Privacy Commissioner supports call for internal audit of Correctional Service Canada
OTTAWA, Nov. 26, 2013
OTTAWA, Nov. 26, 2013 /CNW/ - The Correctional Investigator of Canada,
Howard Sapers, has recommended in his annual report issued today that
Correctional Service Canada conduct an internal audit of its practices
and procedures to protect personal information. In light of this
recommendation, Privacy Commissioner of Canada Jennifer Stoddart issued
the following statement:
We are very pleased that the Correctional Investigator has called for an
internal audit. Year after year, our own Office has identified serious
privacy concerns with respect to Correctional Service Canada (CSC).
This agency consistently accounts for the largest number of complaints
received by our Office. In 2012-2013, for example, we received 284
complaints related to CSC. Since our first Annual Report in 1983-1984,
we have investigated well over 11,000 complaints against the
The persistently high number of complaints can, in part, be explained by
the nature of CSC's mandate. Some 15,000 offenders are incarcerated in
Canada's federal penitentiaries.
That being said, we have seen too many cases of preventable and
unacceptable privacy violations.
For example, in our last annual report, we noted that a CSC Security
Intelligence Officer dropped a USB key containing the unencrypted
personal information of more than 150 offenders in a schoolyard.
In an earlier case, we dealt with a complaint that details of inmates'
medical appointments were openly posted in a penitentiary. In another
instance, records that showed which inmates were HIV positive were left
unattended on a cart accessible by other inmates.
The most disturbing incidents are those where an inmate's physical
well-being or life are put at risk. For example, because of an
administrative error, records which showed the names of confidential
prison informants and others were released to another inmate who was
incarcerated at the same institution and with ties to a criminal
We are encouraged by recent improvements by the CSC and hope the
organization will accept the recommendation of the Correctional
Investigator as a way to identify further areas requiring improvement.
About the Office of the Privacy Commissioner of Canada
The Privacy Commissioner of Canada is mandated by Parliament to act as
an ombudsman and guardian of privacy in Canada. The Commissioner
enforces two federal laws for the protection of personal information:
the Privacy Act, which applies to the federal public sector; and the Personal Information Protection and Electronic Documents Act (PIPEDA), which applies to organizations engaged in commercial
activities in the Atlantic provinces, Ontario, Manitoba, Saskatchewan
and the Territories. Quebec, Alberta and British Columbia each has its
own law covering the private sector. Even in these provinces, PIPEDA
continues to apply to the federally regulated private sector and to
personal information in interprovincial and international transactions.
SOURCE Office of the Privacy Commissioner of Canada