Privacy organizations are calling for intensified scrutiny and oversight of the RCMP’s information management practices, which have failed to comply with government policy for almost 20 years.
Serious issues were brought to light in a recent audit of the RCMP’s exempt files conducted by the Office of the Privacy Commissioner of Canada (OPC), which found that over half of the national security files and 60 per cent of criminal operational intelligence files did not warrant “exempt bank” status.
Files flagged as exempt contain information the RCMP deems especially sensitive in national security and criminal intelligence investigations. Access to the files is restricted to select RCMP officers and government officials – and excludes citizens who may be the subjects of an exempt file. If these people make access to information requests, government departments and agencies will neither confirm nor deny the existence of an exempt file on them.
“These data banks have been crowded with tens of thousands of records that should not have been there,” said OPC Commissioner Jennifer Stoddart in a statement. “The large number of documents held in these exempt banks when their inclusion was unwarranted is disturbing – particularly given the RCMP was advised of compliance problems 20 years ago and made a commitment to properly manage such banks.”
The RCMP has also run afoul of Office of the Information Commissioner of Canada (OIC), which acts as an ombudsman for citizens who make freedom of information requests, says Murray Long, an Ottawa-based privacy consultant. “The OIC gave the RCMP an F grade in its last annual report for their management of access to information requests. And former chairs of the Commission for Public Complaints Against the RCMP, Shirley Heafey and Paul Kennedy, also called for stronger powers and oversight.”
Vicious circles
There may be particular circumstances where there’s a legitimate need to flag a file for inclusion in the exempt data bank, explains Long. “If a drug kingpin or someone involved in organized crime was informed there was a file on them, that may be a tip-off to leave the country.”
But the sheer number of files incorrectly classified as exempt suggests deeper issues. Over half of the 150 files sampled by the OPC did not meet the threshold for inclusion in an exempt bank as set out in the Privacy Act or even the RCMP’s own policy. The OPC noted these findings are of particular concern given that, with few exceptions, their audit was conducted on files already examined by the RCMP as part of a recent internal review.
The impact of these files on innocent citizens can be serious. “Being named in a national security exempt bank file could have a harmful impact, particularly in a post 9-11 environment,” says Stoddart. “For example, it could potentially affect someone trying to obtain an employment security clearance, or impede an individual’s ability to cross the border.”
Citizens who make inquiries are trapped in a catch-22, says Trevor Shaw, director general of audit and evaluations at the OPC. “By its nature, an exempt file means officials will respond to an inquiry by saying they won’t confirm or deny its existence, but if such a file did exist, it would qualify for exemption under the provisions of the Privacy Act. However, in order to file a complaint, a citizen would have to know there’s an exempt file.”
Because citizens don’t know the source of their problems, it makes it difficult to estimate the number of people who may have been affected, he adds. “We get about 700 complaints each year regarding RCMP decisions to allow access to information, but it’s difficult to associate any of those directly with the exempt data bank.”
In addition, the way documents and files are classified creates a torturous trail that’s difficult to untangle, says Michael Fagan, audit and review manager at the OPC. “If you have an exempt document and it’s placed in a file, that entire file becomes an exempt file. But that document could also be included in 15 other files, or it could be one of many exempt documents in one file,” he says.
“If you look at the statistics, about 45,000 documents were removed from the exempt bank as a result of our audit, but it would be difficult to translate that into actual numbers of individuals.”
Watching the watchers
At the heart of the matter is the basis used by RCMP officers to designate a file as exempt. To illustrate the issue, the OPC report included the case of a seven-year-old file in the national security exempt bank which detailed a resident’s tip that a man had gone into a rooming house where drugs might be involved. But an investigation found the man had simply dropped his daughter off at a nearby school and stepped out of his car to smoke.
This may simply have been an accident where staff placed a document in the wrong file, says Long. But due to the great risks to individuals of such lapses, the RCMP has a special responsibility to manage the information in its care. “If something like this slips through the cracks it stays there, since no further action is taken on documents that should not have been in the database to begin with.”
There may be cases where individuals were truly harmed in unforeseen ways due to a lack of guidelines in assessing scenarios, he says. “Look at the Arar case: the actual critical link between him and terrorism was made on the basis of his lunch one day with someone who was a “person of interest” – which made him one too. This was the single piece of evidence the RCMP used to watch him. I find it scary there’s no policy for review of these things.”
But Shaw points out the RCMP does have a review policy. “The RCMP has a framework in place to manage these files. For example, subjects were to be reviewed every two years to ensure their continued inclusion in the exempt bank was warranted. But this mostly didn’t happen, although this activity should have been done as a matter of routine.