Annual Report to Parliament on the Administration of the Privacy Act – 2019-20
Table of Contents
- Introduction
- Institutional Mandate
- Delegated Authority
- ATIP Division Structure
- Highlights of the 2019-20 Statistical Report
- Complaints, Audits and Investigations
- Monitoring Compliance
- Disclosure of Personal Information Pursuant to Paragraphs 8(2)(e) and 8(2)(m)
- Training and Awareness Activities
- Policies, Guidelines, Procedures and Initiatives
- Material Privacy Breaches
- Privacy Impact Assessments
- Annex A – Delegation Order
- Annex B – Statistical Report
Introduction
The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. It establishes the rules for the collection, use, disclosure, retention and disposal of such information. It also provides individuals with a right to be given access to, and to request a correction of, their personal information.
Shared Services Canada (SSC) is pleased to submit to Parliament its 9th Annual Report on the Administration of the Privacy Act. This report is prepared in accordance with section 72(1) of the Privacy Act for the fiscal year commencing April 1, 2019, and ending March 31, 2020.
Institutional Mandate
SSC was created in 2011 to transform how the Government manages and secures its information technology (IT) infrastructure.
SSC plays a key role in the Government’s ability to deliver digital programs and services that improve the lives of Canadians, their families and communities.
SSC works in partnership with key public-sector and private-sector stakeholders to implement enterprise‑wide approaches for managing IT infrastructure services, and to employ effective and efficient business management processes. Maintaining strong customer relationships and service management is essential to the successful delivery of SSC’s mandate.
Delegated Authority
During the reporting period for fiscal year 2019-20, the Honourable Joyce Murray, Minister of Digital Government, was appointed and became the Minister responsible for SSC. Her role is to improve services to Canadians by working across the federal government to transition to a more digital government. In addition, she will lead SSC in our renewal to properly support our delivery for common IT infrastructure with the aim of ensuring its reliability and security.
The Minister of Digital Government is responsible for handling requests submitted under the Privacy Act. Pursuant to Section 73(1) of the Act, the Minister has delegated full powers, duties and functions to members of the Department’s senior management, including the Director and the Deputy Directors of the Access to Information and Privacy (ATIP) Protection Division, hereafter referred to as the ATIP Division (refer to Annex A).
ATIP Division Structure
The ATIP Division is part of the Corporate Secretariat, which is overseen by the Director General, Corporate Secretary and Chief Privacy Officer, situated within the Strategic Engagement Branch (SEB).
The Division administers the Access to Information Act and the Privacy Act, led by a director who acts as the ATIP Coordinator for the Department. Two units carry out the work under two Deputy Directors, each leading either the Operations Unit or the Policy and Governance Unit. While an average of 21 person-years were dedicated to the ATIP program, 8 person-years were dedicated to the administration of the Privacy Act. These person-years include full-time employees and students.
The Operations Unit is responsible for processing requests under the Access to Information Act and the Privacy Act. This includes, but is not limited to, the following:
- Liaising with subject-matter experts within SSC
- Performing line-by-line review of records requested and conducting external consultations as required to balance the public’s right of access and the Government’s need to safeguard certain information in limited and specific cases
- Providing briefings to senior management as required on matters relating to requests and institutional performance
- Acting as the main point of contact with the Office of the Information Commissioner (OIC) and the Office of the Privacy Commissioner (OPC) with respect to the resolution of complaints related to requests under both Acts
The Policy and Governance Unit is responsible for, but is not limited to, the following:
- Providing policy advice and guidance to SSC’s senior management team on access to information and the protection of personal information
- Developing ATIP policy instruments and tools
- Assisting program officials in conducting privacy impact assessments (PIA) and drafting personal information-sharing agreements
- Preparing and delivering training and awareness sessions throughout SSC
- Coordinating SSC’s annual reporting requirements
- Publishing an updated version of SSC’s Info Source chapter
- Acting as main point of contact with the OIC and the OPC with respect to various audits, reviews, systemic investigations and privacy breaches
The ATIP Division’s administration of the Acts is facilitated at the branch and the directorate level of SSC. There are 10 Liaison Officers at the Assistant-Deputy-Minister-Office level and 59 Liaison Officers at the branch level that coordinate the collection of requested records and information. Also, they provide guidance to branch and directorate managers on the application of the Acts.
SSC was not party to any service agreements under section 73.1 of the Privacy Act and the Access to Information Act during the reporting period.
Highlights of the 2019-20 Statistical Report
The Statistical Report (Annex B) on the administration of the Privacy Act provides a summary of the personal information requests and consultations processed during the 2019-20 reporting period.
Requests Received
SSC received 92 requests submitted under the Privacy Act between April 1, 2019, and March 31, 2020. This total represents a decrease of 18.5% from the previous reporting period. Three requests were carried forward from 2018-19 for a total of 95 requests for the reporting period. Privacy requests received were mainly from SSC employees seeking their own personal file.
The Department processed 92 privacy requests and carried over 3 requests to the next fiscal year. In turn, the ATIP Division experienced a decrease in the number of pages processed at 23,833 pages for the
2019-20 fiscal year. However, there was an increase in pages disclosed from 25% to 28% for the 2019-20 reporting period. SSC achieved a 100% compliance rate by completing all requests within the legislated timeframe.
The ATIP Division monitors turnaround times to process requests each week to ensure timeliness.
Privacy requests – Text version
| Fiscal Year | Received | Processed |
|---|---|---|
| 2019-20 | 92 | 92 |
| 2018-19 | 113 | 115 |
| 2017-18 | 90 | 90 |
| 2016-17 | 111 | 114 |
| 2015-16 | 123 | 120 |
| 2014-15 | 71 | 72 |
Disposition of Requests Completed
At the conclusion of the reporting period, 92 privacy requests were completed while 3 requests were carried over to the next fiscal year. Of these, SSC released records in full in 9 cases (10%) and the Department invoked exemptions in 26 requests (28%). Of the remaining 57 requests (62%), either no records existed or the request was abandoned.
Extensions
Section 15 of the Privacy Act allows the statutory time limits to be extended under certain circumstances, such as: if consultations are required, if translation is needed or if the request is for a large volume of records, and processing it within the original time limit would unreasonably interfere with the operations of the Department.
SSC invoked a total of 12 extensions during the 2019-20 reporting period, which were deemed necessary to search for or through a large volume of records and/or to respond to the higher volume of requests, which interfered with operations.
Completion Time
The Privacy Act sets the timelines for responding to privacy requests. It also allows for extensions in cases where responding to the request requires the review of a large volume of information or extensive consultations with other government institutions or other third parties.
SSC responded to 80 requests (87%) within 30 days or fewer, and a further 10 requests (11%) within 31 to 60 days. The Department completed two requests (2%) within 61 to 120 days.
Completion time – Text version
| Completion time | One to 15 days | Sixteen to 30 days | Thirty-one to 60 days | Sixty-one to 120 days |
|---|---|---|---|---|
| Percentage of requests completed | 62% | 25% | 11% | 2% |
Exemptions
The Privacy Act allows, and in some instances requires, that some personal information be exempted and not released. For example, personal information may be exempted when it relates to law enforcement investigations, another individual besides the requester, or when it is subject to solicitor-client privilege.
The majority of exemptions applied by SSC related to Section 26 which protects personal information. The aforementioned section was applied in 26 instances. Section 22(1)(b) (law enforcement and criminal investigations) was used twice.
Exclusions
The Privacy Act does not apply to information that is already publicly available, such as government publications and material in libraries and museums. It also excludes material such as Cabinet Confidences. The ATIP Division did not apply any exclusions under the Act during the reporting period.
Consultations
During the reporting period, no consultation requests under the Privacy Act were received at SSC from other government departments.
Impact of COVID-19
The ATIP Division was able to adapt quickly to the realities of working from home on a full time basis. The majority of ATIP employees were already set up to work from home in the event of a building closure. Some of our accomplishments during the early stages of COVID-19 included the following:
- adapted all processes in order to continue to respond to requests from the Canadian public
- found solutions for consultations with other government departments, third parties and external third parties
- provided guidance to other institutions on the implementation of ePost
- provided hours of privacy advice to SSC Senior Leaders in relation to COVID-19
- participated in various collaborative working groups in order to address the current COVID-19 realities
The Division was able to achieve these accomplishments while facing many challenges. Listed below are the major challenges faced by the Division and what was done to overcome them:
- Some employees were not set up to work from home when the Division’s physical office space was closed. The Division quickly requested laptops and VPN access for these employees, including students.
- The lack of adequate office equipment at employees’ homes affected their efficiency. Employees were able to enter the building individually and retrieve office equipment and supplies as directed by management.
- Slower network connections, which led to lower productivity. The Division worked with the Information Technology group to increase the speed of the ATIP processing software.
- Mail requests were delayed due to building closures. Mail was retrieved once access was granted.
- All requestors were advised that mailing of responsive records would be delayed as this could only be done once the ATIP Division returns to the office. In order to prevent delays, ePost was used for the majority of requests.
- Decreased productivity due to home-work balance. The Division shifted its priorities to focus primarily on essential tasks and introduced more flexible work schedules.
- Mental health of employees was a concern. The Department provided COVID-19 support sessions to help employees with this challenge. In addition, management and coworkers supported each other during this period.
Complaints, Audits and Investigations
SSC was not subject to any complaints under the Privacy Act during the reporting period. In addition, no audits or investigations involving the Department were conducted by the OPC.
Monitoring Compliance
The Division has implemented various internal procedures to ensure that privacy requests are processed in a timely and efficient manner. For example, meetings are held between ATIP management and analysts on a regular basis to monitor workloads and progress on privacy requests. These meetings provide greater accountability and clarity for the team.
In 2019-20, SSC did not receive any requests to correct personal information under the Privacy Act.
Disclosure of Personal Information Pursuant to Paragraphs 8(2)(e) and 8(2)(m)
Paragraph 8(2)(e) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual where such information is requested in writing by a designated investigative body for law enforcement purposes. During the reporting period, SSC made no disclosures of personal information under this provision.
Paragraph 8(2)(m) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual in cases where, in the opinion of the head, the public interest outweighs any invasion of privacy that could result from the disclosure or when it is clearly in the best interest of the individual to disclose. For the 2019-20 fiscal year, SSC did not disclose any personal information under this paragraph.
Training and Awareness Activities
The ATIP Division is dedicated to fostering a culture of ATIP excellence across SSC. As a result, the Division continues to develop and deliver training and awareness activities aimed at more openness and transparency across the Department.
Mandatory Training
In order to ensure that all SSC employees, regardless of their position or level, are made aware of their responsibilities related to ATIP and that they gain an in-depth understanding of the related best practices and principles, SSC launched, in collaboration with the Canada School of Public Service (CSPS), the online Access to Information and Privacy Fundamentals course (I015) on July 14, 2016. While this course is optional for all federal public service employees through the CSPS website, its completion has been made mandatory for all SSC employees. For this reporting period, 989 SSC employees successfully completed the course. This represents a 28% increase from last fiscal year.
The ATIP Division successfully delivered 25 internal training and awareness sessions to approximately 490 participants, which included SSC executives, managers and employees at all levels. The number of participants who received training this fiscal year increased by 126%. In the previous fiscal year, 217 SSC employees participated in training.
Privacy Breach Training
The Division created a new training in 2019-20, which focused on privacy breaches. The training was delivered to 69 employees.
Bill C-58 Awareness for SSC Executives
Bill C-58 received Royal Assent on June 21, 2019. The bill aims to increase transparency in Government, further contribute to an informed public as well as enhance an open and democratic society. During this reporting period, nine awareness sessions were delivered to 276 executives. These sessions provided an overview of key changes and responsibilities for the Department in regards to Bill C-58. Key changes included: proactive publication, decline to act, order making power to the Information Commissioner and removing all fees except the $5 application fee.
Data Privacy Day
On January 28, 2020, SSC celebrated Data Privacy Day in order to raise awareness and demonstrate the importance of privacy and the protection of personal information in day-to-day activities. SSC’s ATIP Division hosted an information booth to provide privacy-related material and to answer queries from employees. In addition, the ATIP office developed a short quiz for SSC employees to test their knowledge of privacy issues. Also, awareness was disseminated through Twitter and internal communication channels.
Policies, Guidelines, Procedures and Initiatives
To maintain a high standard of excellence and to continuously improve customer services under the Privacy Act, the Department undertook the following initiatives:
- The ATIP Division provides monthly and quarterly reports to SSC branches aimed at helping to increase response times for responsive records. In addition, the Division met with Issues Managers on a weekly basis in order to maintain lines of communication as well as to address emerging issues.
- The Policy and Governance Unit developed internal Top Secret (TS) Standard Operating Procedures in order to consistently apply security measures when receiving TS files
- The Policy and Governance Unit developed a new ATIP 101 training on the application of the Access to Information Act and the Privacy Act to continue to educate all SSC employees on their roles and responsibilities related to ATIP
- A new Privacy Breach Report template was created and made operational to assist SSC employees with the necessary steps to follow when faced with a suspected cases of a privacy breach. Internal procedures were modified in order to capture and retain relevant information.
- The ATIP Division helped update the Project Governance Framework, which now includes mandatory privacy artefacts for project gate approval. This framework captured a privacy-by-design vision at the inception of new SSC initiatives.
- The Policy and Governance Unit worked collaboratively with the Information Management division to increase awareness and training on permission control for GCdocs. This ensured that personal information continues to be properly safeguarded.
- The Policy and Governance Unit developed a Privacy Breach training to continue to educate all SSC employees on their roles and responsibilities related to the safeguarding of personal information
- ATIP completed its ePost onboarding, which allows for the electronic delivery of responsive records to requesters. With the addition of e-signatures for signing correspondence with requesters, SSC’s ATIP Division is now fully digital.
- The Division engaged key internal stakeholders and the ATIP community on legislative and policy changes resulting from Access to Information Act and Privacy Act reform (Bill C-58). A working group was created consisting of key internal partners to modify and update SSC processes to ensure a speedy and consistent implementation of the legislation. In addition, the ATIP Division delivered numerous key training session to senior management and affected groups in order to present changes and impacts Bill C-58 would have on the Department.
- In order to further the knowledge of employees of the ATIP Division, the following training was provided: GCdocs, ATIP processing software, Plain Language, Privacy Impact Assessments, Briefing Notes and a two-day workshop on the Access to Information Act and the Privacy Act
Material Privacy Breaches
A privacy breach refers to the improper or unauthorized access, collection, use, disclosure, retention or disposal of personal information. A material breach involves sensitive personal information that could reasonably be expected to cause serious injury or harm to the individual.
During the reporting period, three material privacy breaches occurred and were reported to the OPC.
- One breach involved an employee accessing unauthorized files
- Two breaches involved inadvertent disclosures of personal information to the wrong individual
In all cases, notification letters were sent out to the affected individuals. The ATIP Division provided recommendations and advice on mitigation measures to departmental staff in order to safeguard personal information. Also, senior officials, including the Chief Privacy Officer were notified of the breaches.
The ATIP Division monitors and documents all privacy breaches reported. The Division also reviews how and where in the Department they occurred in order to provide tailored privacy breach training to specific groups in order to promote awareness and increase prevention.
Privacy Impact Assessments
There were no Privacy Impact Assessments (PIA) completed during the reporting period. However, the Policy and Governance Unit completed 16 Privacy Risk Checklists. This checklist allows us to determine if a PIA is required. It asses new programs and initiatives used at SSC as well as our partners in the collection, use, disclosure, storage and retention period of personal information.
Annex A – Delegation Order
Shared Services Canada
Access to Information Act and Privacy Act Delegation Order
The Minister of Digital Government, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of Shared Services Canada, under the provisions of the acts and related regulations set out in the schedule opposite each position.
This designation replaces all previous delegation orders.
Schedule
| Position | Access to Information Act and Regulations | Privacy Act and Regulations |
|---|---|---|
| 1. President | Full authority | Full authority |
| 2. Executive Vice President | Full authority | Full authority |
| 3. Corporate Secretary and Chief Privacy Officer | Full authority | Full authority |
| 4. Director, Access to Information and Privacy Protection Division | Full authority | Full authority |
| 5. Deputy Directors, Operations and Policy and Governance, Access to Information and Privacy Protection Division | Full authority | Full authority |
Dated, at Ottawa,
this 26th day of June, 2020
The Honourable Joyce Murray
Minister of Digital Government and Head of Shared Services Canada
Annex B – Statistical Report
Statistical Report on the Privacy Act
Name of institution: Shared Services Canada
Reporting period: 2019-04-01 to 2020-03-31
Part 1: Requests under the Privacy Act
| Number of requests | |
|---|---|
| Received during reporting period | 92 |
| Outstanding from previous reporting period | 3 |
| Total | 95 |
| Closed during reporting period | 92 |
| Carried over to next reporting period | 3 |
Part 2: Requests closed during the reporting period
2.1 Disposition and completion time
| Completion time | ||||||||
|---|---|---|---|---|---|---|---|---|
| Disposition of requests | 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
| All disclosed | 3 | 4 | 2 | 0 | 0 | 0 | 0 | 9 |
| Disclosed in part | 0 | 16 | 8 | 2 | 0 | 0 | 0 | 26 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 5 | 2 | 0 | 0 | 0 | 0 | 0 | 7 |
| Request abandoned | 49 | 1 | 0 | 0 | 0 | 0 | 0 | 50 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 57 | 23 | 10 | 2 | 0 | 0 | 0 | 92 |
2.2 Exemptions
| Section | Number of requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 2 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 26 |
| 27 | 0 |
| 28 | 0 |
2.3 Exclusions
| Section | Number of requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
2.4 Format of information released
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| 2 | 33 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| Total | 23,833 | 6,775 | 85 |
2.5.2 Relevant pages processed and disclosed by size of requests
| Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 7 | 138 | 2 | 251 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 8 | 329 | 6 | 736 | 5 | 1,124 | 6 | 2,198 | 1 | 1,999 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 50 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 65 | 467 | 8 | 987 | 5 | 1,124 | 6 | 2,198 | 1 | 1,999 |
2.5.3 Other complexities
| Disposition | Consultation required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 1 | 1 |
| Disclosed in part | 0 | 0 | 0 | 2 | 2 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 1 | 0 | 1 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 3 | 3 |
2.6 Closed requests
2.6.1 Number of requests closed within legislated timelines
| Requests closed within legislated timelines | |
|---|---|
| Number of requests closed within legislated timelines | 92 |
| Percentage of requests closed within legislated timelines (%) | 100 |
2.7 Deemed refusals
2.7.1 Reasons for not meeting legislative timelines
| Number of requests closed past the statutory deadline | Principal reason | |||
|---|---|---|---|---|
| Interference with Operations / Workload | External consultation | Internal consultation | Other | |
| 0 | 0 | 0 | 0 | 0 |
2.7.2 Requests closed beyond legislative timelines (including any extensions taken)
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
2.8 Requests for translation
| Translation requests | English to French | French to English | Total |
|---|---|---|---|
| Accepted | 0 | 0 | 0 |
| Refused | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Part 3: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Part 4: Requests for Correction of Personal Information and Notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Part 5: Extensions
5.1 Reasons for extensions and disposition of requests
| Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 12 | 0 | 12 | 0 | 0 | 0 | 0 | 0 | 0 |
5.2 Length of extensions
| Length of Extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b)Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 12 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | 0 | |||||||
| Total | 0 | 12 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 6: Consultations received from other institutions and organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations | Other government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 0 | 0 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
6.3 Recommendations and completion time for consultations received from other organizations
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7: Completion time for consultations on Cabinet confidences
7.1 Requests with Legal Services
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8: Complaints and Investigations Notices received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 |
Part 9: Privacy Impact Assessments (PIAs)
9.1 Privacy Impact Assessments
| Number of PIAs completed | 0 |
|---|
9.2 Personal Information Banks
| Personal information banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| 6 | 0 | 0 | 0 |
Part 10: Material Privacy Breaches
| Number of material privacy breaches reported to TBS | 3 |
|---|---|
| Number of material privacy breaches reported to OPC | 3 |
Part 11: Resources related to the Privacy Act
11.1 Costs
| Expenditure | Amount | |
|---|---|---|
| Salaries | $458,303 | |
| Overtime | $0 | |
| Goods and services | $21,488 | |
| Professional services contracts | - | |
| Other | $21,488 | - |
| Total | $479,791 | |
11.2 Human Resources
| Resources | Person-years dedicated to privacy activities |
|---|---|
| Full-time employees | 6.00 |
| Part-time and casual employees | 0.75 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 0.00 |
| Students | 1.25 |
| Total | 8.00 |
Page details
- Date modified: