See also . . .
Backgrounder:
Improvements to exempt banks administered by the RCMP
Ottawa — February 13, 2008 — The Royal Canadian Mounted Police today announced measures to improve the management of its exempt data banks by implementing all of the recommendations concerning the banks made by Privacy Commissioner Jennifer Stoddart in her report to Parliament.
“We will be implementing every one of this report’s recommendations,” said Chief Superintendent Dan Killam. “Actions we will be taking include training initiatives, a re-examination of the files and documents retained in the RCMP’s exempt banks, a centralized check of decisions to put information into these banks, and guidelines for annual and two-year reviews of the banks.”
“The end result will be a new accountability structure that will see responsibility for these banks shared between operational areas of the force and experts from our Access to Information and Privacy Branch. Based on our reading of Ms. Stoddart’s report, we believe this increased oversight of the exempt banks is what she and other Canadians want. We intend to continue our dialogue with Ms. Stoddart to ensure we’re on the right track,” he added.
Exempt banks serve to retain the Government’s most sensitive national security and criminal intelligence information. The Government of Canada has four such banks. Two are managed by the RCMP; the others are managed by CSIS and the CSE. The Office of the Privacy Commissioner has stated its intention to audit the operations of the Government’s exempt banks and Ms Stoddart tabled her report on the RCMP’s exempt banks in Parliament today.
For additional information on exempt banks and improvements the RCMP is making to the two it is responsible for, please see the backgrounder Improvements to exempt banks administered by the RCMP.
For more information, please contact:
RCMP Media Relations
(613) 993-2999
Backgrounder:
Improvements to exempt banks administered by the RCMP
Exempt data banks: What they are, what they are for
Exempt banks are designed to hold the Government of Canada’s most sensitive national security and criminal intelligence. The Government’s specific responsibilities with respect to exempt banks are set out in the Privacy Act. If access to information contained in such a bank is requested, the institution with control over the bank has the discretion to refuse to confirm the information’s existence.
The Government currently has four of these banks. The RCMP manages two, namely the Criminal Operational Intelligence Records Exempt Bank (CI) and the National Security Investigations Records Exempt Bank (NS). The Canadian Security Intelligence Service and the Communications Security Establishment manage one each.
The Privacy Commissioner’s report on the RCMP’s exempt data banks
The Office of the Privacy Commissioner of Canada has said it plans to audit the Government’s exempt banks. In August, it completed a review of the two administered by the RCMP. Privacy Commissioner Jennifer Stoddart tabled a report on the results of that audit in Parliament on February 13, 2008. The report stated that files and documents in the exempt banks have not been properly managed.
The RCMP’s response
The RCMP has publicly committed itself to implementing every one of the Privacy Commissioner’s recommendations. It is taking actions that include:
Ensuring an integrated accountability structure is put in place (This will see responsibility for the RCMP’s exempt banks shared between RCMP National Security Criminal Investigations, Criminal Intelligence, and Access to Information and Privacy. The Quality Assurance unit of Internal Audit, Evaluation and Review will also play a consultative role.);
Improving its training for those utilizing, managing and overseeing the CI and NS exempt banks;
Re-examining all of the files and documents retained in its exempt banks;
Implementing a centralized check of decisions to put files or documents into the CI or NS exempt banks;
Developing guidelines for annual reviews of the CI and NS exempt banks at the investigative unit level; and
Seeing to it that samples of our holdings from both exempt banks are reviewed every two years by a group of subject matter experts from RCMP Access to Information and Privacy, National Security Criminal Investigations and Criminal Intelligence.
Work already completed
The force has already completed two of the Privacy Commissioner’s recommendations by reporting the results of its review of exempt bank documents pertaining to Project Shock and submitting a compliance strategy for the banks.
Project Shock was an effort to coordinate all tips received concerning the 9/11 terrorist attacks. The Privacy Commissioner’s recommendation with respect to Project Shock was completed on September 13, 2007. The RCMP review found Project Shock documents no longer met the criteria for inclusion in the NS bank and the file was subsequently removed.
To be absolutely certain the RCMP is on the right track, it also committed itself to providing the Privacy Commissioner with a strategy within 90 days that would ensure its exempt banks not only complied with section 18 of the Privacy Act but were also compliant with associated internal exempt bank policy, as recommended by the Privacy Commissioner. That strategy has now been submitted.
