Mark Kennedy, Ottawa (Postmedia News) - Canada’s airport-security agency is collecting too much information about some travellers and is not always protecting it properly, according to an audit conducted by federal Privacy Commissioner Jennifer Stoddart.
As well, a separate audit has revealed that the RCMP is running afoul of privacy protections by keeping records in a database about criminal offences for which people have been pardoned or that resulted in a wrongful conviction.
The audits was released Thursday along with Stoddart’s annual report to Parliament.
Stoddart examined the privacy policies and practices of the Canadian Air Transport Security Authority (CATSA) and concluded the agency had exceeded its mandate by conducting security reports on incidents that had nothing to do with aviation security.
This involved instances where travellers were not breaking the law. For example, CATSA collected information about air passengers who were carrying large sums of cash on domestic flights. The agency contacted police in such cases.
Stoddart said that since CATSA is not empowered to be collecting personal information about legal activities not related to aviation security, it should halt the practice. She said the agency has agreed.
The audit also found that other types of personal information collected by the agency were not always properly secured.
“Documents containing sensitive personal information were left on open shelves and in plain view in a room where passengers may be taken for security checks,” Stoddart revealed.
Meanwhile, the audit found some problems in how the agency was screening passengers.
Auditors visited the rooms where CATSA officials screen full-body scans and discovered a cellphone and a closed-circuit TV camera- even though these devices are forbidden under the agency’s operating procedures.
“Fortunately, these irregularities were uncommon,” wrote Stoddart, adding that she was pleased the agency had moved quickly to correct the problem by issuing a reminder to staff and conducting inspections.
Stoddart wrote that in the decade since the 9/11 terrorist attacks, “safety in the skies has come at a growing cost to privacy.”
“In a wearisome modern ritual, we shed shoes and boots, and unzip our luggage to exhibit tiny toiletries in clear plastic bags. We `choose’ whether to be patted down by a uniformed stranger, or to stand spread-eagled in a glass- enclosed scanner. We accept that our travel plans, passport numbers and other personal information are shared among airlines and governments.
“We endure all this because we have no alternative if we wish to travel through Canadian airports. And, at the end of it all, we anticipate a significant payoff: a flight safe from terrorists and other threats.”
Stoddart said there’s more to the issue than just that.
“In addition to providing physical security, the state also has an obligation to treat individuals with respect – to preserve their dignity and to safeguard their personal information.”
Meanwhile, Stoddart’s audit of the RCMP also found some glaring concerns.
She examined the Mounties’ management of operational databases that are widely shared with other police forces, government institutions and other organizations. Although the RCMP has policies and procedures to safeguard the sensitive information contained in the databases, there were some disturbing gaps found in the audit.
The Privacy Act, which governs the information-handling practices of federal government departments and agencies, requires that organizations retain personal information no longer than absolutely necessary.
And yet, information about offences for which a pardon had been granted, or that resulted in a wrongful conviction, continues to be accessible in a database called the Police Reporting and Occurrence System.
“When a person receives a pardon for a past crime, or is found to have been wrongfully convicted of an offence, the RCMP is supposed to block access to any information about the incident in its database,” wrote Stoddart.
“This hasn’t been happening, so even though people have a right to get on with their lives, information about their past can continue to be shared.”
Stoddart concluded that “without question, the state needs personal information to govern.”
She writes that no government could avert a terrorist attack, fight crime, issue a passport or administer the tax system without data about individuals.
Modern information technology helps government conduct that task because data can be be processed, stored and disclosed more readily than ever before.
But she stressed: “So much personal information in the hands of government can also pose risks to the privacy of individuals.”