CSIS Contribution to Federal Privacy Reform
Date: Date the document is sent
Classification: UNCLASSIFIED
Fully releasable (ATIP)? Yes
Branch / Agency: Organization name
Issue: On May 17, 2020, the Canadian Press published a news article based on CSIS’ contribution to the Department of Justice’s initial consultations on its Privacy Act reform initiative. This information was released in response to an Access to Information request.
Proposed Response:
- The Government of Canada, in its commitment to safeguarding Canadians’ privacy rights, has begun taking the necessary steps to update Canada’s Privacy Act, which dates back to 1983.
- As with all new, wide-reaching government initiatives, federal departments and agencies are being consulted as an initial step in this process. The Public Safety portfolio, which includes the Canadian Security Intelligence Agency (CSIS), is supporting the Department of Justice in its review of this important piece of legislation.
- Privacy, technology and data have evolved significantly over the last 35 years, as have Canadians’ expectations around these issues. CSIS has, in its own legislation (CSIS Act), robust safeguards to ensure that Canadians’ rights and freedoms, including privacy, are protected.
- At the same time, Canadians understand that CSIS plays a critical role in keeping them and their interests safe. It is therefore incumbent on CSIS to support the Department of Justice’s work by highlighting the challenges and impacts from a national security perspective.
- Canadians would, and should, expect no less.
Background:
On May 17, 2020, the Canadian Press published a news article entitled “CSIS says proposed federal privacy reform could hinder spy operations.” This article is based on CSIS’ contribution to the Department of Justice’s (DoJ) initial consultations on its Privacy Act reform initiative. This information was released in response to an Access to Information request.
In September 2019, CSIS’ submitted to the DoJ its initial thoughts on consultation documents that were sent across federal government departments, and on specific questions the DoJ is considering in its review of the Privacy Act.
CSIS’ submission was an analytical exercise to proactively support DoJ thinking as it embarks on broad consultations during which many stakeholders will have the opportunity to weigh-in on the full scope of issues in this important project. CSIS is engaging with the DoJ in concert with its Public Safety portfolio partners and all other federal departments and agencies. The DoJ also intends to consult with technical and legal experts, as well as the wider Canadian public during this process.
As you know, the Privacy Act governs how federal institutions use, share and store the personal information of Canadians. CSIS agrees that there are challenges with the current Privacy Act, as it dates back to 1983. Over the last 35 years, privacy, technology and data have evolved significantly, as have Canadians’ expectations around these issues. CSIS takes privacy considerations related to its work very seriously. Robust safeguards are set in legislation (the CSIS Act) to ensure Canadians’ rights and freedoms, including privacy, are protected. This includes how CSIS collects, stores and uses data, and also details the role the Federal Court and review agencies play in examining CSIS’ investigations to ensure that CSIS remains compliant with the CSIS Act, the Canadian Charter of Rights and Freedoms (the Charter), other domestic laws and Ministerial Authority. CSIS respects the privacy of all Canadians – whose confidence is fundamental to its legitimacy and ability to operate effectively.
At the same time, CSIS has an important mission to fulfill: protecting Canadians and their interests from threat actors who seek to do Canada harm. It is therefore incumbent upon CSIS to support the DoJ’s work by highlighting some key considerations, particularly the challenges and impacts, from a national security perspective. Given the broad range and distinct requirements of each government entity bound by the Privacy Act, CSIS must ensure that consideration be given to its unique investigatory mandate and that a modernized Privacy Act remains interoperable with its own legislation and the Charter.
Unfortunately, CSIS was not approached for comment before the article was published. Therefore, examples used in the article did not include the necessary context. For instance, the author highlighted CSIS’ concern with mandatory privacy breach notifications without providing the explanation CSIS had provided in its submission. As noted in the submission, such notifications would preclude CSIS from conducting its own analysis in balancing the potential negative impact on national security (such as jeopardizing investigations) and the privacy benefits of a notification. CSIS has reached out to the author to clarify its perspective and to open the door for future dialogue.
Contacts:
Prepared by: CSIS
Approved by: [REDACTED]
- Date modified: