Privacy officials fear U.S. law's reach: FBI could gain access to personal information about Canadians, government warned

Judith Lavoie
Victoria Times Colonist

Thursday, March 04, 2004

Provincial information and privacy offices across the country are scrambling to find ways of stopping the FBI gaining access to sensitive personal information about Canadians under a controversial new American law.

"This has the potential for being the biggest privacy issue we have ever dealt with," said Mary Carlson, director of policy and compliance for the B.C. Information and Privacy Commissioner's Office.

"It is the first we had heard of the long arm of the FBI coming across the border."

At issue is the U.S. Patriot Act, brought in after the 9-11 terrorist attacks, which allows the FBI to order organizations to turn over information. A "gag provision" then prohibits the organizations from telling anyone that the data has been released.

Legal opinions given to the B.C. Government and Service Employees' Union -- which has filed a lawsuit in an effort to stop privatization of the Medical Services Plan -- say Canadian subsidiaries of U.S. companies would be subject to the Act. Any corporation that has access to documents wanted by the FBI, even if the company does not have a legal right to those documents, could be ordered to turn them over.

That would mean the FBI could demand health and social service information about all British Columbians.

Governments are increasingly outsourcing work, often to companies with U.S. connections, but no one had figured in the far-reaching powers of the Patriot Act, said Carlson.

"If this is true, our data would be exposed in ways we have never imagined before," she said.

Carlson contacted the federal information and privacy commissioner and provincial offices and found the Patriot Act was not on their radar screens.

All the offices are now looking at the potentially serious implications, Carlson said. "We are working feverishly here trying to work out what we can do."

The two companies shortlisted to take over MSP and PharmaCare administration services are both American-based. IBM is American with a wholly-owned Canadian subsidiary and Maximus is based in Virginia.

Other recent government outsourcing includes a large chunk of BC Hydro's business services, which went to a Canadian subsidiary of Accenture, a company with its head office in Bermuda and main business office in the U.S., and government debt collection which went to a Canadian subsidiary of multi-national Electronic Data Systems.

Health Services Minister Colin Hansen said previously that the American government could not pass a law that applies to data owned by B.C. and which never leaves B.C. But, under the Patriot Act, that is in doubt.

Management Services Minister Joyce Murray, whose portfolio includes information and privacy, met with Commissioner David Loukidelis Wednesday to discuss the problem.

"We are now working in collaboration with the Attorney-General's office and Health Services to seek extra professional advice," she said.

A lawyer specializing in American law and privacy of information will look at implications of the Patriot Act and the government will work actively with other provinces and the federal government on the issue, Murray said.

"Whatever the advice is, the bottom line is that we're totally committed to ensuring that the privacy of information is protected for British Columbians," she said.

Any contracts with private companies must enshrine the absolute protection of privacy and those contracts will be monitored, she said.

Murray said she can understand why no one had picked up the importance of the U.S. law, as there have been no challenges or court cases around it.

But BCGEU president George Heyman said Hansen and Premier Gordon Campbell had obviously not done their homework in the rush to privatize and contract out.

"We could figure it out and they have a whole phalanx of lawyers and staff. I would think they could figure out the risk. It's more likely that they don't care," he said.