Skip to main content
Start of content

JURI Committee Meeting

Notices of Meeting include information about the subject matter to be examined by the committee and date, time and place of the meeting, as well as a list of any witnesses scheduled to appear. The Evidence is the edited and revised transcript of what is said before a committee. The Minutes of Proceedings are the official record of the business conducted by the committee at a sitting.

For an advanced search, use Publication Search tool.

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

Previous day publication Next day publication

STANDING COMMITTEE ON JUSTICE AND HUMAN RIGHTS

COMITÉ PERMANENT DE LA JUSTICE ET DES DROITS DE LA PERSONNE

EVIDENCE

[Recorded by Electronic Apparatus]

Thursday, May 7, 1998

• 1024

[English]

The Chair (Ms. Shaughnessy Cohen (Windsor—St. Clair, Lib.)): Order. After a false start, we have Mr. Phillips back.

Just when you thought it was safe to come out of the water, you're back again.

Julien Delisle and Holly Harris are also with us from the Office of the Privacy Commissioner of Canada.

Welcome.

Mr. Bruce Phillips (Privacy Commissioner of Canada): Thank you, Madam Chairperson.

We have distributed a statement. It's fairly lengthy. I don't propose to read it all. I prefer in any case to be as informal as I can, but since I last appeared before this committee there has been an election, and thus some new members. I thought I would take advantage of this opportunity, for those of whom I have not yet met, to give you at least a short background to what this office is all about.

• 1025

First, a word about the issue of “privacy”, a word that's much misunderstood, I think. We take it so much for granted in our daily lives, as a self-evident fact of life in a free state, that we really don't give it the consideration it deserves.

It's at the bottom of almost all of the elements of our society that we hold most precious to us—the secret ballot, the confidential relationship with your doctor, your ability to talk to your lawyer free of anybody listening in, our wire-tapping law, the sanctity of our houses. All of these things are related to the concept of privacy. It is an all-encompassing civil and human right. I'll come back to that subject a little later in a somewhat different context.

I draw to your attention the words of Mr. Justice LaForest, the patron saint of privacy on the Supreme Court, who said not too long ago that privacy is “at the heart of liberty in the modern state”. The phrase I've always used is that, essentially, the degree to which we respect each other as individual autonomous human beings is the degree to which privacy functions in our society.

It is not simply an individual right enjoyed at the expense of society as a whole. It is the glue of mutual respect that holds us all together. Thus, we have something here that deserves a good deal more attention in terms of what is happening to it than I think it has managed to achieve so far.

I've said in several past reports that we've arrived at a critical time in the preservation of this very precious right. Because of the onrush of modern technology—and I know it's a cliché to make that phrase, but it needs to be repeated over and over again—and because we are still in the state of uncritical acceptance of technology and what it is doing to privacy, it essentially is making a shambles of safeguards and systems that have been in place for centuries.

I have also said that nobody can be a Luddite in this matter. We have to accept modern technology and the benefits it provides, but the quid pro quo is legal protection for individuals whose data can be amassed, mined, manipulated and disclosed, often—one might even argue, usually—without the subject's knowledge or consent.

This is not a new issue in terms of the attention paid to it by the Government of Canada. The departments of communications and justice launched, as early as 1971, a study called Privacy and Computers. The Office of the Privacy Commissioner is an outgrowth of that study.

They concluded that computers, even in 1971, had such a capacity to alter the nature of the relationship of individuals to society as a whole that something more was needed. The Canadian Human Rights Act was amended in 1978 to create a privacy section, and the current Privacy Act came shortly thereafter.

The aim of the Privacy Act is to hold the federal government accountable for its handling of the personal information it has of Canadians. It does this in two ways. First of all, it gives Canadians a right of access to their personal records held by government agencies, broadly similar to the right of access to general government records set forth in the Access to Information Act.

The second aspect is certainly at least as important, I think, if not more important. It sets the standards for the government's collection, use and disclosure of personal information. I draw your attention particularly to uses and disclosures.

The act essentially is an information management code. It gives the commissioner the right to investigate compliance with the code. It provides individual citizens the right to complain about government information practices and not just about how their access request was handled. In fact, privacy complaints comprise about a quarter of our workload, but they consume a great deal of our manpower.

The act does not cover crown corporations, although Parliament, interestingly enough, unanimously agreed by a motion passed at the last session that it should. It does not cover the operations of Parliament or, for that matter, the operations of my office, and it does not cover the courts. And it does not, most significantly, cover the private sector. There is broadly similar legislation covering most provincial governments, and in Quebec the private sector.

• 1030

In summary, this is the patchwork of privacy law in this country, and I think it suggests to you that it exposes more than it covers.

The privacy commissioner is Parliament's independent ombudsman who oversees government compliance with the federal law. Not only do I investigate complaints; I am in a sense—and I am grateful to one of my staff for this phrase—your canary in the mine. I sing for you when the air gets too bad to breathe.

I said this is a critical period for privacy policy in Canada; now let me explain. The patchwork of legal protection is no match—no match—for current information technology in the hands of those who are pressing for efficiency, cost savings, and one-stop shopping without regard to the social consequences.

However, the picture isn't all black. The government proposes to bring at least the federally regulated private sector under the legal umbrella. In 1996 Mr. Rock, the then justice minister, assured international data commissioners—as privacy commissioners are known elsewhere—that Canada would have an effective and enforceable private sector privacy law by the year 2000.

The justice department and Industry Canada have put out a paper called “Protection of Personal Information”, which acknowledges that effective privacy protection is no longer possible without binding the commercial world. I'm very glad to see this development taking place.

Just by way of brief personal history, when I started this job seven or more years ago, I was a skeptic about the necessity for bringing the private sector under any kind of federal law. But as time wore on and I saw the convergence taking place between government and private sector information management, increasing downsizing and privatization, and essentially the situation developing where information will flow freely back and forth between government and private entities, it seemed to me the existing regime was no longer adequate, and in due course the government came to share that point of view.

A number of current issues are worthy of your attention. One is the current debate now going on in government about the use of encryption as a means of providing privacy in the increasingly electronic world in which we are moving. I agree that encryption is probably the most promising technical assistance toward preserving privacy in the world of electronic information management.

I am very leery of some of the things I have heard, particularly from policemen, that somehow or other they must have unrestricted access to all the encryption tools that may come along. I'm not at all certain they need that power. They certainly didn't have it in the day of telegraph or letter communication; I see no reason they need such unrestricted power in the day of the Internet.

Another issue that should engage the attention of this committee and members of Parliament generally in the next year or so is the move towards constructing a national health data network. This is, briefly put, a proposal that would link and make available all the health information about all Canadians that is now in the hands of many disparate and discrete organizations—governments, insurance companies, hospitals, and doctors—all available generally to each other for the purposes of more cost-effective and efficient health care delivery.

This is a system that, its proponents claim, will produce many cost savings and a much more effective health care delivery system. I am not personally in a position to offer judgment as to the accuracy of that observation; I just take it at face value that it's delivered by a lot of people who are experts in the field. But there are important issues here of individual privacy.

• 1035

It is one thing for doctors to have a conversation with each other about a patient's condition, but it's quite another if that information is on a network that's available not just to a few doctors, but to hundreds if not thousands of other people. Therefore, the elements of transparency and individual patient consent must be built into that system. That does not promise to be a simple exercise, but I think if the Canadian public is to trust it, we have to build in those elements.

I note that the Canadian Medical Association, for example, in several recent meetings has drawn attention to this problem. They're very concerned about what is essentially a massive breach in the wall of patient and doctor confidentiality and privacy.

I hope that the many agencies, including the national advisory council appointed by the government, will ensure that whatever emerges from this exercise will have a suitable element of privacy protection in it. And I propose to report to this committee and to Parliament generally when we get a little further along on the subject. The loss of privacy should not be the inevitable cost of a better health system.

On the administrative side, last year we received 2,455 complaints. I am obliged under the statute to investigate complaints we receive. The year I took this job we had something like 1,000, so it gives you an idea of the rising level of public concern about the issue. We completed 1,821 investigations, and we handled 10,330 inquiries. There has been essentially an explosion of public concern about this matter.

My office continues to carry an open caseload of 1,700 cases. It's too high for the kind of quality of service that I would like to deliver and it's certainly hard on my investigators. I have asked for additional resources, and I have been given some, but not enough.

One of the interesting reasons for the bulge this year, however, is that 900 of those cases concern one issue, and that is the government's use of E311 customs declarations filed by returning travellers as a tool for unemployment insurance enforcement. I think I've drawn this issue to the attention of the committee on a past occasion. I won't go over it in detail now, except to report to you that we have finally, with the cooperation of the justice department, managed to get papers filed before the Federal Court to have this matter aired by a proper tribunal.

We have also done a review of Human Resources Development Canada, which is one of the major handlers, receivers, collectors and storers of personal information about Canadians. I propose also, in due course, to make the results of that study available. Human Resources Canada is involved in many novel applications of technology for information management purposes, not all of them, at first blush at any rate, entirely in compliance with the Privacy Act. I'll say no more on that subject until we give you a final report.

Finally, I would like to deal with a question that was raised by my colleague, Mr. Grace, on his last appearance here. And I would like finally, if possible, to put to rest this notion that crops up from time to time that privacy is the flip side of the Access to Information Act, and that it would be a simple matter to put the two things together, have one commissioner, save lots of money, and make life easier for the bureaucrats. Nothing could be further from the reality of this situation.

Let me start by saying, first of all, that this has been looked at on several occasions by the Treasury Board and other agencies, and the longer they've looked at it, the less attractive it has become.

Mr. Grace says he could have saved you $500,000. I guess he could if he fired half the staff. I invite him to state specifically how he would do it.

You have also been under-informed and misinformed on a couple of important points. It has been said that the federal model of independent commissioners is anomalous, that everybody else does it the other way—they have one commissioner. That is wrong. The only people who do it in fact are some of the provinces of Canada.

• 1040

The United Kingdom, for example, is about to set up a new freedom of information act. They already have a privacy commissioner and have had one for many years. And having looked around the world, they have decided that these two things should be separate, because the issue of general access to government records is an administrative right of Canadians set out in Parliament.

The issue of privacy, involving as it does a comprehensive human right affecting almost every aspect of our lives, is a charter right as articulated by the Supreme Court of Canada. And except on the very narrow issue of access to government records, they have very little in common with each other. The things that are of interest to us are things such as DNA, biomedical science, technological application to privacy, credit records, you name it. They have nothing to do with general access to government records.

There's one final aspect: we are specialist ombudspersons, and I fail to see how an ombudsman can be an advocate for two issues at the same time. These offices in the provinces, for the sake of convenience, having a much smaller piece of turf to manage, are order-making offices. We are not. We are ombudspeople. And my principal function in life, as far as the Government of Canada is concerned, is not to order anybody to do anything but to try to make the system work better. When a complaint is brought to us that reveals a weakness in the way a government department is managing its information, yes, I will do a finding on whether the government is right or wrong and what it's done, but the far more important question is getting to the bottom of the problem and finding a way to correct it.

An ombudsperson is uniquely favourably situated to do that kind of work. But if you're surrounded by lawyers on both sides because you're going to write an enforceable order, you're in an entirely different situation. The ombudsman function fits well into the federal model, and I don't see how anybody can effectively wear two hats. If they wanted to stick these two things together you would have to give them order-making powers, because you would then make the commissioner effectively a judge.

It's been argued that living with a privacy commissioner and an information commissioner is sometimes awkward for deputy ministers, who might get conflicting advice on a particular issue, usually an access issue. That has happened in the seven years I've been on the job. I think I could count the number of occasions on one hand. In any case, it would seem to me that deputy ministers would want to hear both sides of an argument. That's what they're paid for, to make decisions.

Finally, the issue that does sometimes bring us into a position of conflict with the access commissioner almost always has to do with the degree to which public servants' salary and working information is going to be made public. I think every case has involved that one issue, and that can easily be solved by making more precise in the Privacy Act, by way of amendment, precisely what information about public servants should be made public.

I think that brings me to the end of my speech. I'll close by just making two observations. I encourage you to be alert to privacy issues that may be lurking in bills that come before you. We try in my office, with extremely limited resources, to review all the legislation, but we don't always manage to find the snake in the grass, so to speak. One of the issues that comes to mind was the NAV CANADA thing, when the government decided to privatize the air traffic control system. There was a very important privacy question attached to that, but it escaped everybody's attention, including ours, until it was almost too late to do anything about it.

Secondly, and I'm not saying this just to flatter a member of your committee, I would invite you to take the report issued by the human rights committee chaired by Mrs. Finestone and give that a good hard look in the justice committee, because it contains many sensible recommendations on this issue. It's one of the best things ever done by Parliament, and I would like to see the justice committee appropriate it and clasp it to its own bosom.

Thank you.

• 1045

The Chair: Are you going to help us get the time to do that?

Mr. Bruce Phillips: Forgive me if I've gone on here at length.

Hon. Sheila Finestone (Mount Royal, Lib.): I believe, Madam Chair, that I'm on the record as asking us to review that legislation.

The Chair: Mr. Breitkreuz wants us to do gun control again.

Thanks, Mr. Phillips.

Mr. Forseth.

Mr. Paul Forseth (New Westminster—Coquitlam—Burnaby, Ref.): Thank you for coming before us today.

You mentioned the issue of joining the information commissioner's office with yours. I think in your script here it says:

    Which leads me to the perennial question of whether the Information Commissioner's Office should be merged with mine. This notion has more lives than the proverbial cat.

We'll go at it again a little bit. The information that was given to us was that, at the present time, Canada is the only nation doing it this way. You mentioned the one exception of the United Kingdom, which may be going to go our way. But is it true that Canada currently is the only nation that's doing it this way, which is with two separate offices rather than one?

Mr. Bruce Phillips: Up to this point, I think Canada is the only nation that has a privacy commissioner and an access commissioner. There are a great many European states that have had privacy commissioners for a long time, but not all of them have information commissioners. Access laws are unique to Canada and just a few other states.

Mr. Paul Forseth: Okay. That was one of the arguments made from the other side. Canada is unique in that regard, and maybe we could look again at what we were doing.

Now you say that there perhaps is a trend to maybe follow the Canadian model. That was what I heard. I'm just wondering, before I go to my next question, do you have any final argument against the uniting of those two offices?

Mr. Bruce Phillips: I think it would be a disaster for the privacy office to do that, unless of course you wanted to make the access office some kind of a branch of the privacy office, but I wouldn't recommend that either.

I've tried to make it clear to this committee, Mr. Forseth, that access to general government records and the concept of individual privacy have very little to do with each other. It's like saying we should put the baseball team and the basketball team together because they both play with a ball, which is, namely, information in our case, but that's about as far as the similarity goes.

The only thing we have in common with access to information is the subject of access. Canadians have a right to access their personal records, but the Privacy Act is a much more complex and comprehensive statute than the Access to Information Act. A government record is there, and you look at the act, and you get it or you don't. It has nothing to do with the rights of the people with respect to the amount of information the government can collect about them, how it's to be stored, how it's to be used, to whom it can be disclosed, what elements of correction the individual citizen has, or what rights of consent a citizen has over its subsequent usage. Those are all issues that are covered by privacy, and have nothing to do with access to a government record.

At the risk of repeating what I just said, I certainly would not want to see the ombudsman function disappear into an order-making office in which you had somebody functioning as a judge, one person, to decide the issue of balancing the rights of Canadians.

The way the system works now, we have a privacy commissioner and we have deputy commissioners in departments of government who can sit down and negotiate these questions, some of which are quite complex, and strike an appropriate balance between the public's need to use information and the right of the citizen to have his personal information protected.

• 1050

Would you feel it preferable to give that task to one person and remove from it altogether the notion of negotiating these questions and coming to some sensible conclusions? That's what you would lose.

Mr. Paul Forseth: Well, I thank you on that point. I think government is struggling with that question right now.

You raised the example of the problem of NAV CANADA. I'm just asking you: are there any, perhaps, parallels to the proposal now to take Revenue Canada outside normal ministerial protocol and put it into somewhat of a crown corporation or whatever? Are there parallels between the NAV CANADA example and the Revenue Canada proposal? Revenue Canada is essentially the bearer of the most sensitive information about everyone.

Mr. Bruce Phillips: Well, as I understand it, Mr. Forseth, the short answer to your question is yes, there are similarities. The information involved in the Revenue Canada downsizing is customs and excise, I think. It's not related to personal income tax collections.

Having said that, yes, there are similarities. For one thing, a substantial number of individuals currently employed by the government would subsequently be employed by a private enterprise. As a consequence, their personal records would cease to have the protections offered by the Privacy Act.

That was the issue in the case of NAV CANADA. There were 6,000 people who essentially now enjoy a less rigorous protection of their personal records than previously was the case.

As a consequence of NAV CANADA and similar episodes, the government has now made it a policy—it's not a law—that future privatization and contracting out should take care to extend to the new enterprise the protections equivalent to those contained in the Privacy Act.

That's a forward step. If that practice is followed in the case of the Revenue Canada privatization, then I would say that would be an improvement over what happened with NAV CANADA.

Mr. Paul Forseth: Mr. Delisle, do you have something to add?

A voice: There is a commitment from the department...

[Editor's Note: Inaudible]

Mr. Bruce Phillips: In fact the department has made a commitment to us that they will extend Privacy Act protection.

Mr. Paul Forseth: Those are my questions for the moment.

The Chair: Okay. Peter MacKay.

Mr. Peter MacKay (Pictou—Antigonish—Guysborough, PC): Thank you Madam Chair. I want to thank you, Commissioner, as well, for being with us.

I guess the first question I'd like to ask you is along the lines of a general inquiry as to your feeling. I base this question on your remarks about the need for independence, not only the perception of that publicly but practically as well. What's the need for the independence of your office?

I guess based on that, I would like your response to the query as to whether someone in your position should come from a bureaucratic background, should come out of the public sector, or would it be advisable that the commissioner be someone who has worked outside of government?

Mr. Bruce Phillips: Well let me deal with the first part of the question. This office and four others, the Access to Information Commissioner, the Chief Electoral Officer, the Auditor General and the Commissioner of Official Languages are described as officers of Parliament. You don't find the term “officer of Parliament” written down in any document anywhere, but I guess it means that we are officers of Parliament because we report directly to Parliament, not to any government. There is a special method of appointment, which is namely that the person nominated by the prime minister of the day must receive the approval of the majority of members of both houses.

The purpose of all that I think is quite clear. It's because we are involved, certainly in my case, in an investigative capacity for investigating complaints lodged by Canadians against the management of their information by various government departments. We certainly would be risking the appearance of a conflict of interest if we were subject to the supervision of any government department. It is to put us at arm's length, and I think that's necessary.

• 1055

The government does remain the banker, though, for our offices, and one might make the argument that this is an element of control. There are some other commissions—I think British Columbia's is one, and Ontario's is another—where the funding of their privacy and information commissioners is done by a legislative committee. This would further signify the separation of the office from any supervision by the government of the day.

I have not, myself, found that a particular problem. Independence, after all, rests very much in the character of the incumbent. You can fence about these offices with as many safeguards as you like, but if you don't have the right person in it, they're not going to mean very much.

With respect to the second question, it seems to me that Parliament has the last word on these appointments. You have every opportunity to satisfy yourself that whoever is nominated, and whatever that person's background, you will be satisfied before you endorse that person that he or she is going to perform in a fair, effective, and impartial manner.

Mr. Peter MacKay: Thank you.

Could I ask you, Mr. Commissioner, about a piece of legislation that's before the House presently, the DNA data bank? You mentioned it in your presentation. There is an amendment before the House now that would include in the bill the ability of your office to review the use of DNA. You have highlighted the concern that a lot of people, a lot of Canadians, have about the use of DNA.

I'd be interested in your response to that suggested amendment that your office would conduct a review. I think the amendment speaks to a three-year review, but I would suggest it might be necessary to do so more frequently. I also keep in mind what you told us about resources. This would be a huge added responsibility. Do you endorse that as a good idea, particularly in light of the independence that you would have, as opposed to the commissioner of the RCMP?

Mr. Bruce Phillips: Yes, I'm aware of the bill. It is certainly consistent with a suggestion we have made. We are concerned with the possible misuse of DNA samples. We've never had any difficulty with the right of law enforcement agencies, under the conditions set forth in the DNA bill passed a couple of years ago, to use DNA as a means of identification in criminal investigations.

We are more than a little concerned about the retention of the samples, as opposed to the fingerprint derived from the sample, because the sample itself can be re-examined for purposes other than identification. It has been the general experience with technology that function creep sets in. If the science can do something, people will want to do it, and the question of whether it is right to do it or wrong to do it is less important to those people than the ability to do it.

I can see penologists and researchers and policemen wanting to get back into those samples for a whole lot of other reasons, such as whether this person has a genetic disposition toward antisocial behaviour, and so on—things that have nothing whatever to do with the reason for which that person was arrested in the first place.

Yes, I think there ought to be a good, strong audit system to ensure that the sample bank is not invaded and used for unrelated purposes.

• 1100

Mr. Peter MacKay: Mr. Commissioner, with respect to the Privacy Act itself, section 60 does allow for you, as the commissioner, to carry out special studies if referred by the Minister of Justice. In your tenure, has that happened? How often does it happen? Is this something that should be used more frequently?

Mr. Bruce Phillips: Yes, I'm aware of section 60. It's beautiful. It's pristine. It's virginal, because no, we have never been asked by the Department of Justice to do a special study.

We have done many special studies on our initiative over the years, simply because of the need to try to stay abreast of a lot of these developments. We have never been properly financed for that purpose.

The Department of Justice has agreed with us that the Privacy Act does need overhauling to bring it up to date with the state of play, and that a research and policy function should be included, as well as a public education mandate.

It's central to our funding problem that because the act only gives us essentially a couple of narrow mandatory obligations—one, to investigate complaints, and two, to examine the issue of compliance by departments—we have a great deal of difficulty persuading Treasury Board to give us any money for these things. But I can tell you that without them, I wouldn't be able to say anything here today except the issue of investigating complaints.

The Treasury Board is sympathetic, but it doesn't see its way clear to giving us the proper resources absent a legislative mandate. That's the problem.

Mr. Peter MacKay: Mr. Commissioner, do you feel generally that your office has the teeth it requires, that is, that you have enough power at your disposal to sufficiently react to the complaints you investigate? Or do you feel you have a sufficient relationship with the RCMP that when the time comes, if necessary, you blow the whistle and the police come in and take over? Or would you prefer to have a more independent position when it comes to enforcement of privacy matters?

Mr. Bruce Phillips: I certainly don't want any more power. I would like Canadians to have a bit more power here, though.

The Privacy Act does need to be fixed. Its exemptive clauses are altogether too loose. We have to tighten up, to narrow, the areas in which the government can refuse to grant access to material. There are areas of the act where the language is so broad as to essentially constitute a total escape for any inventive bureaucrat who wants to get around it.

For example, agreements made between government departments and provincial governments and agreements made between the Government of Canada and foreign governments essentially exempt themselves from the purview of the Privacy Act, including access by Canadians. That's all too broad and permissive.

Any agreement for information-sharing by the Government of Canada and provincial and municipal government entities, or anybody else for that matter, should be subject to some kind of review to see if a reasonable degree of respect for the privacy of Canadians is involved in such a transaction. At the moment they're totally exempt.

And of course immense quantities of information are flowing back and forth every day between the Government of Canada and various other entities, under scores if not hundreds of information-sharing agreements.

• 1105

I can tell you there are problems with them. From time to time we will get a complaint from a citizen that, upon investigation, will show it arose as a consequence of an information-sharing agreement, particularly in areas of tax and income support, where sufficient attention was not paid to the rights of the individual, or where information was transmitted by the Government of Canada to a provincial government, or the reverse, that included a great deal of information that was not necessary for the purpose of the exchange. That happens a lot, where they send far more information than they really need. Those things all have to be made subject to some kind of purview.

There are sections in the Privacy Act, such as paragraph 22(1)(a), that essentially allow a department to refuse access simply because it's an investigative body. The government shouldn't be permitted to deny access to information unless it can prove there is some harm to it. That is the essence of the existing Privacy Act. In most cases, when somebody is denied access we have a right to go and look at the record and say “Where is the harm? Satisfy us that there's a harm involved here.” An injury test should be attached to any refusal to disclose.

Similarly, in the case of cabinet confidences, all confidences of the cabinet are exempt from access. I don't necessarily have an objection to that, but I do object to the fact that whether a particular document is or is not a cabinet confidence is decided by some bureaucrat in the Privy Council Office. He or she only has to say, “Sorry, Privacy Commissioner, this is a cabinet confidence”, and that's the end of it. They are the only people who have that privilege. Everybody else in the government has to say, “Well, here's the document, and we're not releasing it for the following reasons.” At least we should be allowed to look at the document and satisfy ourselves that it is in fact a cabinet confidence.

This way, anything that goes on inside the Langevin Building essentially can be described by a member of the staff as a cabinet confidence, and we have no way of checking it, none whatever. That's the end of the argument: “Sorry, there's a cabinet confidence; you can't see it.” Well, cabinet confidences are not defined in this act in any particular way, so it's essentially what somebody says it is. The issue of what is a cabinet confidence and what is not ought to be more carefully defined.

Mr. Peter MacKay: Thank you very much, Mr. Commissioner. It's very compelling information you're giving us.

You mentioned that retired Justice LaForest was the patron saint of privacy, and in this Parliament we're lucky to have Madam Finestone, who's probably our patron saint of privacy.

Some hon. members: Oh, oh!

An hon. member: Saint Sheila.

Mrs. Sheila Finestone: I think I'll transfer the crown to Bruce Phillips, where it belongs.

Mr. Bruce Phillips: No, that one would not rest easily on my head.

Mrs. Sheila Finestone: It would rest better than here.

The Chair: Oh, I'm just biting my tongue.

Some hon. members: Oh, oh!

The Chair: Derek.

Mr. Derek Lee (Scarborough—Rouge River, Lib.): Mr. Phillips, I'd like to take up three items if time permits. The first two items you mentioned in your opening remarks.

The first is encryption. Encryption is really just another language that another human eye doesn't recognize. You've acknowledged that encryption can help privacy. It will make records unreadable to another human eye that doesn't understand the encryption. So that's a positive thing.

Some of our police agencies have indicated that if there is to be a proliferation of encryption, they would like to have the keys, the codes, and I have some sympathy for that. If there's some data in a foreign language, the police will go and get someone who can speak or read the foreign language, and that's fair enough; we don't complain about that. So why would you object to a police agency that is carrying on business in the ordinary course—I'm not talking about breaking laws—simply wanting to have the facility to read data that it feels it must or should have access to in the course of an investigation?

• 1110

Mr. Bruce Phillips: Well, Mr. Lee, I hate to answer a question with a question—

Mr. Derek Lee: That will be all right.

Mr. Bruce Phillips: —but when has there ever been a system in which the police have had the key to everybody's private communications?

Mr. Derek Lee: We're talking about records here.

Mr. Bruce Phillips: We're talking about Internet, which is in-time communications.

Mr. Derek Lee: All right. If the police need a record, they have the means, warrant or otherwise, to go and get it.

Mr. Bruce Phillips: That's different. Yes, they do.

Mr. Derek Lee: When they do that, wouldn't they need the encryption? Wouldn't it be fair for them to have the ability to decrypt?

Mr. Bruce Phillips: I think if they have a proper warrant to obtain a record of a transmission over electronic means, they have the authority to compel its proper delivery in a comprehensible language.

That is a very different issue, Mr. Lee, from what is being requested here. They want the ability for intercepting and decrypting in-time communications on the Internet; that's an entirely different matter. That is, in effect, wiretapping Internet. I'm a little leery about that. And I think this is not just a law enforcement issue, whether this would somehow or other inhibit effective law enforcement.

Internet promises to be the principal means of communication for scores of millions of people in the near future. It is probably the most liberating communications device ever known. It's essential for its rapid acceptance by the community at large that they have confidence in the security and safety and privacy of their communications. There are already cases in the United States of people refusing to give information to insurance companies, and so on, over Internet because they are afraid of interception by the police.

I think we have to take a very careful look at what is involved here. I am very glad to say that the government just this week showed, I thought, a sensible balance in looking at police representations for more authority to intrude into the lives of private persons in the handling of the DNA sample bank thing. They wanted to open the whole issue of the offences that would allow police to demand DNA samples, and I'm glad the government resisted that.

Mr. Derek Lee: Okay, back to encryption, I take your point that if there's a process whereby the police have a warrant to go and obtain information, then they should have the decrypting capability as well. That's fair enough, isn't it, if they have a warrant?

Mr. Bruce Phillips: If they have a warrant and they go to somebody who has received an encrypted message and the police have persuaded a judge that they should be allowed to see that message, I think at the same time they would have the legal right to compel its decryption.

Mr. Derek Lee: Or to have the decryption capability already?

Mr. Bruce Phillips: Well, I feel differently about that.

Mr. Derek Lee: Okay.

Let me pass on to the Canada Customs cards issue.

Mr. Bruce Phillips: Let me put it this way: If they had the decryption ability, why would they need the record?

Mrs. Sheila Finestone: That's right. Come on, Derek.

Mr. Bruce Phillips: If it's an Internet transmission and they're monitoring in-time communications of some suspect and they have the decryption, they would record the message in decryption.

Mr. Derek Lee: The failure to get this nailed down—and I guess you're pointing it out—is going to invite the subcontracting of data collection from the Internet by a whole lot of agencies: by private corporations, by police, by whatever. At the moment, it's pretty much unrestricted.

Mr. Bruce Phillips: Yes.

• 1115

Mr. Derek Lee: I don't know how much expectation of privacy there is on the Internet, but the threshold of expectation should be pretty low.

I'd like to move on to the Canada Customs cards issue.

Mr. Bruce Phillips: Before we conclude that, I think it's analogous in an historical context, Mr. Lee, to telegraphic communication. Businesses, for example, have been using their own private codes for centuries. There has never been an argument put forward before that the police should always have the right to have the keys to all those encryptions. Certainly they have the right, if there's a law enforcement necessity, to look at the record and require its decryption, but I think that's a different matter from having the right themselves to do the decryption.

Let's not be dazzled by the technology here. What's at the root of this? It would be a substantial enlargement of police power. That's all I want to say. Thank you.

Mr. Derek Lee: Okay, that's a fair comment.

Now, on the Canada Customs cards, you must have come to the conclusion that for an individual, the leaving or coming into Canada is a private act, not a public act. Am I right to infer that from your comments?

If it's a private act, then any record of it ought to be kept right where it is. If it's a public act, it's a public act. I myself am not too sure what it is, but I'm inclined to think, given the evolution of our laws and history, that it is a public act, the leaving of Canada or the coming back in. The fact that one arm of government would share information about a public act with another arm of government doesn't strike me as inappropriate.

We do take areas of government information and seal them up. We zip up, for most purposes, the Income Tax Act information. We zip up cabinet confidences. We zip up the Official Secrets Act, or at least we used to, and personal information, which is pretty much defined. But a record of somebody leaving Canada or coming back in is not yet in that category. But you have objected not to the recording of the information but the sharing of the information of what I regard as a public act, with another agency in government. Would you care to comment on that, on my view?

Mr. Bruce Phillips: I would come at it from a somewhat different perspective—

Mr. Derek Lee: By the way, I do appreciate your perspective. I'm very pleased you're articulating it, and I respect that. But let us hear it, then.

Mr. Bruce Phillips: The concept of privacy is very much an individual thing in some respects. Some people don't mind being identified crossing a border; some people do. One person's privacy is another person's public business. And I'm not going to try to decide on behalf of my fellow 30 million Canadians how much privacy each of those persons is prepared to give up.

I think the general concept, though, is what's called in the trade “geo-positioning data”. It's one reason the radar cameras on Highway 401 were taken out, for example, because it offended people's sense of privacy, that they should not have to account to some public body when they go from point A to point B.

The Chair: I think they just didn't want to get caught speeding.

Mr. Bruce Phillips: Maybe not.

Mr. Derek Lee: Ever practical. Do you have those tickets paid yet?

The Chair: I'll tell you, the new cameras on Highway 407 don't even pick up the travel. I've had about 20 free trips.

Go ahead, sorry.

Mr. Bruce Phillips: The point is this: The Government of Canada collects a great deal of information from Canadians. It does so on a trust basis. It says we have to have this information so we can run our programs. These programs are of benefit to you. But we give you an undertaking when we collect this information that we will not use it for unrelated purposes or purposes for which we do not have your consent.

That is the basis of the contract the Government of Canada and any civilized government that's going to respect its citizens makes when it collects information.

• 1120

My argument is that the E311 case to which you referred breaches that trust. The E311 card is not signed for the purposes of unemployment insurance. It is signed because Canadians appreciate that when they travel to a foreign country, the government needs to know whether they're bringing back in dutiable goods, how long they've been out, how much money they've spent, and so on. This is all information necessary for good government, so they give it up. They don't give it up so that somebody in some other department can appropriate that information without their knowledge or consent.

Mr. Derek Lee: Okay. I'm with you on the subject of good government.

Government-to-government information sharing—your comment struck a chord with me. You have complained that all of these government-to-government agreements that may involve the sharing of personal information are exempt from your review or comment. Is that correct?

Mr. Bruce Phillips: Yes. Well, no, they're not exempt from my review and comment. We have discussed information-sharing with departments. They are exempt from access by citizens. Citizens cannot find out what information the Government of Canada is giving to other parties if it's done by way of a provincial or an international agreement. It's exempt from the Privacy Act.

Mr. Derek Lee: They can get access to the agreement, but they cannot get access to the information flow under the agreement.

Mr. Bruce Phillips: I think, generally speaking, Mr. Lee, that would be right, yes.

Mr. Derek Lee: That's an area of concern. You're suggesting that Parliament should have a look at some of these agreements, are you?

Mr. Bruce Phillips: I think so. It seems to me that if you're to have a privacy statute that has any meaning, you should not exclude from its purview vast masses of informational transactions, which is exactly the situation we have now.

These may be perfectly valid informational exchanges. There may be nothing objectionable in them. On the whole, though, I think people ought to have the right to know what is in them and what is being passed back and forth.

Mr. Derek Lee: Okay. I have a suggestion. It is with respect to the pristine section 60—I think that's the term.

In the event you believed that there was a basket category, a grouping of government-to-government agreements that you suspected were conveying too much or the wrong types of information, or its conveyance was inappropriate, then I would invite you to bundle your concerns and those agreements by reference into a special report and communicate it to Parliament. Parliament would generally not be restricted by looking into it more closely. We might be restricted by time and resources. I would invite you to do that, if you feel strongly about it. It would give us some focus.

Mr. Bruce Phillips: Yes. Well, thank you, Mr. Lee. That's an interesting suggestion.

Let me ask you whether this would be satisfactory—that we could go away from this committee with your suggestion in mind and look at it. It may be that we have some other suggestions to make with respect to this whole issue of information agreements. An examination by my office of every information-sharing agreement now held by the Government of Canada with other entities is an undertaking of some magnitude. I certainly don't have the resources to do that the way things are right now.

It may be that the problem can be resolved by amendment to the Privacy Act that would impose some standards on the way in which these agreements are negotiated, and the standard of privacy respect that the Government of Canada would have to insist upon in making an information-sharing agreement. In my opinion, that might be another approach.

I would like the opportunity to consider this a little bit and get back to you.

Mr. Derek Lee: Sure. In that process I would invite you, on a more targeted basis, to consult informally with the chair of this committee and the House leaders of the several parties in the House as you move along. That would probably assist in capturing some of the dynamic. I invite you to consider that, anyway.

Mr. Bruce Phillips: Thank you.

• 1125

Ms. Cohen, if I can just make one observation apropos of what Mr. Lee has just said, having to do with the communication between my office and Parliament generally, I'm not satisfied with the state of it. I accept a good deal of responsibility for it. If the notion of an officer of Parliament is to mean anything, it seems to me it's got to involve a much better element of dialogue than currently exists. It's been a problem for my office with respect to our casework, because we're required by the statute to do our investigations in private. We convey our findings to departments of government and to our complainants as private documents. It may be that we could find some way we could give you at least in general terms a better idea of what it is we're doing there and to talk more frequently with you about some of these issues or to provide you with more background papers.

I know you're all plagued and inundated with paperwork of one kind or another, but I think these are issues in which we have a common lively interest, and I would like to generally improve the level of communication both between this committee and Parliament generally in my office.

The Chair: Does this require an amendment to the law?

Mr. Bruce Phillips: No, I don't think so.

The Chair: Thank you.

Mr. John McKay.

Mr. John McKay (Scarborough East, Lib.): Thank you, Madam Chair.

Mr. Commissioner, I believe congratulations are in order on your reappointment—either congratulations or commiserations. I sit on a task force that is studying financial institutions. One of the complaints that's come up with some regularity and ferocity is the issue of tied selling, which is essentially nothing other than the use and abuse of private information given to a financial institution to benefit the financial institution in a way that disadvantages the client. Am I to assume from your testimony that this would not fall within your purview of regulatory authority?

Mr. Bruce Phillips: At the moment, no.

Mr. John McKay: Is it on the agenda that institutions that are chartered by the federal government would fall within your regulatory authority?

Mr. Bruce Phillips: It could, Mr. McKay, if the government delivers on its undertaking to bring in a new privacy bill this fall, which is their current schedule, and it is a sufficiently good bill, yes, it would provide an avenue into an examination of tied selling insofar as it involved the use of personal information.

If a client of a financial institution gives permission, and I mean genuinely informed consent, to this kind of use of information that's one thing. Tied selling can cover a multitude of various activities. I do know that the Canadian bankers have had a number of objections to tied selling practices, and they have an ombudsman over there who's trying to cope with it. But if the marketing practice involved the use of information exchanged between the client and the financial institution for one purpose that was used for an unrelated purpose without consent, then I think it would be an objectionable practice. But if they can work out some kind of a modus vivendi between them that would be another matter.

Yes, under a proper statute we would have a look at it.

Mr. John McKay: You have to think that this is almost a leading-edge privacy issue, with the consolidation of financial institutions and the disproportionate bargaining power between the client customer and the institution itself. I'm just trying to think organizationally and systemically whether that kind of complaint issue is a complaint issue that would flow to a commissioner who is an independent reporting member to Parliament or whether it would flow into the industry of some actual department itself.

• 1130

Mr. Bruce Phillips: Let's reduce it to a hypothetical example. If you went in and took out a mortgage or applied for a mortgage and the mortgagor said I'll give you a mortgage but only on condition that you buy my insurance, I'm not sure that would be a privacy matter. It might fall afoul of some other restraint of trade issue.

Mr. John McKay: But if you used that information and passed it along to some other part of your organization—

Mr. Bruce Phillips: That's a different matter.

Mr. John McKay: A different item.

Mr. Bruce Phillips: Absolutely. Yes. In that case you would be dealing with an informational movement and might well come under the ambit of the federal Privacy Act, which is applicable to financial institutions.

Mr. John McKay: My second question is did you have to rely on obtaining lawyers from the Department of Justice in order to prosecute your issue with HRDC?

Mr. Bruce Phillips: No. In fact, this is an interesting case. Part of this case is going to the Federal Court as a joint reference because the justice department agreed with us that the issue itself was worthy of adjudication, let me put it that way, and cooperated with us in ensuring that it would be brought before the court.

The Attorney General of Canada has the right to ask the courts to study issues. This falls, generally speaking, into that bailiwick, part of the case anyway. But no, we didn't rely on them. What we were looking for was the most expeditious way of having this brought before the court and heard in the shortest time possible.

Mr. John McKay: Had the justice department not seen itself as persuaded that this was an issue of significance, would you have brought the complaint yourself? Do you have standing to do that and would you have access to resources to do that?

Mr. Bruce Phillips: We certainly would have got it to court. The particular manner in which we would have been able to do that, though, would have been more circumscribed.

Mr. John McKay: Would you have had to retain outside counsel?

Mr. Bruce Phillips: We retain outside counsel for an important litigation like this in any case. Our general counsel in the office has a lot of things to do. We have one lawyer.

Mr. John McKay: That's what I noticed.

Mr. Bruce Phillips: Yes, we would have got it to court.

Mr. John McKay: My final question has to do with going back to this DNA stuff that's fresh in all of our minds. From time to time it's urged upon us that a DNA card be issued at birth, if you will. I'd be interested in your response to why that is a good idea or not such a good idea, as the case may be.

Mr. Bruce Phillips: It depends who has the card, doesn't it?

Mr. John McKay: It depends on the use and the abuse.

Mr. Bruce Phillips: Of course.

Mr. John McKay: Is that the essence of the argument?

Mr. Bruce Phillips: Yes.

I'm reminded of a proposal in Britain a couple of years ago that every male child at birth should be required to give up a DNA sample to be held by Scotland Yard. I didn't think much of that idea. To tell parents in Britain that their child at birth is going to be looked upon by the state as a potential criminal I don't think is a very popular—

The Chair: If it's just the men.

Mr. Bruce Phillips: Yes, okay. Thank you, Madam Chair.

If people want DNA sampling they can get it any day. They simply have to go to a physician and say I want my DNA analysed and that information would be private to them.

Mr. John McKay: The issue is in the absence of consent.

Mr. Bruce Phillips: But I don't see a case for the state requiring that people all get a DNA analysis done and have that information filed with the state. Boy, that's Big Brother, in my view.

Mr. John McKay: Thank you.

The Chair: Mrs. Finestone.

• 1135

Mrs. Sheila Finestone: Thank you, Madam Chair.

Well, Saint Bruce, I just want to know...

Mr. Bruce Phillips: You're kind of liking this saint status, aren't you?

Mrs. Sheila Finestone: For Mr. Phillips, yes.

First of all, I do want to say how pleased and lucky we are as Canadians that you are going to reassume that mantle, which is more of a weight, I think, than a joy. It doesn't put a crown on your head, but it certainly gives you lovely grey hair.

What are you laughing about?

The Chair: Nothing.

Mrs. Sheila Finestone: Take that out of the record.

Mr. Bruce Phillips: No, I kind of like it, actually.

Mrs. Sheila Finestone: I feel it's like déjà vu, but I learn every time you come to speak to us.

There are so many areas in which we really need to make a significant change to the bill. Is a new bill required? Is a new Privacy Act required? I think we had called it a data processing act rather than a privacy act. Do we require a newly conceived data processing privacy act, or is the present one a base that is amendable?

Mr. Bruce Phillips: Boy, I hope I don't get myself in hot water with the staff here.

The present Privacy Act fundamentally is pretty good. It sets out the elements of good privacy protection. Its definition of personal information is good. It contains the fair information practices code that is now universal and is found in all these documents. It can survive. It does need substantial tightening up and improvement. The definition of personal information, for example, should be modernized to include such things as electronic commerce, DNA sampling, and that kind of thing. I certainly wouldn't toss that one out in a hurry, no.

A more immediate issue is whether a bill covering the private sector—that is to say, financial institutions, transportation, and communications—can be easily married with the Privacy Act or whether it will require a separate statute. I do not feel competent at this stage to give an opinion on that. Let me say that I'm worried about what I hear: that the bill that's currently being worked on is going to be unnecessarily complicated and bureaucratic. I hope not. To me, the essence, if we ever do get the—

Mrs. Sheila Finestone: Excuse me. You haven't had an opportunity to do some pre-study critique of that bill?

Mr. Bruce Phillips: We don't have a bill yet. What we have is a discussion paper put out by the Department of Industry.

Mrs. Sheila Finestone: The same one we saw two years ago?

Mr. Bruce Phillips: No, you saw it about three months ago. But let me put it this way: it's not a great improvement over the one you saw three years ago.

In my view, one of the benefits of the existing privacy office is its flexibility. It's a fairly straightforward process: people complain; we go and look at it; we examine the system and try to come to some common sense conclusions. I mean, we run the whole thing with 35 people.

When you get into the business of private sector coverage, I think you would want to be careful to retain the elements of simplicity and flexibility when you're dealing with business, because there are thousands and thousands of different kinds of businesses, and in an effort to write a bill that's going to cover every conceivable contingency, I think you'd get yourself mired in bureaucratic mud forever.

So let's have a private sector bill that is simple and that provides a means by which businesses will have a standard set in front of them. They would be expected to conduct their businesses in accordance with the standard—essentially those that are set out in the Privacy Act, with some changes—and if there is a complaint from a citizen, they would be expected in the first instance to try to resolve the complaint as between the individual and the business, and if no solution can be found, to refer it to an independent arbiter who would have the opportunity to look at it.

• 1140

Questions do arise. Should there be a system of penalties in the case of improper management of personal information? I think you have to have some teeth somewhere, but I'd go gently with that. I don't think the whole purpose of getting good privacy practice in business is to beat businesses over the head; it's to educate them to do things the right way. I think you'll find a pretty ready appetite in most businesses for that approach. In any case, the sanction of publicity is a far more effective punishment for businesses than simply fining them.

There should be some authority on the part of your arbiter to go and look at the way companies are handling their information, to satisfy themselves that they're living up to the act—a few things like that. But it doesn't have to be a huge bureaucracy.

The experience in Quebec is instructive. They were given private sector coverage three or four years ago. Since that time they've found it necessary to add seven or eight people. They would like more; they feel they need a few more people. Business arising out of their responsibility for private sector coverage amounts to about 25% of their total volume. I would anticipate something similar at the federal level.

Mrs. Sheila Finestone: And if you added the necessity for a research component, in terms of personnel and financing...?

Mr. Bruce Phillips: Julien Delisle has been trying to work this out. I'll invite him to offer a few comments on the subject.

Mr. Julien Delisle (Executive Director, Office of the Privacy Commissioner of Canada): We've looked at other experiences. For example, if we had a mandate for the private sector, our commissioner's jurisdiction would be very much the same as the Canadian Human Rights Commission, which would be that of the federal purview. In their experience, the private sector constitutes about 50% of their public sector work. As Bruce pointed out, in Quebec it's 75-25. We would expect to probably grow within that percentage range somewhere between 25% and 50%. Of course we would need in the first couple of years of a mandate in the private sector... If we were given public education, there would be a greater bulge at the beginning in order to get the message across.

Certainly in terms of research it would be novel for us in the privacy world, so we would need some component on that side. So we expect, in the numbers we have looked at so far, that we would probably increase by two research officers and five what we would call portfolio or auditor jobs, to look at the whole compliance side.

Mrs. Sheila Finestone: So you're talking about seven FTEs.

Mr. Julien Delisle: So we're talking about seven FTEs. That's on the research and compliance side. On the complaint side we're looking at... Right now we're running sixteen investigators plus an additional four or five on a temporary basis as a result of moneys the Treasury Board gave us to deal with the backlog situation. So on that side we're looking at anywhere from five to ten additional investigators as probably being reasonable.

Mrs. Sheila Finestone: Mr. Phillips, the thing that would concern me—and I was glad to hear you answer in the way you did—is the strength and the reinforcement of the fact that you are looking at a human right. That's number one. That's why the information office didn't appeal to me very much either. So if you're looking at a fundamental principle of human rights and the Privacy Act—and I'm not so sure we should change the name to Data Act, but at that time I seemed to be convinced that it was a good idea—we could go forward.

That's why I went to speak to the chair and the research officer, and I was pleased to hear Derek's suggestion. I was going to ask you, given if we could use some time or resources, whether it would be helpful to have you do a small suggested redraft of the particular clauses, or at least an identification of the particular clauses that might need to be changed within that bill.

Secondly, given the fact that the Broadcasting and Telecommunications Acts take two broad concepts of work and put them together into one general overriding bill, why could one bill that would include the industry, trade, and commerce sector along with the human rights individual sector not be an effective one-step approach, rather than this two-step model we seem to be heading into?

• 1145

Mr. Bruce Phillips: Okay. Yes, sure.

Mrs. Sheila Finestone: I think it would be very exciting for the committee, Madam Chair, within the next year, because by the time the minister gets to it, in a timely fashion and soon, I think we might well have something to work on that might be helpful to the minister, to the ministry, and in particular, to the education of this committee, even if it means striking a subcommittee.

The Chair: Or we could just do it in our spare time.

Mrs. Sheila Finestone: I didn't ask about your spare time, seeing as how you're occupying seven slots of all our time for a week and then you add a few little special committees.

The Chair: No.

Mrs. Sheila Finestone: I'd really like to see this filled in.

The Chair: We have no special committees.

Mr. John McKay: We know the minister gets to everything on a timely basis.

Mrs. Sheila Finestone: No? Then what am I doing on that—

The Chair: It's not a subcommittee of this committee.

Mrs. Sheila Finestone: Oh, then what is it?

The Chair: Left to my devices, we wouldn't have had that committee.

Mrs. Sheila Finestone: I'm with you.

Seriously, though, Mr. Phillips, it would be possible, and I want to know, is a tribunal necessary, or could it be part of a referral process to the human rights tribunal?

And in regard to this penalty, I think we discussed penalty before, and if you don't have any teeth at some point... I know you don't want excessive teeth, like the big bad wolf, but maybe just some little ones that you need.

Mr. Bruce Phillips: Things aren't so bad in the existing Privacy Act with respect to the Government of Canada. For example, we can bring a department of government to court on the access issue.

I would like to see our powers of court reference broadened a little bit, maybe to include improper use and disclosure, as well. I think some last resort authority of that kind would be useful, if not necessary, in the case of the private sector. But I really would make the strongest case I can for retaining the ombudsman role, as opposed to some cop in seven-league boots tramping through the front door. It doesn't work that way.

Mrs. Sheila Finestone: L'Office de la langue française... You got yourself mixed up; you're in the wrong province.

Mr. Bruce Phillips: There are a great many problems with information management that simply don't occur to people, because they don't think about privacy. It seems like a good idea to do X, Y and Z with the information, so they do it, because the technology will allow them to do it. The fact that they may be gravely offending people's rights here doesn't always occur to them. When it's pointed out, quite often the answer is “Gee, I didn't know I was doing that. I'll stop doing that and we'll fix this.” That's easiest done, in my opinion, by an ombudsman approach and not by somebody coming in and beating people over the head.

I don't want to make a lot of claims here, but I will anyway. The most important thing my office has done, in my view, in seven years has been to produce hundreds of little improvements, incremental improvements in departmental information management—hundreds and hundreds of them.

Mrs. Sheila Finestone: That's Mr. Chrétien's step by step. We're getting it done right.

Mr. Bruce Phillips: Well, whatever.

I think the same general approach is what you have to take. There's an educational function here, and people have to be attuned to the whole notion of respect for people's information rights. That's best done with patience and a good deal of give and take, particularly when you're dealing with businesses whose cultures vary widely. So that's why I'm suggesting the ombudsman approach be retained. It has worked at this level, and I think it would work at that.

The Chair: Mr. Forseth.

Mr. Paul Forseth: Thank you.

There's quite a concern in the community about public safety and criminal offenders coming out of jail and what information can come with them. There are many people who believe Canadians should be told that a dangerous repeat offender is being released into their midst. Others say these offenders paid their debt to society and their privacy should be respected upon release.

An interesting wrinkle on that is that a pardon may be granted, yet we can have a situation where a sexual offender who may have a life pattern is applying to become the director of athletics and the coach of the girls' basketball team, and as part of the application process their background is checked and it comes up as just “pardon granted”.

• 1150

So the lady is asked about that, and being the sophisticated offender she is, she lies about the substance of that. She says “Well, I'll tell you very truthfully. I was granted a pardon because I was...”, and it has nothing to do with who they really are in their inherent person. So there we are. Then the society hires this lady, who has a very serious problem, and she is granted access to children.

So there's this issue of privacy there, and I'm just wondering what you can say about the issue. I think this is coming up in a private member's bill about trying to get an exception to the issue of pardon where it involves pedophilia and sexual offences and access to children—that kind of concern.

That's one case example, and the other is just simply when offenders come out of jail, giving some kind of notice to the community.

The Chair: First of all, let's be clear on the hypothetical here. You can't get that information. You can't apply and get information that somebody has been pardoned, can you?

Mr. Paul Forseth: Yes. The issue is that it may be part of the application form that... For instance, I'll take my personal example. I can't be a nominee for my party unless the local riding association has in front of them a criminal record check of me. I go and get that, and I provide it to the riding association.

Mrs. Sheila Finestone: It sounds like a good idea.

Mr. Paul Forseth: So, as part of an application, in British Columbia certainly, for anyone who's going to be applying for a position of trust or whatever, especially where they're going to become the chairman of a society of boys' and girls' clubs or where they will have access to children, a common criminal record check is done. They may have a very horrendous offending pattern, but if they've been offence- and conviction-free for a period of time that meets the conditions of the pardon, all that comes back on that record is it just says “Pardoned” and that's it. So then we're left with the explanations—

The Chair: I don't think it even says “Pardoned”, but anyway, let's have the question answered.

Mr. Paul Forseth: Okay. Go ahead.

The Chair: I don't think you're right.

Mr. Bruce Phillips: I'll try to deal with that as well as I can.

In the first instance, of course, a reference to a person's criminal record requires the consent of the individual. In your particular case, Mr. Forseth, I'm sure you consented to it.

I always understood that in the case of pardons, it just came up as showing “No record”.

The Chair: That's right. The only time it comes up saying “Pardoned” is on... The Windsor police, for instance, would have a sheet that they would give to me when I was crowning, and I would see the sheet and then I would see that the person had been pardoned of those prior offences. But that wasn't a public record or a record kept under the Criminal Records Act. The record under the Criminal Records Act doesn't say anything. It says there's no criminal record.

Mr. Bruce Phillips: Let me try to deal more generally with the question then. It's a troubling one, and I hear you on this point.

I don't take the position that the Privacy Act should be a refuge for dangerous criminals; I never have. It's for that reason, for example, that there is a section in the Privacy Act that allows disclosures in the public interest.

One of the things that troubled me about the whole problem of publicly identifying people with criminal records is that, at least up until recently, there was no process, particularly. It was left up to the judgment of individual policemen here and there to decide when and whether a person with a bad record should be identified to the public.

I am glad to see the development across the country of community notification committees. Manitoba pioneered it and the notion is quickly taking root in the other provinces. A group of responsible citizens convenes, and when the police feel the public needs to be notified about the presence in their community of a dangerous person, they make a recommendation to the committee. The committee considers the circumstances and either approves or disapproves. It seems to be working pretty well. There isn't any perfect system here, Mr. Forseth, but that's not a bad one, the community notification committee.

• 1155

If, for example, a person of the kind you describe—somebody who had a terrible record, but had received a pardon, as a consequence of which no record would show upon an inquiry... The police would know. In Manitoba, the police would be in a position to make a reference to a community notification committee, to decide whether that person should be identified to the community at large.

My argument here is that yes, with people who are considered to be a high risk to reoffend, there may be a very good case to be made for identifying them. I simply argue that it should be done by a sensible, rational process. That's all.

Mr. Paul Forseth: Thank you.

The Chair: Mr. Maloney, and that will be the last one.

Mr. John Maloney (Erie—Lincoln, Lib.): Thank you, Madam Chair.

Mr. Phillips, in your presentation you have red-flagged a privacy concern respecting an integrated health network. You recited the history of how the envelope has broadened from simple doctor-patient relationships as we get into health care plans and provincial plans, etc. Our federal government is proposing a national integrated health network.

You also pointed out the benefits of such a system if you're out of town, or even if you're in your own community. You may have allergies, and may not be familiar with the procedure that is needed, which may conflict with those allergies. Or even simple sutures—some people may have an inherent allergic reaction to sutures, and so on, maybe a diabetic, and the treatment may not be...high blood pressure, whatever. How do we reconcile the privacy concerns with the benefits that are offered? Can you give me some concrete suggestions on how to do so?

Finally, have you been approached by any government department yet, on a consultative basis, for anticipated legislation in this respect?

Mr. Bruce Phillips: To answer the last question first, yes, sort of.

When the government set up the national advisory council, last year I think it was, under the chairmanship of Dr. Noseworthy, we had written to them, and so did several of my provincial colleagues, suggesting that there should be somebody on that council who was knowledgeable in the area of patient consent and transparency and all that sort of thing and who would be in a position to offer cogent observations. In the upshot, no such person was appointed when the council was set up.

However, I've had subsequent discussion with them and they're taking another look at it. They have asked me for some suggestions as to people I think would be useful in that sense. So that's the answer to that question.

The only answer I can give you is a general answer that in any exchange of personal information—particularly sensitive, intimate information of the kind involved in health care—the patient must know. Second, except in extraordinary circumstances, the patient must have the right to refuse. That is the basic ingredient of a fair information-sharing health system.

I accept the proposition that there may be elements, in such a complex system as seems to be envisaged, where it may be difficult to build that element in at every stage, but I think we have to reach for the absolute maximum attainable element of transparency, openness, and patient participation, yes.

I recommend to you the CMA's code on the matter. They have drafted a code, which they have made public, and which contains a high element of patient engagement and knowledge and consent.

Mr. John Maloney: And you would suggest that we follow that code vis-à-vis implementing a national integrated health network?

Mr. Bruce Phillips: Well, it may be that it won't be applicable in every one of the circumstances.

My general view of this is if you can't respect people's privacy, don't do it unless you can demonstrate an absolutely overpowering argument of public necessity. I mean, that's... We're all human. We should look at this like any other human right. Do not abridge it unless there is a demonstrable overpowering public necessity to do it. I would make the same case with respect to a health information sharing system as any other.

Mr. John Maloney: Thank you, Madam Chair.

• 1200

The Chair: Thanks. I thank all of you.

Mr. Bruce Phillips: May I just conclude by thanking the members of this committee, and Parliament generally, for giving me a little more time to continue to be a pest around here.

The Chair: Okay, thanks.

Sorry for the delay in starting. We had some future business to discuss and we went overtime.

The meeting is adjourned.