Privacy complaints about federal agencies reach record high: watchdog

Complaints over privacy concerns have reached a record-high, Canada's privacy watchdog Jennifer Stoddart says in her latest and final report.

In her annual report, released Monday, Stoddart said new all-time highs were set for both privacy complaints submitted by Canadians about federal organizations, and data breaches reported by the agencies themselves.

From April 2012 to March 31, 2013, the Office of the Privacy Commissioner received 2,273 such complaints, up from 986 over the same period a year before, which marked an increase of 130 per cent.

She said much of the increase was generated by two highly publicized data breaches involving Employment and Social Development Canada, and Justice Canada.

However, Stoddart pointed out that even if the 1,159 complaints that followed those data breaches were removed from the total, the remaining 1,114 complaints would still mark a record high.

The number of data breaches reported by federal agencies was up 36 per cent, rising from 80 to 109 over a one-year period.

"Canadians deserve to have their personal information protected, particularly when they provide it to the government under legal compulsion," Stoddart said in a news release.

CRA audit

Along with the annual report, Stoddart also tabled the conclusion of an audit of the Canada Revenue Agency.

The audit followed "numerous" reports of privacy breaches involving employees accessing the personal information of taxpayers. 

Stoddart said, for years, "thousands" of files were inappropriately accessed without detection.

Her office made 13 recommendations to the CRA, which include changes to privacy breach reporting, monitoring of employee access rights and threat and risk assessments for IT systems.

“CRA collects and retains sensitive, personal, financial data of Canadians.  By meeting our recommendations, the Agency can move forward in maintaining Canadians’ confidence in the tax system," Stoddart said.

CRA has agreed to the recommendations and the privacy office says it will follow-up with the agency within two years to ensure the changes have been implemented.

Border security

The report also included details on privacy concerns about the Beyond the Border Action Plan – which was conceived as a way to reduce regulatory burdens on a number of industries, including the agriculture and auto sectors, to integrate inspection systems, and to allow travellers to move faster across the Canada–U.S. border.

The privacy office raised concerns about plans to keep information for 75 years once it's collected by border officials under a new entry-exit system that will track the movements of travellers.

Stoddart also objected to a lack of signs informing travellers they might be subject to detention, questioning or searches in areas including departure lounges or shipping terminals -- part of a plan to extend the powers of Canada Border Services Agency officers.

Stoddart leaves the privacy commissioner's post later this year. Her successor has not been named.