Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

2018-19 Departmental Results Report (DRR)

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web.

Operating context and key risks

Operating context

The OPC’s strategic and operating environments are constantly evolving given the exponential speed of technological change, the array of new business models and different means of collecting and manipulating data, which have long overtaken privacy protections.

Privacy is nothing less than a prerequisite for freedom: the freedom to live and develop independently as a person, away from the watchful eye of a surveillance state or commercial enterprises, while still participating voluntarily and actively in the regular, day-to-day activities of a modern society. Technological advances in areas such as data analytics, artificial intelligence, robotics, genetic profiling and the Internet of things raise novel and highly complex privacy risks. Privacy issues are multiplying at such a rapid pace that it is difficult for both individuals and organizations to effectively determine, let alone control, how and for what purpose organizations collect, use and disclose personal information.

Privacy issues are continuing to be more interdisciplinary and cross-jurisdictional. Respect for privacy in a digital world requires inter-operable global rules and cooperation when data flows across borders constantly. Our investigation into the Facebook/Cambridge AnalyticaFootnote 1 scandal is just one example of how our work intersects with areas beyond privacy, including the very foundation of our democratic processes. It is also a strong example of our cross-jurisdictional work and timely results when regulators work in tandem and in support of each other.

Again this year, our Office had to contend with outdated privacy laws. Regrettably, we will have to continue to work within the existing inadequate legislative framework for the foreseeable future. The government has announced its intention to review the two statutes, but this will not come to fruition in the short term.

The challenging privacy landscape continued to have an impact on the OPC’s work. The number of privacy issues for which Parliamentarians, businesses and individuals have required the OPC’s advice and guidance continued to multiply at a rapid pace. For example, this year alone, calls from various Parliamentary Committees increased by 41% from five years ago. Additionally, our Office made thirty (30) Parliamentary appearances and submissions, each entailing a significant workload.

At the same time, stakeholders requested more education and guidance for individuals and organizations at a rate that exceeds the OPC’s current capacity. The scale and pace of technological advances and their use in business and government organizations have also increased the proportion of complex complaints investigated by the OPC and as a result, have strained the Office’s investigative resources.

Furthermore, the OPC’s mandate was expanded last November by the introduction of new mandatory breach notification requirements in the private sector. As of the end of 2018-19, private-sector breaches reported to our Office had increased by roughly 500% from the previous year.

Key risks

Risks Risk response strategy and effectiveness Link to department’s Core Responsibilities
Adapting to external environment

Ability to remain effective and innovate in the way the OPC delivers its mandate given the rapid pace of change in the external environment and the need to continually adapt.		 During the year, the OPC worked to mitigate this risk by:
  • Continuing to make greater use of technology to gain efficiencies (i.e., automate data entry wherever possible, use “smart” online forms);
  • Supporting innovation projects flowing from Blueprint 2020 within the Office;
  • Making strategic use of our formal powers, including Commissioner-initiated investigations, to address privacy issues at a more systemic level; and,
  • Continuing to build capacity and share knowledge on evolving privacy and technological issues across the Office.
  • Budget 2019 announced additional funding for the OPC starting in 2019-20. The additional resources will contribute to further mitigate this risk.
  • Protection of privacy rights
  • Internal Services
Achieving progress on departmental results

Ability to achieve progress against departmental results should demands keep growing and resources remaining limited		 During the year, the OPC worked to mitigate this risk by:
  • Fully implementing the organizational review change management strategy to ensure an effective transition to the new organizational structure;
  • Refining the Office’s operational planning and monitoring processes to make sure resources are aligned with Departmental Results Framework (DRF) priorities and progress is monitored;
  • Making greater use of risk management frameworks and approaches as a means to prioritize work and address capacity issues; and,
  • Seeking additional funding through Budget 2019 to increase the OPC’s capacity to meet its DRF objectives.
Work will continue in 2019-2020 to mitigate this risk, namely through the allocation of Budget 2019 additional resources within the OPC.
  • Protection of privacy rights
Maintaining and recruiting the right skill set

Ability to maintain or recruit the right skill set to effectively deliver on its mandate given the increasingly complex and rapidly evolving privacy landscape.		 During the year, the OPC worked to mitigate this risk by:
  • Continuing the implementation of the Integrated Business and Human Resource Plan which includes strategies to support the organization's needs;
  • Continuing to build capacity and share knowledge on evolving privacy and technological issues, and learn and disseminate knowledge from cutting-edge research funded through the Contributions Program; and,
  • Continuing to promote the use of OPC competency profile in staffing processes.
Work will continue in 2019-20 to address this key risk, namely, through the development and implementation of a multi-year human resources strategy.
  • Protection of privacy rights
  • Internal Services
Date modified: