, and we're succeeding for the first time in four years.
    Is my time up, Mr. Chair?
    If I only have a bit of time left, I'll stop here.


     Mr. Jeneroux.
    Thank you for coming back, both of you.
    Walk me through this just so I understand. Right now, there's a file room, essentially, filled with files that are inventoried, that are just.... How long have they been there and why?
    Why they are there is that we have not been able to deal with the incoming complaints over the years.
     When I started at the OIC in 2009, we had 2,500 files in the inventory. We were able to reduce the inventory until about 2011. We were down to 1,700. After that, we had a combination of budget cuts and a reduction overall. We had a reduction in staff and an increase in the number of complaints. Compounded, we ended up at 3,000.


    Okay, but now what you're asking for is changes to an IT network that would help handle the traffic, from what I understand. Hiring the consultants, I would have thought.... I apologize for the tough questions, but I think it's important. I personally would have waited to see whether I got the money before I hired these people, and now you say it's incumbent upon the committee to keep these people around, or else you're going to have to let them go. It seems that there's a bit of a backwards logic in some of this. I'm still a little confused, so would you clarify some of it, if you don't mind?
    I really appreciate your question. It's a very fair question. What we have done is that we really have cash-managed; we do have a base budget, so that's what we've done. We've been extremely careful in the way we have hired people. We know that we are depending on the vote of the committee. When you hire consultants, they are not permanent employees, so we have the flexibility. That's why we have a higher component of consultants than we had originally planned for: because we didn't know and will not know until today what the result of the vote is going to be.
    We have essentially cash-managed that money, so if the committee were to decide not to vote in favour of supplementary estimates (B), we would be able to continue our basic operation as usual. We would simply close fewer files, but we would not have difficulty in managing the decision in terms of people, if that's your question.
     I appreciate your question. We had no choice, because the funding is approved for one fiscal year. Also, I understand that other committees are reviewing the estimates process and so on. This is a good example of why it's probably a good idea to do that.
    I'm still trying to draw the linkage between the IT network and how that plays. You've painted the consultants' vision very clearly and vividly in my mind. I'm anticipating that there's a plethora of consultants sitting around a TV wondering whether this is going to be approved or not so that they will know whether they will have jobs. However, if you can, tie it back to linkages between the IT network and help me to understand.
    The IT component is very simple. It's really about more computers for the people who are working and to make sure that we could run the cable to a different floor and have the proper IT security around that. It's a very basic IT request. It's simply to accommodate additional people on a different floor and link them to our system.
    In the breakdown that you provided, then, of the $3 million, you have $1 million for personnel, $1.8 million for professional and special services—I'm assuming that's also consultants—$97,000 for rentals, and $121,000 for acquisition of machinery and equipment. If I'm looking at this without your explanation, I would assume that the $121,000 would be for the computers.
    Yes, that's correct.
    However, you're saying that the majority of this ask is for professional and special services, so a large part of it is the consultants. Okay.
    What's the rentals component of it?
     The rentals component was a portion of money in order to rent additional space. That's what it was. The OIC is at full capacity, so we don't have extra space. We have basically filled up every space available in our office—
    I'm sorry to interrupt. I thought Elections Canada was providing space.


    Elections Canada is providing us further space at this moment. We will see how the $97,000 gets allocated in the end.
    Do you want to answer that, Layla?
     Elections Canada is providing us with space, so we probably won't have to pay for the space they're providing to us, but because it was a vacant floor, there was some work to do in regard to the cubicles. We had to buy filing cabinets. We had to buy a few things in order for consultants to be able work there. We're using part of this $97,000—
    For that.
    It seems odd that it would go under rentals, then, if it's actually for cubicle space.
    If I could wrap up here, I anticipate you're probably.... I don't think we're anticipating an election any time soon, so I would imagine that the Elections Canada space is probably going to be available for at least the near future. Do you have a commitment from Elections Canada that the space is going to be yours until a certain time?
    No. They've actually told us that it was until the end of this fiscal year. They also don't know what's going to happen in terms of electoral reform, so they don't know whether they're going to need to ramp up and whether they're going to need to use the space for training. They've provided us with the space until the end of the fiscal year, but we don't know after that.
    If you can get out of them what they expect on electoral reform, it would be great for us.
    I don't think that's your responsibility, Madam Commissioner.
    Voices: Oh, oh!
    Mr. Blaikie, for seven minutes, please.
    That's true, Mr. Chair.


     I have a question concerning the approximately $3 million requested to cover the cost of hiring additional employees. They have already been hired, but when were they hired exactly? Is the $3 million for 12 months, 10 months or 6 months? Which period is covered by this budget item?
    It's only for the 2016-17 fiscal year, in other words, from April 1, 2016, to March 31, 2017. When we predicted the number of files, certain people were supposed to start working in May.
    However, I should tell you that we were able to start immediately in May because we had carried out an anticipative hiring process. We had already held competitions for permanent and term employees. We were able to hire them quite quickly.
    I've been in the public service and I've been the Commissioner for quite some time. I always work on the basis that good news is coming. My motto is “always be prepared.” I wanted to be prepared in case we obtained additional funding.
    Is it realistic to think that by keeping this high number of employees, the inventory of processed cases can be eliminated?
    Obviously, having additional staff helps us run better. We can see it in the results I distributed to the committee. We've always said this. A certain number of employees is needed to process the files. As I said at the start of my presentation, we were trying to reduce the inventory. It's apparent that, this year, we're starting to be able to reduce the inventory.
    In theory, we could likely request funding to hire 100 additional people to conduct investigations. However, it's not realistic. Federal institutions must be able to respond to the results of our investigations.
    There are currently fewer outstanding files. At the same time, we're still receiving responses from government institutions. We now have a good balance. We've hit our stride when it comes to the balance between government institutions and investigations and the institutions' capacity to respond not only to the investigations, but also to access to information requests.


    Do you intend to submit a request next year to maintain the same number of employees until the inventory of processed complaints has been eliminated?
    Yes. We'll submit another request next year to ensure that the inventory of complaints is consistently reduced.
     In terms of maintaining the staff, it should be noted that we've spent and we're still spending a great deal of time training people. We therefore want to maintain a certain level of efficiency. If we're able to keep people next year, we can continue the process.
    We're already more efficient. People have already received training on our investigation method, computer system and case management system. Our efficiency gains would likely increase even more exponentially if we kept the staff in place and if we didn't lose time by hiring and training new employees.
    Is there an urgent need to eliminate the inventory of complaints before the government changes the access to information legislation?
    It would be ideal to reduce the inventory of complaints as much as possible before changing the system, especially with the older files. Despite everything we've implemented this year, we'll keep and continue using certain procedures if we change to an order-making model.
     We've established a simplified model for administrative files. We're doing a great deal of mediation and obtaining many results. We're therefore settling as many cases as possible before conducting a complete investigation.
     We developed this model according to the model at the Office of the Information and Privacy Commissioner of Ontario, which works this way. Members of that office trained us so that we could be ready to transition to an order-making model.
    Before my speaking time is up, I want to thank you for the patience you showed earlier when we discussed other committee matters.
    Thank you.
    Thank you.


     Thank you, Mr. Blaikie.
    We now move to Mr. Long, please.
    It's great to see you again, Commissioner.
    In my previous life, when I was with the Saint John Sea Dogs, a hockey team, and before that in different businesses, we had quite an extensive budget process. If somebody came to me and said they needed an amendment or supplemental budget money to the tune of 30%, I'd be very concerned and we would look at that.
    That said, from a business perspective, I think the first thing I would ask is, have you have looked at the process internally? Did you do everything you possibly could do internally to alleviate this problem? Could you share with us some of the initiatives you took before you came here to drive down that number of complaints?
     I am in the last year of my mandate. I have been doing this work for a very long time now. As I said, when I first started, we started making a lot of changes in order to become more efficient. That really bore fruit for the first several years until our actual complement was cut significantly over the following years.
    This year in particular, we have taken two main initiatives that are really bearing fruit in terms of efficiencies. In the first one, we implemented the Federal Court of Appeal decision of last year, which was a seminal decision in terms of administrative files. What the Federal Court of Appeal decided was that there had to be much more rigour in terms of institutions asking for long extensions. We developed a simplified process. We have developed some forms.
     That's been extremely efficient in terms of changes to our results. I actually have these results with me here, so I can share that with you. In terms of where we were last year versus this year for these administrative files, last year at this time we had closed 293 files, and this year we closed 461 files. That's in part as a result of extra people, but it's also a result of what we've implemented with the federal government institutions. We have been using interest-based mediation very significantly this year. Again, last year at this time, we had closed 328 files, and this year we closed 708 files using this process.
    We are actually making a significant difference, both on processes and with the additional people. That is what we're doing.
     I've personally gone through all the old inventories in terms of our national security files and special delegation files. That's over 400 files.
    Over the summer, we went through all these files to identify portfolio approaches and identify clusters of issues and clusters of complainants. We're working on that now. Two of my directors actually went through the rest of the inventory, and we did the same. We looked at all of the files that could be closed quickly. We are also reviewing all the files when they come in to identify the ones that we can quickly resolve because the issue is simpler. We go through all of those as well.
    At this time, frankly, we monitor all the files. We monitor what's being done. I think we've done everything we could in terms of trying to sort out these files as quickly as we can. Some files do take a very long time. There's no question about that. Some files are 100,000 pages thick and, in some instances, there is no way to reduce them, so those take a very long time.


    Your complaint inventory goes back to what year? I know that here you have 2011-12, but do you have complaints back...?
    I have two complaints from 2007-08. Those complaints are the same. They're related. They've been investigated. Hopefully, they will close soon. In terms of the entire inventory, I can tell you exactly. I think I have a graph here with that information.
    You said you had two from 2007?
    I have two from 2007-08. Those are special delegation funds. They have a national security issue. We were waiting for a Federal Court of Appeal decision on the interpretation of a specific section of the CSIS act. That just came down a few weeks ago. Those two files will be completed.
    From 2008-09, I have 22. I have 13 with the CBC. Those are legacy files. From 2009-2010, I have 27.
    It goes on, but the bulk is really in 2015-16, in which I have 1,000, and 2016-2017, in which I have 737.
    I can provide this to the committee if you wish.
    Mr. Wayne Long: Yes, if you could.
    Ms. Suzanne Legault: We have it all in terms of what's there. I know what these files are. I know where they're at in terms of their resolution.
     In days or months, what's the average length to process a complaint?
    We always report on that in our annual report. What we do, usually, is based on two indicators. We look at them from the time we get them, because we have a lot of old files, and we look at them from the time that we can assign them to someone. My median turnaround time from the date of assignment for administrative files is 38 days. That's from the time I assign it to an investigator. For the exemption files, it's 56 days from the time of assignment.
    How does that compare to the provinces? Do you look at times look at that average rate compared to the provinces to see if you're above it or below it?
    We don't look at that, mainly because we don't really have the same types of files, by and large. At the provincial level, they deal with hospitals, municipalities, and school boards. At the federal level, we deal with the Canada Revenue Agency and very complex audit files, and national security files with CSIS, CSEC, and the RCMP. We don't have the same types of files, and all of the types of legislation are different. For the jurisdictions where they have order-making power, usually their timelines are better than ours, that's for sure.
    Okay. We've gone past the time. That finishes the seven-minute round.
     Colleagues, we have about 15 minutes left in the meeting, and we need to go through the votes at the end. I don't anticipate there's going to be any reductions in the budget, because we don't want the Information Commissioner to be borrowing more space from other agencies. Unless someone signals it otherwise, we'll take it right to the—
    Mr. Erskine-Smith.


    I was just trying to sort this out. You're asking for $3.3 million, roughly, and if I'm working this out correctly, you're suggesting that you'll close an additional 1,061 files with that money, so roughly we're looking at $3,160 per complaint if you break it down into—
    That's not how I was going to proceed with the meeting. You'll get another chance to ask those questions.
    I see. Okay. I thought you were closing down. Fair enough.
    Mr. Kelly, for five minutes.
    I share my colleague Mr. Long's general reaction to such a substantial increase that we're looking at in this supplemental estimate. I understand there has been an ongoing issue with the backlog of complaints. I'd just ask you to look at the bigger picture here and see what assurance you can give our committee that in the event that.... This committee adopted most of the recommendations that you brought to us in our study. We've recommended the order-making power. We sought in our study to try to address what had been described as systemic cultural failings within various departments and institutions of government around access. The very act of a complaint coming to your office suggests that there is at least someone out there who is unhappy with a response from another institution or government.
    Our goal here, ultimately, is to shrink your department and shrink your office, to not have complaints, and to not have the necessity of the investigation of complaints. If this committee approves the additional money that you're looking for and you are able to hire additional personnel or keep additional personnel, as described, and deal with and address the backlog, then over time do you see us getting to the final goal, which is perhaps a smaller office, with fewer staff and less necessity for the work that your agency does?
     I certainly hope so. I do think that there is a necessity for independent and objective oversight of government's decisions on disclosure. I've always said that the main inefficiency in the system is that my office historically—and this dates back to 1983—has spent an inordinate amount of time on dealing with delay complaints. These are just about institutions not responding on time. That's over 35%—
    Then they go on to be unhappy about the length of time that their complaint takes to be dealt with.
    Well, those complaints we deal with fairly quickly. We don't have a lot of those in the inventory. It's very minimal, but it really does take a lot of resources in the office.
    When people argue about what should be disclosed under an exemption of national security, I've always thought that it's a fair issue in the sense that a lot of these files are complex. To me, that's where the bulk of the office's work should always be. To have always 35% or so of our investigators dedicated to these delay files is a real waste. It's a waste in institutions as well, because their offices also have to deal with those once there is a complaint.
    That would be the main game, if we had amendments dealing with timeliness, for instance. If we have order-making power, I don't anticipate that the delay complaints will be an issue at all. We obviously will be able to resolve these files very quickly. To me, that's the main issue.
    In terms of the refusal files and exemption files, if we reduce it to just that in terms of what's coming in, then that would probably be a lot smaller.


    I hope that by approving, creating, or adding permanence to additional staff positions that we don't end up ultimately with a bigger office than we might need, but I see the necessity of at least getting to the point where we might have that as an issue.
    In the interests of time, I'll give back my extra 22 seconds.
    Thank you.
    Mr. Erskine-Smith.
    Thank you very much.
    I'll get back to the math. As I understand it, you are requesting roughly $3.3 million. You're suggesting that with that you'll be able to close an additional 1,061 files, which by my calculation works out to, on average, $3,160 per file. You say that you are able to close 1,300 files a year, and if we use that same math of $3,160 per complaint, that works out to $4.1 million or so in dealing with complaints, but your total budget is roughly $11.8 million. There's $4.1 million to resolve complaints, so what is the additional money being used for, and is there any sense of reallocating, then, just to clear up the backlog?
    Every reallocation that was possible in that office, believe me, has been made. I have said that before when we looked at budgets. I cannot reduce the finance department. I cannot reduce the IT folks. We are running on a shoestring in these areas. The balance between investigative and mandate work and internal services is about 78% to 22%. That's basically where we are. I've cut where I could.
    On the amount of money in the new money, consultants cost a lot more than permanent employees. That was a constraint that was imposed on us, because this is temporary funding. If it were permanent funding, then we would have permanent employees, which would not cost the same amount of money as a consultant does in this market for access to information. The cost of the supplementary (B) funding is a lot higher in terms of how many people you can get for that money.
    I have one follow-up question, and then I'm going to give my time over to Mr. Saini.
    At $3,160 per complaint, it seems quite high to me, with my previous experience as a commercial litigation lawyer. These are paralegal files, at the end of the day, these privacy complaints. I find it odd that it would be so high. Is that consistent with the amounts we'd be looking at on a per-file basis at the provincial level? Are you aware of that?
     I don't know. I think we have to understand in terms of the additional money that there is money for rental, for IT, and for employee benefits, so that comes off.
    But it's still very high. I agree with you. It would be less high if it were on a permanent basis rather than a temporary basis.
    As to how compares in terms of files, I really don't know.
    Okay. Thanks very much.
    Mr. Saini.
    It's nice to see you again. I have a quick question and I just want to get a broader understanding.
    Obviously, the cases have been built over time, because there is a bit of a creep where, each year, cases are a little further behind. It seems to me that you are asking for this money as a one-time funding request so that these cases can be cleared, but your successor may face the same situation in a few years. To me, it seems that there is a bit of an ongoing structural issue, where you may not have enough employees or enough resources ongoing, as opposed to coming back every three or four years and saying, “Look, I have this backlog.” Is that something that you want to highlight or suggest in a way?


    I've been saying this for years. The Privacy Commissioner's office has twice the budget that my office does. It has been an ongoing issue with the Office of the Information Commissioner of Canada. If you read the first annual report of the first Information Commissioner, you'll see that she basically deals with some files and starts accumulating a backlog of files. That was the first year. It has been like that every single year since the office was started over 30 years ago.
    What happened, though, was that we were making indents, as I said before, and then there was a combination of an increase in complaints and a reduction in budget. This has really compounded the problem, and that's quite unfortunate, but now these files are there, and they have to be dealt with.
    This is going to be just a temporary stopgap, not a final—
    It is a stopgap measure. I think there is a certain logic to it, if there are going to be amendments to the legislation, to actually go through a regular process with new legislation to see what the appropriate funding would be, depending on what's in the legislation. I don't know what that is. This stopgap measure may need to be extended for another year if the legislation doesn't come through or is not coming into effect in the next fiscal year. That is certainly what we would be seeking at that time.
    At the end of the day, what we do know is that this is actually working. We are actually making a difference, and it is reducing the inventory. I am quite enthusiastic about the fact that it is making a dent for the first time in a long time.
    My concern is not that you're not going to be effective with the money here, because I think you've shown that. Anytime you have a bump in resources, obviously you are going to be more effective. My concern is that, going forward, your successor may have the same difficulty in two, three, or four years, where there is a creep of cases that have not been resolved because of a lack of budget or a lack of resources. That's why I wanted to ask you that. That's the only question I have.
    Thank you, Mr. Chair.
    All right. Thank you very much, Mr. Saini.
    I have nobody else on the list. We do have to actually adjudicate this.
    Commissioner, we thank you very much for coming. I think the committee has taken it under advisement that should a legislative change happen that would significantly change the expectations of your department, an accompanying study of what budget would be appropriate to that legislative change.... It's taken under advisement. I think we'll have that discussion should the situation arise.
    We thank you very much for your time and appreciate your patience.
    Thank you.
    Colleagues, I need a volunteer. Who is going to be here tomorrow after question period?
    For how long?
    Somebody needs to table the report that we are about to adopt in order to make it on time.
    Is that immediately following question period?
    I will be in question period tomorrow.
    Is the committee okay with Mr. Kelly's tabling the report on my behalf tomorrow?
    Some hon. members: Agreed.
    The Chair: Colleagues, according to what we need to do here to appropriate these funds for the Office of the Information Commissioner, shall vote 1b carry?

Vote 1b—Office of the Information Commissioner of Canada—Program expenditures..........$3,131,113
    (Vote 1b agreed to)
    The Chair: Shall I report the votes on the supplementary estimates (B) to the House?
    Some hon. members: Agreed.
    The Chair: Thank you very much, colleagues.
    We'll see you again next week. Keep in mind that we are going to be reviewing the report, as I mentioned earlier.
    The meeting is adjourned.
Publication Explorer
Publication Explorer