1 / 10

PUBLIC SECTOR CIO COUNCIL

PUBLIC SECTOR CIO COUNCIL. Quebec City February 2005. BC - USA Patriot Act Update. Background. BCGEU legal action (February 2004) – Outsourcing and Patriot Act. Information and Privacy Commissioner Inquiry (over 500 submissions)

geordi
Télécharger la présentation

PUBLIC SECTOR CIO COUNCIL

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PUBLIC SECTOR CIO COUNCIL Quebec City February 2005 BC - USA Patriot Act Update

  2. Background • BCGEU legal action (February 2004) – Outsourcing and Patriot Act. • Information and Privacy Commissioner Inquiry (over 500 submissions) • Public profile – media coverage, “Right to Privacy Campaign”, Fahrenheit 9/11 • BC Government Submission • Commissioner’s Report/Recommendations (October 2004)

  3. FOIPP Act Legislative Changes (Bill 73) • Amending protection of privacy provisions in the FOIPP Act to prevent the storage of, and access to, personal information outside of Canada • Amending protection of privacy provisions in the FOIPP Act to restrict the disclosure of personal information outside of Canada • Extending requirements and restrictions posed by privacy protection provisions to service providers and employees • Requiring the reporting of any requests received from jurisdictions external to Canada for unauthorized disclosure of personal information • Including “whistle-blower protection” in legislation to protect individuals who report violations of the disclosure rules • Creating offences and penalties for violation of disclosure rules and failure to report • Transitional provisions

  4. Transitional Provisions • The new privacy provisions will apply to all contracts signed by Government Ministries with a contract commitment date later than October 12, 2004. • The provisions will also apply to contracts signed by all other public bodies (including Crown agencies, health authorities, municipalities, etc.) with a contract commitment date after Royal Assent (October 21). • However, a public body is expected to bring all existing contracts into compliance with the new provisions as soon as reasonably possible. • Commitment date means: (a) in the case of a contract that a public authority is legally obliged to enter into as a result of a completed binding competitive process, the date on which the process was completed, or (b) in any other case, the date on which the contract was entered into by the public authority;

  5. Commissioner’s Report Key points: • “A ban on outsourcing is not a practical or effective response” • “A sensible solution is to put in place legislative, contractual and practical mitigating measures against illegal and surreptitious access” • Commissioner called Bill 73 a “laudable piece of legislation’ and has suggested that the Federal government enacted similar provisions • Made 16 recommendations – 6 Federal; 2 joint; 8 BC (a number of which were not related to the Patriot Act – Information sharing agreements)

  6. Commissioner’s recommendations • Further amendments to the FOIPP Act • Create and publish a litigation policy for challenging foreign orders • BC/Canada to jointly request USA not to seek personal information under the Patriot Act or similar mechanisms • Commit resources to ensure privacy mitigation measures are in contracts • Implement a program of regular third party compliance audits • TB to direct Ministries to include resources for audits and contract privacy measures in their service plans and budgets • Federal government should review legislation re Patriot Act • Federal government should review FOIPP amendments and consider implementing

  7. Commissioner’s recommendations (cont.) • Conduct comprehensive audit of Information Sharing Agreements, publicly release report and address deficiencies • Conduct comprehensive review of data mining activities and develop legislation to regulate • Federal government should also implement ISA and data mining recommendations • Fully implement and expand section 69 of FOIPP Act (PID) • Make similar amendments to PIPA and PIPEDA • Federal government should review: • anti-terrorism legislation • International Trade and Investment Agreements to ensure they do not impair provincial jurisdiction to maintain and enhance privacy protections • Trans-national Data Protection and Oversight Standards in International Agreements.

  8. Mitigation Strategies • Mitigation measures include: • Technology and Businesses Processes • Employee Strategies • Contractual Measures • Corporate Structures • Procurement - privacy protection requirements/schedule • Legislative provisions

  9. Next Steps • Rigorous mitigation provisions in contracts and corporate restructuring requirements • Sharing with other jurisdictions – federal/provincial discussions • Responding to Information and Privacy Commissioner’s Recommendations – on-going • Continuing Profile – FOI requests, media • Pending legal action

  10. Guidelines and Resources • Information Policy and Privacy Branch Website: www.mser.gov.bc.ca/foi_pop/ • Bill 73 • Model Contract Language (Privacy Protection Schedule) • Privacy Protection Measures • Q & As – Proposed amendments to FOIPP Act in response to the USA Patriot Act • USA Patriot Act – Government Briefing • Link to Purchasing and Contract Management Resource Centre • Instructions on How to Apply Amendments to Contracts • Suggested RFP Language

More Related