Office of the Privacy Commissioner Plans Ahead

Office of the Privacy Commissioner Plans Ahead

Matt Lonsdale is a JD Candidate at Dalhousie University

Last week the Office of the Privacy Commissioner of Canada (OPC) released its Annual Report to Parliament on the Privacy Act. A recurring theme is the friction at the nexus between individual privacy interests, national security concerns, and technological advances. In the Commissioner’s opening statement, she notes that “evolving technologies, global data flows, increased surveillance and the government’s thirst for personal information means our work is never done”.

This focus can also be seen in the identification of the OPC’s four priority areas for the immediate future: genetic technologies, information technologies, national security, and identity protection. The Commissioner notes her disappointment that the OPC's recommendations to update the Privacy Act to address these new concerns were dismissed.

The report also contains noteworthy statistics. Treasury Board policy requires that a federal government institution designing a new program or service that raises privacy concerns must complete a Privacy Impact Assessment and submit the results to the OPC for review. 2009-2010 saw a 59% increase of such submissions. This is a welcome sign that government agencies are considering privacy issues when implementing new programs.

OPC was also able to make a significant dent in its backlog of complaint files, having opened 665 files and closed 1154. The bulk of the new complaints were related to individuals seeking to obtain access to personal information about themselves held by a government agency, with less than 20% concerning the inappropriate use or disclosure of personal information. With this backlog out of the way, the OPC hopes to have time to focus on “complex and precedent setting cases”. It will be interesting to see whether this translates into more vigorous pursuits—under ss. 41 and 42 of the Privacy Act—of Federal Court reviews of governmental agencies’ refusals to provide access to personal information.