Backgrounder
On November 25, 2020, the National Security and Intelligence Review Agency (NSIRA) presented the Minister of National Defence and the Minister of Public Safety with a classified compliance report on its review of CSE’s disclosures of Canadian identifying information (CII). In this review, NSIRA found that the CII disclosure regime lacked rigour and that its implementation may not have been in compliance with the Privacy Act. Additionally, NSIRA found that the Federal Court may not have been adequately informed about key elements of CSE’s disclosures of CII collected on the authority of warrants issued in relation to section 16 of the Canadian Security Intelligence Service (CSIS) Act. Given the findings of the review, NSIRA has published its unclassified summary of the compliance report.
In carrying out its foreign intelligence mandate, CSE may incidentally acquire information about Canadians or person(s) in Canada. CII is information that could be used to identify an individual, and is normally suppressed from reporting unless Government of Canada or foreign clients request these details and are able to demonstrate that they have operational justification and legal authority to receive it.
After a thorough review of CSE’s disclosures of CII, which also involved direct engagement with other Government of Canada departments that request CII, NSIRA made 6 findings and 11 recommendations. This unclassified summary provides an overview of the CII disclosure regime, and NSIRA’s observations related to the policies, procedures, training, and the legal authorities governing it.
Publishing this summary aligns with NSIRA’s efforts at increasing transparency and being more accessible to Canadians through its work. Looking forward, NSIRA will conduct future reviews of the CII disclosure regime to ensure that its recommendations are implemented in a way that will improve the CII disclosure program and that this program is compliant with the applicable legal framework.
As per section 8(1)(a) of the NSIRA Act, independent review of CSE’s activities is a statutory requirement for NSIRA. As such, NSIRA will continue to review CSE activities and report on compliance issues if they arise.
To learn more about NSIRA’ mandate, click here.
