BC government stalling on Commissioner’s recommendations

Legislative Assembly of British Columbia
Image shared under CC licence by Province of British Columbia

As we approach the end of 2014, it’s time for our annual check-in on the progress that’s been made for our information rights. It’s been a busy year for Information and Privacy Commissioner Elizabeth Denham, who has made a number of suggestions for important amendments to improve access and privacy laws in this province.

Sadly, the BC legislature has just finished its 2014 session, and the government has done nothing to make the legal changes she recommended.

In December last year, Commissioner Denham supported a complaint by BC FIPA and the UVic Environmental Law Clinic into the failure of government to carry out their duty under section 25 of the Act, which requires that it release information that is in the public interest. She also called for the government to amend this section to remove the requirement that the issue of public interest be “urgent” or timely. Commissioner Denham urged that the government make this amendment “at the earliest opportunity.”

The earliest opportunity would have been the spring session of the Legislature, but so far, the government has done nothing.  There have been developments on this file, however. The Commissioner announced that she has another investigation going into s.25, this time after a complaint by BC FIPA in July 2014 about the BC government’s failure to release information about the weakened state of the Mount Polley taillings pond. Maybe the government is waiting for the result of this second investigation before leaping into action.

The Commissioner also made several recommendations to cut down on the over-disclosure of personal information through police information checks by enacting legislation to prohibit the release of non-conviction information for record checks and directing police to stop releasing non-conviction information (for positions outside the vulnerable sector).

To date, none of the Commissioner’s recommendations for legislative change have been enacted.

But that’s not all. Commissioner Denham released a special report this summer on the near complete collapse of the archiving and records system in government. She pointed out that that not a single box of records has been sent to the archives in more than a decade and that there is a backlog of more than 33,000 boxes overall.

That’s a lot of boxes.

In addition to recommending reorganization of responsibilities for records management in government, Commissioner Denham repeated her earlier call for new legislation to replace the Document Disposal Act, which dates from 1936.

The government has failed to respond to the overdue legislative reforms.

That is the tally for this year, but earlier calls for legislative reform also continue to go unheeded.

In response to the Commissioner’s call  for a “duty to document” to be included in law, the government claims that the question is complicated, and they have no intention of doing anything before the next review of the Act in 2016.

Back in 2011, Commissioner Denham wrote to then-Minister of Citizens Services Margaret MacDiarmid to ask that she amend the Freedom of Information and Protection of Privacy Act to address what she called “an accountability gap. The Commissioner called for the inclusion of the subsidiary corporations of universities, colleges and other public bodies in the Act. She ended her letter to the minister with a call to action:  “It is vital for open and accountable government that, whatever the form of the entity, if it is carrying on public business, it should be subject to FIPPA.”

Two and a half years later, there is still no sign of action from the government.

We will continue pushing the government to take these issues seriously, but to do so we need your help. Consider becoming a member, or making a year-end donation today, so we can keep fighting for your information rights in 2015.

Second online spying bill goes to committee

Image shared under CC license by Ministerio TIC Colombia

Our online privacy rights are coming under intense scrutiny this month, as two bills threaten to expand the ability of law enforcement agencies (and others!) to access our personal information without a warrant. The highly unpopular C-13 is currently making its way through the Senate, and facing fierce opposition. Meanwhile Bill S-4, the Digital Privacy Act which amends the federal private sector privacy law (PIPEDA), was referred to committee before its second reading, opening it to much more extensive amendments than is normally the case.

This is important because as it currently stands, there are some serious questions about the constitutionality of this bill. Its referral to the House of Commons Standing Committee on Industry, Science, and Technology provides a unique opportunity to fix these problems.

The question of whether S-4 is unconstitutional stems from a landmark Supreme Court of Canada ruling in R. v. Spencer in June of this year. Currently, section 7(3)(c.1)(ii) of PIPEDA allows Internet Service Providers to voluntarily disclose metadata to a government institution if it has “made the request for the purpose of law enforcement and has stated its “lawful authority” for the request.” So the question considered in the SCC case, and which makes S-4 of questionable constitutionality, is what constitutes “lawful authority” to obtain metadata?

The court ruled that, contrary to the statements by a number of government officials and lawyers, the collection of IP address information and other metadata does constitute a “search,” and a person does have a reasonable expectation of privacy online. This means that a “simple request” from law enforcement is not enough; a warrant is required in order to allow ISPs to give that information to the authorities.

And this is where Bill S-4 runs into trouble, because it includes a provision that “allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law” (emphasis added). This includes law enforcement and other state agencies, but it also allows non-government organizations (or even individuals) to take advantage of warrantless access. This flies in the face of the SCC ruling.

Professor Michael Geist has highlighted the huge range of uses this new exception might have; from copyright conflicts to defamation claims, commercial battles, and consumer disputes. Protections that have been developed by the courts to create oversight and approval procedures would be replaced by the provisions of S-4 , which give immunity to ISPs that hand over our personal information without being shown a warrant, and without us ever knowing what they did.

There are several good things about S-4 (particularly the breach notification requirements) but the expansion of private organizations’ ability to disclose our personal information is not one of them. We want to see the Committee take advantage of its expanded scope to amend the bill and make it into a real improvement to PIPEDA.

Robocall sentencing highlights need to regulate political parties’ use of our personal information

Image used under CC license by andres musta

Michael Sona was sentenced yesterday to nine months in jail plus a year’s probation, having been found guilty in August of using robocalls to try to keep 6,000 voters in Guelph, Ontario from casting ballots in the 2011 federal election. This case is not the first time that use of the Conservative Party’s Constituency Information Management System database has been pointed to as central to the robocall scandal, highlighting the near complete lack of regulation of how political parties handle our personal information. And they handle a lot of it.

Federal political parties’ databases and all the personal information they contain are still not subject to any law (except for some information related to the voters register). This means that there are precious few rules or accountability over how political parties collect, use, and disseminate our personal information. In a paper written for the federal Privacy Commissioner’s office, University of Victoria Professor Colin Bennett explained why we should be concerned:

“…the current reality is that the parties are managing vast databases within which a variety of sensitive personal information from disparate sources is processed. For the most part, individuals have no legal rights to learn what information is contained therein, to access and correct those data, to remove themselves from the systems, or to restrict the collection, use and disclosure of their personal data. For the most part, parties have no legal obligations to keep that information secure, to only retain it for as long as necessary, and to control who has access to it.”

We’ve been arguing for a long time that the best way to create this oversight is by placing political parties under private sector privacy law, as we explained in our 2012 submission to the Commons ATI, Ethics and Privacy committee when it was examining Big Data.

The time to address this issue is now. Bill S-4, which amends the federal private sector privacy law (PIPEDA), passed the Senate in June, but it has yet to pass the House. Its constitutionality is questionable, following the Supreme Court’s decision that warrants are required for release of subscriber information under PIPEDA, so amendments will be necessary to address these problems. And this would also be an excellent opportunity to amend PIPEDA to bring political parties and their ever-increasing stores of personal information under the law.

We need look no further than British Columbia to see a successful example of this approach; our political parties fall under the private sector privacy law, the Personal Information and Privacy Act (PIPA). Our Commissioner has the power to receive complaints, conduct hearings and investigations and ultimately issue orders. She has already exercised these powers, and the political world has not yet collapsed; there is no reason to think the federal system would collapse if political parties were put under the federal private sector privacy laws. The House of Commons should amend bill S-4 to cover the federal political parties, and bring much needed accountability to the way they use our personal information.

Concerned about online spying? Join the call for sober second thought

Write a letter to the editor about C-13Online Spying Bill C-13 has already passed the House of Commons and will soon face a final vote in the Senate. But the Supreme Court of Canada has ruled that large parts of C-13 are unconstitutional. If passed, the Bill will face legal challenges and waste millions of taxpayer dollars. The Senate claims to be the place where new laws can receive “sober second thought” – and if ever a bill needed a sober rethink, it’s this one.

Opposition to Bill C-13 is huge and growing; it’s faced criticism from across the board, including from the government’s own supporters. We need to let the government and the Senators know just what we think of this resurrection of Vic Toews’ aborted Bill C-30, so our partners at OpenMedia.ca have launched a simple Letter to the Editor tool to help you get your thoughts on Bill C-13 published in your local newspaper.

Read more of what FIPA has to say about this draconian bill here and here.

Don’t delay: let Canada’s senators know you expect a critical review of this bill.