Security Of Canada Information Sharing Act: Public Framework
This Public Framework outlines the approach to information sharing within the Government of Canada for security of Canada purposes, as authorized under the Security of Canada Information Sharing Act (SCISA). It affirms the Government's commitment to respecting the rights and privacy of Canadians, and sets out the principles that guide the manner in which the Government intends to facilitate information sharing for security of Canada purposes. Finally, it highlights the key elements of the framework that the Government is putting in place to promote effective and responsible information sharing.
Information Sharing and Canada's National Security
Access to accurate, timely and reliable information has always been indispensable to a government's ability to maintain national security. If a government is to manage risk effectively, make quick and sound operational decisions, allocate limited resources and assets judiciously, and design effective national security programs, it must understand the intentions, capabilities and activities of those who would do its nation harm.
In today's interconnected and complex world, threats emerge and evolve rapidly and sometimes unpredictably. By their very nature, many threats transcend the jurisdiction and capabilities of any single government institution to address in a coordinated and comprehensive manner. This means that inter-agency cooperation is increasingly necessary. It also means that information on these threats can be found in different places across Government institutions, and must be pieced together to form a complete threat picture. Effective, efficient and responsible sharingof information between the various institutions of government is, therefore, increasingly essential to a government's ability to identify, understand and respond to threats to its national security. Indeed, Building Resilience Against Terrorism: Canada's Counter-Terrorism Strategy highlights the importance of proactive and responsible information sharing to detect the activities of individuals and organizations who may pose a terrorist threat.
The Government of Canada's departments and agencies already share information for national security purposes every day. In doing so, a number of high-level mechanisms are in place to ensure that these national security institutions function in a coordinated and coherent manner. For example:
- The Cabinet Committee on Foreign Affairs and Security provides broad strategic direction for security and foreign policy related to Canada's national interest, and oversees Canada's national security response activities.
- The Minister of Public Safety and Emergency Preparedness is responsible for all matters relating to public safety that have not been assigned to another department, board or agency of the Government of Canada. The department is also responsible for the coordination of the Public Safety Portfolio, including for example the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, the Canada Border Services Agency and the Government Operations Centre.
- The Treasury Board Secretariat is responsible for providing strategic direction in the area of information management, information technology, identity management and security, and access to information and privacy.
Despite the fact that national security information sharing already takes place, improvements are required to resolve legal and policy challenges and to keep pace with the ever-changing domestic and international threat environment. As one example, given the absence of an explicit information sharing authority, Government institutions responsible for administering immigration and border laws have faced difficulties in sharing information with each other. Moreover, the current legislation does not allow these institutions to share with other government agencies for broader national security purposes.
Although Government of Canada institutions already share information with each other for national security purposes, some institutions lack clear authority to share information for such purposes. What is more, experience has shown that the complexity of the legal landscape can itself impede or delay effective and timely sharing of information. The Government of Canada is committed to addressing these challenges by establishing clear legal and policy frameworks to facilitate the timely, effective and responsible sharing of information on activity that undermines the security of Canada.
A number of statutory provisions, common law authorities, and the Crown Prerogative already authorize information sharing. The new Act aims to improve the effectiveness and timeliness of information sharing amongst Government institutions for national security purposes, by establishing a single authority for all federal Government institutions to disclose information, either proactively or in response to a request. The Act does not replace existing authorities to share information, but fills legislative “gaps” by providing clear authority to share information in cases where such authority currently does not exist or is subject to competing interpretation. The new regime has no legal effect on the use or subsequent disclosure of information. To further disclose information received under this Act, institutions could only do so when legally authorized.
For greater clarity, the new Act does not alter in any way the jurisdiction or mandates of Government institutions; it only addresses the disclosure of information between Government of Canada institutions. The new Act does not address the collection of information by Government institutions as they will continue to collect information under their existing authorities. The authority to disclose operates subject to any other provision in another Act that limits or prohibits the disclosure of information. So, while the new disclosing authority can fill an authority gap, it cannot serve to bypass a statutory or regulatory restriction on disclosure.
The Act does not address the disclosure of information to non-Government of Canada institutions. In particular, it does not modify sharing practices with international partners which remain subject to arrangements already in place. Moreover, departments and agencies must continue to respect Ministerial direction, policies, or other requirements related to sharing of information with foreign entities.
The Act contains features to ensure reasonableness and consistency with privacy laws and principles. It contains a robust threshold concept of “activity that undermines the security of Canada”. To meet this threshold, the activity must undermine Canada's sovereignty, security, territorial integrity, or the lives or security of Canadians. Examples of such activities include terrorism, espionage, and weapons proliferation. Institutions are designated as information recipients under the Act on the basis of their jurisdiction or responsibilities in relation to such activities. However, it should be noted that the Act authorizes disclosure to a designated recipient only where the information is relevant to those jurisdiction or responsibilities.
The Act contains a detailed preamble as well as a purpose clause and sets out a series of fundamental principles that are to guide its operation and interpretation.
Consistency with Fundamental rights, including the Right to Privacy
Although information sharing is essential to protecting Canada's security, the Government recognizes that the sharing of some information may touch upon fundamental rights and freedoms, particularly the right to privacy, of the very people the Government is seeking to protect.
To ensure that the privacy rights of Canadians are protected, the Government's authority to use or share information, whether for security of Canada purposes or otherwise, is governed by Canada's legal framework, including the Canadian Charter of Rights and Freedoms (Charter) and the Privacy Act.
The Charter protects against unjustified state intrusion on a person's reasonable expectation of privacy. Importantly, Charter protection can apply not only when private information is collected by the Government, but also when the Government subsequently shares such information, even internally within an organization.
The Privacy Act governs the collection, use, disclosure, retention and disposal of personal information by Government departments and agencies. The Privacy Act, which has been declared by the Supreme Court of Canada to be a statute that is quasi-constitutional in nature, applies to all situations where personal information is being handled by the Government, including when information is being shared for national security purposes.
The right to privacy is not absolute. The law recognizes that it must be balanced against other important public policy objectives. In this regard, the reasonable expectation of privacy enshrined in the Charter may be subject to reasonable limits, where necessary to achieve an important objective and as long as the limits impair privacy rights as little as possible. Protecting the security of Canada and Canadians is a pressing and substantial objective. Indeed, protecting the nation's security is among the most important objectives that the Government can pursue, and is one of the most fundamental elements of the contract that the Government has with its citizens. The Privacy Act also provides for the disclosure of personal information, including “for any purpose in accordance with any Act of Parliament or any regulation made thereunder that authorizes its disclosure” which would include disclosure under the new Act.
As described above, the Security of Canada Information Sharing Act includes many features that are designed to ensure minimal impairment of privacy rights. Additionally, the Act is in line with existing information sharing requirements, policies and arrangements, including respect for caveats and originator control. As the Act does not impose an obligation to disclose information, Government of Canada institutions will be authorized to do so, at their discretion, to a limited number of designated Government institutions. Existing obligations to protect the private information of Canadians held by government institutions, in particular Privacy Act requirements remain in effect, and must be complied with.
In practice, this means that Canadians can expect that a Government of Canada institution that collects personal information about them to carry out its mandate may disclose it to another Government institution. However, this will only occur when fulfilling the Government's fundamental obligation to protect the national security of Canada, provided that the conditions for disclosure under the Act are satisfied. Canadians can rest assured that disclosure will take place judiciously, in accordance with the laws of Canada, including the Charter and the Privacy Act.
The Act also expressly excludes advocacy, protest, dissent and artistic expression from the definition of “activity that undermines the security of Canada”, as such activities are fundamental democratic rights.
The following principles support the Government's approach to information sharing for security of Canada purposes.
Lawfulness: Our country is built on the rule of law as a cornerstone of peace, order and good government. Information sharing must take place in accordance with Canadian law, including the Charter and the Privacy Act.
Effectiveness: In order to identify and assess threats to our national security, make decisions or take action, the information necessary to identify threats must be shared with those who need it in a timely manner; in other words, the right information needs to be shared with the right people at the right time. While sharing information on known threats is important, it is also critical that information be shared to prevent threats from developing.
Protection of Privacy: The need to share personal information to protect Canada's security does not diminish the need to respect the privacy of Canadians, who have a legitimate interest in limiting access to personal information about themselves held by Government institutions.
Relevance: In order to respect the privacy of Canadians, information should only be shared if it is reliable and relates directly to the national security jurisdiction or responsibilities of the receiving government institution.
Responsibility and Accountability: Government departments and agencies are responsible and accountable for the manner in which they manage the information they hold, including the circumstances in which they share information. The Office of the Privacy Commissioner plays an important role in this regard by investigating complaints, including self-initiated complaints, regarding compliance with the Privacy Act, while the Office of the Auditor General audits federal Government operations and provides Parliament with independent information, advice and assurances regarding the Government's stewardship. Moreover, bodies are also in place to provide independent, external review of the activities of the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, and the Communications Security Establishment.
Transparency: Ultimately, the willingness of citizens, businesses, and other Governments to trust the Government of Canada with their information is based on the strength of the relationships the Government builds with individuals and institutions. The Government must be open and transparent with its information sharing policies and practices so as to earn the trust of its citizens and partners in knowing that the Government is a proper and responsible custodian of their information.
Elements of an Effective and Responsible Information Sharing Regime
The Government is committed to ensuring that the new information sharing regime promotes effective and responsible information sharing within the Government of Canada for security of Canada purposes. Its key elements are:
Clear and balanced laws: Effective and responsible information sharing requires balancing the need to protect Canadians with that of respecting individual rights and freedoms. Clear legal authority to disclose information when certain conditions are met provides guidance to holders of information, and encourages them to share information in an effective and responsible manner. A clear legal environment also gives confidence to Canadians that the Government is treating information about Canadians appropriately, while balancing the need to protect the country with that of respecting fundamental rights and freedoms.
Coordination and leadership: Public Safety Canada will take on a renewed leadership role in promoting effective and responsible information sharing within the Government of Canada for security of Canada purposes. This will include, for example, Public Safety Canada and partners leading the development of information sessions and guidance that will help officials understand and administer the SCISA.
Training: Training will contribute significantly to increasing the effectiveness of sharing information, by ensuring that the legal framework is well understood and consistently applied. More generally, training will contribute to a better understanding by disclosing institutions of what information is relevant to designated government institutions in carrying out their duties to protect national security and of the importance of sharing information to enable recipients to do so.
Counter-terrorism News Releases
December 14, 2018
December 11, 2018
November 13, 2018
Counter-terrorism - Publications and Reports
- Date modified: