Rosie Lombardi (InterGovWorld.com) – Privacy organizations are calling for intensified scrutiny and oversight of the RCMP’s information management practices, which have failed to comply with government policy for almost 20 years.
Serious issues were brought to light in a recent audit of the RCMP’s exempt files conducted by the Office of the Privacy Commissioner of Canada (OPC), which found that over half of the national security files and 60 per cent of criminal operational intelligence files did not warrant “exempt bank” status.
Files flagged as exempt contain information the RCMP deems especially sensitive in national security and criminal intelligence investigations. Access to the files is restricted to select RCMP officers and government officials – and excludes citizens who may be the subjects of an exempt file. If these people make access to information requests, government departments and agencies will neither confirm nor deny the existence of an exempt file on them.
“These data banks have been crowded with tens of thousands of records that should not have been there,” said OPC Commissioner Jennifer Stoddart in a statement. “The large number of documents held in these exempt banks when their inclusion was unwarranted is disturbing – particularly given the RCMP was advised of compliance problems 20 years ago and made a commitment to properly manage such banks.”
The RCMP has also run afoul of Office of the Information Commissioner of Canada (OIC), which acts as an ombudsman for citizens who make freedom of information requests, says Murray Long, an Ottawa-based privacy consultant. “The OIC gave the RCMP an F grade in its last annual report for their management of access to information requests. And former chairs of the Commission for Public Complaints Against the RCMP, Shirley Heafey and Paul Kennedy, also called for stronger powers and oversight.”
There may be particular circumstances where there’s a legitimate need to flag a file for inclusion in the exempt data bank, explains Long. “If a drug kingpin or someone involved in organized crime was informed there was a file on them, that may be a tip-off to leave the country.”
But the sheer number of files incorrectly classified as exempt suggests deeper issues. Over half of the 150 files sampled by the OPC did not meet the threshold for inclusion in an exempt bank as set out in the Privacy Act or even the RCMP’s own policy. The OPC noted these findings are of particular concern given that, with few exceptions, their audit was conducted on files already examined by the RCMP as part of a recent internal review.
The impact of these files on innocent citizens can be serious. “Being named in a national security exempt bank file could have a harmful impact, particularly in a post 9-11 environment,” says Stoddart. “For example, it could potentially affect someone trying to obtain an employment security clearance, or impede an individual’s ability to cross the border.”
Citizens who make inquiries are trapped in a catch-22, says Trevor Shaw, director general of audit and evaluations at the OPC. “By its nature, an exempt file means officials will respond to an inquiry by saying they won’t confirm or deny its existence, but if such a file did exist, it would qualify for exemption under the provisions of the Privacy Act. However, in order to file a complaint, a citizen would have to know there’s an exempt file.”
Because citizens don’t know the source of their problems, it makes it difficult to estimate the number of people who may have been affected, he adds. “We get about 700 complaints each year regarding RCMP decisions to allow access to information, but it’s difficult to associate any of those directly with the exempt data bank.”
In addition, the way documents and files are classified creates a torturous trail that’s difficult to untangle, says Michael Fagan, audit and review manager at the OPC. “If you have an exempt document and it’s placed in a file, that entire file becomes an exempt file. But that document could also be included in 15 other files, or it could be one of many exempt documents in one file,” he says.
“If you look at the statistics, about 45,000 documents were removed from the exempt bank as a result of our audit, but it would be difficult to translate that into actual numbers of individuals.”
Watching the watchers
At the heart of the matter is the basis used by RCMP officers to designate a file as exempt. To illustrate the issue, the OPC report included the case of a seven-year-old file in the national security exempt bank which detailed a resident’s tip that a man had gone into a rooming house where drugs might be involved. But an investigation found the man had simply dropped his daughter off at a nearby school and stepped out of his car to smoke.
This may simply have been an accident where staff placed a document in the wrong file, says Long. But due to the great risks to individuals of such lapses, the RCMP has a special responsibility to manage the information in its care. “If something like this slips through the cracks it stays there, since no further action is taken on documents that should not have been in the database to begin with.”
There may be cases where individuals were truly harmed in unforeseen ways due to a lack of guidelines in assessing scenarios, he says. “Look at the Arar case: the actual critical link between him and terrorism was made on the basis of his lunch one day with someone who was a “person of interest” – which made him one too. This was the single piece of evidence the RCMP used to watch him. I find it scary there’s no policy for review of these things.”
But Shaw points out the RCMP does have a review policy. “The RCMP has a framework in place to manage these files. For example, subjects were to be reviewed every two years to ensure their continued inclusion in the exempt bank was warranted. But this mostly didn’t happen, although this activity should have been done as a matter of routine.B This was an information management breakdown, not a failure of policy.”
A lack of resources has also contributed to the problem, says Long. “After 9-11, the RCMP has been under-resourced in this kind of administrative area. So even if they want to really focus attention on doing this job properly, they don’t have the resources to do it – and they have a 20-year backlog.”
And lack of training combined with a secretive corporate culture also played a role, he says. “It points to the bumblingness of it all that the OPC found so many incorrectly classified files among those the RCMP had already reviewed. Officers and staff who are supposed to manage the exempt bank haven’t had the training to know how to make determinations about what should go in. And the tendency was to keep things in as opposed to getting rid of them if there were any doubts.”
The RCMP has responded to the OPC’s audit findings and recommendations with a clean-up strategy, says Shaw. “Our sense is they’re taking this quite seriously, and they’re going to fix this quickly. And it’s our practice to do a follow-up audit within two years to see what corrective action has been taken.”
Attempts to find out the specifics about the RCMP’s plans for corrective actions were unsuccessful, as the RCMP is not prepared to comment on this initiative until it’s taken effect, according to RCMP spokesperson Sergeant Natalie Deschenes.
More drastic measures such as implementing stronger oversight of the RCMP is in the government’s hands, Shaw adds. “We felt the matter was significant enough to table a special report for Parliament instead of waiting months for our usual annual report. Whether the government chooses to set up another oversight mechanism, due to questions flowing out of this audit, the Arar case and other cases, is a policy decision. The government may choose to take broader action.”