Tory database draws ire of privacy experts
OTTAWA - The federal Conservative party's central database is set up to track the confidential concerns of individual constituents without their knowledge or consent, says a former Tory MP.
The issue spilled onto the floor of the House of Commons on Thursday when Garth Turner, the expelled Tory-turned-Liberal MP, accused Prime Minister Stephen Harper of an "unethical invasion of Canadians' privacy.''
Privacy experts agree the practice is a clear breach of standard privacy ethics -- but probably not the law, because federal political parties fall into a legislative grey area.
A recent mailing by the prime minister to some Jewish households, and households with Jewish-sounding names, highlighted the micro targeting that sophisticated modern databases now facilitate.
The Rosh Hashanah greeting from Harper prompted several recipients to complain to the federal privacy commissioner, who has begun a preliminary inquiry.
It's cast a light on the 21st century art of political communication that may make some Canadians uneasy.
Virtually all federal and provincial parties have computerized databases, but the federal Conservatives are the acknowledged leader in the field of data management and mining.
Their fundraising efforts, based on small donations by thousands of donors, are unparalleled in federal politics.
Both the federal Liberals and the NDP have separate databases for constituency work and voter tracking. Data does not migrate between the two.
But the Conservatives use a single clearing house for all data collection, storage, datamining, mailing lists, voter tracking and any other partisan use such information may serve.
Turner, the Liberal maverick who was elected as a Conservative in 2006 and subsequently turfed from the party, says every Conservative MP is required to use something called CIMS, an acronym for Constituent Information Management System.
CIMS is used not only to track voter allegiance in a given riding -- something every political party attempts -- but also a host of other data gathered in the course of an MP's constituency office duties.
"Any time a constituent is engaged with the member of Parliament, they get zapped into the database,'' Turner said in an interview. "It's unethical and it's a shocking misuse of data.
"Because once you cotton on to what's going on here, it's not good constituency work at all to allow that data to fall into any kind of hands. But the party is desperate to get more and more data in there because the primary use is fundraising. The secondary use is voter tracking to get out the vote.''
Logging constituent files in a central party database that may also be used as part of election planning, fundraising, advertising strategy and policy deliberation appears to be clearly offside, two nationally respected privacy experts told The Canadian Press.
"If somebody contacts their MP because they're having a problem with their CPP benefit or their military pension, they don't expect to end up on a mailing list for a political party,'' said David Fraser, a Halifax lawyer who specializes in privacy issues with the firm McInnes Cooper.
"If they are going to end up on a mailing list, I think there's an ethical obligation to inform them and give them the opportunity to opt out.''
Michael Geist, a law professor who serves as the Canada research chair of Internet and e-commerce law at the University of Ottawa, agrees.
"When you're going to your local MP with a concern or a problem, there is a certain level of confidentiality,'' said Geist.
"The notion that it's simply a data point that gets used to characterize the particular constituent could have a bit of a chilling effect.''
Nonetheless, the Conservatives are likely within the letter of Canada's privacy laws, because they are neither a government agency nor considered a commercial operation.
Geist argues that political parties' fundraising efforts might make them liable under the commercial privacy law, known as PIPEDA, but Fraser says the legislation as written suggests otherwise.
"Generally, political parties aren't regulated with respect to how they collect, use and disclose personal information,'' said Fraser.
The Conservatives, who openly boasted about their state-of-the-art CIMS database after purchasing it in 2004, now refuse to discuss it.
"I will not talk about internal party databases,'' said party spokesman Ryan Sparrow. "I'm not disclosing what is in our database, who is in our database.''
When asked if Canadians can request to see their file on the CIMS database, Sparrow responded: "What would be their specific need to see?''
Asked a second time, Sparrow shut down the inquiry.
"I'm not going to help you with your story. It's internal party matters.''
The Liberal party says it voluntarily follows the principles of PIPEDA -- including showing any individual who asks what is on their file -- even though the act does not apply to political parties.
"We do not keep any information on individuals without their expressed consent,'' said Elizabeth Whiting, the party's communications director.
The NDP also said citizens are free to ask to see their file, although the party is not aware it has ever received such a request.
Fraser said political parties, regardless of the law, should follow the best-practice standards established by the Canadian Standards Association, upon which both federal privacy acts are based.
"Those best practices, which are almost universally recognized in most western democracies, would suggest that political parties should give notice, get consent and provide people access to their information,'' said Fraser.
"Whether or not they choose to do that would speak volumes to how they see themselves as responsible custodians of this personal information.''