Vanguard
Recent Posts

More privacy safeguards in Five Eye’s data sharing sought

David

The federal privacy commissioner is seeking better oversights and safeguards in the sharing of intelligence data with Canada’s allies in order to better protect the privacy rights of law-abiding Canadians.

In a report that laid bare many of the failings of the government’s ability to ensure the safety of individuals’ private information, Privacy Commissioner David Therrien also warned of the dangers posed by Bill C-51 and the Security of Canada Information Sharing Act (SCISA).

Bill C-51, brought in by the former Conservative government, which introduced sweeping data gathering powers for intelligence and law enforcement agencies.

The Liberal government created a parliamentary to committee to look into the legislation and has promised to repeal elements of C-51 that pose risks to privacy.

Bill C-51 received Royal Assent in June 2015 as the Anti-Terrorism Act, 2015, and came into force in August 2015. It introduced the SCISA which the office of the ombudsman expressed serious concerns in submissions to a number of Parliamentary committees studying the Bill, including the Senate Committee on National Defence and Security.

David
David Therrien

“While the question of oversight has, in part, been addressed, our concerns regarding thresholds remain,” according to the 2015-2016 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act and the Privacy Act, presented by the Office of the Privacy Commissioner.

RELATED CONTENT

Cyberspy agency shared Canadian metadata with foreign partners

Canada’s cyber security deficit

What the RCMP chief wants for Christmas

Declining trust in intelligence agencies suggests need for oversight

The commissioner also outlined the dangers of data sharing among our allies.

The danger of information sharing was illustrated in the 2014-15 Annual Report of the Office of the CSE Commissioner (the CSE’s oversight authority), which reported that information revealing details about the communication activities of Canadians was, due to a filtering technique that became defective, not being properly minimized (for example, removed, altered, masked or otherwise rendered unidentifiable) before being shared with “Five Eyes” partners—the signals intelligence agencies of Australia, New Zealand, the United Kingdom and the United States.

SCISA’s current standard dictates that certain federal government institutions may share information amongst themselves so long as it is “relevant” to the identification of national security threats.

“In our view, that threshold is inadequate and could expose the personal information of law-abiding Canadians,” the report said. “A more reasonable threshold would be to allow sharing where necessary.”

The Office of the Privacy Commissioner identified several key concerns which SCISA. Among them were:

The Office of the Privacy Commissioner said it realizes that in the face of today’s threats, Canadians value but they also deeply care about their privacy. Finding the right balance is” absolutely critical.”

“In pursuit of a better balance, we have recommended, for example, changing SCISA’s information sharing threshold from ‘relevance’ to ‘necessity,’ that private and public sector institutions follow through on transparency reporting; and amending the National Defence Act to add legal safeguards for protecting personal information collected and used by the CSE,” the report said.

Privacy watchdog calls for higher standards in protecting citizens from surveillance

“We are left with 20th-century tools to deal with 21st-century problems,” Therrien said. “And in the meantime, 90 percent of Canadians feel they are losing control of their personal information and expect to be better protected.”

Therrien derided the failure of federal agencies and departments to conduct assessments on privacy impact. The commissioner’s report recommended that legislation is put in place requiring government departments and agencies to conduct Privacy Impact Assessment (PIA) prior to implementation of programs.

For example, he said, in the 2013 case of the Canada Border Service Agency (CBSA) High Integrity Personnel Security Screening Standard, the commissioner’s office was not consulted prior to implementation and a PIA was received upon the program’s implementation.

“As a result, the new and more invasive screening measures began without our input and a related complaint under the Privacy Act followed,” Therrien said. “A legislative requirement to complete a PIA prior to implementation could have resulted in privacy risks being highlighted and mitigated early on.”

Related posts

Making your ISR product better

Marcello Sukhdeo
August 29, 2014

5 steps of the defence equipment acquisition process

Contributed Article
December 9, 2016

MTV, LVM projects on the move

vanAdmin1
August 20, 2013
Exit mobile version