Resolution of the Federal, Provincial and Territorial Privacy and Information Ombudspersons and Commissioners

Ottawa, October 28-29, 2014

Context

Technologies present tremendous opportunities and challenges for access and privacy rights all across Canada and all over the world.

In fact, digital information has become the lifeblood of governments. It is the foundation of decision-making, policy development, and service delivery to citizens. Digital information is a pillar of open government and citizens’ participation in democracy. The public expects increasingly open, responsive and efficient governments.

In parallel, official communications are increasingly done using technologies that did not exist at the time most privacy and access laws were enacted; organizations are generating unprecedented volumes of information that they must organize, store, search and secure, so as to both facilitate legitimate access and prevent unauthorized disclosures; technologies are changing the nature of government records and is challenging traditional information management practices.

Moreover, just as technology is bringing undeniable benefits to governments and society at large, digital information is now more vulnerable than paper records ever were.

With regard to privacy rights, biometrics, wearable computing devices, cloud computing and other technological developments have increased the risk of over-collection and over-retention of personal information, inappropriate sharing of personal information, data matching and data breaches.

With regard to information rights, the level of complexity in recovering information stored outside official networks, such as on personal file storage, wireless devices, in the cloud or in personal email accounts, has been compounded. At the same time, the oral culture of government and the lack of any formal duty to properly document decisions inevitably limit what records are available for access purposes.

This underlines the crucial role of responsible and modern information management law, policy and practices in protecting access and privacy rights, two essential components of our democracy.

Whereas

We are undergoing an unprecedented technological and cultural shift where life and communications are increasingly happening in the digital world.

The rapid development of technologies outpaces the capacity to appropriately manage both paper and digital records and to protect against loss and unauthorized access.

Current government policy frameworks and practices often prove to be not adapted to the use of new technologies, creating new risks to access and privacy rights.

The protection and exercise of information rights rests on the ability of organizations to effectively create, organize, manage, protect and preserve records.

Only responsible, strong and effective information management infrastructures and practices will allow governments to seize digital opportunities and fundamentally change how they serve the public in a more cost effective, transparent, responsive and accountable way.

It is a critical time for bold leadership from our governments to ensure the continued relevance of access to government information in a digital society, while ensuring that personal information is vigilantly protected.

Therefore

Canada’s Privacy and Information Ombudspersons and Commissioners urge their respective governments to review and modernize their information management frameworks by doing the following:

  1. Embedding privacy and access rights into the design of public programs and systems;
  2. Creating a legislative duty requiring government employees to document matters related to material deliberations, actions and decisions;
  3. Adopting administrative and technological safeguards to
    • prevent the loss or destruction of information;
    • guarantee that digital records are adequately stored in designated repositories and retained for prescribed periods of time, so that they can be easily retrieved when required;
    • mitigate the risks of privacy breaches, which are becoming more frequent and severe;
    • ensure that governments collect and share only that personal information strictly necessary to achieving the objectives of given programs or activities.
  4. Establishing clear accountability mechanisms for managing information at all steps of the digital information lifecycle (collection, creation, use, disclosure, retention and disposal) to meet privacy and access obligations, including proper monitoring and proper sanctions for non compliance;
  5. Training all government employees involved in managing information at any stage of its lifecycle in order for them to know their roles and responsibilities, including their obligation to protect privacy and access rights, and to continue to meet those obligations in the face of new technologies;
  6. Proactively releasing digital information on government activities on an ongoing basis in accordance with open government principles.

Canada’s Information and Privacy Ombudspersons and Commissioners commit to keep on

  1. Engaging and following up with government, Legislature and Parliament on the issues set out above; and
  2. Making recommendations to government, Legislature and Parliament based on our areas of expertise.
Date modified:
Submit a complaint