4.1 Survey by the Office of the Privacy Commissioner

The Office of the Privacy Commissioner (OPC) conducted a survey of Government of Canada institutions on the application and implementation of SCISA in the first six months since its coming into force, that is, from 1 August 2015 to 31 January 2016. The survey was issued to the 17 Government of Canada institutions that are authorized to collect and disclose information under SCISA, as well as the 111 Government of Canada institutions that may now disclose information to those 17 institutions pursuant to SCISA.

According to the OPC’s survey, the CBSA, the RCMP, IRCC and CSIS reported that they had collectively received information 52 times. In addition, the CBSA, IRCC and Global Affairs Canada said they had disclosed information on a total of 58 occasions. According to the survey respondents, the “information shared under … SCISA was for named individuals suspected of undermining the security of Canada.”[77] As mentioned above, there were “legal authorities that existed before … SCISA that permit the collection and disclosure of information for national security purposes.”[78] The survey found that 13 of the 17 Government of Canada institutions authorized to collect and disclose information under SCISA had used pre-existing authorities for such sharing activities.[79]

The Commissioner told the Committee that, during the second phase of his audit, his office “will review departmental records to verify whether that information is accurate and whether information sharing under authorities other than SCISA concerned suspects or persons not suspected of terrorist activities.”[80]

4.2 Use of the Act by Federal Institutions

CSE Commissioner Plouffe reported that the Office of the CSE Commissioner “has not shared information under SCISA, and in all probability is unlikely ever to do so.”[81] Likewise, the CSE “has neither received nor shared information under that law.”[82]

Mr. Burt of DND stated that, at the time of the OPC’s survey, his institution had not shared any information, but that since then it had disclosed information pursuant to SCISA in one instance.[83]

The IRCC officials also said that, since August 2015, their organization “has disclosed information in response to requests from security partners on 64 occasions, and in 6 instances has proactively disclosed information to partner agencies. IRCC has also been the recipient of information on one occasion, information that has been used in an investigation for revocation of citizenship under the Citizenship Act.”[84] Nonetheless, Mr. Linder of IRCC explained that “in all cases the information could have been provided without SCISA,”[85] but that SCISA is a simpler and faster method.[86]

Mr. Mundie of the CBSA reported that, “[i]n the first half of the year of implementation, the CBSA made 24 disclosures under SCISA, and during the same time period, eight disclosures were made to the CBSA.”[87]

As for Global Affairs Canada, “since SCISA came into force, most of the department's sharing of consular-related information with national security agencies is done under SCISA rather than pre-existing authorities.”[88] Ms. Victoria Fuller, an official with that department, said that her organization “has received requests, which we responded to 25 times. We've made 20 responses in which we did not provide information for one reason or another, and we've made 16 proactive responses.”[89]

Although SCISA has been used by only a limited number of federal institutions since it came into force, some witnesses pointed out that it is still relatively recent legislation and that its provisions may eventually prove useful.[90]

4.3 Meaning of a “Disclosure” Under the Security of Canada Information Sharing Act

A number of witnesses were unable to define the term “disclosure.” Does a disclosure concern a single individual, or can it involve a large number of Canadians? As a result, while the OPC’s survey seems to show that SCISA is little used, the scope of the information sharing may in reality be greater.

Mr. Linder of IRCC offered the following explanation: “In each case, the request for disclosure tends to be very specific to a particular situation. To my knowledge, it is usually associated with a single individual. I think it's possible that it could be a family as well, but in general, it is extremely limited.”[91]

Since the Security Intelligence Review Committee (SIRC) and the Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC) are currently conducting reviews of the information-sharing activities of CSIS and the RCMP under the new SCISA regime, Mr. Richard Evans of the CRCC and the Honourable Pierre Blais, Chair of SIRC, told the Committee that they would be able to provide more information about the concept of disclosure at the conclusion of their respective reviews.[92]