The Privacy Commissioner of Canada has completed a review of the exempt databanks maintained by the RCMP and has concluded that many of the records should not be there in the first place. She calls it "disturbing":

News Release: Large number of files mistakenly held in RCMP exempt data banks "disturbing," says Privacy Commissioner (February 13, 2008) - Privacy Commissioner of Canada

Large number of files mistakenly held in RCMP exempt data banks "disturbing," says Privacy Commissioner

Commissioner tables first special report to Parliament; raises serious concerns about data banks containing documents Canadians can’t access

February 13, 2008 — An audit has found that many of the national security and criminal operational intelligence files sheltered from public access in the RCMP’s exempt data banks did not belong there, says the Privacy Commissioner of Canada in a special report to Parliament.

"These data banks have been crowded with tens of thousands of files that should not have been there," says Commissioner Jennifer Stoddart.

"Government transparency and accountability are fundamental concepts in democratic countries like Canada. Being named in a national security exempt bank file could have a harmful impact, particularly in a post 9-11 environment. For example, it could potentially affect someone trying to obtain an employment security clearance, or impede an individual’s ability to cross the border."

Exempt data banks serve to withhold the most sensitive national security and criminal intelligence information. Government departments and agencies which control these records will consistently refuse to confirm or deny the existence of information in response to an individual’s request for access.

Canadians should be able to see their personal information – except under limited circumstances, such as where the disclosure could threaten national security, international affairs or lawful investigations.

"The large number of documents held in these exempt banks when their inclusion was unwarranted is disturbing – particularly given the RCMP was advised of compliance problems 20 years ago and made a commitment to properly manage such banks " says Commissioner Stoddart.

"More than half of the files examined as part of our audit should not have been there."

The Privacy Commissioner announced during her appearance before the Maher Arar inquiry – where the sharing of personal information by police became a central issue – that her Office would audit exempt data banks held by federal government departments and agencies.

The audit findings are detailed in a special report tabled today in Parliament. This is the first time the Privacy Commissioner has used her powers under the Privacy Act to issue a special report.

RCMP’s Exempt Banks

The RCMP has two exempt banks: Criminal Operational Intelligence Records and National Security Investigations Records.

Of the files the Office of the Privacy Commissioner (OPC) tested, more than half of the national security files and over 60 per cent of criminal operational intelligence files did not warrant exempt bank status. Exempt banks are designed to hold only the most sensitive of such information. These files did not meet the threshold for inclusion in an exempt bank as set out in the Privacy Act and/or the RCMP’s own policy.

These findings are of particular concern given that, with few exceptions, the audit was conducted on files already examined by the RCMP as part of a recent internal review.

To illustrate, one seven-year-old file in the national security exempt bank detailed a resident’s tip that a man had gone into a rooming house and drugs might be involved. Police investigated, but found the man had simply dropped his daughter off at a nearby school and stepped out of his car to smoke.

RCMP Internal Review

While the OPC audit was proceeding, the RCMP conducted its own internal review, which has so far resulted in the removal of more than 45,000 records from the criminal operational intelligence exempt data bank. This review found varying rates of compliance:

• Almost 99 per cent of criminal intelligence exempt data bank holdings – more than 2,700 documents – at RCMP headquarters should not have been there.
• At B Division in Newfoundland and Labrador, roughly two-thirds of documents – close to 37,000 records – were incorrectly kept in the criminal intelligence exempt bank.

An internal review of the national security exempt data bank holdings at 13 divisions resulted in the removal of more than 1,400 files – more than 40 per cent of the files examined.

Notwithstanding the large number of records removed from the exempt data bank holdings as a result of the internal review, the OPC audit concluded both banks remain overpopulated.

"The problems are largely due to a general lack of awareness within the force of exempt bank policy and the absence of ongoing monitoring," says Commissioner Stoddart.

Past History of the RCMP Exempt Bank

In the late 1980s, the RCMP’s criminal operational intelligence exempt bank order was rescinded for non-compliance following another OPC review.

"That exempt bank order was reinstated with an understanding that the RCMP would adhere to guidelines for managing exempt bank holdings. Unfortunately, the RCMP has not met this commitment," the Commissioner says.

"While there is a clear need for exempt data banks to ensure highly sensitive information related to security and intelligence work is protected, privacy concerns must also be considered. Greater care must be taken to ensure that personal information is concealed in an exempt data bank only when absolutely necessary."

Results

The Privacy Commissioner is satisfied that the RCMP is taking the audit observations and recommendations seriously and will take action to ensure its exempt banks comply with the Privacy Act and RCMP policy.

The OPC will examine how the RCMP has followed through on its plans to improve how the exempt banks are managed within the next two years.

The special report and a backgrounder are available at http://www.privcom.gc.ca/.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.

From the Globe & Mail:

globeandmail.com: No need for RCMP to keep files secret, privacy czar says

No need for RCMP to keep files secret, privacy czar says

OMAR EL AKKAD

February 14, 2008

OTTAWA -- More than half the files in the RCMP's secret data banks should not be there, the federal Privacy Commissioner said yesterday in a report that is likely to renew calls for an overhaul of the national police force.

An audit by the commissioner's office found that tens of thousands of files in the RCMP's two "exempt" banks - which are designed to hold the most sensitive national security and criminal intelligence information - should not be secret, and many should have been removed years ago.

"These finds are particularly concerning given that, with few exceptions, the audit was conducted on randomly selected files already examined by the RCMP as part of an internal review," Privacy Commissioner Jennifer Stoddart said in a news release accompanying the report.

Ms. Stoddart said the large number of files kept secret was not only unjustifiable, but illegal.

In one case, a man on a Canada-U.S. bus tour, exasperated with a delay by the tour guide, joked that he should hijack the bus, Ms. Stoddart said. The bus driver told U.S. customs officials, and the RCMP were called. Even though it was deemed that the incident was clearly not a serious hijacking attempt, a file was kept in one of the secret banks for more than five years.

Ms. Stoddart said Canadians should be concerned about the large number of unnecessarily secret files because they can have a serious impact on someone looking to cross the border or obtain security clearance for a job.

Because the files are part of the secret data banks, she said, the RCMP will neither confirm or deny they exist when individuals ask the police force if they have any files on them.

Ms. Stoddart said her findings were especially surprising because a previous audit 20 years ago also discovered serious compliance problems with the data banks - problems the RCMP undertook to fix at the time.

The RCMP made the same pledge again yesterday."We will be implementing every one of this report's recommendations," Chief Superintendent Dan Killam said in a news release. He said that the force will re-examine files retained in banks known as Criminal Operational Intelligence Records and National Security Investigation Records.

"The end result will be a new accountability structure that will see responsibility for these banks shared between operational areas of the force and experts from our Access to Information and Privacy Branch," Mr. Killam said. "Based on our reading of Ms. Stoddart's report, we believe this increased oversight of the exempt banks is what she and other Canadians want."

Ms. Stoddart's report, which marks the first time the commissioner has used her powers under the Privacy Act to issue a special report to Parliament, is more bad news for a police force already under intense public scrutiny.

Liberal MP Ujjal Dosanjh said the new findings are a clear indication that the government should adopt the recommendations of a federal task force last year that proposed a new civilian board of management for the force.

"It is absolutely shocking that the RCMP would show such reckless disregard for information about individuals of which 99 per cent did not deserve to be there in the first place," Mr. Dosanjh said. "That should send shivers down every Canadian's spine."

Ms. Stoddart said she believes the large number of unnecessarily secret files are the product of negligence rather than malice.

"I think it just fell by the wayside."

Labels: privacy, privacy act