Report on Assessment of Privacy Concerns Related to USA PATRIOT Act
Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
In 2004, the Government of Canada responded diligently to concerns about possible privacy risks posed by foreign legislation, such as the USA PATRIOT Act, by requiring all 160 federal institutions under the Privacy Act to assess their contracting arrangements and to take remedial actions where needed.
The purpose of this assessment was to identify, evaluate, and, if appropriate, mitigate any possible risks related to the USA PATRIOT Act and other foreign legislation.
The review is now complete and the results are publicly available in the final report, Privacy Matters: The Federal Strategy to Address Concerns about the USA PATRIOT Act and Transborder Data Flows.
Summary of Results
The results are positive for Canadians. The findings indicate that most federal institutions have indicated "zero to low risk" of Canadians' personal information or other sensitive information – such as commercial confidential and security-related information – being accessed under the USA PATRIOT Act.
Departments and agencies have used the results of the review to determine and implement mitigating strategies where required. In addition, the Government of Canada has developed a federal strategy to further mitigate risks. This strategy includes a wide range of measures including guidance that has been developed for institutions so that privacy is an integral part of the decision-making process around contracting.
The Treasury Board of Canada Secretariat (TBS) is responsible for coordinating the government's action plan with respect to risks associated with the handling of personal information under contracts. TBS provides guidance and advice regarding privacy and contracting to assist institutions. However, it is the responsibility of each Government of Canada institution to identify and assess risks inherent to the institution's own outsourcing activities and to develop internal strategies to mitigate or manage risks.
Guidance for Federal Government Institutions
TBS has prepared a guidance document for federal institutions. The document includes a privacy checklist and up-front advice on considering privacy prior to initiating contracts. It also includes advice for developing specific privacy protection clauses that can be used in Requests for Proposals (RFPs) and contracts.
The Government of Canada sees the issues raised by the USA PATRIOT Act as being similar to any foreign legislation that has the potential to allow access to Canadians' personal information on the part of foreign authorities. As a result, the government's measures are designed to address the broader issue of transborder data flows.
For more information on transborder data flow and protecting your privacy, consult our Frequently Asked Questions document relating to this issue.
- Date modified: