Canada's foreign spy agency mishandled information on private communications that it had collected by mistake, according to the most recent report by a government watchdog.

Communications Security Establishment Canada (CSEC) routinely collects from signals intelligence, but is prohibited by law from directing its intelligence collection at Canadians or anyone living in Canada. The organization often collects data unintentionally.

"During my review I found instances where procedures relating to the identification of private communications were not followed correctly by CSEC employees," said Jean-Pierre Plouffe, the commissioner of Communications Security Establishment, in his latest annual report.

Communications were sometimes incorrectly marked for retention, or left unmarked for weeks. Other communications were retained for months after becoming inessential to analysts' work, he found.

All records were ultimately deleted – other than 66, which were used in CSEC reports, or retained for future use – and the CSEC acted lawfully in all affairs, Plouffe concluded. Nevertheless, he recommended that CSEC analysts immediately mark private communications for retention or deletion, and regularly review retained files not yet used in reports. It should also report more comprehensively on the retention of collected communications, he said.

Plouffe also found that metadata-gathering activities involving information about Canadians did not reflect standard practices. CSEC should tighten up its record-keeping practices regarding metadata, his report added. The recent airport metadata sampling initiative, in which CSEC sampled metadata from wireless networks at airports, did not constitute mass surveillance of Canadians, he concluded.