A7

Jim Bronskill
THE CANADIAN PRESS

Stumble Upon

del.icio.us

Digg

Facebook

Print

Email

Speak Up

OTTAWA - The colour of your skin or the countries you visit could mean details of your financial dealings end up at the national agency that fights terror funding, a review by the federal privacy watchdog has found.

Enlarge Photo

The Canadian Press

Privacy Commissioner Jennifer Stoddart arrives at a press conference in Ottawa on Tuesday.

Privacy Commissioner Jennifer Stoddart says the little-known Financial Transactions and Reports Analysis Centre is collecting too much personal information about Canadians.

In her annual report tabled Tuesday, Stoddart also says a deputy minister essentially rubber-stamped names that security agencies recommended for Canada's controversial no-fly list of banned air passengers.

The government's drive to secure public safety since the 9-11 terrorist attacks "has led to a seemingly insatiable appetite" for personal details, the report says.

"The unprecedented scope of government data collection that we are witnessing today heightens the risk of misuses and unauthorized disclosure. The consequences for individuals can be grave."

Stoddart says FinTRAC, the federal financial investigative agency, must scale back its data gathering.

The centre zeros in on cash linked to money laundering, terrorism and other crimes by sifting through information from banks, insurance companies, securities dealers, money service businesses, real estate brokers, casinos and others.

"While the centre has put in place elements of checks and controls, there are gaps that need to be addressed," Stoddart's report says.

She found that, although reports about allegedly dubious transactions are reviewed and prioritized, they are not assessed for reasonable suspicion of money laundering or terrorist financing.

In one case, a financial institution filed a report about a woman who deposited a cheque from a law firm. The institution was satisfied the person had provided legitimate reasons for the source of funds, but decided to tell FinTRAC anyway because of the woman's ethnic origin and the fact she had visited a particular country.

In another case, someone deposited a government cheque for less than $300 and then withdrew the entire amount. The financial institution filed a suspicious transaction report, but did not indicate why the dealing was being flagged.

Stoddart says it is clear that such reports should not make their way into the FinTRAC database, as they lack even a shred of evidence of wrongdoing. "It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose," she told a news conference.

The commissioner also found instances where the centre kept "extraneous information" such as social insurance and health card numbers.

Stoddart recommended FinTRAC work with the agencies that report allegedly suspicious cases to ensure the centre does not get personal information it has no legislative authority to receive "and that it does not need or use."

She also urged the centre to permanently delete all personal data that falls outside its legal mandate.

FinTRAC agreed to numerous changes, including creation of a chief privacy officer position and development of new guidelines.

FinTRAC director Jeanne Flemming said Tuesday her agency receives 1.5 million records a month, making it difficult to purge unnecessary data.

"So once it gets through, how do you find it, without stopping the system to find it? And then even when you do find it, the next issue is, how do you delete it?"