2015-16 Annual Report to Parliament on the Privacy Act
July 2016
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec
K1A 1H3
819-994-5444, 1-800-282-1376
Fax 819-994-5424
Follow us on Twitter: @privacyprivee
Introduction
The Privacy Act (PA) came into effect on July 1, 1983. The Act imposes obligations on federal government departments and agencies to respect the privacy rights of individuals by limiting the collection, use and disclosure of personal information. The Act also gives individuals the right of access to their personal information and the right to request the correction of that information.
When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) was added to the Schedule of the Privacy Act along with other Agents of Parliament. Therefore, while not initially subject to the Act, the OPC became so on April 1, 2007.
Section 72 of the Act requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Actwithin their institutions during the fiscal year.
The OPC is pleased to submit its ninth Annual Report which describes how we fulfilled our responsibilities under the Privacy Act in 2015-16.
Mandate and Mission of the OPC
The mandate of the OPC is to oversee compliance with both the Privacy Act (PA), which covers the personal information handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.
The OPC’s mission is to protect and promote the privacy rights of individuals.
The Commissioner works independently from any other part of the government to investigate privacy complaints from individuals with respect to the federal public sector and certain aspects of the private sector. In public sector matters, individuals may complain to the Commissioner about any matter specified in section 29 of the PA.
For matters relating to personal information in the private sector, the Commissioner may investigate complaints under section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Quebec, British Columbia, and Alberta. Ontario, New Brunswick and Newfoundland and Labrador now fall into this category with respect to personal health information held by health information custodians under their health sector privacy laws. However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees. PIPEDA also applies to all personal data that flows across provincial or national borders, in the course of commercial activities.
The Commissioner focuses on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary cooperation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the complainant or the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.
As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:
- Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
- Pursuing legal action before federal courts where appropriate to resolve outstanding matters;
- Assessing compliance with obligations contained in the PA and PIPEDA through the conduct of independent audit and review activities;
- Advising on, and reviewing, Privacy Impact Assessments (PIAs) of new and existing government initiatives;
- Providing legal and policy analyses and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
- Responding to inquiries from parliamentarians, individual Canadians and organizations seeking information and guidance, and taking proactive steps to inform them of emerging privacy issues;
- Promoting privacy awareness and compliance, and fostering understanding of privacy rights and obligations through proactive engagement with federal government institutions, private-sector organizations, industry associations, legal community, academia, professional associations, and other stakeholders;
- Preparing and disseminating public education materials, positions on evolving legislation, regulations and policies, guidance documents and fact sheets for use by the general public, federal government institutions and private sector organizations;
- Conducting research and monitoring trends in technological advances and privacy practices, identify systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
- Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever increasing transborder data flows.
Organizational Structure
The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner may be assisted by an Assistant Commissioner, who has delegated responsibilities under both the PA and PIPEDA. At the time of writing this report, the position has been vacant since December 2013.
The OPC is structured in the following way:
Executive Secretariat
The Executive Secretariat ensures effective liaison and coordination with internal and external stakeholders and provides strategic advice so that the Commissioner and Assistant Commissioner are able to carry out their mandate to protect and promote privacy rights of individuals.
Privacy Act Investigations Branch
The PA Investigations Branch receives and investigates complaints from individuals who claim a breach of the PA, or complaints that are initiated by the Commissioner. The Branch also receives notifications of breaches from federal government organizations, and receives and reviews public interest disclosures made by them.
PIPEDA Investigations Branch
The PIPEDA Investigations Branch is divided between Ottawa and Toronto. In Ottawa, the Branch receives and investigates complaints of national scope by individuals or initiated by the Commissioner, from anywhere in Canada. In Toronto, the Branch investigates complaints particularly from the Greater Toronto Area (GTA) and coordinates public education and stakeholder outreach activities in the GTA.
Audit and Review Branch
The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws. The Branch also analyses and provides recommendations on Privacy Impact Assessments (PIAs) submitted to the OPC pursuant to the Treasury Board Secretariat (TBS) Directive on Privacy Impact Assessment.
Communications Branch
The Communications Branch focuses on providing strategic advice and support for communications and public education activities for the OPC. In addition, the Branch plans and implements a variety of public education and communications activities through media monitoring and analysis, public opinion polling, media relations, publications, special events, outreach activities and the OPC website. The Branch is also responsible for the OPC’s Information Centre, which responds to requests for information from the public and organizations regarding privacy rights and responsibilities.
Legal Services, Policy and Research Branch
The Legal Services, Policy, Research and Technology Analysis Branch (LSPRTA) provides strategic legal and policy advice and conducts research on emerging privacy issues in Canada and internationally. More specifically, the Branch provides strategic legal advice to the Commissioners and various Branch Heads on the interpretation and application of the PA and PIPEDA in investigations and audits, as well as general legal counsel on a broad range of corporate and communication matters. LSPRTA represents the OPC in litigation matters before the courts and in negotiations with other parties both nationally and internationally. It reviews and analyzes legislative bills, government programs, public and private sector initiatives and provides strategic advice to the Commissioners on appropriate policy positions to protect and advance privacy rights in Canada. The Branch prepares for, represents and supports the Office in appearances before Parliament and in its relations with parliamentarians. Its analysts conduct applied research on the privacy implications of emerging societal and technological issues to support and inform the development of OPC policy guidance and best practices for relevant stakeholders. The Branch administers the OPC Research Contributions Program, which was launched in 2004, to advance knowledge and understanding of privacy issues and to promote enhanced protection of personal information. LSPRTA also identifies and analyzes technological trends and developments in electronic platforms and digital media; conducts research to assess the impact of technology on the protection of personal information in the digital world and provides strategic analysis and guidance on complex, varied and sensitive technological issues involving breaches in the security of government and commercial systems that store personal information.
Human Resources Management Branch
The Human Resources Management Branch is responsible for the provision of strategic advice, management and delivery of comprehensive human resources management programs in areas such as staffing, classification, staff relations, human resources planning, learning and development, employment equity, official languages and compensation.
Corporate Services Branch
The Corporate Services Branch provides advice and integrated administrative services such as corporate planning, resource management, financial management, information management and information technology, and general administration to managers and staff.
Access to Information and Privacy Directorate
The Access to Information and Privacy (ATIP) Directorate is responsible for responding to formal requests for information from the public pursuant to the Access to Information Act and the Privacy Act. The ATIP Directorate is also responsible for developing internal policies and ensuring compliance relative to these acts.
Office of the Privacy Commissioner of Canada
Text version
Organizational Chart
Office of the Privacy Commissioner of Canada
- Privacy Commissioner
- Executive Secretariat
- Assistant Privacy Commissioner
- Audit and Review Branch
- Personal Information Protection and Electronic Documents Act (PIPEDA) Investigations Branch
- Privacy Act Investigations Branch
- Access to Information and Privacy Directorate
- Legal Services, Policy, Research and Technology Analysis Branch
- Corporate Services Branch
- Human Resources Management Branch
- Communications Branch
The ATIP Directorate is headed by a Director who is supported by two senior analysts.
Under section 73 of the PA, the Privacy Commissioner, as the head of the OPC, the Privacy Commissioner’s authority has been delegated to the ATIP Director with respect to the application of the Act and its Regulations. With respect to public interest disclosures under section 8(2)(m) of the Act, the Commissioner’s authority has been maintained. A copy of the Delegation Order is attached as Appendix A.
The ATIP Director also serves as the OPC’s Chief Privacy Officer.
Privacy Commissioner, Ad Hoc / Complaint Mechanism
Given the silence of the Federal Accountability Act with respect to an independent mechanism under which PA complaints against the OPC would be investigated, the Office has developed an alternative mechanism to investigate OPC actions with respect to its administration of the Act.
For this purpose, the Commissioner’s powers, duties and functions as set out in sections 29 through 35 and section 42 of the Act have been delegated to a Privacy Commissioner, Ad Hoc in order to investigate PAcomplaints lodged against the OPC.
The current Privacy Commissioner, Ad Hoc is Mr. David Loukidelis, Q.C.. Mr. Loukidelis was British Columbia’s Information and Privacy Commissioner from 1999 to 2010 and was British Columbia’s Deputy Attorney General and Deputy Minister of Justice from 2010 to 2012. He was also Registrar of Lobbyists for British Columbia from 2003 to 2010. His experience in privacy and freedom of information dates back more than 20 years.
ATIP Directorate Activities
Training employees
In the reporting fiscal year, eight ATIP Training Sessions were offered to all new OPC employees and those returning from extended leave or temporary assignments elsewhere. The OPC has committed to training all new staff within three months of their arrival. At the conclusion of the year, eight training sessions had been held where 100% of new and returning employees participated. The ATIP Directorate also provides sessions as needed.
Contributing to decision making
The ATIP Director plays a collaborative role in the planning, development and updating of OPC policies, procedures and directives. The ATIP Director also sits on the OPC’s key strategic decision-making committees. The OPC’s recognition of the importance to integrate the ATIP Director in its core decision-making committees has ensured that the Privacy Act is respected.
In addition, the ATIP Director serves as chair of the Privacy Accountability Working Group. This group comprises representatives from every OPC branch. Its purpose and key activities are to:
- Promote a culture of privacy protection and awareness across the organization;
- Ensure accountability for the handling of personal information across the OPC and that the Office’s internally-led initiatives are held to the same privacy-protective standards it expects of the organizations and institutions that it regulates;
- Review recommendations that the OPC makes externally for internal applicability and compliance; and
- Ensure that all initiatives involving collection, use and disclosure of personal information within the OPC are brought to the attention of the organization’s Chief Privacy Officer.
Info Source: Sources of Federal Government and Employee Information — 2015 edition
In the reporting fiscal year, the ATIP Directorate updated the OPC’s chapter in Info Source: Sources of Federal Government and Employee Information. Specifically, the chapter’s program descriptions were revised to reflect the latest version of the OPC’s Program Alignment Architecture. In addition, an OPC specific Personal Information Bank (PIB) and a number of classes of records were revised; other changes to the OPC's chapter included a new Records Disposition Authority for OPC specific PIBs, as well as the addition of three new standard PIBs.
ATIP Directorate — Staff changes
In the reporting fiscal year, there were a number of staff changes within the ATIP Directorate, including the departure of a full time senior ATIP analyst and the arrival of a new ATIP Director. As well, a casual employee and a consultant were hired to assist with the processing of access requests or the development of ATIP policy instruments. It is anticipated that in the next reporting year, additional staff changes will take place, including the hiring of a full time employee.
Privacy Act Statistical Interpretation
The OPC received 109 formal requests under the PA for the fiscal year and closed 110, which included one request that was carried over from the previous reporting year. However, in almost half of the requests closed-51 (46%) of them- no records were found, which included 11 requests for access to personal information under the control of other federal government institutions. With the consent of the requestors, the 11 requests were re-directed for processing to the relevant institutions, namely, the Canada Border Services Agency, Canada Revenue Agency, Citizenship and Immigration Canada, Correctional Service of Canada, Employment and Social Development Canada / Service Canada, National Defence, and the Royal Canadian Mounted Police.
Requests under the Privacy Act
Text version
Requests under the Privacy Act| Year | 2013/2014 | 2014/2015 | 2015/2016 |
|---|---|---|---|
| Received | 81 | 38 | 109 |
| Transferred | 49 | 19 | 11 |
| Processed | 32 | 19 | 98 |
During the reporting period, the OPC processed 89 PA requests for personal information under its control. This accounted for 18,968 pages of information processed. While this represents significantly more requests than the previous reporting year, this increase is tempered somewhat by the fact that 62 of the 89 requests, or almost 70% of them, were from the same requestor.
Of the requests received, all were closed within the reporting year. The OPC also closed one request that had been carried forward from the 2014-15 year. All told, the OPC processed 89 requests for personal information under its control in 2015-16. In all cases, the requests were submitted by the individuals to whom the personal information was attributed.
In three cases, the OPC was required to claim extensions of time limits. In two cases, the volume of records that required processing was quite large and finalizing those requests within the original 30-day timeframe would have unreasonably interfered with the operations of the OPC; in the third case, consultations were necessary to comply with the request that could not have reasonably been completed within the original time limit. With respect to the 89 requests processed in 2015-16:
- In 11 instances, the information was disclosed entirely;
- Information was partially disclosed in 42 instances;
- In 31 instances, no records existed that responded to the requests;
- Information was exempted entirely in three instances;
- In two instances, the requests were abandoned by the requester.
Of the 89 requests processed in the reporting year, 43 were for the contents of PA or PIPEDA investigation files. Section 22.1 of the PA prohibits the OPC from releasing information it obtained during the course of its investigations or audits even after the matter and all related proceedings have been concluded. However, the OPC cannot refuse to disclose information it created during the course of an investigation or audit, once they and any related proceedings are completed - and subject to any applicable exemptions. This exemption was applied in 29 cases during the reporting period. With respect to other exemptions, section 26 was claimed in 25 cases and section 27 in 13 cases.
It is quite common for the OPC to receive broad requests seeking access to all the personal information held by the Government of Canada. In most cases, the OPC does not have any of the requested personal information under its control. In such cases, requesters are advised to consult Info Source : Sources of Federal Government and Employee Information for a detailed listing of the personal information holdings of each federal organization and to submit requests to those most likely to have the personal information to which they seek access.
At no point during the reporting period were requests received for correction of personal information held within the OPC.
Finally, the OPC received and responded to five consultations from other federal government institutions. The Public Service Commission of Canada consulted our Office on three occasions, while Public Works and Government Services Canada consulted with us on two occasions.
Privacy Act complaints against the OPC
During the reporting year, the OPC was the respondent in 21 complaints under the PA; all were new complaints. Note that 18 of the 21 complaints were from the same complainant. The Privacy Commissioner, Ad Hoc issued 14 findings during this fiscal year. All 14 complaints were deemed not well-founded. At the conclusion of the reporting period, the Privacy Commissioner, Ad Hoc had yet to issue findings on the remaining seven complaints.
Note that the Privacy Commissioner, Ad Hoc, issued findings of well-founded in respect of the two complaints that were carried over from 2014-15; the complaints in question concerned the material privacy breach that occurred within the OPC in 2014. For additional information on this breach, refer to the section entitled Material Privacy Breach in the present report.
Report on the TBS Directive on Privacy Impact Assessment (PIA)
The Directive on Privacy Impact Assessment, which came into effect on April 1, 2010, requires that TBS monitor compliance with the Directive. Given this responsibility, institutions are asked to include pertinent statistics in their annual reports on the administration of the PA.
During the 2015-16 reporting year, the OPC completed the following PIA:
Privacy Impact Assessment Summary on the 30 Victoria Multi-Tenant Camera and Security System
The new tenants of the 30 Victoria Office Building were mandated by Public Works and Government Services Canada Real Property Branch, Major Crown Project Director 2010-2011 to implement an All Tenant Joint Surveillance & Access Control and Identity Management Security System.
The purpose of the multi-institutional 30VicMTCSS PIA was to perform a high-level assessment of the potential privacy impacts associated with 30VicMTCSS on behalf of all federal tenants of the building located at 30 Victoria Street, that is the Office of the Chief Electoral Officer (Elections Canada), Parks Canada (PC), Office of the Information Commissioner (OIC), Office of the Commissioner of Official Languages (OCOL), PWGSC Heritage Conservation Directorate (HDC) and Office of the Privacy Commissioner (OPC). The PIA includes an evaluation of the planned collection activities, a review of the core functions of the system, and a high-level assessment of standard investigative functions. Also considered was the possible sharing of personal information with provincial or federal police enforcement organizations for criminal investigations, to the extent known at the time of drafting.
However, the 30VicMTCSS PIA did not include a review of specialized or institutional-specific investigative or enforcement activities being undertaken by Enforcement Agencies nor for the Management of Security Incidents. These activities - to the extent that they involve the collection, use or disclosure of personal information - are to be covered in the program PIAs initiated by each individual agency.
The summary of this PIA can be viewed on the OPC’s website: https://www.priv.gc.ca/au-ans/pia-efvp/mtcss_e.asp.
Data Sharing Activities
The OPC did not undertake any personal data sharing activities this reporting year.
Disclosures of Personal Information
The OPC disclosed no personal information under sections 8(2)(e), (m), or 8(2) (5) of the PA during this fiscal year.
Material Privacy Breach
On April 10, 2014, OPC staff became aware of the disappearance of a back-up hard drive. The drive contained a backup of the Performance Budgeting for Human Capital (PBHC) dating back to 2002; our Office shares the system with the Office of the Information Commissioner of Canada. This is the financial system used to manage and forecast employee salaries and it houses the personal information of employees. A total of 800 current and former employees of the two offices were affected by the incident. The incident was reported to the Privacy Commissioner, Ad Hoc, and Treasury Board Secretariat and the affected parties were notified of the incident and their right to file a complaint.
On March 16, 2016, the former Privacy Commissioner, Ad Hoc, Mr. John H. Sims, issued his report of findings on this privacy breach, in which he made a number of recommendations. The OPC has accepted all of Mr. Sim’s recommendations and is actively addressing and implementing them. In addition, the OPC has taken a number of steps to strengthen related processes within the OPC to help prevent any future incidents.
No material privacy breaches occurred within the OPC during this fiscal reporting year.
Privacy Related Policy Instruments
In light of the staff changes within the ATIP Directorate, no privacy policy instrument work was completed during the fiscal reporting year; however, it is anticipated that new or revised privacy policy instruments will be approved and posted on the OPC’s website in the 2016-17 year.
The ATIP Director is a member of the OPC’s Policy Development Committee. In that role, policies, directives and guidelines have been and continue to be reviewed to ensure that the PA is respected.
For additional information on the OPC’s activities, please visit www.priv.gc.ca
Additional copies of this report may be obtained from:
Additional copies of this report may be obtained from:
Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Québec K1A 1H3
Appendix A — Privacy Act Delegation Order
The Interim Privacy Commissioner of Canada, as the head of the government institution, hereby designates pursuant to section 73 of the Privacy Act, the person holding the position set out below, or the person occupying on an acting basis that position, to exercise the powers, duties or functions of the Privacy Commissioner as specified below and as more fully described in Annex A:
| Position | Sections of Privacy Act |
|---|---|
| Director, ATIP |
Act: 8(2)(j), 8(4) and (5), 9(1) and (4), 10, 14, 15, 17(2)(b) and (3)(b),18 to 28, 31, 33(2), 35(1) and (4), 36(3), 37(3), 51(2)(b) and (3), 70, 72(1) Regulations: 9, 11(2) and (4), 13(1), 14 |
This delegation of authority supersedes any previous delegation of the powers, duties and functions set out herein.
Dated at the City of Ottawa, this 9 day of January, 2014
(Original signed by)
Chantal Bernier
Interim Privacy Commissioner of Canada
Privacy Act
| 8(2)(j) | Disclose personal information for research purposes |
|---|---|
| 8(2)(m) | Disclose personal information in the public interest or in the interest of the individual |
| 8(4) | Retain copy of 8(2)(e) requests and disclosed records |
| 8(5) | Notify Privacy Commissioner of 8(2)(m) disclosures |
| 9(1) | Retain record of use |
| 9(4) | Notify Privacy Commissioner of consistent use and amend index |
| 10 | Include personal information in personal information banks |
| 14 | Respond to request for access within 30 days; give access or give notice |
| 15 | Extend time limit for responding to request for access |
| 17(2)(b) | Decide whether to translate requested information |
| 17(3)(b) | Decide whether to give access in an alternative format |
| 18(2) | May refuse to disclose information contained in an exempt bank |
| 19(1) | Shall refuse to disclose information obtained in confidence from another government |
| 19(2) | May disclose any information referred to in 19(1) if the other government consents to the disclosure or makes the information public |
| 20 | May refuse to disclose information injurious to the conduct of federal-provincial affairs |
| 21 | May refuse to disclose information injurious to international affairs or defence |
| 22 | Series of discretionary exemptions related to law enforcement and investigations; and policing services for provinces or municipalities. |
| 22.1(1) | In force April 1, 2007 - Privacy Commissioner shall refuse to disclose information obtained or created in the course of an investigation conducted by the Commissioner. |
| 22.1(2) | In force April 1, 2007 - Privacy Commissioner shall not refuse under 22.1(1) to disclose any information created by the Commissioner in the course of an investigation conducted by the Commissioner once the investigation and related proceedings are concluded. |
| 23 | May refuse to disclose information prepared by an investigative body for security clearances. |
| 24 | May refuse to disclose information collected by the Correctional Service of Canada or the National Parole Board while individual was under sentence if conditions in section are met. |
| 25 | May refuse to disclose information which could threaten the safety of individuals. |
| 26 | May refuse to disclose information about another individual, and shall refuse to disclose such information where disclosure is prohibited under section 8. |
| 27 | May refuse to disclose information subject to solicitor-client privilege. |
| 28 | May refuse to disclose information relating to the individual’s physical or mental health where disclosure is contrary to best interests of the individual. |
| 31 | Receive notice of investigation by Privacy Commissioner. |
| 33(2) | Right to make representations to the Privacy Commissioner during an investigation. |
| 35(1) | Receive Privacy Commissioner’s report of findings of the investigation and give notice of action taken. |
| 35(4) | Give complainant access to information after 35(1)(b) notice. |
| 36(3) | Receive Privacy Commissioner’s report of findings of investigation of exempt bank. |
| 37(3) | Receive report of Privacy Commissioner’s findings after compliance investigation. |
| 51(2)(b) | Request that section 51 hearing be held in the National Capital Region. |
| 51(3) | Request and be given right to make representations in section 51 hearings. |
| 70 | Refuse to provide information that is excluded from the Act as a cabinet confidence. |
| 72(1) | Prepare annual report to Parliament. |
Privacy Regulations
| 9 | Provide reasonable facilities to examine information |
|---|---|
| 11(2) and (4) | Procedures for correction or notation of information |
| 13(1) | Disclosure of information relating to physical or mental health to qualified practitioner or psychologist |
| 14 | Require individual to examine information in presence of qualified practitioner or psychologist |
Appendix B — Statistical Report
Statistical Report on the Privacy Act
Name of institution: Office of the Privacy Commissioner of Canada
Reporting period: 01/04/2015 au 31/03/2016
Part 1 – Requests under the Privacy Act
| Number of Requests | |
|---|---|
| Received during reporting period | 109 |
| Outstanding from previous reporting period | 1 |
| Total | 110 |
| Closed during reporting period | 110 |
| Carried over to next reporting period | 0 |
Part 2 - Requests closed during the reporting period
| Disposition of requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 3 | 8 | 0 | 0 | 0 | 0 | 0 | 11 |
| Disclosed in part | 10 | 24 | 8 | 0 | 0 | 0 | 0 | 42 |
| All exempted | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 3 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 49 | 2 | 0 | 0 | 0 | 0 | 0 | 51 |
| Request abandoned | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 3 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 67 | 35 | 8 | 0 | 0 | 0 | 0 | 110 |
| Section | |||||
|---|---|---|---|---|---|
| Number of requests | Section | Number of requests | Section | Number of requests | |
| 18(2) | 0 | 22(1)(a)(i) | 0 | 23(a) | 0 |
| 19(1)(a) | 0 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
| 19(1)(b) | 0 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
| 19(1)(c) | 0 | 22(1)(b) | 0 | 24(b) | 0 |
| 19(1)(d) | 0 | 22(1)(c) | 0 | 25 | 0 |
| 19(1)(e) | 0 | 22(2) | 0 | 26 | 25 |
| 19(1)(f) | 0 | 22.1 | 29 | 27 | 13 |
| 20 | 0 | 22.2 | 0 | 28 | 0 |
| 21 | 0 | 22.3 | 0 |
| Section | |||||
|---|---|---|---|---|---|
| Number of requests | Section | Number of requests | Section | Number of requests | |
| 69(1)(a) | 0 | 70(1)(a) | 0 | 70(1)(d) | 0 |
| 69(1)(b) | 0 | 70(1)(b) | 0 | 70(1)(e) | 0 |
| 69.1 | 0 | 70(1)(c) | 0 | 70(1)(f) | 0 |
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 3 | 8 | 0 |
| Disclosed in part | 22 | 20 | 0 |
| Total | 25 | 28 | 0 |
2.5 Complexity
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 1,093 | 1,093 | 11 |
| Disclosed in part | 17,285 | 8,270 | 42 |
| All exempted | 588 | 0 | 3 |
| All excluded | 0 | 0 | 0 |
| Request abandoned | 2 | 0 | 3 |
| Neither confirmed nor denied | 0 | 0 | 0 |
| Total | 18,968 | 9,363 | 59 |
| Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 6 | 128 | 5 | 965 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 15 | 310 | 24 | 3,516 | 2 | 830 | 0 | 0 | 1 | 3,614 |
| All exempted | 2 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 26 | 438 | 30 | 4,481 | 2 | 830 | 0 | 0 | 1 | 3,614 |
| Disposition | Consultation required | Assessment of fees | Legal advice sought | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 3 | 0 | 0 | 5 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 3 | 0 | 0 | 5 |
2.6 Deemed refusals
| Number of requests closed past the statutory deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 0 | 0 | 0 | 0 | 0 |
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Part 3 - Disclosures under subsection 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Paragraph 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Part 4 - Requests for correction of personal information and notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Part 5 — Extensions
| Disposition of requests where an extension was taken | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation or conversion |
|
|---|---|---|---|---|
| Section 70 | Other | |||
| All disclosed | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 0 | 1 | 0 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 |
| Total | 2 | 0 | 1 | 0 |
| Length of extensions | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation purposes |
|
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 0 | 0 | 0 | 0 |
| 16 to 30 days | 2 | 0 | 1 | 0 |
| Total | 2 | 0 | 1 | 0 |
Part 6 — Consultations received from other institutions and organizations
| Consultations | Other government institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during reporting period | 5 | 54 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 5 | 54 | 0 | 0 |
| Closed during the reporting period | 5 | 54 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 3 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 4 | 1 | 0 | 0 | 0 | 0 | 0 | 5 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7 — Completion Time of Consultations with Cabinet Confidences
| Number of Days | Fewer Than 100 Pages Processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of Days | Fewer Than 100 Pages Processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8 — Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 21 | 3 | 14 | 0 | 38 |
Part 9 — Privacy Impact Assessments (PIAs)
| Number of PIA(s) completed | 1 |
|---|
Part 10 — Resources related to the Privacy Act
| Expenditures | Amount | |
|---|---|---|
| Salaries | $105,846 | |
| Overtime | $0 | |
| Goods and Services | $47,682 | |
|
$47,129 | |
|
$553 | |
| Total | $153,528 | |
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 1.86 |
| Part-time and casual employees | 0.00 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 0.50 |
| Students | 0.00 |
| Total | 2.36 |
Alternate versions
- PDF (559 KB) Not tested for accessibility
- Date modified: