You can use your smart phone to browse stories in the comfort of your hand. Simply browse this site on your smart phone.

    Using an RSS Reader you can access most recent stories and other feeds posted on this network.

    SNetwork Recent Stories

Speech to the Select Standing Committee on Finance & Government Services

by ahnationtalk on April 28, 202365 Views

April 28, 2023

Good morning, Honourable Chair, Deputy Chair, and Members of the Committee.

It is important for my office to acknowledge that I address you today on the traditional territories of the Ləkʷ̓əŋin̓əŋ people, also known as the Songhees and Esquimalt First Nations. As an Officer of this Legislature I also acknowledge that I am privileged to work with people across many traditional territories, covering all regions of our Province.

Joining me this morning are Deputy Commissioners oline Twiss and Jeannette Van Den Bulk. Here as always to assist is Dave Van Swieten, Executive Director of Shared Services for the four Officers of the Legislature headquartered together here in the Province’s capital.

The nine independent officers created by this Legislature, serve to strengthen the democratic fabric of British Columbia — and for practical purposes you have in me and my talented team two officers for the price of one. I am the Province’s Information and Privacy Commissioner in addition to serving as BC’s Registrar of Lobbyists.

Accountability, transparency and trust are the purposes and values that underlie both responsibilities.

The Freedom of Information and Protection of Privacy Act directs me as Commissioner to independently oversee and enforce access and privacy laws that apply to the province’s public sector – some 2900 public bodies in all.

The Personal Information Protection Act, or PIPA requires me to oversee how private organizations in BC collect, use and disclose your personal information and mine.

And if you are paid to influence BC public office holders like yourselves or a BC government employee or a select group of provincial entities then, under the Lobbyists Transparency Act, you need to register that fact in the Lobbyists Registry.

The 60 public servants of my office who do all of this work, do so impartially, fairly, and with a deep sense of purpose.

The access and privacy enforcement and oversight we provide can be broken into four basic parts: review, commentary, education, and research.

We independently review and investigate decisions and practices of public bodies and private sector organizations concerning access to information and protection of privacy.

We comment on the implications for access to information or protection of privacy of proposed legislated schemes, new technologies, and programs of public bodies and organizations.

We educate and inform the public about access and privacy rights, and we promote research into access and privacy issues.

On the Lobbyist Registry side of matters our enforcement and oversight mandate has three pillars:

We maintain a Registry to hold registration return records and other information lobbyists submit to the Registrar.

Where necessary we investigate whether lobbying rules have been complied with, and can levy administrative penalties in cases where non-compliance is found.

And we educate and inform the public to promote awareness and understanding of the lobbying rules in BC.

When I began my six-year term in April, 2018, I set three goals for the office: that our work be as timely as possible; that it be relevant to British Columbians and finally, if in administering the laws I oversee, it becomes evident there is a need to reform those laws to better serve our citizens, then we will draw those matters to your attention as legislators.

Let me begin my update on our work with Timeliness. My office aims to ensure the timely resolution of complaints, reviews, and requests for information. The demands on us are high, and a preliminary look at this past fiscal year’s figures disclose that this continues.

On requests for review and complaints, the vast number of these, about 90%, are resolved between the parties, in no small measure because of the skill of our case review officers and investigators. Those not successfully mediated go to the adjudication division for formal resolution.

These are often the most contentious and legally complicated cases. I know both the Chair and Vice-Chair were members of this Committee when I appeared before you in 2021 expressing concern about the backlog of these cases.

It was a function of increasing volumes and a loss of experienced adjudicators in this competitive labour market. The backlog then was well over 200 cases and we were well on our way to exceeding an unacceptable 300 cases without further resources.

I thank the Committee for recommending the addition of five permanent and two three-year adjudication positions. Recruitment to this very specialized position has proven challenging, but we are now in the final stages of filling the remaining vacancies.

What I am more pleased to tell you is that with hires already made, we have successfully reduced the backlog below 200 cases. We have much work left to do, but these metrics are now turned in the right direction.

The issue requiring an especially timely response by our office is privacy breaches. It is of course now mandatory for public bodies to report them to us and to individuals where a reasonable risk of serious harm exists.

The public sector mandatory breach notification law became on February 1 of this year, and based on the experience of other jurisdictions with these responsibilities, our best guess as to its impact on our office was perhaps a 300% increase of breaches over the next year or two.

This morning I can tell you that, at only the three-month mark of these changes, we have already received triple the number of breach reports compared to the same period, a year ago.

I thank the Committee for moving quickly to recommend our call for additional staff to deal with these new responsibilities. These new team members have been brought on board, trained, and put to work.

[PAUSE]

My second goal as Commissioner has been to ensure that our work is relevant to British Columbians – whether you are an individual, a public body or a business or organization.

The issues we often look are at the intersection of people’s personal information and technology. In advance of our meeting today, I shared with you Chair, and members of the Committee, a report we issued last week that examined the use of facial recognition technology, or FRT, by four BC Canadian Tire stores.

The stores collected the facial biometrics of anyone walking through their doors – staff, visitors, delivery personnel, children – and compared those biometric faceprints against a database of what the stores called Persons of Interest.

That was done without proper consent, and the collection itself was not reasonable or proportionate when measured against the intended purposes.

The case was relevant for any one of us who frequent retail establishments, but also important for businesses grappling with real challenges and trying to determine where the legal boundaries are when it comes to shiny new technologies.

To the credit of the Canadian Tires stores, they dissembled the systems once we initiated the investigation, and destroyed all of the personal information they collected.

On another front, in February, I joined my fellow private sector privacy protection authorities for Canada, Quebec, and Alberta in initiating an investigation into the short-form video and streaming application Tik Tok, which, especially if you have kids, you will likely know about!

We intend to examine whether Tik Tok’s practices comply with Canadian privacy legislation, and whether its users are providing meaningful consent. We will focus a special lens on how the app applies to younger people given they comprise a significant base of Tik Tok users.

Another matter that we continue to monitor, whether in the public or private sector, is Artificial Intelligence.

AI without question will continue to drive innovation. It has the potential to bring many benefits to society. But the road to innovation must also be lined with guard rails that protect all of us from the potential negative fallout of these technologies.

One offshoot of AI is so-called generative large language models, best exemplified by ChatGPT. Earlier this month, the Office of the Privacy Commissioner for Canada announced their investigation into OpenAI, the company behind the AI-powered chatbot ChatGPT.

I am conferring closely with the federal commissioner about the role my office and my provincial counterparts might play in this matter, and I will of course update this committee if there is anything further to report on that front.

And while newer technologies are often in the spotlight, an investigation we released last December emphasized the need to properly secure legacy technologies.

All British Columbians engage with the province’s health care system and so it is important that the personal information that the system collects and stores is done to the highest of standards. It’s the reason we investigated security gaps in the health database, which used to be known as Panorama.

That database, managed by the Provincial Health Services Authority, contains personal information– from your health number to immunization and communicable disease records. It is indispensable for those delivering care and managing threats to our health. But we found it was also subject to potential abuse, vulnerable to bad actors, and lacking the highest degree of privacy and security expected of a database that contains some of our most sensitive health information.

The good news is that that PHSA announced acceptance of the seven recommendations contained in our report and is actively working to address them. We continue to follow-up to ensure all matters are resolved completely. The result is that British Columbians can have greater trust in the way their health care system manages their sensitive records.

All of these matters I have described are relevant to the everyday lives of British Columbians, and have resulted in tangible benefits for our citizens. But more can and should be done. Some of this can be accomplished under our present statutory regimes, but some improvements I believe will only come about with changes in our laws.

All of which brings me to my third goal –reform; consistent with my mandate is the providing of expert advice on reforms to our laws that can benefit citizens, public bodies, organizations and businesses alike.

The recent examples of reform we have urged can be found in the mandatory breach notification provisions mentioned earlier. Combined with the obligation for public bodies to develop privacy management programs we can be confident our personal information held by public bodies will be safer.

That said, it is likely there are still public bodies not conversant with these new obligations. To address this, and again thanks to this Committee, we are planning an education campaign this fall to inform public bodies about these new responsibilities.

There will be at least one event in every major region of the province, to engage public bodies about how they can proactively mange personal information and privacy breaches.

The new amendments to our public sector privacy laws are significant advances, but they must be matched by changes to PIPA, our private sector privacy law. The reporting of privacy breaches in the private sector are now mandatory in Alberta, Quebec, the federal level, virtually every US state and now across Europe with the General Data Protection Regulation sector – but not in British Columbia and that must change.

Change is also needed to provide my office with the power to impose administrative monetary penalties as you have already done for my role as Lobbyist Registrar. This will have the effect of making sure the vast majority of companies that play by the privacy rules are not disadvantaged by those that do not.

These monetary sanctions are now part of my Quebec counterpart’s toolbox, are also contained in the federal privacy bill making its way through Parliament. They are also a core element of the General Data Privacy Regulation in Europe. Its time has come for BC.

Another beneficial reform would allow for code making authority in our private sector privacy legislation. This would facilitate the legal flexibility for the making of tailored rules for specific industry sectors. A good example of where a code making power could assist British Columbians is with respect to children and online privacy.

My team experienced the power of youth firsthand, a few weeks ago when we hosted our first OIPC Youth Forum that featured a number of speakers and direct engagement with young British Columbians.

BC’s own Christopher Wylie, the whistle blower of the Cambridge Analytica Facebook scandal, opened the session by talking about the dangers of the ethos “move fast and break things”, and what young people can do in the face of these challenges.

We released a summary report on these discussions just two days ago, that highlights some of the thoughtful dialogue that came out of the session. These conversations also reinforced for me the role a children’s code would have here in BC, to help us develop and provide the “rules of the road” for businesses that process children’s personal information.

I learned a lot from the youth that attended our event, and am more committed than ever to protecting their rights and to minimize harms before it is too late to do so.

For those of us who witness, on a day to day basis, the interaction of our laws with new technologies and where things can be improved, we believe as I said earlier, that it is our responsibility draw these matters to your attention as law makers and we will continue to do.

I now turn briefly to the recent work of the Office of the Registrar of Lobbyists and the Lobbyists Transparency Act, or LTA.

Since we met in October, we have added new functionality to the Lobbyists Registry to improve the user experience.

We also continue to educate lobbyists and the public on the Act and the Lobbyists Registry with updates to three guidance documents – one designed to help non-profits better understand their obligations under the LTA, one designed to assist lobbyists with submitting their monthly returns, while the third explains what gifts are allowed and not allowed to public officer holders under the legislation.

The goal of our public education work is to both ensure that the legislation is understood so lobbyists achieve a high rate of compliance with the Act, and to make the information in the Lobbyists Registry easily accessible to the public. My staff continues to do speaking engagements for many groups seeking more information about their obligations under the LTA, including presentations for the non-profit sector.

I want to conclude my presentation this morning with three updates that impact both the OIPC and the ORL.

First, it is finally our office’s turn, of the four officers of the legislator residing at 947 Fort Street, to start the work of building and implementing our new casetracker system, otherwise known as Resolve. The other three offices have now completed their implementation.

The efficiencies to be gained by this vastly improved system will give my team more time work on the increasing number of files coming to our office and thereby better serve British Columbians.

Second, I want to provide an update on the work of our diversity and inclusion group, which we have recently renamed READI+ – which stands for Reconciliation, Equity, Accessibility, Diversity, Inclusion, plus.

This group has been working on a number of updates that includes providing accessible and all gender access to all of our facilities at 947 Fort, and are bringing in training to inform how we can ensure our processes are inclusive of Indigenous applicants and complainants. We also have an upcoming workshop for our team on gender diversity in legal writing.

Members asked at our last meeting about the provision of our services in different languages – I can report we have moved forward with the first phase of providing translation for our OIPC and ORL websites. You can now go to our website and translate the content of the pages to any of the languages available in the drop-down menu.

Phase two of this initiative that will allow for translation of our online documents, will be coming in the next few months. We have also started a pilot project to provide for spoken language interpretation services, upon request, using contracted translators — a service that can be requested through our website, and will be available in eight different languages.

Finally, we have initiated a digital accessibility audit of our external communications, including both the OIPC and ORL website. We expect the final report will be a roadmap for the work that needs doing over the next year to ensure we meet accessibility standards, and provide accessible services to British Columbians.

I will now turn to my final update. I wanted to bring to your attention that I do have one budgetary request, that addresses the PSEC salary lifts for 2023/24. You will have heard the substantial details of our joint proposal from Ombudsperson Jay Chalke yesterday evening.

My office intends to follow suit with that proposal, and I will only add that for our office we agree with the Treasury Board that our office recover up to $270,000 for salaries and benefits associated with the general wage increase for the coming years. I am therefore requesting access to those contingency funds, as estimated, for the general wage increase as part of our operational budget.

With that Chair, I thank you and the Committee for your attention this morning. My team and I would now be pleased to answer any questions you may have.

NT5

Send To Friend Email Print Story

Comments are closed.

NationTalk Partners & Sponsors Learn More