Weaknesses in rules for governing voter information could threaten the
privacy of Canadians, Privacy Commissioner warns
OTTAWA, Feb. 12 /CNW Telbec/ - Gaps in the way the personal information
of Canada's 23 million registered voters is governed could expose Canadians to
serious consequences such as identity theft, the Privacy Commissioner of
"The personal information of Canadian voters is not adequately
protected," Commissioner Jennifer Stoddart said today after presenting an
audit report to Parliament. "We're concerned that voters' personal information
could fall into the wrong hands and be used for illegal activities."
The Office of the Privacy Commissioner of Canada (OPC) examined Elections
Canada, Passport Canada, the Canada Revenue Agency and Service Canada to
assess whether these agencies, which operate databases housing vast quantities
of personal information, treat the information in a manner that safeguards the
privacy of Canadians.
At the same time, the Office of the Auditor General of Canada (OAG) was
auditing the same four federal institutions to determine whether they work
together to efficiently manage identity information, while respecting legal
and policy requirements, and that they collect only the information that is
relevant to program needs. The collaboration between the OPC and the OAG
represents a historic first.
The OPC found shortcomings in two agencies' efforts to safeguard the
personal information of Canadians. In its examination of Elections Canada, for
example, it found that:
- some voter lists simply vanished during elections and by-elections;
- Elections Canada collects too much personal information on voters,
including on teenagers too young to vote, and
- Canadians are not fully informed about how their personal information
will be used.
"Maintaining full control of electoral documents is a significant
challenge," Commissioner Stoddart said, pointing out that up to 190,000
temporary workers are hired to staff polling stations at elections.
The audit also noted that paper and electronic copies of voter lists are
widely circulated to political parties and candidates, who are not covered by
the Privacy Act and are therefore not subject to the law's obligations for
Political parties and candidates are not obliged to keep track of
elections documentation, the audit found, and do not have a formal mechanism
to report potential privacy breaches to Elections Canada.
In 2006, the RCMP discovered lists of voter names and addresses at the
offices of a Tamil Tiger cell, classed in Canada as a terrorist organization.
The documents were allegedly being used to identify potential financial
supporters for the Tamil cause.
An earlier and related audit of Canadian passport operations also found
some problems in the management of personal information. It found, for
example, that passport applications and supporting documents were kept in
clear plastic bags on open shelves, documents containing personal information
were sometimes tossed into regular garbage and recycling bins, and too many
employees had access to computerized passport files.
The audit also concluded there was inadequate privacy training for
employees - an issue of concern across government institutions. Some of the
findings, which were originally published as part of the OPC's Annual Report
to Parliament last December, are summarized in an appendix to this current
The OPC's audits of the four agencies revealed some problems, but also
strengths in the federal government's personal information management
For instance, the audit of Service Canada, which manages the personal
records of everyone who has applied for a Social Insurance Number (SIN), found
sound policies to safeguard privacy, but noted they are not always followed in
The Canada Revenue Agency has comprehensive controls, built up over many
years throughout the organization, to safeguard the security of taxpayers'
personal information, the audit found. However, the agency did not consider
the privacy implications before automatically collecting the SIN information
for between six and eight million children. The CRA has indicated that it will
review existing policies and procedures with a view toward enhancing the
secure treatment of the SINs of children.
In its audit report, the OPC called on the Treasury Board Secretariat to
take the lead in strengthening policies and practices throughout the
Government of Canada on the collection, management and use of personal
information. In particular, the central agency should focus on better employee
training, as well as mechanisms to govern the secure and confidential sharing
of personal information within government.
The full audit reports are available on the OPC website,
The Privacy Commissioner of Canada is mandated by Parliament to act as an
ombudsman, advocate and guardian of privacy and the protection of personal
information rights of Canadians.
For further information:
For further information: or interview requests, contact: Anne-Marie
Hayden, Office of the Privacy Commissioner of Canada, (613) 995-0103,