Mr. Speaker, I am pleased to offer the report on the review of the Information and Privacy Commissioner's Annual Report 2002-2003.
Background
The NWT's Access to Information and Protection of Privacy Act -- ATIPP -- came into force on December 31, 1996. The purpose of the act is to make public bodies more accountable and to protect personal privacy by giving the public a right of access, with limited exceptions, to records held by the GNWT and related public bodies, and by preventing the unauthorized collection, use or disclosure of personal information by the GNWT and related public bodies. The act also gives individuals the right to see and make corrections to information about themselves.
The Information and Privacy Commissioner is an independent officer of the Legislative Assembly, and is required under section 68 of the act to prepare and submit an annual report. Ms. Elaine Keenan-Bengts was reappointed as the NWT's Information and Privacy Commissioner on July 1, 2000, for a five-year term.
Several amendments to the act came into force April 1, 2004, including new powers for the Commissioner to investigate and make recommendations on privacy complaints. Many of these amendments were made in response to recommendations the Commissioner made in previous annual reports.
General Comments
The Standing Committee on Accountability and Oversight held a public meeting with Ms. Keenan-Bengts on August 23, 2004, to review her 2002-2003 annual report.
The committee was pleased to hear from the Commissioner that in her view most government agencies and ATIPP coordinators do understand the act, and are applying it well. However, the Commissioner identified some specific exceptions, which did concern Members. One was a failure by RWED to release information on its legal costs in a court action. The committee would urge the government to be more open in such cases, in order to avoid, as the Commissioner suggested in her report, fostering "an atmosphere of suspicion and mistrust." Another was an apparent breach of personal privacy when an employee's medical information was disclosed to her
supervisor. The committee would encourage the Department of Health and Social Services and the health boards to work with the Commissioner in order to ensure that staff are aware of their responsibilities in protecting private information.
The Commissioner's Recommendations
Access To Information And Privacy Legislation For Municipal Governments
As in her past four reports, the Commissioner recommends that municipal governments be brought under territorial access to information and privacy legislation, either by including them under the act as public bodies, or by passing new legislation specific to them. The Commissioner points out that municipal authorities gather and maintain significant information about individuals, and that there are possibilities of integrated information systems and data sharing between the GNWT and municipal governments.
The previous government recommended against bringing municipalities under the act based on consultations with municipal representatives who were concerned with the impact the legislation would have on day-to-day operations and ongoing administrative costs.
The committee considers access to information and protection of privacy standards to be an essential part of an open and transparent government. Members acknowledge the challenges of developing and implementing such legislation for municipal governments, but do not consider them to be insurmountable.
In order to implement its own legislation, the GNWT had to make a significant investment in training, and developing policies, procedures and proper records management systems. Much of this work is ongoing. Municipal governments have far fewer human and financial resources to work with. In the absence of GNWT assistance in the form of funding and access to records management specialists, it would be unfair to expect municipal governments to implement and administer new information and privacy legislation. The GNWT, therefore, needs to work with municipal governments to assess the resources required to implement and administer such legislation, and to develop a reasonable implementation plan. In the meantime, the GNWT should continue to be prepared to assist any municipal governments who ask for help in designing their own guidelines for managing records and information.
The committee recommends that the government work with the NWT Association of Communities to assess the resources required for municipal governments to be able to comply with access to information and protection of privacy legislation, and to develop an implementation plan for such legislation.
Made-In-The-NWT Privacy Legislation For The Private Sector
The Commissioner recommends, as in previous reports, that the NWT enact its own "made-in-the-North" privacy legislation to regulate how the private sector collects, uses or discloses personal information.
NWT businesses are already regulated by the federal Personal Information Protection and Electronic Documents Act -- PIPEDA -- which came into full force on January 1, 2004. However, the Commissioner has raised concerns that this act will not provide an adequate regulatory framework for the NWT. In particular, she is concerned that the federal Privacy Commissioner will likely have the resources to deal with only broad national issues, and not the smaller local issues that are likely to affect NWT residents.
The position of the previous government was that it would be premature to consider NWT legislation at this time, and that the issue should be re-examined following the mandatory review of Personal Information Protection and Electronic Documents Act by the House of Commons, which is scheduled for 2006.
Although the committee believes the Commissioner's concerns are legitimate, it agrees with the government's position that it would be premature to develop our own legislation at this time. The Personal Information Protection and Electronic Documents Act is new and its effectiveness in the NWT has not yet been tested. In the meantime, government should concentrate its efforts on ensuring its own house is in order and that staff understand and are applying the privacy provisions of ATIPP appropriately.
Mr. Speaker, the committee recommends that the government monitor the effectiveness of the Personal Information Protection and Electronic Documents Act in the NWT, and prepare its own report with recommendations on whether the NWT needs its own legislation following the 2006 review of Personal Information Protection and Electronic Documents Act by the House of Commons.
Devolution And Self-Government Negotiations
The Commissioner recommends that access to information and protection of privacy issues be kept at the top of the agenda in devolution and aboriginal self-government negotiations to ensure accountability and protection of personal information by new governments. The committee supports this recommendation, as it is important that emerging governments are aware of these issues.
Private Contractors
The GNWT contracts out some of its functions to private industry, which could involve a business handling personal information on behalf of government. For example, motor vehicles registrations were, at one time, administered by a private contractor. The Commissioner is concerned that private businesses may not be required to follow the same information and privacy laws that would apply if the GNWT were doing the work itself. She recommends that this should be addressed by including clauses in outsourcing contracts to require compliance with the act.
The committee recommends that the government investigate whether its contracts currently include clauses requiring compliance with ATIPP and, if not, that the government add such clauses to any outsourcing contracts where a business would be creating records that would otherwise be government
records or handling personal information on behalf of the government.
Awareness And Understanding Of The Act
The Commissioner recommends that government prepare an updated directory of the ATIPP coordinators for departments and public bodies, and make it easily accessible to the public. It is the committee's understanding that the government has already addressed this recommendation.
The Commissioner also recommends government continue to support and encourage ongoing training for ATIPP coordinators, and ensure that all employees are aware of their basic responsibilities under the act. The committee supports this recommendation.
Conclusion
The Standing Committee on Accountability and Oversight would like to thank the Commissioner, Ms. Elaine Keenan-Bengts, for presenting her report at the committee's public hearing.
The committee requests the Executive Council to table a comprehensive response to this report within 120 days, in accordance with Rule 93(5) of the Rules of the Legislative Assembly.
Mr. Speaker, that concludes the report of the Standing Committee on Accountability and Oversight on the review of the report of the Information and Privacy Commissioner for 2002-2003.