quebec city february 2005 public sector cio council bc - usa patriot act update
TRANSCRIPT
Quebec CityFebruary 2005
PUBLIC SECTOR CIO COUNCIL
BC - USA Patriot Act Update
2
Background
BCGEU legal action (February 2004) – Outsourcing and Patriot Act.
Information and Privacy Commissioner Inquiry (over 500 submissions)
Public profile – media coverage, “Right to Privacy Campaign”, Fahrenheit 9/11
BC Government Submission
Commissioner’s Report/Recommendations (October 2004)
3
FOIPP Act Legislative Changes (Bill 73)
Amending protection of privacy provisions in the FOIPP Act to prevent the storage of, and access to, personal information outside of Canada
Amending protection of privacy provisions in the FOIPP Act to restrict the disclosure of personal information outside of Canada
Extending requirements and restrictions posed by privacy protection provisions to service providers and employees
Requiring the reporting of any requests received from jurisdictions external to Canada for unauthorized disclosure of personal information
Including “whistle-blower protection” in legislation to protect individuals who report violations of the disclosure rules
Creating offences and penalties for violation of disclosure rules and failure to report
Transitional provisions
4
Transitional Provisions
The new privacy provisions will apply to all contracts signed by Government Ministries with a contract commitment date later than October 12, 2004.
The provisions will also apply to contracts signed by all other public bodies (including Crown agencies, health authorities, municipalities, etc.) with a contract commitment date after Royal Assent (October 21).
However, a public body is expected to bring all existing contracts into compliance with the new provisions as soon as reasonably possible.
Commitment date means:
(a) in the case of a contract that a public authority is legally obliged to enter into as a result of a completed binding competitive process, the date on which the process was completed, or
(b) in any other case, the date on which the contract was entered into by the public authority;
5
Commissioner’s Report
Key points:
“A ban on outsourcing is not a practical or effective response”
“A sensible solution is to put in place legislative, contractual and practical mitigating measures against illegal and surreptitious access”
Commissioner called Bill 73 a “laudable piece of legislation’ and has suggested that the Federal government enacted similar provisions
Made 16 recommendations – 6 Federal; 2 joint; 8 BC (a number of which were not related to the Patriot Act – Information sharing agreements)
6
Commissioner’s recommendations
Further amendments to the FOIPP Act
Create and publish a litigation policy for challenging foreign orders
BC/Canada to jointly request USA not to seek personal information under the Patriot Act or similar mechanisms
Commit resources to ensure privacy mitigation measures are in contracts
Implement a program of regular third party compliance audits
TB to direct Ministries to include resources for audits and contract privacy measures in their service plans and budgets
Federal government should review legislation re Patriot Act
Federal government should review FOIPP amendments and consider implementing
7
Commissioner’s recommendations (cont.)
Conduct comprehensive audit of Information Sharing Agreements, publicly release report and address deficiencies
Conduct comprehensive review of data mining activities and develop legislation to regulate
Federal government should also implement ISA and data mining recommendations
Fully implement and expand section 69 of FOIPP Act (PID)
Make similar amendments to PIPA and PIPEDA
Federal government should review: anti-terrorism legislation International Trade and Investment Agreements to ensure they do not
impair provincial jurisdiction to maintain and enhance privacy protections Trans-national Data Protection and Oversight Standards in International
Agreements.
8
Mitigation Strategies
Mitigation measures include:1. Technology and Businesses Processes2. Employee Strategies3. Contractual Measures4. Corporate Structures
Procurement - privacy protection requirements/schedule
Legislative provisions
9
Next Steps
Rigorous mitigation provisions in contracts and corporate restructuring requirements
Sharing with other jurisdictions – federal/provincial discussions
Responding to Information and Privacy Commissioner’s Recommendations – on-going
Continuing Profile – FOI requests, media
Pending legal action
10
Guidelines and Resources
Information Policy and Privacy Branch Website: www.mser.gov.bc.ca/foi_pop/
Bill 73
Model Contract Language (Privacy Protection Schedule)
Privacy Protection Measures
Q & As – Proposed amendments to FOIPP Act in response to the USA Patriot Act
USA Patriot Act – Government Briefing
Link to Purchasing and Contract Management Resource Centre
Instructions on How to Apply Amendments to Contracts
Suggested RFP Language