Quebec City February 2005 PUBLIC SECTOR CIO COUNCIL BC - USA Patriot Act Update.

Download Quebec City February 2005 PUBLIC SECTOR CIO COUNCIL BC - USA Patriot Act Update.

Post on 17-Dec-2015

216 views

Category:

Documents

1 download

Embed Size (px)

TRANSCRIPT

  • Slide 1
  • Quebec City February 2005 PUBLIC SECTOR CIO COUNCIL BC - USA Patriot Act Update
  • Slide 2
  • 1 Background BCGEU legal action (February 2004) Outsourcing and Patriot Act. Information and Privacy Commissioner Inquiry (over 500 submissions) Public profile media coverage, Right to Privacy Campaign, Fahrenheit 9/11 BC Government Submission Commissioners Report/Recommendations (October 2004)
  • Slide 3
  • 2 FOIPP Act Legislative Changes (Bill 73) Amending protection of privacy provisions in the FOIPP Act to prevent the storage of, and access to, personal information outside of Canada Amending protection of privacy provisions in the FOIPP Act to restrict the disclosure of personal information outside of Canada Extending requirements and restrictions posed by privacy protection provisions to service providers and employees Requiring the reporting of any requests received from jurisdictions external to Canada for unauthorized disclosure of personal information Including whistle-blower protection in legislation to protect individuals who report violations of the disclosure rules Creating offences and penalties for violation of disclosure rules and failure to report Transitional provisions
  • Slide 4
  • 3 Transitional Provisions The new privacy provisions will apply to all contracts signed by Government Ministries with a contract commitment date later than October 12, 2004. The provisions will also apply to contracts signed by all other public bodies (including Crown agencies, health authorities, municipalities, etc.) with a contract commitment date after Royal Assent (October 21). However, a public body is expected to bring all existing contracts into compliance with the new provisions as soon as reasonably possible. Commitment date means: (a) in the case of a contract that a public authority is legally obliged to enter into as a result of a completed binding competitive process, the date on which the process was completed, or (b) in any other case, the date on which the contract was entered into by the public authority;
  • Slide 5
  • 4 Commissioners Report Key points: A ban on outsourcing is not a practical or effective response A sensible solution is to put in place legislative, contractual and practical mitigating measures against illegal and surreptitious access Commissioner called Bill 73 a laudable piece of legislation and has suggested that the Federal government enacted similar provisions Made 16 recommendations 6 Federal; 2 joint; 8 BC (a number of which were not related to the Patriot Act Information sharing agreements)
  • Slide 6
  • 5 Commissioners recommendations Further amendments to the FOIPP Act Create and publish a litigation policy for challenging foreign orders BC/Canada to jointly request USA not to seek personal information under the Patriot Act or similar mechanisms Commit resources to ensure privacy mitigation measures are in contracts Implement a program of regular third party compliance audits TB to direct Ministries to include resources for audits and contract privacy measures in their service plans and budgets Federal government should review legislation re Patriot Act Federal government should review FOIPP amendments and consider implementing
  • Slide 7
  • 6 Commissioners recommendations (cont.) Conduct comprehensive audit of Information Sharing Agreements, publicly release report and address deficiencies Conduct comprehensive review of data mining activities and develop legislation to regulate Federal government should also implement ISA and data mining recommendations Fully implement and expand section 69 of FOIPP Act (PID) Make similar amendments to PIPA and PIPEDA Federal government should review: anti-terrorism legislation International Trade and Investment Agreements to ensure they do not impair provincial jurisdiction to maintain and enhance privacy protections Trans-national Data Protection and Oversight Standards in International Agreements.
  • Slide 8
  • 7 Mitigation Strategies Mitigation measures include: 1. Technology and Businesses Processes 2. Employee Strategies 3. Contractual Measures 4. Corporate Structures Procurement - privacy protection requirements/schedule Legislative provisions
  • Slide 9
  • 8 Next Steps Rigorous mitigation provisions in contracts and corporate restructuring requirements Sharing with other jurisdictions federal/provincial discussions Responding to Information and Privacy Commissioners Recommendations on-going Continuing Profile FOI requests, media Pending legal action
  • Slide 10
  • 9 Guidelines and Resources Information Policy and Privacy Branch Website: www.mser.gov.bc.ca/foi_pop/ www.mser.gov.bc.ca/foi_pop/ Bill 73 Model Contract Language (Privacy Protection Schedule) Privacy Protection Measures Q & As Proposed amendments to FOIPP Act in response to the USA Patriot Act USA Patriot Act Government Briefing Link to Purchasing and Contract Management Resource Centre Instructions on How to Apply Amendments to Contracts Suggested RFP Language

Recommended

View more >