Overview

Today's digital age allows for the rapid and easy movement of information around the globe - known as transborder data flows - and has led to increased outsourcing that is beneficial to Canada's economy. However, transborder data flows combined with foreign laws that apply when information is accessible outside of Canada's borders, make it challenging to protect the privacy and security of information.
The USA PATRIOT Act, designed to fight terrorism, allows law enforcement agencies under certain circumstances to access personal records of people without their knowledge.
The chances of the USA PATRIOT Act being used to access the personal records of Canadians are remote.

Government of Canada Leadership

The Government of Canada has been a world leader in privacy for over 25 years. Since 1978, the government has illustrated its recognition of the importance of the protection of individual privacy and set the standard for similar privacy laws in the provinces.
The federal government introduced the Personal Information Protection and Electronic Documents Act (PIPEDA) in 2001 to protect the privacy of personal information handled by the private sector.
In 2002, under the Privacy Impact Assessment (PIA) Policy, the Government of Canada became the first national government in the world to make it mandatory for all departments and agencies to document, publish and maintain PIAs for all programs and services where privacy issues may be inherent.

The Government of Canada sees the issues raised by the USA PATRIOT Act as being similar to any foreign legislation that has the potential to allow access to Canadians' personal information on the part of foreign authorities. As a result, the government's measures are designed to address the broader issue of transborder data flows.
To meet the challenges that stem from the flow of information across borders, the Government of Canada has adopted a balanced approach, taking into account privacy requirements and other important considerations. These include the need to allow outsourcing; the continuation of international trade agreements to benefit Canada's economy; and, the need to protect the public safety and national security.
In the Government of Canada, each institution is responsible for personal and sensitive information under its control and must have in place a risk management strategy relevant to its own circumstances.

The Government of Canada conducted a review of all its outsourcing contracts to determine their level of risk under the USA PATRIOT Act. Most of the 160 federal institutions, more than 80 per cent, rated their contracts as having no risk at all, or a low risk, because information is either being processed only by the federal government itself or by a company operating only in Canada.
Departments and agencies have used the results of the review to determine and implement mitigating strategies where required.
The Government of Canada will pursue other actions to further mitigate risks, including a review of technological solutions.