Canadian air security agency going too far: report
Nov. 17, 2011, Ottawa - Canada's privacy czar says the national air security agency is collecting too much information about travellers – sometimes including details about the cash they take on their trips.
November 17, 2011 By The Canadian Press
In a newly released audit, Jennifer Stoddart says the agency is not always safeguarding the sensitive information properly, either.
A second report issued by the privacy commissioner Tuesday reveals a key RCMP database continues to hold information about people who have received a criminal pardon or who were wrongfully convicted.
Both special audits were released as Stoddart tabled her annual report on federal privacy practices in Parliament.
The review of the Canadian Air Transport Security Authority concluded the agency was reaching beyond its mandate by filing reports on incidents unrelated to air security.
"This presents a risk to privacy by making available for use and disclosure information that should not have been obtained," says the audit.
The air security agency violated the Privacy Act by sometimes informing police when a large sum of money, or contraband such as illegal drugs, was discovered in the baggage of passengers about to
board a domestic flight.
The agency was "unable to demonstrate that passengers carrying large sums of money or narcotics on an aircraft" posed a threat to air security, which is the extent of its responsibility, says the audit.
Stoddart's office looked at a random sample of 150 of the agency's 10,400 incident reports on file.
"Over half of the reports – approximately 57 per cent – concerned matters unrelated to aviation security, including the discovery of narcotics, tobacco and large sums of money," says the audit.
In a response, the air security agency agreed with Stoddart's recommendation to halt the practice.
The audit also raises concerns about the agency's airport scanners that can see through clothes.
The system, in place at 23 Canadian airports, allows a screening officer to see whether someone is carrying plastic explosives or other dangerous items by viewing a ghost-like but fairly detailed outline of their body.
When auditors visited the rooms where officials screen full-body scans, they discovered a cell phone and a closed-circuit TV camera — even though these types of devices are strictly prohibited because
of their recording capabilities.
The TV camera was disabled after the privacy commissioner's office alerted the air security agency.
During site visits to airports, Stoddart's reviewers found security incident reports containing travellers' personal information stored on open shelving units, on the floor and in cabinets that did not meet required security specifications.
"At one airport, we found security incident reports stored in boxes in a room used to conduct private searches," the audit says.
The air security agency has outsourced passenger screening to private-sector companies, but this does not mean it can ignore the Privacy Act, Stoddart notes.
She suggests an ongoing monitoring strategy, including internal audits, to provide assurance that good privacy practices are being followed.
Stoddart said in a statement that while the agency has moved quickly to correct problems, federal institutions are obliged to handle information with "an uncompromising level of care – not some of the time, or even most of the time, but all of the time."
The commissioner's audit of the RCMP looked at operational databases that are widely shared with other police forces, government agencies and various organizations.
Stoddart found that while the RCMP has policies and procedures to protect the sensitive information in these electronic systems, there were also disturbing gaps.
"People who were convicted of an offence they did not commit, or who have been granted a pardon, have a right to go about their lives without information – and especially misinformation – about their
past coming to light,'' Stoddart said in her statement.
"Such information must be more tightly controlled."