Vol. 151, No. 21 — October 18, 2017
SOR/2017-222 October 6, 2017
NATIONAL SECURITY AND INTELLIGENCE COMMITTEE OF PARLIAMENTARIANS ACT
National Security and Intelligence Committee of Parliamentarians Regulations
P.C. 2017-1238 October 6, 2017
Her Excellency the Governor General in Council, on the recommendation of the Leader of the Government in the House of Commons, pursuant to section 33 of the National Security and Intelligence Committee of Parliamentarians Act (see footnote a), makes the annexed National Security and Intelligence Committee of Parliamentarians Regulations.
National Security and Intelligence Committee of Parliamentarians Regulations
1 The following definitions apply in these Regulations.
Act means the National Security and Intelligence Committee of Parliamentarians Act. (Loi)
member means a member of the Committee. (membre)
restricted area means an area
- (a) that is indicated by a perimeter and monitored continuously;
- (b) to which access is limited to persons who hold the proper authorization and to escorted visitors; and
- (c) for which records detailing the access to the area are maintained and audited. (zone d’accès restreint)
sensitive information means information or documents
- (a) that a member obtains, creates or has access to in the course of exercising their powers or performing their duties and functions under the Act; and
- (b) that a department is taking measures to protect. (renseignements sensibles)
Necessary security clearance
2 (1) For the purpose of paragraph 10(a) of the Act, the necessary security clearance is a Top Secret security clearance that is issued by the Clerk of the Privy Council.
Change in personal circumstances
(2) A member must, without delay, provide the Clerk of the Privy Council with a report of any change in their personal circumstances that may affect their security clearance, including
- (a) a criminal conviction;
- (b) being the subject of a law enforcement action;
- (c) association with criminals; and
- (d) a significant change in their personal financial situation.
- Security briefing
- 3 A member must attend a security briefing provided by the Secretariat
- (a) before accessing sensitive information for the first time; and
- (b) before accessing sensitive information that is in a category for which they have not already received a security briefing.
Procedures and Practices for Protecting Sensitive Information
Handling of sensitive information
4 A member may handle sensitive information only when they are inside a restricted area.
Discussion of sensitive information — location
5 (1) A member may discuss sensitive information only when they are inside a restricted area.
Prevention of indirect disclosure
(2) A member must ensure that they do not indirectly disclose sensitive information when discussing their powers, duties and functions under the Act outside of a restricted area.
Transportation — limit
6 A member may transport sensitive information only directly from one restricted area to another.
7 When a member transports sensitive information, they must use equipment that has been provided to them by the Secretariat for that purpose and must maintain physical control of that equipment for the duration of the transport.
Electronic equipment requirements
8 (1) A member may electronically produce, store or transmit sensitive information only using electronic equipment that is provided to them by the Secretariat for that purpose.
Reception of sensitive information
(2) If a member receives sensitive information using electronic equipment that is not provided to them by the Secretariat, the member must report the occurrence to the Secretariat as soon as the circumstances permit.
Sensitive information — return to custody
9 If a member takes custody of sensitive information from the Secretariat, the member must ensure that the information is returned to the custody of the Secretariat.
Information — remit to custody
10 A member must, as soon as the circumstances permit, remit to the custody of the Secretariat
- (a) all information and documents created by the member that are derived from sensitive information; and
- (b) all information that they receive from a source other than a department and that is related to the exercise of their powers or the performance of their duties and functions under the Act.
Storage of electronic devices
11 Before entering a restricted area, a member must store outside of the area all electronic devices on their person that were not provided to them by the Secretariat.
12 A member must, without delay, provide the Executive Director of the Secretariat with a report of
- (a) every act, event or omission that they believe could result in
- (i) an unauthorized access to sensitive information or a restricted area, or
- (ii) an unauthorized disclosure, destruction, removal, modification or use of sensitive information; and
- (b) any contact with an individual that they believe may constitute an attempt to access sensitive information.
13 In the event of an emergency situation at the premises in which a member is exercising their powers or performing their duties and functions under the Act, the member must take all measures that can be safely taken in the circumstances to protect the sensitive information that is in their custody.
Coming into Force
S.C. 2017, c. 15 or registration
14 These Regulations come into force on the day on which the National Security and Intelligence Committee of Parliamentarians Act, chapter 15 of the Statutes of Canada, 2017 comes into force, but if they are registered after that day, they come into force on the day on which they are registered.
REGULATORY IMPACT ANALYSIS STATEMENT
(This statement is not part of the Regulations.)
The National Security and Intelligence Committee of Parliamentarians Act (Act) will provide parliamentarians who are members of the National Security and Intelligence Committee of Parliamentarians (NSICOP) with regular access to a broad range of sensitive information related to the national security and intelligence activities of federal departments and agencies. Parliamentarians are not subject to existing Treasury Board security policies which govern public servants’ access to such information. In order to address this gap and mitigate the risk of unauthorized disclosure, the Act provides for the Governor in Council to adopt regulations establishing procedures and practices for the secure handling of sensitive information, as well as generally for carrying out the purposes and provisions of the Act.
Bill C-22, An Act to establish the National Security and Intelligence Committee of Parliamentarians Act, received royal assent on June 22, 2017. The Act responds to commitments set out in the mandate letters of the Leader of the Government in the House of Commons and the Minister of Public Safety and Emergency Preparedness to create a statutory committee of parliamentarians with special access to sensitive information to review government departments and agencies with national security responsibilities. Providing such a mechanism would address a gap in Canada’s current national security accountability framework by providing a means for select parliamentarians to hold the federal government accountable for national security and intelligence activities in a more informed manner, and allow them to be better equipped to perform their regular functions in examining legislation, in so far as they relate to national security. It would also align with Canada’s Five Eyes partners (Australia, New Zealand, United Kingdom, United States), who each have a mechanism for parliamentarians to access sensitive information and review national security activities.
Members of the NSICOP would be provided broad access to a range of sensitive information, which if disclosed, could be injurious to Canadian national security, national defence, or international relations, as well as the privacy interests of individuals. In order to ensure that information is properly protected, the Act provides several safeguards, including, but not limited to, a provision requiring each member of the NSICOP to (section 10)
- (a) obtain and maintain the necessary security clearance from the Government of Canada;
- (b) take the oath or solemn affirmation set out in the schedule; and
- (c) comply with the procedures and practices set out in the regulations.
The Act also provides the Governor in Council the authority to make regulations (section 33)
- (a) respecting the procedures and practices for the secure handling, storage, transportation, transmission and destruction of information or documents provided to or created by the Committee;
- (b) respecting the procedure to be followed by the Committee in the exercise of any of its powers or the performance of any of its duties or functions;
- (c) respecting the expenses referred to in section 32; and
- (d) generally for carrying out the purposes and provisions of this Act.
The objective of these Regulations is to establish the security requirements necessary to mitigate the risk that access to sensitive information by NSICOP members could lead to unauthorized disclosures that would be injurious to Canadian national security, national defence, and international relations, as well as the privacy interests of individuals.
The National Security and Intelligence Committee of Parliamentarians Regulations (Regulations) would establish security requirements for NSICOP members related to storage, handling, and dissemination of sensitive information that are analogous to several found in the Treasury Board Standard on Security Screening, and related Treasury Board and departmental policies. Details on the requirements can be found below.
With respect to security clearances, the Regulations would specify that members would require a Top Secret security clearance issued by the Clerk of the Privy Council. To ensure the ongoing validity of the security clearance, the Regulations would also require members to report any changes in their personal circumstances that may affect their security clearance. The level of clearance and reporting requirements are consistent with what is required of public servants who access the type of information that members will be privy to.
With respect to access to sensitive information, the Regulations would require that each member receive a security briefing before they initially begin to access sensitive information and at any point in the future when the sensitivity of the information being accessed warrants further security briefings. Members would also be required to report to the Executive Director incidents that could lead to unauthorized access to sensitive information or restricted areas. Similar requirements exist for public servants.
With respect to storage of sensitive information, members would be required to use electronic equipment that is provided by the NSICOP Secretariat and that is appropriate for the level of sensitivity of the information. Members would also be required to store electronic devices (e.g. mobile devices) outside of restricted areas prior to entering the premises. Similar requirements exist for public servants.
In the event that a member received sensitive information electronically on equipment that was not provided to them by the Secretariat for that purpose, they would be required to report the incident to the Secretariat, which would determine how to ensure the information is properly classified and protected. Similarly, if a member were to receive sensitive information related to their duties and functions, from a source other than a federal department/agency or the Secretariat, they would be required to remit it to the custody of the Secretariat. Any record that a member creates in the course of their duties and functions that was derived from sensitive information would also have to be remitted to the custody of the Secretariat.
With respect to handling of sensitive information, members would be required to only handle sensitive information in restricted areas and use secure means provided to them by the Secretariat to transport sensitive information from one restricted area to another. Similar requirements exist for public servants.
With respect to dissemination of sensitive information, members would be required to use electronic equipment provided to them by the Secretariat for that purpose and would be prohibited from discussing sensitive information outside of restricted areas. When discussing their general functions and duties outside of restricted areas, members would need to ensure that they do not indirectly disclose sensitive information. Similar requirements exist for public servants.
To ensure the ongoing protection of sensitive information in emergency situations, members would be required to take any steps necessary to protect sensitive information in their custody, without jeopardizing their personal safety.
The “One-for-One” Rule does not apply to this proposal, as there is no change in administrative costs to business.
Small business lens
The small business lens does not apply to this proposal, as there are no costs to small businesses.
Establishing the need for a Top Secret security clearance for all NSICOP members and specific security requirements with respect to the storage, handling, and dissemination of sensitive information, is necessary to mitigate the risks of unauthorized disclosures. The requirements within the Regulations are based on established practices and procedures that govern public servants with similar levels of access to sensitive information and do not impose any restrictions that would negatively affect members’ ability to perform their duties and functions.
More specifically, codifying security requirements for storage, handling, and dissemination of sensitive information is required to mitigate potential injury to Canadian national security, national defence, or international relations, as well as the privacy interests of individuals. For example, the unauthorized disclosure of sensitive information that would reveal law enforcement and intelligence agencies’ operational methods or techniques could undermine their ability to counter threats (e.g. terrorist activity) and put officers at risk.
Law enforcement and intelligence agencies hold a significant amount of personal information that may be provided to the NSICOP for them to conduct reviews of the agencies’ activities. Law enforcement and intelligence agencies are subject to strict requirements for storage, handling, and dissemination of personal information to ensure individuals’ privacy interests are protected. Ensuring that NSICOP members are subject to similar requirements will ensure continued protection of individuals’ privacy interests.
The Regulations are also a key enabler to the proper functioning of the NSICOP, as they will provide departments and agencies confidence that information provided to the NSICOP will be properly protected. That confidence will in turn promote unimpeded and timely access for NSICOP members to the information they require to fulfill their mandate.
Implementation, enforcement and service standards
Aside from the issuance of security clearances, which would be done by the Clerk of the Privy Council, the Executive Director will be responsible for ensuring the Regulations are followed by members and may develop administrative policies to provide greater clarity on how the security requirements should be met.
Ms. Nada Vrany
Strategic Policy and Planning
Security and Intelligence
Privy Council Office
59 Sparks Street
- Footnote a
S.C. 2017, c. 15