Canada clears SWIFT of privacy breaches

The Canadian Information and Privacy Commissioner has published her report on the investigation of the handling of personal information concerning Canadians by the Belgian based SWIFT interbank messaging cooperative, particularly the revelation last year that such information is routinely passed to US intelligence agencies.

It turns out that the SWIFT database is located in Belgium and the US, and the information provided was in response to "subpoenas" issued by the US Department of Treasury. The Commissioner found that SWIFT was required by US law to provide requested information in connection with anti-terrorism investigations. She found no breach of Canada's privacy law, but notes that other regulators have concluded that SWIFT breached relevant laws concerning the handling of information about their nationals.

The Commissioner commented that SWIFT is subject to Canadian privacy legislation in the communication of personal information to and from banks in that country, and that to facilitate greater transparency about the handling of such information, requests of this kind should be sought direct from Canadian authorities.

When this issue was raised last year, the Australian Privacy Foundation (Australians' banking records get a SWIFT kick - straight to the USA) asked the Federal Privacy Commissioner to investigate whether Australian banks complied with their obligations under the Privacy Act in participating in SWIFT. The Foundation gave a 2006 Big Brother Award for "Greatest Corporate Invader" of privacy to the Australian banks collectively.

The Federal Privacy Commissioner's website contains no reference to the issue.

As the Canadian Commissioner found, Canadian laws regarding tracking financial transactions permit provision of information to US authorities. Australian laws do likewise.