FIPA HOME
News Library Links About Help
FIPA is a non-profit society dedicated to advancing freedom of information and privacy rights in Canada...

Your FOI and Privacy Rights

How can we help you?

Help Topics Here
Donate
Contact Us
News Updates
Become a Member
Privacy Policy

Follow us on Twitter

This website was developed through generous grants from

the Law Foundation of British Columbia

Notary Foundation

and

the Notary Foundation of British Columbia

Notary Foundation

CLICK HERE FOR A LIST OF FIPA'S MAJOR FUNDERS.


BC Freedom of Information and Privacy Association (FIPA) is a registered sponsor under the Election Act


Recent Audits by the Privacy Commissioner and Auditor-General

Some links on this page take you outside of our web site. To return, please use your web browser's back button.

In February 2009, the Privacy Commissioner of Canada and the Auditor-General of Canada published their concurrent audits of three federal institutions: Elections Canada, Human Resources and Development Canada/Service Canada (HRSDC); the Canada Revenue Agency; and the Auditor General also audited Passport Canada (which the Privacy Commissioner had separately audited in 2008).

The audits were limited to looking at the management of one large database in each institution:

  • at Elections Canada, the National Register of Electors was reviewed, containing the personal information of 23 million Canadians;

  • at HRSDC, the Social Insurance Register was reviewed, with nearly 31 million active records;

  • at the Canada Revenue Agency, the IDENT database was reviewed, containing personal information about approximately 33 million taxpayers; and  

  • at Passport Canada, the Auditor General looked at the Passport Index, which contains information about over 17 million passports. 

Both audits called for stronger leadership from the Treasury Board Secretariat to avoid the development of independent solutions to common challenges in identity authentication, information management and policy development.

The Privacy Commissioner recommended that the Treasury Board implement new and comprehensive policies and guidance on privacy impact assessments, identification and authentication and information sharing. The Commissioner also recommended developing and promoting better privacy training across government institutions. 

  • The concurrent audits revealed that information sharing is not new and the growth of interoperable systems is inevitable. They also showed that there are risks that privacy will be considered an afterthought or an add-on, - secondary to the main goals of efficiency and cost-containment.  If this happens, citizens will be the losers.

Auditor-General Recommends Interoperability

Probably the most important single issue to emerge from the audit by the Auditor-General is the perceived need for an integrated federal approach for managing identity information across the federal public service. The Auditor-General argues that improving the management of identity information could increase efficiency, reduce duplication, streamline processes, reduce errors, help prevent fraud and improve the delivery of programs to citizens.

The Audit Report - Adobe Reader is required - recommends that the Treasury Board continue to lead its work on establishing a government-wide framework, policies and governance arrangements for identity management. Specifically, the Auditor-General recommended that identity management practices be standardized and interoperability be increased within the Canadian government.

The Treasury Board agreed with the Auditor-Generals recommendations and indicated that new policies to address and support identity management are expected to be introduced in 2010, with full implementation within three years.

Privacy Commissioner Silent on Interoperability, Emphasizes Privacy Policies and Practices

Although integrated identity management was at the core of the Auditor-General's audit, that subject was not mentioned in the Privacy Commissioner's report - Adobe Reader is required. Given the privacy risks as well as the potential benefits posed by interoperability, this is somewhat surprising, as the views and concerns of the Privacy Commissioner could have been helpful to the process of developing a privacy protective integrated identity management system. As it stands, there is no critique or response in either report about the promised benefits of interoperability, nor is there any suggestion of the risks posed by such systems.

Instead, the Commissioner focused on the manner in which the institutions handled information generally, and specifically in the three databases examined. For the most part, the Commissioner was reasonably satisfied with the information handling practices of the institutions (with the exception of (Passport Canada), or with their willingness to improve, and most of the recommendations were accepted by the institutions that were audited.

 


Design by Coverall Crew Hosted with Love by Retrix Hosting
fipa@fipa.bc.ca    #103 - 1093 West Broadway, Vancouver, BC, V6H 1E2,  Tel: 604.739.9788