2010-11 Annual Reports on the Access to Information Act and the Privacy Act (ATIP)

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

1. The Access to Information Act

July 2011

Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, Ontario
K1A 1H3

(613) 947-1698, 1-800-282-1376
Fax (613) 947-6850
TDD (613) 992-9190
Follow us on Twitter: @privacyprivee

Introduction

The Access to Information Act (ATIA) came into effect on July 1, 1983. It provides Canadian citizens, permanent residents and any person and corporation present in Canada a right of access to information contained in government records, subject to certain specific and limited exceptions.

When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) was added to Schedule I of the ATIA along with other Agents of Parliament. So, while not initially subject to the ATIA, the OPC became so, on April 1, 2007.

Section 72 of the ATIA requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institutions during the fiscal year.

The OPC is pleased to submit its fourth Annual Report which describes how we fulfilled our responsibilities under the ATIA during the fiscal year 2010-2011.

Mandate / Mission of the OPC

The mandate of the OPC is to oversee compliance with both the Privacy Act (PA) which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.

The OPC’s mission is to protect and promote the privacy rights of individuals.

The Commissioner works independently from any other part of the government to investigate complaints from individuals with respect to the federal public sector and the private sector. In public sector matters, individuals may complain to the Commissioner about any matter specified in Section 29 of the PA.

For matters relating to personal information in the private sector, the Commissioner may investigate complaints under Section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Québec, British Columbia, and Alberta. Ontario now falls into this category with respect to personal health information held by health information custodians under its health sector privacy law. However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees. PIPEDA also applies to all personal data that flows across provincial or national borders, in the course of commercial transactions involving organizations subject to PIPEDA or to substantially similar legislation.

The Commissioner focuses on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.

As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:

Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
Pursuing legal action before Federal Courts where matters remain unresolved;
Assessing compliance with obligations contained in the Privacy Act and PIPEDA through the conduct of independent audit and review activities, and publicly report on findings;
Advising on, and review, privacy impact assessments (PIAs) of new and existing government initiatives;
Providing legal and policy analyses and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
Responding to inquiries of Parliamentarians, individual Canadians and organizations seeking information and guidance and taking proactive steps to inform them of emerging privacy issues;
Promoting public awareness and compliance, and fostering understanding of privacy rights and obligations through: proactive engagement with federal government institutions, industry associations, legal community, academia, professional associations, and other stakeholders; preparation and dissemination of public education materials, positions on evolving legislation, regulations and policies, guidance documents and research findings for use by the general public, federal government institutions and private sector organizations;
Providing legal opinions and litigate court cases to advance the interpretation and application of federal privacy laws;
Monitoring trends in privacy practices, identify systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever-increasing trans-border data flows.

Organizational Structure

The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner is assisted by two Assistant Privacy Commissioners, one responsible for matters related to the PA and the other responsible for those related to PIPEDA.

The OPC is comprised of seven distinct branches:

Privacy Act Investigations Branch

The Privacy Act (PA) Investigations Branch receives and investigates complaints from individuals who claim a breach of the Privacy Act (PA), or complaints that are initiated by the Commissioner. The Branch also receives notifications of breaches from federal government organizations, and receives and reviews public interest disclosures made by them. The Branch is headed by the Director General PA Investigations.

PIPEDA Investigations Branch

The PIPEDA Investigations Branch is divided between Ottawa and Toronto. In Ottawa, the Branch receives and investigates all complaints of national scope by individuals or initiated by the Commissioner, from anywhere in Canada except from the Greater Toronto Area (GTA). In Toronto, the Branch investigates complaints from the GTA and coordinates public education and stakeholder outreach activities in the GTA. The Branch is headed by the Director General PIPEDA in Ottawa, and the Toronto Office is headed by the Director Toronto Office, who reports to the Director General PIPEDA.

Audit and Review Branch

The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws. The Branch also analyses and provides recommendations on PIAs submitted to the OPC pursuant to the Treasury Board Secretariat Policy on PIAs. The Branch is headed by Mr. Steven Morgan, Director General.

Communications Branch

The Communications Branch focuses on providing strategic advice and support for communications and public education activities for the OPC. In addition, the Branch plans and implements a variety of public education and communications activities through media monitoring and analysis, public opinion polling, media relations, publications, special events, outreach activities and the OPC web sites. The Branch is also responsible for the OPC’s Information Centre, which responds to requests for information from the public and organizations regarding privacy rights and responsibilities.

Legal Services, Policy and Research Branch

The Legal Services, Policy and Research Branch (LSPR) provides strategic legal and policy advice and conducts research on emerging privacy issues in Canada and internationally. More specifically, the Branch provides strategic legal advice to the Commissioners and various Branch Heads on the interpretation and application of the Privacy Act and PIPEDA in investigations and audits, as well as general legal counsel on a broad range of corporate and communication matters. The Branch represents the OPC in litigation matters before the courts and in negotiations with other parties both nationally and internationally. It reviews and analyzes legislative bills, government programs, public and private sector initiatives and provides strategic advice to the Commissioners on appropriate policy positions to protect and advance privacy rights in Canada. The Branch prepares for, represents and supports the office in appearances before Parliament and in its relations with Parliamentarians. The Branch conducts applied research on the privacy implications of emerging societal and technological issues to support and inform the development of OPC policy guidance and best practices for relevant stakeholders. The Branch administers the research contribution program, which was launched in 2004, to advance knowledge and understanding of privacy issues and to promote enhanced protection of personal information. The Branch is headed by Ms. Patricia Kosseim, General Counsel.

Human Resources Management Branch

Human Resources Management Branch is responsible for the provision of strategic advice, management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation. The Branch is headed by Ms. Maureen Munhall, Director.

Corporate Services Branch

The Corporate Services Branch provides advice and integrated administrative services such as corporate planning, resource management, financial management, information management/technology and general administration to managers and staff. The Branch is headed by Mr. Tom Pulcine, Director General and Chief Financial Officer.

Office of the Privacy Commissioner of Canada

The Access to Information and Privacy (ATIP) Unit falls under the Corporate Services Branch. ATIP is headed by a Director who is supported by one Senior Analyst.

Under section 73 of the ATIA the Privacy Commissioner, as the head of the OPC, delegated her authority to the Director General of Corporate Services and to the ATIP Director with respect to the application of the ATIA and its Regulations. A copy of that Delegation Order is attached as Appendix A.

The ATIP Director also serves as the OPC’s Chief Privacy Officer.

ATIP Unit Activities

In the reporting fiscal year, ATIA Awareness Sessions were given to 59 OPC employees.

Furthermore, we were involved in the creation of IM Week in which our Division participates and provides different learning activities throughout the week.

As the OPC is a relatively small organization, sessions are also given on an as-needed basis as well.

We are looking into the possibility of an on-line refresher on Access to Information to be provided yearly to everyone in OPC.

Throughout the year the ATIP Unit has been active in providing advice to all OPC staff with respect to informal requests for access to information. ATIP has also continued to support the Information Management function by providing input concerning proper information handling practices.

The ATIP Director sits on the OPC’s Policy Development Committee and has played a collaborative role in the planning, development and updating of OPC policies, procedures and directives in order to ensure that the ATIA is respected.

Access to Information Act Statistical Report and Interpretation

The OPC’s statistical Report on the Access to Information Act is attached at Appendix D.

The OPC received 63 formal requests under the ATIA during the fiscal years, which are 11 more than the previous year. Of those, 31 sought access to records which were not under the control of the OPC and they were therefore transferred to the appropriate federal institutions for processing. The majority of transfers were to the Citizenship and Immigration Canada, Canada Revenue Agency, Correctional Service Canada and the Royal Canadian Mounted Police.

Of the 33 requests for records under the OPC’s control (one had been carried over from the previous reporting period), the ATIP Unit had responded to 33 requests by the end of the fiscal year—none were carried forward to the next fiscal year. The 33 completed requests constituted 1,864 pages of information.

Extensions were claimed with respect to 2 requests, one of which were for more than 30 days. In all, the OPC responded to 31 requests within the first 30 days and 2 requests within the extended time period.

Of the 33 requests completed during the fiscal year, 4 were for copies of OPC Briefing Notes, 3 were for the contents of Privacy Act or PIPEDA investigation files, 1 was for orientation material provided to new employees, one for a list of training sessions that OPC employees attended, one for information on a particular selection process and the remainder were for miscellaneous information.

The OPC released all of the requested documents in 8 cases and made partial releases in 13 cases. In regards to the other requests, in one instance the information was all exempted, in three instances the request was abandoned by the applicant and in seven cases, we were unable to process. One request was treated informally.

Section 16.1 was added to the ATIA as a result of the Federal Accountability Act. This provision requires that the OPC protect the information obtained during the course of its investigations or audits even once the matter and all related proceedings have been concluded. So, with respect to requests for access to PA and PIPEDA investigation files, none were released in their entirety—all had some information withheld under section 16.1 and, in some cases, information was withheld under one or more of sections 19(1), 21(1)(a) and 23 as well.

As was the case in the last reporting year, the exemption provision invoked most often was section 19(1) concerning the personal information of others, followed closely by section16.1 with respect to information the OPC received or created during the course of an investigation and section 23 with respect to solicitor-client information. However, in 8 cases this year the OPC also withheld information under one or more of sections 13(1)(a), 20(1)(b) and sections 21(1)(a) and (b) of the ATIA. Section 23 with respect to solicitor-client information was applied in two files. Section 68(a) concerning published material or material available for purchase by the public was applied in one instance during the reporting period.

Of the 63 requests received this fiscal year, 46 were submitted by the public (73.016%), 10 by the media (15.873%), 6 by businesses (9.523%) and 1 academia (1.587%).

The OPC was notified of one complaint under the Access to Information Act during the fiscal year compared to three last fiscal year. The finding that was issued by the Information Commissioner’s Office with respect to this complaint was “resolved”.

In addition to processing its own ATIA requests, the OPC was consulted on nineteen occasions on a total of 341 pages. Treasury Board Secretariat consulted us on six occasions, Public Works and Governments Services on four occasions and we were consulted once by each of the following institutions: Statistics Canada, Office of the Information Commissioner, Human Resources and Skills Development Canada, Foreign Affairs and International Trade, Royal Canadian Mounted Police, Public Safety, Health Canada, Canadian Security Intelligence Service and the Commission for Public Complaints Against the Royal Canadian Mounted Police. In 14 cases, the ATIP division recommended full disclosure of the requested records.

With respect to application fees, they amount to $140.00. None of the requests required the assessment of reproduction fees, search fees, preparation fees or computer processing time.

In most cases where records were provided, paper copies were given to the individuals. No one asked to be given access by viewing the records. One requester asked to receive records electronically and since there were no exemptions applied, we provided it on a CD.

For additional information on the OPC’s activities, please visit www.priv.gc.ca.

Additional copies of this report may be obtained from:

Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, ON K1A 1H3

Appendix A – Access to Information Act

Access to Information Act

7(a)	Respond to request for access within 30 days; give access or give notice
8(1)	Transfer of Request to government institution with greater interest
9	Extend time limit for responding to request for access
11(2), (3), (4), (5), (6)	Additional fees
12(2)(b)	Decide whether to translate requested record
12(3)	Decide whether to give access in an alternative format
13(1)	Shall refuse to disclose information obtained in confidence from another government
13(2)	May disclose any information referred to in 13(1) if the other government consents to the disclosure or makes the information public
14	May refuse to disclose information injurious to the conduct of federal-provincial affairs
15	May refuse to disclose information injurious to international affairs or defence
16	Series of discretionary exemptions related to law enforcement and investigations; security; and policing services for provinces or municipalities.
16.1(1)	In force April 1, 2007 - Specific to four named Officers of Parliament - Auditor General, Commissioner of Official Languages, Information Commissioner and Privacy Commissioner - shall refuse to disclose information obtained or created by them in the course of an investigation or audit
16.1(2)	In force April 1, 2007 - Specific to two named Officers of Parliament – Information and Privacy Commissioner - shall not refuse under 16.1(1) to disclose any information created by the Commissioner in the course of an investigation or audit once the investigation or audit and related proceedings are concluded
17	May refuse to disclose information which could threaten the safety of individuals
18	May refuse to disclose information related to economic interests of Canada
18.1(1)	May refuse to disclose confidential commercial information of Canada Post Corporation, Export Development Canada, Public Sector Pension Investment Board, or VIA Rail Inc.
18.1(2)	Shall not refuse under 18.1(1) to disclose information relating to general administration of the institution
19	Shall refuse to disclose personal information as defined in section 3 of the Privacy Act, but may disclose if individual consents, if information is publicly available, or disclosure is in accordance with section 8 of Privacy Act
20	Shall refuse to disclose third party information, subject to exceptions
21	May refuse to disclose records containing advice or recommendations
22	May refuse to disclose information relating to testing or auditing procedures
22.1	May refuse to disclose draft report of an internal audit
23	May refuse to disclose information subject to solicitor/client privilege
24	Shall refuse to disclose information where statutory prohibition (Schedule II)
25	Shall disclose any part of record that can reasonably be severed
26	May refuse to disclose where information to be published
27(1),(4)	Third party notification
28(1),(2),(4)	Receive representations of third party
29(1)	Disclosure on recommendation of Information Commissioner
33	Advise Information Commissioner of third party involvement
35(2)	Right to make representations to the Information Commissioner during an investigation
37(1)	Receive Information Commissioner’s report of findings of the investigation and give notice of action taken
37(4)	Give complainant access to information after 37(1)(b) notice
43(1)	Notice to third party (application to Federal court for review)
44(2)	Notice to applicant (application to federal Court by third party)
52(2)(b)	Request that section 52 hearing be held in the National Capital Region
52(3)	Request and be given right to make representations in section 51 hearings
71(2)	Exempt information may be severed from manuals
72(1)	Prepare annual report to Parliament

Access to Information Regulations

6(1)	Procedures relating to transfer of access request to another government institution under 8(1) of the Act
8	Form of Access

Appendix B – Discrepancies

Source of requests

OPC included in the source the transferred requests.

III – Exemptions invoked

Section 16.1 was invoked on 5 requests.

IX – Fees

OPC waived the $5.00 application fee in four instances.
The application fee was waived because of the specific nature of the information requested.

X – Costs

All operating and maintenance costs are borne by other OPC Branches, eg: Human Resources (training), Information Technology (computers, printouts, etc.), Corporate Services (supplies, mailing, etc.).

Other

The OPC received and responded to 19 consultations from other government institutions.

Appendix C – Additional Reporting Requirements

Access to Information Act

In addition to the reporting requirements addressed in form TBS/SCT 350-62 "Report on the Access to Information Act", institutions are required to report on the following using this form:

Part III – Exemptions invoked

Paragraph 13(1)(e)	not invoked
Subsection 16.1(1)(a)	not invoked
Subsection 16.1(1)(b)	not invoked
Subsection 16.1(1)(c)	not invoked
Subsection 16.1(1)(d)	This subsection was invoked in 5 requests
Subsection 16.2(1)	not invoked
Subsection 16.3	not invoked
Subsection 16.4(1)(a)	not invoked
Subsection 16.4(1)(b)	not invoked
Subsection 16.5	not invoked
Subsection 18.1(1)(a)	not invoked
Subsection 18.1(1)(b)	not invoked
Subsection 18.1(1)(c)	not invoked
Subsection 18.1(1)(d)	not invoked
Subsection 20(1)(b.1)	not invoked
Subsection 20.1	not invoked
Subsection 20.2	not invoked
Subsection 20.4	not invoked
Subsection 22.1(1)	not invoked

Part IV – Exclusions cited

Subsection 68.1	not invoked
Subsection 68.2(a)	not invoked
Subsection 68.2(b)	not invoked
Subsection 69.1(1)	not invoked

REPORT ON THE ACCESS TO INFORMATION ACT

Institution				Reporting period / Période visée par le rapport
Office of the Privacy Commissioner of Canada				04/01/2010 to/à 03/31/2011
Source	Media / Médias	Academia / Secteur universitatire	Business / Secteur commercial	Organization / Organisme	Public
Source	10	1	6	0	46

I *Requests under the Access to Information Act / Demandes en vertu de la Loi sur l'accès à l'information*
Received during reporting period / Reçues pendant la période visée par le rapport		63
Outstanding from previous period / En suspens depuis la période antérieure		1
TOTAL		64
Completed during reporting period / Traitées pendant la période visées par le rapport		64
Carried forward / Reportées		0

II *Dispositon of requests completed / Disposition à l'égard des demandes traitées*
1.	All disclosed / Communication totale	8
2.	Disclosed in part / Communication partielle	13
3.	Nothing disclosed (excluded) / Aucune communication (exclusion)	0
4.	Nothing disclosed (exempt) / Aucune communication (exemption)	1
5.	Transferred / Transmission	31
6.	Unable to process / Traitement impossible	7
7.	Abandoned by applicant / Abandon de la demande	3
8.	Treated informally / Traitement non officiel	1
TOTAL		57

**III** *Exemptions invoked / Exceptions invoquées*
S. Art. 13(1)(a)	S. Art 16(1)(a)	S. Art. 18(b)	0	S. Art. 21(1)(a)	3
(b)	(b)	(c)	0	(b)	3
(c)	(c)	(d)	0	(c)	0
(d)	(d)	S. Art. 19(1)	10	(d)	0
S. Art. 14	S. Art. 16(2)	S. Art. 20(1)(a)	0	S. Art.22	0
S. 15(1) International rel. / Art. Relations interm.	S. Art. 16(3)	(b)	1	S. Art. 23	2
Defence / Défense	S. Art. 17	(c)	0	S. Art. 24	0
Subversive activities / Activités subversives	S. Art. 18(a)	(d)	0	S. Art 26	0

IV *Exclusions cited /Exclusions citées*
S. / Art. 68(a)	1	S. / Art. 69(1)(c)	0
(b)	0	(d)	0
(c)	0	(e)	0
S. / Art. 69(1)(a)	0	(f)	0
(b)	0	(g)	0

V *Completion time /Délai de traitement*
30 days or under / 30 jours ou moins	62
31 to 60 days / De 31 à 60 jours	1
61 to 120 days /De 61 à 120 jours	1
121 days or over / 121 jours ou plus	0

VI *Extensions /Prorogations des délais*
	30 days or under / 30 jours ou moins	31 days or over / 31 jours ou plus
Searching / Recherche	1
Consultation	1
Third party / Tiers	0
TOTAL	2

**VII** *Translations /Traduction*
Translations requested / Traductions demandées		0
Translations prepared / Traductions préparées	English to French / De l'anglais au français	0
Translations prepared / Traductions préparées	French to English / Du français à l'anglais	0

**VIII** *Method of access /Méthode de consultation*
Copies given / Copies de l'original	21
Examination / Examen de l'original	0
Copies and examination / Copies et examen	0

IX *Fees /Frais*
Net fees collected / Frais net perçus
Application fees / Frais de la demande	$140.00	Preparation / Préparation	$0.00
Reproduction	$0.00	Computer processing / Traitement informatique	$0.00
Searching / Recherche	$0.00	TOTAL	$140.00
Fees waived / Dispense de frais		No. of times / Nombre de fois	$
$25.00 or under / 25 $ ou moins		1	$20.00
Over $25.00 /De plus de 25 $		0	$0.00

X *Costs / Coûts*
Financial (all reasons) / Financiers (raisons)
Salary / Traitement	$	66,946.00
Administration (O and M) / Administration (fonctionnement et maintien)	$	0.00
TOTAL	$	66,946.00
Person year utilization (all reasons) / Années-personnes utilisées (raison)
Person year (decimal format) / Années-personnes (nombre décimal)	.752

TBS/SCT 350-62 (Rev. 1999/03)

2. The Privacy Act

July 2011

Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, Ontario
K1A 1H3

(613) 947-1698, 1-800-282-1376
Fax (613) 947-6850
TDD (613) 992-9190
Follow us on Twitter: @privacyprivee

Introduction

The Privacy Act came into effect On July 1, 1983. This Act imposes obligations on federal government departments and agencies to respect the privacy rights of individuals by limiting the collection, use and disclosure of personal information. The Act also gives individuals the right of access to their personal information and the right to request the correction of that information.

When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) was added to the Schedule of the Privacy Act along with other Agents of Parliament. So, while not initially subject to the Act, the OPC became so on April 1, 2007.

Section 72 of the Act requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institutions during the fiscal year.

The OPC is pleased to submit our fourth Annual Report which describes how we fulfilled our responsibilities under the Privacy Act during the fiscal year 2010-2011.

Mandate / Mission of the OPC

The OPC’s mission is to protect and promote the privacy rights of individuals.

As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:

Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
Pursuing legal action before Federal Courts where matters remain unresolved;
Assessing compliance with obligations contained in the Privacy Act and PIPEDA through the conduct of independent audit and review activities, and publicly report on findings;
Advising on, and review, privacy impact assessments (PIAs) of new and existing government initiatives;
Providing legal and policy analyses and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
Responding to inquiries of Parliamentarians, individual Canadians and organizations seeking information and guidance and taking proactive steps to inform them of emerging privacy issues;
Promoting public awareness and compliance, and fostering understanding of privacy rights and obligations through: proactive engagement with federal government institutions, industry associations, legal community, academia, professional associations, and other stakeholders; preparation and dissemination of public education materials, positions on evolving legislation, regulations and policies, guidance documents and research findings for use by the general public, federal government institutions and private sector organizations;
Providing legal opinions and litigate court cases to advance the interpretation and application of federal privacy laws;
Monitoring trends in privacy practices, identify systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever-increasing trans-border data flows.