The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, February 14, 2008

No need for RCMP to keep files secret, privacy Commissioner says 

The Privacy Commissioner of Canada has completed a review of the exempt databanks maintained by the RCMP and has concluded that many of the records should not be there in the first place. She calls it "disturbing":

News Release: Large number of files mistakenly held in RCMP exempt data banks "disturbing," says Privacy Commissioner (February 13, 2008) - Privacy Commissioner of Canada

Large number of files mistakenly held in RCMP exempt data banks "disturbing," says Privacy Commissioner

Commissioner tables first special report to Parliament; raises serious concerns about data banks containing documents Canadians can’t access

February 13, 2008 — An audit has found that many of the national security and criminal operational intelligence files sheltered from public access in the RCMP’s exempt data banks did not belong there, says the Privacy Commissioner of Canada in a special report to Parliament.

"These data banks have been crowded with tens of thousands of files that should not have been there," says Commissioner Jennifer Stoddart.

"Government transparency and accountability are fundamental concepts in democratic countries like Canada. Being named in a national security exempt bank file could have a harmful impact, particularly in a post 9-11 environment. For example, it could potentially affect someone trying to obtain an employment security clearance, or impede an individual’s ability to cross the border."

Exempt data banks serve to withhold the most sensitive national security and criminal intelligence information. Government departments and agencies which control these records will consistently refuse to confirm or deny the existence of information in response to an individual’s request for access.

Canadians should be able to see their personal information – except under limited circumstances, such as where the disclosure could threaten national security, international affairs or lawful investigations.

"The large number of documents held in these exempt banks when their inclusion was unwarranted is disturbing – particularly given the RCMP was advised of compliance problems 20 years ago and made a commitment to properly manage such banks " says Commissioner Stoddart.

"More than half of the files examined as part of our audit should not have been there."

The Privacy Commissioner announced during her appearance before the Maher Arar inquiry – where the sharing of personal information by police became a central issue – that her Office would audit exempt data banks held by federal government departments and agencies.

The audit findings are detailed in a special report tabled today in Parliament. This is the first time the Privacy Commissioner has used her powers under the Privacy Act to issue a special report.

RCMP’s Exempt Banks

The RCMP has two exempt banks: Criminal Operational Intelligence Records and National Security Investigations Records.

Of the files the Office of the Privacy Commissioner (OPC) tested, more than half of the national security files and over 60 per cent of criminal operational intelligence files did not warrant exempt bank status. Exempt banks are designed to hold only the most sensitive of such information. These files did not meet the threshold for inclusion in an exempt bank as set out in the Privacy Act and/or the RCMP’s own policy.

These findings are of particular concern given that, with few exceptions, the audit was conducted on files already examined by the RCMP as part of a recent internal review.

To illustrate, one seven-year-old file in the national security exempt bank detailed a resident’s tip that a man had gone into a rooming house and drugs might be involved. Police investigated, but found the man had simply dropped his daughter off at a nearby school and stepped out of his car to smoke.

RCMP Internal Review

While the OPC audit was proceeding, the RCMP conducted its own internal review, which has so far resulted in the removal of more than 45,000 records from the criminal operational intelligence exempt data bank. This review found varying rates of compliance:

  • Almost 99 per cent of criminal intelligence exempt data bank holdings – more than 2,700 documents – at RCMP headquarters should not have been there.
  • At B Division in Newfoundland and Labrador, roughly two-thirds of documents – close to 37,000 records – were incorrectly kept in the criminal intelligence exempt bank.

An internal review of the national security exempt data bank holdings at 13 divisions resulted in the removal of more than 1,400 files – more than 40 per cent of the files examined.

Notwithstanding the large number of records removed from the exempt data bank holdings as a result of the internal review, the OPC audit concluded both banks remain overpopulated.

"The problems are largely due to a general lack of awareness within the force of exempt bank policy and the absence of ongoing monitoring," says Commissioner Stoddart.

Past History of the RCMP Exempt Bank

In the late 1980s, the RCMP’s criminal operational intelligence exempt bank order was rescinded for non-compliance following another OPC review.

"That exempt bank order was reinstated with an understanding that the RCMP would adhere to guidelines for managing exempt bank holdings. Unfortunately, the RCMP has not met this commitment," the Commissioner says.

"While there is a clear need for exempt data banks to ensure highly sensitive information related to security and intelligence work is protected, privacy concerns must also be considered. Greater care must be taken to ensure that personal information is concealed in an exempt data bank only when absolutely necessary."

Results

The Privacy Commissioner is satisfied that the RCMP is taking the audit observations and recommendations seriously and will take action to ensure its exempt banks comply with the Privacy Act and RCMP policy.

The OPC will examine how the RCMP has followed through on its plans to improve how the exempt banks are managed within the next two years.

The special report and a backgrounder are available at http://www.privcom.gc.ca/.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.

From the Globe & Mail:

globeandmail.com: No need for RCMP to keep files secret, privacy czar says

No need for RCMP to keep files secret, privacy czar says

OMAR EL AKKAD

February 14, 2008

OTTAWA -- More than half the files in the RCMP's secret data banks should not be there, the federal Privacy Commissioner said yesterday in a report that is likely to renew calls for an overhaul of the national police force.

An audit by the commissioner's office found that tens of thousands of files in the RCMP's two "exempt" banks - which are designed to hold the most sensitive national security and criminal intelligence information - should not be secret, and many should have been removed years ago.

"These finds are particularly concerning given that, with few exceptions, the audit was conducted on randomly selected files already examined by the RCMP as part of an internal review," Privacy Commissioner Jennifer Stoddart said in a news release accompanying the report.

Ms. Stoddart said the large number of files kept secret was not only unjustifiable, but illegal.

In one case, a man on a Canada-U.S. bus tour, exasperated with a delay by the tour guide, joked that he should hijack the bus, Ms. Stoddart said. The bus driver told U.S. customs officials, and the RCMP were called. Even though it was deemed that the incident was clearly not a serious hijacking attempt, a file was kept in one of the secret banks for more than five years.

Ms. Stoddart said Canadians should be concerned about the large number of unnecessarily secret files because they can have a serious impact on someone looking to cross the border or obtain security clearance for a job.

Because the files are part of the secret data banks, she said, the RCMP will neither confirm or deny they exist when individuals ask the police force if they have any files on them.

Ms. Stoddart said her findings were especially surprising because a previous audit 20 years ago also discovered serious compliance problems with the data banks - problems the RCMP undertook to fix at the time.

The RCMP made the same pledge again yesterday."We will be implementing every one of this report's recommendations," Chief Superintendent Dan Killam said in a news release. He said that the force will re-examine files retained in banks known as Criminal Operational Intelligence Records and National Security Investigation Records.

"The end result will be a new accountability structure that will see responsibility for these banks shared between operational areas of the force and experts from our Access to Information and Privacy Branch," Mr. Killam said. "Based on our reading of Ms. Stoddart's report, we believe this increased oversight of the exempt banks is what she and other Canadians want."

Ms. Stoddart's report, which marks the first time the commissioner has used her powers under the Privacy Act to issue a special report to Parliament, is more bad news for a police force already under intense public scrutiny.

Liberal MP Ujjal Dosanjh said the new findings are a clear indication that the government should adopt the recommendations of a federal task force last year that proposed a new civilian board of management for the force.

"It is absolutely shocking that the RCMP would show such reckless disregard for information about individuals of which 99 per cent did not deserve to be there in the first place," Mr. Dosanjh said. "That should send shivers down every Canadian's spine."

Ms. Stoddart said she believes the large number of unnecessarily secret files are the product of negligence rather than malice.

"I think it just fell by the wayside."

Labels: ,

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs