Language selection

OPC Logo Office of the Privacy Commissioner of Canada

Search

Highlights from the Commissioner’s 2023-2024 annual report

June 6, 2024

Privacy Act Bulletins are intended to offer lessons learned, best practices and other important privacy news, trends and information related to privacy protection in the federal public sector. We encourage you to share this information with colleagues.

The Privacy Commissioner of Canada’s annual report to Parliament for 2023-2024 was tabled today. Titled Trust, innovation, and protecting the fundamental right to privacy in the digital age, the report highlights key activities of the year, including the Office of the Privacy Commissioner of Canada’s work with federal institutions to promote and protect individuals’ fundamental right to privacy.

In his annual report message, Commissioner Dufresne notes that personal information is increasingly sought after in the digital age and protecting privacy has become one of the paramount challenges of our time. Fostering a culture of privacy and encouraging the use of privacy-by-design principles will help government institutions to leverage innovation and protect individuals’ fundamental right to privacy.

Here are some highlights from the report:

Government advisory work

In the 2023-2024 fiscal year, the OPC focused on reaching a broader range of federal institutions to increase awareness of privacy, including Privacy Impact Assessment (PIA) fundamentals and the OPC’s availability for advisory consultations.

These activities included targeted presentations to individual institutions, webinars, panel discussions, and joint events with the Treasury Board of Canada Secretariat (TBS) that were hosted by the Canada School of Public Service. Through 10 outreach events, the OPC reached 127 federal institutions.

The report also includes summaries of advisory activities related to several government initiatives, including employment equity self-identification and an online passport applications project.

Privacy Act investigations

In the 2023-2024 fiscal year, the OPC accepted 1,113 complaints under the Privacy Act. More than half of the complaints (603) were related to the length of time that institutions took to respond to requests for access to personal information.

The report also includes summaries of the following investigations that were completed in the 2023-2024 fiscal year:

Privacy Act breaches

In the 2023-2024 fiscal year, the OPC received 561 breach reports from federal government institutions, an 88% increase over the previous year.

The primary cause was the loss of personal information (68%), followed by the unauthorized access of personal information (16%). Unauthorized disclosure (15%) was a factor in 85 reported breaches with the majority of those cases caused by employee errors.

Over the years, the OPC has raised concerns with respect to under-reporting of breaches in the federal public sector. In that respect, the increase in breach reports received is a positive sign that breach detection efforts are working in some institutions. Still, the OPC remains concerned that, too often, breaches are going undetected or are being mis-assessed, leading to under-reporting of privacy breaches in the public sector.

The OPC also continues to see an important gap between the public and private sectors when it comes to the reporting of cyber incidents. In 2023-2024, the OPC received 321 reports of cyber incidents from the private sector, and only 37 from federal institutions, 33 of which were tied to a single incident at a third-party service provider. This is still an increase over the previous year, when there was only one reported cyber incident.

Further reading

Trust, innovation, and protecting the fundamental right to privacy in the digital age: 2023-2024 Annual Report to Parliament on the Privacy Act and the Personal Information Protection and Electronic Documents Act

Sign up for future Privacy Act Bulletins by subscribing to our RSS feed.

Date modified: