ETHI Committee Report

If you have any questions or comments regarding the accessibility of this publication, please contact us at accessible@parl.gc.ca.

PDF

CHAPTER 1: INTRODUCTION

1.1 Mandate

On 18 October 2016, the House of Commons Standing Committee on Access to Information, Privacy and Ethics (“the Committee”) adopted the following motion:

That the Committee undertake a study of the Security of Canada Information Sharing Act, its impacts on privacy since its implementation, and whether there are any changes that should be proposed in the course of the Government’s national security consultation and review.[1]

The Committee began its study on 3 November 2016. Over the course of 10 meetings on the subject, it heard from 42 witnesses. It also received three briefs.

The Committee would like to thank all those who contributed to this report, including the witnesses, interpreters, Committee staff, analysts, translators and members of the publications team.

This report explores the Security of Canada Information Sharing Act[2] (SCISA) in terms of its impact on Canadians’ privacy. The Committee considered the provisions contained in SCISA, their wording, their application to date and their effect on privacy. The report presents the issues raised during the study about the extent of information-sharing authorities and their impact on Canadians’ privacy. In addition, the report addresses the proposed amendments to SCISA to resolve or mitigate these issues.

1.2 Overview of the Security of Canada Information Sharing Act

This section provides an overview of the provisions of SCISA addressed in the report.

In June 2015, Bill C‑51, the Anti-terrorism Act, 2015, received Royal Assent.[3] Among other measures, the bill enacted new legislation: SCISA. This new Act created additional powers for sharing national security information.

1.2.1 Purpose and Principles of the Security of Canada Information Sharing Act

Section 3 of SCISA states that the Act is intended to protect Canadians against “activities that undermine the security of Canada” by encouraging and facilitating the sharing of information related to such activities among Government of Canada institutions.[4] The preamble to the Act also lists the principles underlying the purpose of SCISA.

In addition, section 4 of SCISA sets out the principles that are to guide information sharing under the Act:

(a) effective and responsible information sharing protects Canada and Canadians;
(b) respect for caveats on and originator control over shared information is consistent with effective and responsible information sharing;
(c) entry into information-sharing arrangements is appropriate when Government of Canada institutions share information regularly;
(d) the provision of feedback as to how shared information is used and as to whether it is useful in protecting against activities that undermine the security of Canada facilitates effective and responsible information sharing; and
(e) only those within an institution who exercise its jurisdiction or carry out its responsibilities in respect of activities that undermine the security of Canada ought to receive information that is disclosed under this Act.

1.2.2 New Information-Sharing Authorities

1.2.2.1 Authorities in General

Subsection 5(1) of SCISA explicitly establishes a new information-sharing power for Government of Canada institutions:[5]

Subject to any provision of any other Act of Parliament, or of any regulation made under such an Act, that prohibits or restricts the disclosure of information, a Government of Canada institution may, on its own initiative or on request, disclose information to the head of a recipient Government of Canada institution whose title is listed in Schedule 3, or their delegate, if the information is relevant to the recipient institution’s jurisdiction or responsibilities under an Act of Parliament or another lawful authority in respect of activities that undermine the security of Canada, including in respect of their detection, identification, analysis, prevention, investigation or disruption.

As a result, given that the information shared must relate to the recipient institution’s jurisdiction or responsibilities under an Act of Parliament or another lawful authority, the criterion for sharing is that of “relevance” rather than “necessity.”

Schedule 3 to SCISA lists 17 institutions that are authorized to receive information.

The wording “[s]ubject to any provision of any other Act of Parliament, or of any regulation made under such an Act, that prohibits or restricts the disclosure of information” appears to indicate that the new powers established in subsection 5(1) are subject to other Acts of Parliament or regulations made under an Act of Parliament.

Subsection 5(2) of SCISA allows the further disclosure to a Government of Canada institution listed in Schedule 3 of information that has already been shared pursuant to subsection 5(1).

Section 6 of SCISA specifies the rules that apply in the event that information initially shared pursuant to SCISA is further disclosed outside the framework of SCISA. SCISA neither prohibits nor authorizes this further disclosure, but stipulates that it must be done in accordance with the law.

There were already certain authorities related to the sharing of information in place before SCISA came into effect. Indeed, section 8 of SCISA stipulates that SCISA does not limit any pre-existing sharing authorities and that such authorities continue to apply. Specifically, several Government of Canada institutions could already share information with other Government of Canada institutions under an Act of Parliament, at common law or under the royal prerogative.

1.2.2.2 Definition of “Activity That Undermines the Security of Canada”

As mentioned above, the information-sharing authorities that SCISA confers on Government of Canada institutions deal specifically with “activities that undermine the security of Canada.” Section 2 of SCISA defines this term. It should be noted that this definition excludes “advocacy, protest, dissent and artistic expression.”[6]

1.2.2.3 Civil Immunity

Section 9 of SCISA provides for civil immunity: “No civil proceedings lie against any person for their disclosure in good faith of information under this Act.”

1.2.2.4 Regulations

Pursuant to section 10 of SCISA, on the recommendation of the Minister of Public Safety and Emergency Preparedness, the Governor in Council may make regulations implementing SCISA, including regulations respecting the manner of disclosing information. However, for the time being, no regulations have been made.[7]

[1] House of Commons, Standing Committee on Access to Information, Privacy and Ethics (ETHI), 1^st Session, 42^nd Parliament, Minutes of Proceedings, 18 October 2016.

[2] Security of Canada Information Sharing Act [SCISA], S.C. 2015, c. 20, s. 2.

[3] Bill C‑51, An Act to enact the Security of Canada Information Sharing Act and the Secure Air Travel Act, to amend the Criminal Code, the Canadian Security Intelligence Service Act and the Immigration and Refugee Protection Act and to make related and consequential amendments to other Acts, 2^nd Session, 41^st Parliament (Royal Assent, 18 June 2015).

[4] SCISA, s. 3.

[5] It should be noted that this is a discretionary power for Government of Canada institutions. Therefore, such institutions may choose whether or not to share information pursuant to SCISA.

[6] SCISA, s. 2.

[7] Office of the Privacy Commissioner of Canada, 2015–2016 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act and the Privacy Act, September 2016.