During the study, several witnesses drew the attention of Committee members to section 9 of SCISA, which reads as follows: “No civil proceedings lie against any person for their disclosure in good faith of information under this Act.”[367] Some felt that the implications of this section were worrisome.[368] To illustrate the consequences of immunity from civil proceedings, some witnesses drew a parallel between section 9 of SCISA and the case of Maher Arar, a Canadian who was subjected to torture, in particular because of inaccurate shared information.[369] In fact, some witnesses pointed out that section 9 of SCISA actually prevented Canadians who suffered harm because of information shared under SCISA from obtaining compensation.[370]

Ms. Austin stated that a “provision that there is no recourse for those who are abused undermines the trust of Canadians.”[371] Mr. Fraser added that if “a statute has to provide immunity for otherwise unlawful conduct, we should be very careful about authorizing that conduct in the first place and we should be very careful about granting that immunity.”[372] Also, according to Mr. Mia, “[s]ection 9 says that when someone shares information and it harms a Canadian or some person — but let's say a Canadian, as in the Arar case — they're immune from paying out compensation or being sued for it.”[373] Similarly, Mr. Roach noted in reference to section 9 of SCISA:

Not only does this raise the spectre of allowing the sort of information sharing that harmed Maher Arar and many other people, but it also puts yet another barrier to getting civil compensation should information sharing — and in particular I would stress information sharing about security threats — impose harm on people who may very well want to seek compensation for it and who may very well want to restore their reputation.[374]

In her appearance before the Committee, Ms. Sheppard of the Department of Justice explained why section 9 was included in SCISA:

When we decided to include it, we consulted with operating agencies and departments, which revealed that some civil servants were reluctant to lawfully share information because they were afraid they would be found personally liable in terms of committing a criminal act for disclosing information. It was really done to help allay anxiety and to encourage responsible disclosure, charter-compliant disclosure.

The provision is there to inform public servants that they will be protected from civil liability if they disclose information in good faith, and that's why it was included. It shields individuals. It was not ever intended to shield the crown from immunity, and that may be something that people don't understand.

Individuals who are adversely affected by sharing could begin civil liability proceedings against the crown, which could be found vicariously liable for the actions of its employee, but it wouldn't protect them from criminal liability if they maliciously shared information.[375]

For his part, the Privacy Commissioner, in a written response to the Committee dated 5 December 2016, stated the following:

While you may wish to consult with the Department of Justice, which has the most relevant expertise in this area, it is our view that the Crown would likely be protected from civil suit by section 9. The Crown can only be liable in tort through the tortious acts of its servants. If a statutory immunity clause relieves individual Crown servants of liability, the Crown cannot be vicariously liable for their actions unless the immunity clause expressly preserves the Crown's potential liability.

Mr. Mia noted that the immunity provided under section 9 included the Crown, and he was concerned about the fact that “you can be negligent and act in good faith as well.”[376] As well, Ms. Vonn specified that she “certainly read the clause as one in which the Crown was waiving its own liability, and not civil servants,’”[377] and that “[i]f failure to achieve clarity in that clause was evident to us,”[378] she believed it would “be evident to most Canadians.”[379] Ms. Austin also told the Committee, “I would add that because the word ‘person’ is there, I would automatically assume it includes the Crown. If it's not meant to include the Crown, it would be a useful amendment to say that the Crown can be liable.”[380] She also added that “it seems useful to keep some provision to say that a good-faith interpretation of this isn't going to get you into trouble,” [381] as for example in the case of a “civil servant who is worried about misjudging that line in terms of sharing information.”[382]

For Mr. Kapoor, section 9 “is just an indemnification issue. The government has to be responsible for mistakes. ... Just by indemnification, the government can solve this problem so that they're not hung out to dry. From my perspective, we can get rid of this provision and have proper indemnification agreements.”[383]

Mr. Roach said he “would favour simply deleting section 9 of SCISA.”[384] He added that it would be preferable to leave it up to the courts to decide whether a person can obtain compensation.[385]

In light of the evidence, the Committee recommends:

Recommendation 13

That the Government of Canada amend section 9 of the Security of Canada Information Sharing Act to make it clear and unequivocal that:

a) only employees acting in good faith in the performance of their duties are immune from civil proceedings; and

b) the Crown remains liable for the actions of its employees.