2013-14 Annual Reports on the Access to Information Act and the Privacy Act (ATIP)
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
1. The Access to Information Act
September 2014
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec
K1A 1H3
819-994-5444, 1-800-282-1376
Fax 819-994-5424
Follow us on Twitter: @privacyprivee
Introduction
The Access to Information Act (ATIA) came into effect on July 1, 1983. It provides Canadian citizens, permanent residents and any person and corporation present in Canada a right of access to information contained in government records, subject to certain specific and limited exceptions.
When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) was added to Schedule I of the ATIA along with other Agents of Parliament. Therefore, while not initially subject to the ATIA, the OPC became so on April 1, 2007.
Section 72 of the ATIA requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institutions during the fiscal year.
The OPC is pleased to submit its seventh Annual Report which describes how we fulfilled our responsibilities under the ATIA in 2013-2014.
Mandate and Mission of the OPC
The mandate of the OPC is to oversee compliance with both the Privacy Act (PA), which covers the personal information handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.
The OPC’s mission is to protect and promote the privacy rights of individuals.
The Commissioner works independently from any other part of the government to investigate privacy complaints from individuals with respect to the federal public sector and certain aspects of the private sector. In public sector matters, individuals may complain to the Commissioner about any matter specified in section 29 of the PA.
For matters relating to personal information in the private sector, the Commissioner may investigate complaints under section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Quebec, British Columbia, and Alberta. Ontario, New Brunswick and Newfoundland and Labrador now fall into this category with respect to personal health information held by health information custodians under their health sector privacy laws. However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees. PIPEDA also applies to all personal data that flows across provincial or national borders, in the course of commercial activities.
The Commissioner focuses on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary cooperation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the complainant or the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.
As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:
- Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
- Pursuing legal action before federal courts where appropriate to resolve outstanding matters;
- Assessing compliance with obligations contained in the PA and PIPEDA through the conduct of independent audit and review activities;
- Advising on, and reviewing, Privacy Impact Assessments (PIAs) of new and existing government initiatives;
- Providing legal and policy analyses and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
- Responding to inquiries from parliamentarians, individual Canadians and organizations seeking information and guidance, and taking proactive steps to inform them of emerging privacy issues;
- Promoting privacy awareness and compliance, and fostering understanding of privacy rights and obligations through proactive engagement with federal government institutions, private-sector organizations, industry associations, legal community, academia, professional associations, and other stakeholders;
- Preparing and disseminating public education materials, positions on evolving legislation, regulations and policies, guidance documents and fact sheets for use by the general public, federal government institutions and private sector organizations;
- Conducting research and monitoring trends in technological advances and privacy practices, identify systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
- Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever increasing transborder data flows.
Organizational Structure
The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner may be assisted by an Assistant Commissioner, who has delegated responsibilities under both the PA and PIPEDA. At the time of writing this report, the position has been vacant since December 2013.
The OPC is structured in the following way:
Executive Secretariat
The Executive Secretariat ensures effective liaison and coordination with internal and external stakeholders and provides strategic advice so that the Commissioner and Assistant Commissioner are able to carry out their mandate to protect and promote privacy rights of individuals.
Privacy Act Investigations Branch
The PA Investigations Branch receives and investigates complaints from individuals who claim a breach of the PA, or complaints that are initiated by the Commissioner. The Branch also receives notifications of breaches from federal government organizations, and receives and reviews public interest disclosures made by them.
PIPEDA Investigations Branch
The PIPEDA Investigations Branch is divided between Ottawa and Toronto. In Ottawa, the Branch receives and investigates complaints of national scope by individuals or initiated by the Commissioner, from anywhere in Canada. In Toronto, the Branch investigates complaints particularly from the Greater Toronto Area (GTA) and coordinates public education and stakeholder outreach activities in the GTA.
Audit and Review Branch
The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws. The Branch also analyses and provides recommendations on Privacy Impact Assessments (PIAs) submitted to the OPC pursuant to the Treasury Board Secretariat Policy on Privacy Impact Assessments.
Communications Branch
The Communications Branch focuses on providing strategic advice and support for communications and public education activities for the OPC. In addition, the Branch plans and implements a variety of public education and communications activities through media monitoring and analysis, public opinion polling, media relations, publications, special events, outreach activities and the OPC web sites. The Branch is also responsible for the OPC’s Information Centre, which responds to requests for information from the public and organizations regarding privacy rights and responsibilities.
Legal Services, Policy and Research Branch
The Legal Services, Policy, Research and Technology Analysis Branch (LSPRTA) provides strategic legal and policy advice and conducts research on emerging privacy issues in Canada and internationally. More specifically, the Branch provides strategic legal advice to the Commissioners and various Branch Heads on the interpretation and application of the PA and PIPEDA in investigations and audits, as well as general legal counsel on a broad range of corporate and communication matters. LSPRTA represents the OPC in litigation matters before the courts and in negotiations with other parties both nationally and internationally. It reviews and analyzes legislative bills, government programs, public and private sector initiatives and provides strategic advice to the Commissioners on appropriate policy positions to protect and advance privacy rights in Canada. The Branch prepares for, represents and supports the Office in appearances before Parliament and in its relations with parliamentarians. Its analysts conduct applied research on the privacy implications of emerging societal and technological issues to support and inform the development of OPC policy guidance and best practices for relevant stakeholders. The Branch administers the OPC Research Contributions Program, which was launched in 2004, to advance knowledge and understanding of privacy issues and to promote enhanced protection of personal information. LSPRTA also identifies and analyzes technological trends and developments in electronic platforms and digital media; conducts research to assess the impact of technology on the protection of personal information in the digital world and provides strategic analysis and guidance on complex, varied and sensitive technological issues involving breaches in the security of government and commercial systems that store personal information.
Human Resources Management Branch
The Human Resources Management Branch is responsible for the provision of strategic advice, management and delivery of comprehensive human resources management programs in areas such as staffing, classification, staff relations, human resources planning, learning and development, employment equity, official languages and compensation.
Corporate Services Branch
The Corporate Services Branch provides advice and integrated administrative services such as corporate planning, resource management, financial management, information management and information technology, and general administration to managers and staff.
Access to Information and Privacy Directorate
The Acess to Infromation and Privacy (ATIP) Directorate is responsible for responding to formal requests for information from the public pursuant to the Access to Information Act and the Privacy Act. The ATIP Directorate is also responsible for developing internal policies and ensuring compliance relative to these acts.
Office of the Privacy Commissioner of Canada
Text version
Organizational Chart
Office of the Privacy Commissioner of Canada
- Privacy Commissioner
- Executive Secretariat
- Assistant Privacy Commissioner
- Audit and Review Branch
- Personal Information Protection and Electronic Documents Act (PIPEDA) Investigations Branch
- Privacy Act Investigations Branch
- Communications Branch
- Legal Services, Policy, Research and Technology Analysis Branch
- Corporate Services Branch
- Human Resources Management Branch
- Access to Information and Privacy Directorate
The ATIP Directorate is headed by a Director who is supported by two senior analysts.
Under section 73 of the ATIA, as the head of the OPC, the Privacy Commissioner’s authority has been delegated to the ATIP Director with respect to the application of the ATIA and its Regulations. A copy of that Delegation Order is attached as Appendix A.
The ATIP Director also serves as the OPC’s Chief Privacy Officer.
ATIP Directorate Activities – 2013-14
Training employees
In the reporting fiscal year, ATIP Training Sessions were offered to all new OPC employees and those returning from extended leave or temporary assignments elsewhere. The OPC has committed to training all new staff within three months of their arrival. At the conclusion of the year, 100% of new and returning employees had participated in the training sessions. Additionally, each Branch received an ATIP awareness session to reinforce knowledge of their responsibilities with respect to access and privacy legislation. The ATIP office also provides sessions as needed.
Enabling the organization
Throughout the year, the ATIP Directorate has been active in providing advice to all OPC staff with respect to informal requests for information. ATIP has also continued to support the Information Management function by providing advice on internal information handling practices. Notably, the ATIP Directorate played an active role in assisting in the creation of the OPC knowledge center. One of the key features of this new tool allows OPC staff to search depersonalized reports of findings from previous PA and PIPEDA investigations. These reports had historically been destroyed at the end of their respective retention periods. The ATIP Directorate depersonalized over ten years of reports allowing the OPC to preserve valuable corporate memory.
Contributing actively to decision making
The ATIP Director has played a collaborative role in the planning, development and updating of OPC policies, procedures and directives. The ATIP Director also sits on the OPC’s key strategic decision-making committees. The OPC’s recognition of the importance of integrating the ATIP Director in its core decision-making committees has ensured that the Access to Information Act is respected.
Implementing a new reporting structure
During the final quarter of the year, it was decided that the OPC ATIP Directorate would report directly to the Commissioner. This decision was in keeping with a recommendation that the OPC had made to other organizations, whereby the independence of the Chief Privacy Officer is ensured by having that function report directly to the head of the organization. This new reporting structure underlines the importance the OPC attributes to functions carried out by the ATIP Directorate and the need to ensure that it has independence and direct access to the organization head.
Access to Information Act Statistical Report and Interpretation
The OPC’s Statistical Report on the ATIA is attached in Appendix B.
The OPC received 98 formal requests under the ATIA during the 2013-14 fiscal year, which is nearly double from the previous year. Of those, 14 sought access to records which were not under the OPC’s control; these requests were therefore transferred to the appropriate federal institutions for processing. The majority of transfers were made to the Department of National Defence.
Requests under the ATIA
Text version
Requests under the ATIA
| Year | 2011/2012 | 2012/2013 | 2013/2014 |
|---|---|---|---|
| Received | 64 | 50 | 98 |
| Transferred | 21 | 20 | 14 |
| Processed | 37 | 36 | 70 |
In 2013-14, the ATIP Directorate responded to 84 new requests for information under the OPC’s control, which represented 3,862 pages of information.
Extensions were claimed with respect to 17 requests. In all, the OPC responded to 56 requests within the first 30 days and 17 requests within the extended time period, four of which were for more than 30 days.
Of the 84 requests completed during the fiscal year, 15 were for the contents of PA or PIPEDA investigation files, 13 related to information regarding privacy breaches that had been reported to the OPC, 11 sought access to correspondence sent and received by the Commissioner, 7 were for records relating to meetings between the OPC and various political parties, 3 were for information regarding bills that were introduced in the House of Commons and the remainder were for miscellaneous information.
The OPC endeavors to release as much information as possible. In 15 of the 84 requests processed, the documents were released in their entirety, in 34 cases the OPC made partial releases, and in only 1 instance was the information withheld entirely. Of the remaining requests, seven were abandoned by the applicants and in 12 cases no relevant records were found.
Section 16.1(1)(d) of the ATIA prohibits the OPC from releasing information it obtained during the course of its investigations or audits, even after the matter and all related proceedings have been concluded. The OPC, however, cannot refuse to disclose information it created during the course of an investigation or audit, once they and any related proceedings are completed – and subject to any applicable exemptions. With respect to requests for access to PA and PIPEDA investigation files, none were disclosed in their entirety—all had some information withheld under section 16.1(1)(d) and, in some cases, information was withheld under one or more of sections 19(1), 20(1)(b), 20(1)(c), 21(1)(a), 21(1)(b) and 23 as well.
As was the case in the previous reporting years, the exemption provision invoked most often was section 19(1) concerning the personal information of others, followed closely by section 16.1 with respect to information the OPC received or created during the course of an investigation and section 20 which protects information about a third party. In other cases this year the OPC also withheld information under one or more of sections 13(1), 15(1), 16(1)(c), 16(2)(c), 21(1)(a), (b) and 23 of the ATIA.
Of the 98 requests received this fiscal year, 53 were submitted by the public (54%), 37 by the media (38%), 5 by businesses (5%), 2 by academia (2%) and 1 by an organization (1%).
Requests under ATIA by Source
Text version
Requests under the ATIA by Source
| Year | 2011/2012 | 2012/2013 | 2013/2014 |
|---|---|---|---|
| Media | 10 | 9 | 37 |
| Business | 21 | 8 | 5 |
| Public | 27 | 28 | 53 |
| Academia | 5 | 3 | 2 |
| Organisation | 1 | 2 | 1 |
In addition to processing its own ATIA requests, the OPC was consulted on 29 occasions on a total of 288 pages. The Canada Border Services Agency consulted our Office the most often, requesting our representations on seven occasions; Industry Canada and the Canada Revenue Agency consulted our Office on three occasions; Justice Canada, the Treasury Board Secretariat, the Royal Canadian Mounted Police, Employment and Social Development Canada, and Public Works and Government Services Canada each consulted our Office on two occasions. We were consulted once by each of the following institutions: the Office of the Information Commissioner; the Correctional Service of Canada; the Canadian Radio-television and Telecommunications Commission; the Financial Transactions and Reports Analysis Centre of Canada; and Health Canada. In 23 of the 29 cases, the OPC recommended full disclosure of the requested records.
Application fees amounted to $480.00 during the reporting period. In two instances the OPC waived the application fees. None of the requests required the assessment of reproduction fees, search fees, preparation fees or computer processing time.
In most cases where records were provided, electronic copies were given to the individuals. No one asked to be given access by viewing the records.
Access to Information Act complaints against the OPC
This fiscal year the OPC was notified by the OIC of seven complaints under the ATIA. Findings were issued by the Office of Information Commissioner (OIC) with respect to five complaints; in those cases the OIC concluded these complaints were “well founded”. The two other complaints are still ongoing. The OPC has three outstanding complaints under the ATIA from previous fiscal years for which findings from the OIC are expected in 2014-2015.
For additional information on the OPC’s activities, please visit www.priv.gc.ca.
Additional copies of this report may be obtained from:
Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec K1A 1H3
Appendix A – Access to Information Act
Delegation Order
The Interim Privacy Commissioner of Canada, as the head of the government institution, hereby designates puruant to section 73 of the Access to Information Act, the person holding the position set out below, or the person occupying on an acting basis that position, to exercise the powers, duties or functions of the Privacy Commissioner as specified below and as more fully described in Annex A:
| Position | Sections of Access to Information Act |
|---|---|
| Director, ATIP | Act: 4(2.1), 7, 8(1), 9, 11(2) to (6), 12(2) and (3), 13 to 24, 25, 26, 27(1) and (4), 28(1), (2) and (4), 29(1), 32, 33, 35(2), 37(1) and (4), 29(1), 32, 33, 35(2), 37(1) and (4), 43(1), 44(2), 52(2) and (3), 69, 71, 72(1); and Regulations: 5, 6,(1), 7(2) and (3), 8, and 8.1. |
This delegation of authority supersedes any previous delegation of the powers, duties and functions set out herein.
Dated at the City of Ottawa, this 9th day of January, 2014.
(Original signed by)
Chantal Bernier
Interim Privacy Commissioner of Canada
Access to Information Act
12(3)Decide whether to give access in an alternative format| 4(2.1) | Shall assist the person in connection with the request, respond to the request accurately and completely and provide timely access in the format requested |
|---|---|
| 7 | Respond to request for access within 30 days; give access or give notice |
| 8(1) | Transfer of Request to government institution with greater interest |
| 9 | Extend time limit for responding to request for access |
| 11(2), (3), (4), (5), (6) | Additional fees |
| 12(2)(b) | Decide whether to translate requested record |
| 13(1) | Shall refuse to disclose information obtained in confidence from another government |
| 13(2) | May disclose any information referred to in 13(1) if the other government consents to the disclosure or makes the information public |
| 14 | May refuse to disclose information injurious to the conduct of federal-provincial affairs |
| 15 | May refuse to disclose information injurious to international affairs or defence |
| 16 | Series of discretionary exemptions related to law enforcement and investigations; security; and policing services for provinces or municipalities. |
| 16.1(1) | In force April 1, 2007 - Specific to four named Officers of Parliament - Auditor General, Commissioner of Official Languages, Information Commissioner and Privacy Commissioner - shall refuse to disclose information obtained or created by them in the course of an investigation or audit |
| 16.1(2) | In force April 1, 2007 - Specific to two named Officers of Parliament – Information and Privacy Commissioner - shall not refuse under 16.1(1) to disclose any information created by the Commissioner in the course of an investigation or audit once the investigation or audit and related proceedings are concluded |
| 17 | May refuse to disclose information which could threaten the safety of individuals |
| 18 | May refuse to disclose information related to economic interests of Canada |
| 18.1(1) | May refuse to disclose confidential commercial information of Canada Post Corporation, Export Development Canada, Public Sector Pension Investment Board, or VIA Rail Inc. |
| 18.1(2) | Shall not refuse under 18.1(1) to disclose information relating to general administration of the institution |
| 19 | Shall refuse to disclose personal information as defined in section 3 of the Privacy Act, but may disclose if individual consents, if information is publicly available, or disclosure is in accordance with section 8 of Privacy Act |
| 20 | Shall refuse to disclose third party information, subject to exceptions |
| 21 | May refuse to disclose records containing advice or recommendations |
| 22 | May refuse to disclose information relating to testing or auditing procedures |
| 22.1 | May refuse to disclose draft report of an internal audit |
| 23 | May refuse to disclose information subject to solicitor/client privilege |
| 24 | Shall refuse to disclose information where statutory prohibition (Schedule II) |
| 25 | Shall disclose any part of record that can reasonably be severed |
| 26 | May refuse to disclose where information to be published |
| 27(1),(4) | Third party notification |
| 28(1),(2),(4) | Receive representations of third party |
| 29(1) | Disclosure on recommendation of Information Commissioner |
| 32 | Receive notice of investigation by Information Commissioner |
| 33 | Advise Information Commissioner of third party involvement |
| 35(2) | Right to make representations to the Information Commissioner during an investigation |
| 37(1) | Receive Information Commissioner’s report of findings of the investigation and give notice of action taken |
| 37(4) | Give complainant access to information after 37(1)(b) notice |
| 43(1) | Notice to third party (application to Federal court for review) |
| 44(2) | Notice to applicant (application to federal Court by third party) |
| 52(2)(b) | Request that section 52 hearing be held in the National Capital Region |
| 52(3) | Request and be given right to make representations in section 51 hearings |
| 69 | Refuse to provide information that is excluded from the Act as a cabinet confidence |
| 71(2) | Provide facilities for public to inspect manuals; exempt information may be severed from manuals |
| 72(1) | Prepare annual report to Parliament |
Access to Information Regulations
| 5 | Inform requester of certain procedures regarding access |
|---|---|
| 6(1) | Procedures relating to transfer of access request to another government institution under 8(1) of the Act |
| 7(2) and (3) | Require payment of additional fees for access in certain situations |
| 8 | Form of Access |
| 8.1 | Determinations with respect to the conversion of records into different formats |
Appendix B – Additional Reporting Requirements
Access to Information Act
In addition to the reporting requirements addressed in form TBS/SCT 350-62 "Report on the Access to Information Act", institutions are required to report on the following using this form:
Part III – Exemptions invoked
| Paragraph 13(1)(e) | not invoked |
|---|---|
| Subsection 16.1(1)(a) | not invoked |
| Subsection 16.1(1)(b) | not invoked |
| Subsection 16.1(1)(c) | not invoked |
| Subsection 16.1(1)(d) | This subsection was invoked in 12 requests |
| Subsection 16.2(1) | not invoked |
| Subsection 16.3 | not invoked |
| Subsection 16.4(1)(a) | not invoked |
| Subsection 16.4(1)(b) | not invoked |
| Subsection 16.5 | not invoked |
| Subsection 18.1(1)(a) | not invoked |
| Subsection 18.1(1)(b) | not invoked |
| Subsection 18.1(1)(c) | not invoked |
| Subsection 18.1(1)(d) | not invoked |
| Subsection 20(1)(b.1) | not invoked |
| Subsection 20.1 | not invoked |
| Subsection 20.2 | not invoked |
| Subsection 20.4 | not invoked |
| Subsection 22.1(1) | not invoked |
Part IV – Exclusions cited
| Subsection 68.1 | not invoked |
|---|---|
| Subsection 68.2(a) | not invoked |
| Subsection 68.2(b) | not invoked |
| Subsection 69.1(1) | not invoked |
Statistical Report on the Access to Information Act
Name of institution: Office of the Privacy Commissioner of Canada
Reporting period: 01/04/2013 to 31/03/2014
Part 1 – Requests under the Access to Information Act
| Number of Requests | |
|---|---|
| Received during reporting period | 98 |
| Outstanding from previous reporting period | 0 |
| Total | 98 |
| Closed during reporting period | 84 |
| Carried over to next reporting period | 14 |
| Source | Number of Requests |
|---|---|
| Media | 37 |
| Academia | 2 |
| Business (Private Sector) | 5 |
| Organization | 1 |
| Public | 53 |
| Total | 98 |
Part 2 - Requests closed during the reporting period
| Disposition of requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 6 | 8 | 1 | 0 | 0 | 0 | 0 | 15 |
| Disclosed in part | 5 | 9 | 16 | 3 | 0 | 1 | 0 | 34 |
| All exempted | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 10 | 2 | 0 | 0 | 0 | 0 | 0 | 12 |
| Request transferred | 14 | 0 | 0 | 0 | 0 | 0 | 0 | 14 |
| Request abandoned | 4 | 3 | 0 | 0 | 0 | 0 | 0 | 7 |
| Treated informally | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| Total | 41 | 22 | 17 | 3 | 0 | 1 | 0 | 84 |
| Section | Number of requests |
|---|---|
| 13(1)(a) | 0 |
| 13(1)(b) | 0 |
| 13(1)(c) | 0 |
| 13(1)(d) | 1 |
| 13(1)(e) | 0 |
| 14(a) | 0 |
| 14(b) | 0 |
| 15(1) - I.A.Footnote * | 1 |
| 15(1) - Def.Footnote ** | 0 |
| 15(1) - S.A.Footnote *** | 0 |
| 16(1)(a)(i) | 0 |
| 16(1)(a)(ii) | 0 |
| 16(1)(a)(iii) | 0 |
| 16(1)(b) | 0 |
| 16(1)(c) | 2 |
| 16(1)(d) | 0 |
| 16(2)(a) | 0 |
| 16(2)(b) | 0 |
| 16(2)(c) | 3 |
| 16(3) | 0 |
| 16.1(1)(a) | 0 |
| 16.1(1)(b) | 0 |
| 16.1(1)(c) | 0 |
| 16.1(1)(d) | 12 |
| 16.2(1) | 0 |
| 16.3 | 0 |
| 16.4(1)(a) | 0 |
| 16.4(1)(b) | 0 |
| 16.5 | 0 |
| 17 | 0 |
| 18(a) | 0 |
| 18(b) | 1 |
| 18(c) | 0 |
| 18(d) | 0 |
| 18.1(1)(a) | 0 |
| 18.1(1)(b) | 0 |
| 18.1(1)(c) | 0 |
| 18.1(1)(d) | 0 |
| 19(1) | 32 |
| 20(1)(a) | 0 |
| 20(1)(b) | 3 |
| 20(1)(b.1) | 0 |
| 20(1)(c) | 8 |
| 20(1)(d) | 1 |
| 20.1 | 0 |
| 20.2 | 0 |
| 20.4 | 0 |
| 21(1)(a) | 5 |
| 21(1)(b) | 3 |
| 21(1)(c) | 0 |
| 21(1)(d) | 0 |
| 22 | 0 |
| 22.1(1) | 0 |
| 23 | 2 |
| 24(1) | 0 |
| 26 | 0 |
| Section | Number of requests |
|---|---|
| 68(a) | 1 |
| 68(b) | 0 |
| 68(c) | 0 |
| 68.1 | 0 |
| 68.2(a) | 0 |
| 68.2(b) | 0 |
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69(1)(c) | 0 |
| 69(1)(d) | 0 |
| 69(1)(e) | 0 |
| 69(1)(f) | 0 |
| 69(1)(g) re (a) | 0 |
| 69(1)(g) re (b) | 0 |
| 69(1)(g) re (c) | 0 |
| 69(1)(g) re (d) | 0 |
| 69(1)(g) re (e) | 0 |
| 69(1)(g) re (f) | 0 |
| 69.1(1) | 0 |
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 11 | 4 | 0 |
| Disclosed in part | 22 | 12 | 0 |
| Total | 33 | 16 | 0 |
2.5 Complexity
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 236 | 236 | 15 |
| Disclosed in part | 4,599 | 3,626 | 34 |
| All exempted | 2 | 0 | 1 |
| All excluded | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 7 |
| Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 15 | 236 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 26 | 863 | 6 | 1,303 | 1 | 444 | 1 | 1,016 | 0 | 0 |
| All exempted | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 7 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 49 | 1,099 | 6 | 1,303 | 1 | 444 | 1 | 1,016 | 0 | 0 |
| Disposition | Consultation required | Assessment of fees | Legal advice sought | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 2 | 0 | 0 | 0 | 2 |
| Disclosed in part | 22 | 0 | 4 | 0 | 26 |
| All exempted | 0 | 0 | 1 | 0 | 1 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 0 | 0 | 0 | 0 | 0 |
| Total | 24 | 0 | 5 | 0 | 29 |
2.6 Deemed refusals
| Number of requests closed past the statutory deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 0 | 0 | 0 | 0 | 0 |
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Part 3 - Extensions
| Disposition of requests where an extension was taken | 9(1)(a) Interference with operations |
9(1)(b) Consultation |
9(1)(c) Third party notice |
|
|---|---|---|---|---|
| Section 69 | Other | |||
| All disclosed | 0 | 0 | 1 | 0 |
| Disclosed in part | 0 | 0 | 16 | 5 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 17 | 5 |
| Length of extensions | 9(1)(a) Interference with operations |
9(1)(b) Consultation |
9(1)(c) Third party notice |
|
|---|---|---|---|---|
| Section 69 | Other | |||
| 30 days or less | 0 | 0 | 12 | 5 |
| 31 to 60 days | 0 | 0 | 4 | 0 |
| 61 to 120 days | 0 | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 1 | 0 |
| 365 days or more | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 17 | 5 |
Part 4 - Fees
| Fee Type | Fee Collected | Fee Waived or Refunded | ||
|---|---|---|---|---|
| Number of requests | Amount | Number of requests | Amount | |
| Application | 96 | $480 | 2 | $10 |
| Search | 0 | $0 | 0 | $0 |
| Production | 0 | $0 | 0 | $0 |
| Programming | 0 | $0 | 0 | $0 |
| Preparation | 0 | $0 | 0 | $0 |
| Alternative format | 0 | $0 | 0 | $0 |
| Reproduction | 0 | $0 | 0 | $0 |
| Total | 96 | $480 | 2 | $10 |
Part 5 - Consultations received from other institutions and organizations
| Consultations | Other government institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during reporting period | 29 | 279 | 0 | 0 |
| Outstanding from the previous reporting period | 1 | 14 | 0 | 0 |
| Total | 30 | 293 | 0 | 0 |
| Closed during the reporting period | 29 | 288 | 0 | 0 |
| Pending at the end of the reporting period | 1 | 5 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 22 | 1 | 0 | 0 | 0 | 0 | 0 | 23 |
| Disclose in part | 3 | 1 | 1 | 0 | 0 | 0 | 0 | 5 |
| Exempt entirely | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 25 | 3 | 1 | 0 | 0 | 0 | 0 | 29 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 6 - Completion time of consultations on Cabinet confidences
| Number of days | Number of responses received | Number of responses received past deadline |
|---|---|---|
| 1 to 15 | 0 | 0 |
| 16 to 30 | 0 | 0 |
| 31 to 60 | 0 | 0 |
| 61 to 120 | 0 | 0 |
| 121 to 180 | 0 | 0 |
| 181 to 365 | 0 | 0 |
| More than 365 | 0 | 0 |
| Total | 0 | 0 |
Part 7 - Resources related to the Access to Information Act
| Expenditures | Amount |
|---|---|
| Salaries | $38,278 |
| Overtime | $0 |
| Goods and Services | $3,730 |
|
$2,970 |
|
$760 |
| Total | $42,008 |
| Resources | Dedicated full-time to ATI activities | Dedicated part-time to ATI activities | Total |
|---|---|---|---|
| Full-time employees | 0.00 | 0.57 | 0.57 |
| Part-time and casual employees | 0.00 | 0.00 | 0.00 |
| Regional staff | 0.00 | 0.00 | 0.00 |
| Consultants and agency personnel | 0.02 | 0.00 | 0.02 |
| Students | 0.00 | 0.00 | 0.00 |
| Total | 0.02 | 0.57 | 0.59 |
2. The Privacy Act
September 2014
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec
K1A 1H3
819-994-5444, 1-800-282-1376
Fax 819-994-5424
Follow us on Twitter: @privacyprivee
Introduction
The Privacy Act came into effect On July 1, 1983. This Act imposes obligations on federal government departments and agencies to respect the privacy rights of individuals by limiting the collection, use and disclosure of personal information. The Act also gives individuals the right of access to their personal information and the right to request the correction of that information.
When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) was added to the Schedule of the Privacy Act along with other Agents of Parliament. Therefore, while not initially subject to the Act, the OPC became so on April 1, 2007.
Section 72 of the Act requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institutions during the fiscal year.
The OPC is pleased to submit its seventh Annual Report which describes how we fulfilled our responsibilities under the Privacy Act in 2013-2014.
Mandate and Mission of the OPC
The mandate of the OPC is to oversee compliance with both the Privacy Act (PA), which covers the personal information handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s federal private-sector privacy law.
The OPC’s mission is to protect and promote the privacy rights of individuals.
The Commissioner works independently from any other part of the government to investigate privacy complaints from individuals with respect to the federal public sector and certain aspects of the private sector. In public sector matters, individuals may complain to the Commissioner about any matter specified in section 29 of the PA.
For matters relating to personal information in the private sector, the Commissioner may investigate complaints under section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Quebec, British Columbia, and Alberta. Ontario, New Brunswick and Newfoundland and Labrador now fall into this category with respect to personal health information held by health information custodians under their health sector privacy laws. However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees. PIPEDA also applies to all personal data that flows across provincial or national borders, in the course of commercial activities.
The Commissioner focuses on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary cooperation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the complainant or the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.
As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:
- Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
- Pursuing legal action before federal courts where appropriate to resolve outstanding matters;
- Assessing compliance with obligations contained in the PA and PIPEDA through the conduct of independent audit and review activities;
- Advising on, and reviewing, Privacy Impact Assessments (PIAs) of new and existing government initiatives;
- Providing legal and policy analyses and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
- Responding to inquiries from parliamentarians, individual Canadians and organizations seeking information and guidance, and taking proactive steps to inform them of emerging privacy issues;
- Promoting privacy awareness and compliance, and fostering understanding of privacy rights and obligations through proactive engagement with federal government institutions, private-sector organizations, industry associations, legal community, academia, professional associations, and other stakeholders;
- Preparing and disseminating public education materials, positions on evolving legislation, regulations and policies, guidance documents and fact sheets for use by the general public, federal government institutions and private sector organizations;
- Conducting research and monitoring trends in technological advances and privacy practices, identify systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
- Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever increasing transborder data flows.
Organizational Structure
The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner may be assisted by an Assistant Commissioner, who has delegated responsibilities under both the PA and PIPEDA. At the time of writing this report, the position has been vacant since December 2013.
The OPC is structured in the following way:
Executive Secretariat
The Executive Secretariat ensures effective liaison and coordination with internal and external stakeholders and provides strategic advice so that the Commissioner and Assistant Commissioner are able to carry out their mandate to protect and promote privacy rights of individuals.
Privacy Act Investigations Branch
The PA Investigations Branch receives and investigates complaints from individuals who claim a breach of the PA, or complaints that are initiated by the Commissioner. The Branch also receives notifications of breaches from federal government organizations, and receives and reviews public interest disclosures made by them.
PIPEDA Investigations Branch
The PIPEDA Investigations Branch is divided between Ottawa and Toronto. In Ottawa, the Branch receives and investigates complaints of national scope by individuals or initiated by the Commissioner, from anywhere in Canada. In Toronto, the Branch investigates complaints particularly from the Greater Toronto Area (GTA) and coordinates public education and stakeholder outreach activities in the GTA.
Audit and Review Branch
The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws. The Branch also analyses and provides recommendations on Privacy Impact Assessments (PIAs) submitted to the OPC pursuant to the Treasury Board Secretariat Policy on Privacy Impact Assessments.
Communications Branch
The Communications Branch focuses on providing strategic advice and support for communications and public education activities for the OPC. In addition, the Branch plans and implements a variety of public education and communications activities through media monitoring and analysis, public opinion polling, media relations, publications, special events, outreach activities and the OPC web sites. The Branch is also responsible for the OPC’s Information Centre, which responds to requests for information from the public and organizations regarding privacy rights and responsibilities.
Legal Services, Policy and Research Branch
The Legal Services, Policy, Research and Technology Analysis Branch (LSPRTA) provides strategic legal and policy advice and conducts research on emerging privacy issues in Canada and internationally. More specifically, the Branch provides strategic legal advice to the Commissioners and various Branch Heads on the interpretation and application of the PA and PIPEDA in investigations and audits, as well as general legal counsel on a broad range of corporate and communication matters. LSPRTA represents the OPC in litigation matters before the courts and in negotiations with other parties both nationally and internationally. It reviews and analyzes legislative bills, government programs, public and private sector initiatives and provides strategic advice to the Commissioners on appropriate policy positions to protect and advance privacy rights in Canada. The Branch prepares for, represents and supports the office in appearances before Parliament and in its relations with parliamentarians. The Branch conducts applied research on the privacy implications of emerging societal and technological issues to support and inform the development of OPC policy guidance and best practices for relevant stakeholders. The Branch administers the OPC Research Contribution program, which was launched in 2004, to advance knowledge and understanding of privacy issues and to promote enhanced protection of personal information. LSPRTA also identifies and analyzes technological trends and developments in electronic platforms and digital media; conducts research to assess the impact of technology on the protection of personal information in the digital world and provides strategic analysis and guidance on complex, varied and sensitive technological issues involving breaches in the security of government and commercial systems that store personal information.
Human Resources Management Branch
The Human Resources Management Branch is responsible for the provision of strategic advice, management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation.
Corporate Services Branch
The Corporate Services Branch provides advice and integrated administrative services such as corporate planning, resource management, financial management, information management/technology and general administration to managers and staff.
Access to Information and Privacy Directorate
The Acess to Infromation and Privacy (ATIP) Directorate is responsible for responding to formal requests for information from the public pursuant to the Access to Information Act and the Privacy Act. The ATIP Directorate is also responsible for developing internal policies and ensuring compliance relative to these acts.
Office of the Privacy Commissioner of Canada
Text version
Organizational Chart
Office of the Privacy Commissioner of Canada
- Privacy Commissioner
- Executive Secretariat
- Assistant Privacy Commissioner
- Audit and Review Branch
- Personal Information Protection and Electronic Documents Act (PIPEDA) Investigations Branch
- Privacy Act Investigations Branch
- Communications Branch
- Legal Services, Policy, Research and Technology Analysis Branch
- Corporate Services Branch
- Human Resources Management Branch
- Access to Information and Privacy Directorate
ATIP Directorate is headed by a Director who is supported by two senior analysts.
Under section 73 of the PA, the Privacy Commissioner, as the head of the OPC, the Privacy Commissioner’s authority has been delegated to the ATIP Director with respect to the application of the Act and its Regulations. With respect to public interest disclosures under section 8(2)(m) of the Act, the Commissioner’s authority has been maintained. A copy of the Delegation Order is attached as Appendix A.
The ATIP Director also serves as the OPC’s Chief Privacy Officer.
Privacy Commissioner, Ad Hoc / Complaint Mechanism
Given the silence of the Federal Accountability Act with respect to an independent mechanism under which PA complaints against the OPC would be investigated, the Office has developed an alternative mechanism to investigate OPC actions with respect to its administration of the Act.
For this purpose, the Commissioner’s powers, duties and functions as set out in sections 29 through 35 and section 42 of the Act have been delegated to a Privacy Commissioner, Ad Hoc in order to investigate PA complaints lodged against the OPC.
The current Privacy Commissioner, Ad Hoc is Mr. John H. Sims. Mr. Sims is a member of the Law Society of Upper Canada, and retired from the Public Service of Canada on April 2, 2010 after 32 years, five as Deputy Minister of Justice and Deputy Attorney General of Canada. Throughout his career, Mr. Sims has been recognized for outstanding achievements, high standards of ethical and professional conduct, excellence in leadership and preeminent public service. In 2010, the Prime Minister presented Mr. Sims with the prestigious Outstanding Achievement Award of the Public Service of Canada.
ATIP Unit Activities
Training employees
In the reporting fiscal year, ATIP Training Sessions were offered to all new OPC employees and those returning from extended leave or temporary assignments elsewhere. The OPC has committed to training all new staff within three months of their arrival. At the conclusion of the year, 100% of new and returning employees had participated in the training sessions. Additionally, each Branch received an ATIP awareness session to reinforce knowledge of their responsibilities with respect to access and privacy legislation. The ATIP office also provides sessions as needed.
Enabling the organization
Throughout the year, the ATIP Directorate has been active in providing advice to all OPC staff with respect to informal requests for information. ATIP has also continued to support the Information Management function by providing advice on internal information handling practices. Notably, the ATIP Directorate played an active role in assisting in the creation of the OPC knowledge center. One of the key features of this new tool allows OPC staff to search depersonalized reports of findings from previous PA and PIPEDA investigations. These reports had historically been destroyed at the end of their respective retention periods. The ATIP Directorate depersonalized over ten years of reports allowing the OPC to preserve valuable corporate memory.
Contributing to decision making
The ATIP Director has played a collaborative role in the planning, development and updating of OPC policies, procedures and directives. The ATIP Director also sits on the OPC’s key strategic decision-making committees. The OPC’s recognition of the importance to integrate the ATIP Director in its core decision-making committees has ensured that the Privacy Act is respected.
In addition, the ATIP Director serves as chair of the Privacy Accountability Working Group. This group comprises representatives from every OPC branch. Its purpose and key activities are to:
- Promote a culture of privacy protection and awareness across the organization;
- Ensure accountability for the handling of personal information across the OPC and that the Office’s internally-led initiatives are held to the same privacy-protective standards it expects of the organizations and institutions that it regulates;
- Review recommendations that the OPC makes externally for internal applicability and compliance; and
- Ensure that all initiatives involving collection, use and disclosure of personal information within the OPC are brought to the attention of the organization’s Chief Privacy Officer.
Implementing a new reporting structure
During the final quarter of the year, it was decided that the OPC ATIP Directorate would report directly to the Commissioner. This decision was in keeping with a recommendation that the OPC had made to other organizations, whereby the independence of the Chief Privacy Officer is ensured by having that function report directly to the head of the organization. This new reporting structure underlines the importance the OPC attributes to functions carried out by the ATIP Directorate and the need to ensure that it has independence and direct access to the organization head.
Privacy Act Statistical Report and Interpretation
The OPC received 81 formal requests under the PA for the fiscal year. However, the vast majority of those requests—49 of them—sought access to personal information under the control of other government institutions. They were therefore re-directed for processing to those institutions, including to the Correctional Service of Canada, Employment and Social Development Canada, National Defence, the Canada Border Services Agency, Citizenship and Immigration Canada, the Canada Revenue Agency, and the Royal Canadian Mounted Police.
Requests under the Privacy Act
Text version
Requests under the Privacy Act
| Year | 2011/2012 | 2012/2013 | 2013/2014 |
|---|---|---|---|
| Received | 79 | 61 | 61 |
| Transferred | 68 | 44 | 44 |
| Processed | 14 | 17 | 17 |
During the reporting period, the OPC received 32 PA requests for personal information under its control. This represented a near 300% increase from the previous year and accounted for 20,754 pages of information.
Of the 32 requests received, 31 were processed within the reporting year; the remaining request was carried forward and will be reported in the 2014-2015 statistics. The OPC also responded to three requests that had been carried forward from the 2012-2013 year. All told, the OPC responded to 34 requests for personal information in 2013-2014. In all cases, the requests were submitted by the individuals to whom the personal information was attributed.
In two cases, the OPC was required to claim extensions of time limits. In both, the volume of records that required processing was quite large and finalizing those requests within the original 30-day timeframe would have unreasonably interfered with the operations of the OPC.
With respect to the 34 requests responded to in 2013-2014:
- In 5 instances, the information was disclosed entirely;
- Information was partially disclosed in 16 instances;
- In 6 instances, no records existed that responded to the requests;
- Information was exempted entirely in 2 instances;
- In 5 instances, the requests were abandoned by the requester.
Of the 34 requests, 23 were for the contents of PA or PIPEDA investigation files. Section 22.1 of the PA prohibits the OPC from releasing information it obtained during the course of its investigations or audits even after the matter and all related proceedings have been concluded. However, the OPC cannot refuse to disclose information it created during the course of an investigation or audit, once they and any related proceedings are completed — and subject to any applicable exemptions. This exemption was applied in 17 cases during the reporting period. With respect to other exemptions, section 26 was claimed in ten cases and section 27 in seven.
The OPC received 11 requests from people for general information about themselves. It is quite common for the OPC to receive broad requests seeking access to all the personal information held by the Government of Canada. In most cases, the OPC does not have any of the requested personal information under its control. In such cases, requesters are advised to consult Info Source for a detailed listing of the personal information holdings of each federal organization and to submit requests to those most likely to have the personal information to which they seek access.
At no point during the reporting period were requests received for correction of personal information held within the OPC.
Finally, the OPC received and responded to 14 consultations from the Royal Canadian Mounted Police this fiscal year. No other federal department consulted the OPC on personal information requests they were processing.
Privacy Act complaints against the OPC
The OPC was the respondent in four complaints under the PA in this reporting year. The Privacy Commissioner, Ad Hoc issued three findings during this fiscal year, two for complaints that had been filed in the 2012-2013 fiscal and one for a complaint received in the reporting year. All three complaints were deemed not well-founded. At the conclusion of the reporting period, the Privacy Commissioner, Ad Hoc had yet to issue findings on the remaining three complaints.
Report on the Directive on Privacy Impact Assessment (PIA) Policy
The Directive on Privacy Impact Assessment which came into effect on April 1, 2010, requires that the Treasury Board Secretariat monitor compliance with the Directive. Given this responsibility, institutions are asked to include pertinent statistics in their annual reports on the administration of the PA.
In 2013-2014 the OPC initiated three PIAs. At the conclusion of the reporting year, all the PIAs were still in the process of being drafted. It is anticipated that they will be completed in the course of the next reporting year.
Data Sharing Activities
The OPC did not undertake any personal data sharing activities this reporting year.
Disclosures of Personal Information
The OPC disclosed no personal information under sections 8(2)(e), (f), (g) or (m) of the PA during this fiscal year
Privacy-Related Policies
This fiscal year, the OPC implemented a Privacy Impact Assessment process. This tool provides clear steps and guidance to OPC staff on how to determine the requirement of a PIA and ensures that the Chief Privacy Officer is engaged at the earliest stage.
The ATIP Director is a member of the OPC’s Policy Development Committee. In that role, policies, directives and guidelines have been and continue to be reviewed to ensure that the PA is respected.
For additional information on the OPC’s activities, please visit www.priv.gc.ca
Additional copies of this report may be obtained from:
Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec K1A 1H3
Appendix A – Privacy Act
Delegation Order
The Interim Privacy Commissioner of Canada, as the head of the government institution, hereby designates pursuant to section 73 of the Privacy Act, the person holding the position set out below, or the person occupying on an acting basis that position, to exercise the powers, duties or functions of the Privacy Commissioner as specified below and as more fully described in Annex A:
| Position | Sections of Privacy Act |
|---|---|
| Director, ATIP |
Act: 8(2)(j), 8(4) and (5), 9(1) and (4), 10, 14, 15, 17(2)(b) and (3)(b),18 to 28, 31, 33(2), 35(1) and (4), 36(3), 37(3), 51(2)(b) and (3), 70, 72(1) Regulations: 9, 11(2) and (4), 13(1), 14 |
This delegation of authority supersedes any previous delegation of the powers, duties and functions set out herein.
Dated at the City of Ottawa, this 9 day of January, 2014.
(Original signed by)
Chantal Bernier
Interim Privacy Commissioner of Canada
Privacy Act
| 8(2)(j) | Disclose personal information for research purposes |
|---|---|
| 8(2)(m) | Disclose personal information in the public interest or in the interest of the individual |
| 8(4) | Retain copy of 8(2)(e) requests and disclosed records |
| 8(5) | Notify Privacy Commissioner of 8(2)(m) disclosures |
| 9(1) | Retain record of use |
| 9(4) | Notify Privacy Commissioner of consistent use and amend index |
| 10 | Include personal information in personal information banks |
| 14 | Respond to request for access within 30 days; give access or give notice |
| 15 | Extend time limit for responding to request for access |
| 17(2)(b) | Decide whether to translate requested information |
| 17(3)(b) | Decide whether to give access in an alternative format |
| 18(2) | May refuse to disclose information contained in an exempt bank |
| 19(1) | Shall refuse to disclose information obtained in confidence from another government |
| 19(2) | May disclose any information referred to in 19(1) if the other government consents to the disclosure or makes the information public |
| 20 | May refuse to disclose information injurious to the conduct of federal-provincial affairs |
| 21 | May refuse to disclose information injurious to international affairs or defence |
| 22 | Series of discretionary exemptions related to law enforcement and investigations; and policing services for provinces or municipalities. |
| 22.1(1) | In force April 1, 2007 - Privacy Commissioner shall refuse to disclose information obtained or created in the course of an investigation conducted by the Commissioner |
| 22.1(2) | In force April 1, 2007 - Privacy Commissioner shall not refuse under 22.1(1) to disclose any information created by the Commissioner in the course of an investigation conducted by the Commissioner once the investigation and related proceedings are concluded |
| 23 | May refuse to disclose information prepared by an investigative body for security clearances |
| 24 | May refuse to disclose information collected by the Correctional Service of Canada or the National Parole Board while individual was under sentence if conditions in section are met |
| 25 | May refuse to disclose information which could threaten the safety of individuals |
| 26 | May refuse to disclose information about another individual, and shall refuse to disclose such information where disclosure is prohibited under section 8 |
| 27 | May refuse to disclose information subject to solicitor-client privilege |
| 28 | May refuse to disclose information relating to the individual’s physical or mental health where disclosure is contrary to best interests of the individual |
| 31 | Receive notice of investigation by Privacy Commissioner |
| 33(2) | Right to make representations to the Privacy Commissioner during an investigation |
| 35(1) | Receive Privacy Commissioner’s report of findings of the investigation and give notice of action taken |
| 35(4) | Give complainant access to information after 35(1)(b) notice |
| 36(3) | Receive Privacy Commissioner’s report of findings of investigation of exempt bank |
| 37(3) | Receive report of Privacy Commissioner’s findings after compliance investigation |
| 51(2)(b) | Request that section 51 hearing be held in the National Capital Region |
| 51(3) | Request and be given right to make representations in section 51 hearings |
| 70 | Refuse to provide information that is excluded from the Act as a cabinet confidence |
| 72(1) | Prepare annual report to Parliament |
Privacy Regulations
| 9 | Provide reasonable facilities to examine information |
|---|---|
| 11(2) and (4) | Procedures for correction or notation of information |
| 13(1) | Disclosure of information relating to physical or mental health to qualified practitioner or psychologist |
| 14 | Require individual to examine information in presence of qualified practitioner or psychologist |
Appendix B – Additional Reporting Requirements
Privacy Act
Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA) Policy (which came into effect on May 2, 2002) and the Directive on Privacy Impact Assessment (which takes effect April 1, 2010) through a variety of means. Institutions are therefore required to report the following information for this reporting period:
- Preliminary PIAs initiated: 0
- Preliminary PIAs completed: 0
- PIAs initiated: 3
- PIAs completed: 0
- PIAs forwarded to the Office of the Privacy Commissioner (OPC): 0
**No PIAs were completed during the reporting period**
Part III – Exemptions invoked
| Paragraph 19(1)(e) | not invoked |
|---|---|
| Paragraph 19(1)(f) | not invoked |
| Subsection 22.1 | This exemption was invoked in seventeen files |
| Subsection 22.2 | not invoked |
| Subsection 22.3 | not invoked |
Part IV – Exclusions cited
| Subsection 69.1 | not invoked |
|---|---|
| Subsection 70.1 | not invoked |
Statistical Report on the Privacy Act
Name of institution: Office of the Privacy Commissioner of Canada
Reporting period: 01/04/2013 to 31/03/2014
Part 1 – Requests under the Privacy Act
| Number of Requests | |
|---|---|
| Received during reporting period | 81 |
| Outstanding from previous reporting period | 3 |
| Total | 84 |
| Closed during reporting period | 83 |
| Carried over to next reporting period | 1 |
Part 2 – Requests closed during the reporting period
| Disposition of requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 1 | 4 | 0 | 0 | 0 | 0 | 0 | 5 |
| Disclosed in part | 1 | 14 | 1 | 1 | 0 | 0 | 0 | 16 |
| All exempted | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 2 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 54 | 1 | 0 | 0 | 0 | 0 | 0 | 55 |
| Request abandoned | 3 | 2 | 0 | 0 | 0 | 0 | 0 | 5 |
| Total | 59 | 22 | 1 | 1 | 0 | 0 | 0 | 83 |
| Section | Number of requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 0 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 17 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 10 |
| 27 | 7 |
| 28 | 0 |
| Section | Number of requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 4 | 1 | 0 |
| Disclosed in part | 9 | 7 | 0 |
| Total | 13 | 8 | 0 |
2.5 Complexity
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 122 | 122 | 5 |
| Disclosed in part | 20,632 | 16,936 | 16 |
| All exempted | 1 | 0 | 2 |
| All excluded | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 5 |
| Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 5 | 122 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 8 | 325 | 6 | 822 | 1 | 192 | 0 | 0 | 1 | 15,597 |
| All exempted | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 20 | 447 | 6 | 822 | 1 | 192 | 0 | 0 | 1 | 15,597 |
| Disposition | Consultation required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 1 | 0 | 0 | 1 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 1 | 0 | 0 | 1 |
2.6 Deemed refusals
| Number of requests closed past the statutory deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 0 | 0 | 0 | 0 | 0 |
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Part 3 – Disclosures under subsection 8(2)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Total |
|---|---|---|
| 0 | 0 | 0 |
Part 4 – Requests for correction of personal information and notations
| Number | |
|---|---|
| Requests for correction received | 0 |
| Requests for correction accepted | 0 |
| Requests for correction refused | 0 |
| Notations attached | 0 |
Part 5 – Extensions
| Disposition of requests where an extension was taken | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation or conversion |
|
|---|---|---|---|---|
| Section 70 | Other | |||
| All disclosed | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 |
| Total | 2 | 0 | 0 | 0 |
| Length of extensions | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation purposes |
|
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 0 | 0 | 0 | 0 |
| 16 to 30 days | 2 | 0 | 0 | 0 |
| Total | 2 | 0 | 0 | 0 |
Part 6 – Consultations received from other institutions and organizations
| Consultations | Other government institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 14 | 126 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 14 | 126 | 0 | 0 |
| Closed during the reporting period | 14 | 126 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 8 | 1 | 0 | 0 | 0 | 0 | 0 | 9 |
| Disclose in part | 3 | 2 | 0 | 0 | 0 | 0 | 0 | 5 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 11 | 3 | 0 | 0 | 0 | 0 | 0 | 14 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7 – Completion time of consultations on Cabinet confidences
| Number of days | Number of responses received | Number of responses received past deadline |
|---|---|---|
| 1 to 15 | 0 | 0 |
| 16 to 30 | 0 | 0 |
| 31 to 60 | 0 | 0 |
| 61 to 120 | 0 | 0 |
| 121 to 180 | 0 | 0 |
| 181 to 365 | 0 | 0 |
| More than 365 | 0 | 0 |
| Total | 0 | 0 |
Part 8 – Resources related to the Privacy Act
| Expenditures | Amount ($) |
|---|---|
| Salaries | $164,240 |
| Overtime | $0 |
| Goods and Services | $26,297 |
| Contracts for privacy impact assessments | $0 |
| Professional services contracts | $23,035 |
| Other | $3,262 |
| Total | $190,537 |
| Resources | Dedicated full-time | Dedicated part-time | Total |
|---|---|---|---|
| Full-time employees | 0.00 | 2.43 | 2.43 |
| Part-time and casual employees | 0.00 | 0.00 | 0.00 |
| Regional staff | 0.00 | 0.00 | 0.00 |
| Consultants and agency personnel | 0.00 | 0.14 | 0.14 |
| Students | 0.00 | 0.00 | 0.00 |
| Total | 0.00 | 2.57 | 2.57 |
Alternate versions
- PDF (1.1 MB) Not tested for accessibility
- Date modified: