Year in Review
The last reporting year was a unique one for the Commissioner's office. As noted in the introduction, there was no Commissioner for a period of five months following the passing of Commissioner Gonthier. Nevertheless, the work of the office continued. Reviews and classified reports were completed, and others that had been approved by former Commissioner Gonthier were continued, or begun, as planned.
The primary objective of reviews is to assess whether CSEC's activities comply with the law, including the extent to which adequate measures are in place to protect the privacy of Canadians. Three classified reports were submitted to the Minister during the past year. One was a comprehensive study relating to CSEC information technology security activities and two were reviews relating to foreign intelligence activities.
The two reviews found that CSEC complied with the law and ministerial requirements and protected the privacy of Canadians. CSEC accepted the recommendations made in the reviews and is taking action to address them. CSEC is also addressing findings in order to improve its policies or practices.
Implementing recommendations
Since 1997, Commissioners have submitted to the Minister of National Defence 55 classified review reports and studies. In total, these reports have contained 129 recommendations. CSEC has accepted and implemented or is working to address 94 percent (121) of these recommendations. The few recommendations that were not accepted or implemented may have been in areas surpassed by events or circumstances. In an instance where CSEC rejects a recommendation, the Commissioner reviews the reasons provided by CSEC, then assesses whether to accept these reasons or to pursue the issue, possibly by examining it in even greater depth.
Regular review of disclosure of information about Canadians
The Commissioner's 2008–2009 annual report noted that the Commissioner's office would conduct regular reviews of CSEC's disclosure of information about Canadians to Government of Canada clients. For a period of six months last year, the Commissioner's office conducted monthly reviews of all disclosures and found them to comply with the law, and with the CSEC policies and procedures. Given these positive results as well as the positive result of a more comprehensive review of disclosures reported in the 2008–2009 annual report, it was determined that monthly reviews were not necessary. However, given also that this activity lies at the heart of the Commissioner's mandate, as noted by former Commissioner Gonthier last year, an annual review will still be conducted.
Timeliness of CSEC's responses to information requests
CSEC's operations in 2009–2010 were affected by a number of extraordinary factors and external pressures such as responding to international special events. While Commissioners respect that operations must be CSEC's priority, the length of time CSEC took to respond to requests for information from the Commissioner's office this past year was at times too long. CSEC is examining ways to better support the Commissioner's review requirements.
Enabling a higher level of assurance
During the past year, CSEC provided a number of detailed briefings to staff of the Commissioner's office. Some of the briefings were general in nature with the objective of keeping the office informed of operational, policy and organizational issues. Other briefings provided information on specific CSEC activities prior to establishing terms of reference for a review or during a review underway.
Several briefings described CSEC's tools, systems and databases, including those used to ensure that CSEC complies with statutory requirements for targeting foreign entities outside of Canada.
The briefings, along with direct access to CSEC systems and front-line employees, enhanced the depth of review by the Commissioner's office in 2009–2010. All of this enables a Commissioner to provide a higher level of assurance to the Minister of National Defence that CSEC is complying with the law and protecting the privacy of Canadians.
Strengthening accountability and compliance
Commissioners look to reinforce good practices that maintain or strengthen CSEC's compliance with the law and the protection of the privacy of Canadians. CSEC has continued to make significant improvements to its information management practices and has continued to expand the use of its corporate records management system, issues that were subjects of past recommendations by Commissioners. These enhancements are critical to CSEC accountability and compliance.
CSEC is also to be commended for a new initiative to increase employee awareness and knowledge of the authorities, policies and procedures governing its activities. This initiative makes policies which are specifically relevant to an employee's position readily available on the employee's computer. This initiative is expected to strengthen CSEC's compliance framework and the protection of the privacy of Canadians.
- Date modified: