Annual Report to Parliament on the Administration of the Privacy Act – 2021-22
Table of Contents
- Introduction
- Institutional Mandate
- Delegated Authority
- ATIP Division Structure
- Highlights of the 2021-22 Statistical Report
- Complaints, Audits and Investigations
- Monitoring Compliance
- Disclosure of Personal Information Pursuant to Paragraphs 8(2)(e) and 8(2)(m)
- Training and Awareness Activities
- Policies, Guidelines, Procedures and Initiatives
- Material Privacy Breaches
- Privacy Impact Assessments
- Annex A – Delegation Order
- Annex B – Statistical Report
Introduction
The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. It establishes the rules for the collection, use, disclosure, retention and disposal of such information. It also provides individuals with a right to be given access to, and to request a correction of, their personal information.
Shared Services Canada (SSC) is pleased to submit to Parliament its eleventh Annual Report on the Administration of the Privacy Act. This report is prepared and tabled in Parliament in accordance with section 72 of the Privacy Act. It covers the period from April 1, 2021, to March 31, 2022.
Institutional Mandate
SSC was created in 2011 to transform how the Government of Canada manages and secures its information technology (IT) infrastructure.
SSC supports the Government of Canada's digital vision to expand and improve the scope of digital service capacity, accelerate the pace of digital modernization, and strengthen the ongoing support for digital tools, systems and networks government wide.
In carrying out its mandate, SSC is supporting the Digital Operations Strategic Plan: 2018-2022 and the Government of Canada Cloud Adoption Strategy, as well as working in partnership with public- and private-sector stakeholders, implementing enterprise-wide approaches for managing IT infrastructure services, and employing effective and efficient business management processes.
Delegated Authority
The Minister of Public Services and Procurement is responsible for handling requests submitted under the Privacy Act. Pursuant to section 73(1) of the Act, the Minister has delegated full powers, duties and functions to members of the Department’s senior management, including the Director and the Deputy Directors of the Access to Information and Privacy (ATIP) Protection division, hereafter referred to as the ATIP division (refer to Annex A).
ATIP Division Structure
The ATIP division is part of the Corporate Secretariat, which is overseen by the Director General, Corporate Secretary and Chief Privacy Officer, situated within the Strategy and Engagement Branch (SEB).
The division administers the Access to Information Act and the Privacy Act, led by a Director who acts as the ATIP Coordinator for the Department. Two units carry out the work under 2 Deputy Directors, each leading either the Operations Unit or the Policy and Governance Unit. While an average of 24 person-years were dedicated to the ATIP program, 7 person-years were dedicated to the administration of the Privacy Act. These person-years include full time equivalents and students.
The Operations Unit is responsible for processing requests under the Access to Information Act and the Privacy Act. This includes, but is not limited to the following:
- Liaising with subject-matter experts within SSC.
- Performing line-by-line reviews of records requested and conducting external consultations as required to balance the public's right of access and the government's need to safeguard certain information in limited and specific cases.
- Providing briefings to senior management as required on matters relating to requests and institutional performance.
- Acting as the main point of contact with the Office of the Information Commissioner (OIC) and the Office of the Privacy Commissioner (OPC) with respect to the resolution of complaints related to requests under both Acts.
The Policy and Governance (P&G) Unit is responsible for, but is not limited to, the following:
- Providing policy advice and guidance to SSC’s senior management team on access to information and the protection of personal information.
- Developing ATIP policy instruments and tools.
- Assisting program officials in conducting privacy impact assessments (PIA) and drafting personal information-sharing agreements.
- Preparing and delivering training and awareness sessions throughout SSC.
- Coordinating SSC's annual reporting requirements.
- Publishing an updated version of SSC's Info Source chapter.
- Acting as the main point of contact with the OIC and the OPC with respect to various audits, reviews, systemic investigations and privacy breaches.
The ATIP division’s administration of the Acts is facilitated at the branch and the directorate level of SSC. The administration of the Act would not be possible without the large number of SSC employees across the department who identify and review information to respond to requests.
SSC was not party to any service agreements under section 73.1 of the Privacy Act and the Access to Information Act during the reporting period.
Highlights of the 2021–22 Statistical Report
The Statistical Report (Annex B) on the administration of the Privacy Act provides a summary of the personal information requests and consultations processed during the 2021–22 reporting period.
Requests Received
SSC received 56 requests submitted under the Privacy Act between April 1, 2021, and March 31, 2022. This total represents a decrease of 5% from the previous reporting period. Two requests were carried forward from 2020–21 for a total of 58 requests for the reporting period. Privacy requests received were mainly from SSC employees seeking their own personnel file.
SSC processed 47 privacy requests and carried over 11 requests to the next reporting period:
- Seven carried over requests received in the 2021-22 reporting period are within the legislated timeline and four requests are beyond the legislated timeline.
The ATIP division experienced a slight decrease in the number of pages processed at 36,805 pages for the 2021–2022 reporting period. There was also a 50% decrease in pages disclosed from the 2020–2021 reporting period.
It is important to note that SSC achieved a compliance rate of 95.7%. Although a slight decrease from the previous report’s 98.3%, SSC is above the community average. The ATIP division continues to ensure it monitors its turnaround times in processing requests on a regular basis, as well as tracks the timeliness of their completion.
The Policy and Governance Unit closed 98 Privacy Advice (PA) files during the reporting period. PA files consist of privacy advice that was provided to program areas, employees and other government departments. The advice was provided on various types of initiatives such as: the vaccination policy, surveys, disclosures and procedures. The Unit experienced a 37% decrease from the previous reporting period. The decrease in privacy advice pieces from the 2020-21 reporting period was related to being the first year of the pandemic, SSC experience a surge in advice given on new platforms and initiatives being implemented in response to the pandemic. During the 2021-22 reporting period, the P&G Unit also performed preliminary privacy risk checklist on 33 initiatives and worked on 3 Privacy Impact Assessments which are still ongoing.
Privacy requests – Text version
| Fiscal Year | Received | Processed |
|---|---|---|
| 2021-22 | 56 | 47 |
| 2020-21 | 59 | 60 |
| 2019-20 | 92 | 92 |
| 2018-19 | 113 | 115 |
| 2017-18 | 90 | 90 |
Disposition of Requests Completed
Of the 47 privacy requests completed, SSC released records in full in 5 case (11%) and the Department invoked exemptions in 9 requests (19%). Of the remaining 33 requests (70%), either no records existed or the request was abandoned. While the number of privacy requests decreased by 3 from the previous reporting period, the division observed an influx of files with higher complexity, related to vaccination mandates amongst other things, which required numerous consultations with the Department of Justice of Canada.
SSC does not have any active carried over requests from previous reporting periods for privacy files. However, there are 2 requests carried over to the next reporting period.
Extensions
Section 15 of the Privacy Act allows the statutory time limits to be extended under certain circumstances, such as when consultations are required, if translation is needed, or if the request is for a large volume of records, and processing it within the original time limit would unreasonably interfere with the operations of the Department. SSC invoked a total of 8 extensions during the 2021–2022 reporting period, which were deemed necessary to search for, or through a large volume of records and/or to respond to the higher volume of requests. In some instances, the extensions were deemed necessary for consultations such as legal services.
Completion Time
The Privacy Act sets the timelines for responding to privacy requests. It also allows for extensions in cases where responding to the request requires the review of a large volume of information or extensive consultations with other government institutions or other third parties.
SSC responded to 39 requests (83%) within 30 days or fewer, and a further 5 requests (11%) within 31 to 60 days. The Department completed 3 requests (1%) within 61 to 120 days.
Completion Time – Text version
| Completion time | One to 30 days | Thirty-one to 60 days | Sixty-one to 120 days |
|---|---|---|---|
| Percentage of requests completed | 83% | 11% | 6% |
Exemptions
The Privacy Act allows, and in some instances requires, that some personal information be exempted and not released. For example, personal information may be exempted when it relates to law enforcement investigations, another individual besides the requester, or when it is subject to solicitor client privilege.
The majority of exemptions applied by SSC related to section 26 which protects personal information. The aforementioned section was applied in 8 instances. Section 22(1)(b) (law enforcement and criminal investigations) was used in 6 instances.
Exclusions
The Privacy Act does not apply to information that is already publicly available, such as government publications and material in libraries and museums. It also excludes material such as Cabinet Confidences. The ATIP division did not apply any exclusions under the Act during the reporting period.
Consultations
During the reporting period, no consultation requests under the Privacy Act were received at SSC from other government departments.
Internal Consultations
Branches within SSC will send documents to the ATIP Division to be reviewed in the spirit of the Act. These documents are typically complex in nature and can vary from labour relations documents, audit reports, documents to be proactively disclosed, to consultations related to internal vaccinations policies. During the 2021-22 reporting period, SSC received 24 internal consultations and reviewed a total of roughly 3,250 pages.
Impact of COVID-19
The ATIP division continued working a full-time basis during the pandemic. Some of our accomplishments during the second year of the pandemic included the following:
- Remained operational throughout the second year of the pandemic with the exception of the processing of Secret and Top Secret records. The office encountered no late files due to this constraint.
- Adapted and improved on all processes to continue to respond to requests from the Canadian public.
- Continued to provide extensive privacy advice to SSC senior leaders in relation to COVID-19.
- Continued to participate in various collaborative working groups to address the current COVID-19 realities.
The ATIP division was able to achieve these accomplishments while facing many challenges. Listed below are some of the major challenges faced by the Division, and what was done to overcome them:
- Due to supply chain issues, newly onboarded employees faced delays in receiving IT equipment.
- SSC ATIP continued to use ePost to provide requesters with their response packages to their requests. However some requesters ex: those with limited access to internet) are less accustomed to electronic services and still need to use more traditional ways to obtain their response package, which takes more time for employees to finalize.
- Secret and Top Secret records must flow through the secure network that is only accessible at certain areas in the office, therefore, processing records above Protected B is still challenging. SSC is working on upgrading its infrastructure to manipulate records more easily with a Secret security classification.
Complaints, Audits and Investigations
SSC was not subject to any complaints under the Privacy Act during the reporting period. There are no outstanding complaints from the previous reporting period. In addition, there were no audits involving the Department conducted by the OPC. SSC received 4 notices of investigation from the OPC pursuant to section 31 of the Privacy Act.
Monitoring Compliance
The division has implemented various internal procedures to ensure that privacy requests are processed in a timely and efficient manner. For example, meetings are held between ATIP management and analysts on a regular basis to monitor workloads and progress on privacy requests. These meetings provide greater accountability and clarity for the team.
In 2021–2022, SSC did not receive any requests to correct personal information under the Privacy Act.
Disclosure of Personal Information Pursuant to Paragraphs 8(2)(e) and 8(2)(m)
Paragraph 8(2)(e) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual where such information is requested in writing by a designated investigative body for law enforcement purposes. During the reporting period, SSC made 1 disclosure of personal information under this provision.
Paragraph 8(2)(m) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual in cases where, in the opinion of the head of the institution, the public interest outweighs any invasion of privacy that could result from the disclosure or when it is clearly in the best interest of the individual to disclose. For the 2021–2022 reporting period, SSC did not disclose any personal information under this paragraph.
Training and Awareness Activities
The ATIP division is dedicated to fostering a culture of ATIP excellence across SSC. As a result, the division continues to develop and deliver training and awareness activities aimed at more openness and transparency throughout the Department.
Mandatory Training
In order to ensure that all SSC employees, regardless of their position or level, are made aware of their responsibilities related to ATIP and that they gain an in-depth understanding of the related best practices and principles, SSC launched, in collaboration with the Canada School of Public Service, the online Access to Information and Privacy Fundamentals course (I015) on July 14, 2016. While this course is optional for all federal Public Service employees through the Canada School of Public Service website, its completion has been made mandatory for all SSC employees. For this reporting period, 1069 SSC employees successfully completed the course. This represents a 13% increase from the previous reporting period where 945 SSC employees completed the course.
ATIP 101 Internal Training
In order to maintain our training and awareness practices, the ATIP division continued to adapt their training from in-person to online. The trainers successfully delivered 10 internal training and awareness sessions to approximately 269 participants, which included SSC executives, managers and employees at all levels. The number of participants who received training this reporting period increased by 8%. In the previous reporting period, 247 SSC employees participated in training.
Tasking Request Training
The ATIP Policy and Governance Unit developed a Tasking Request training in the previous reporting period which focuses on how to respond to a request by an office of primary interest. The purpose of this training is to educate all SSC employees on their roles and responsibilities related to ATIP requests. The trainers successfully delivered 4 internal training and awareness sessions to approximately 18 participants in the 2021-22 reporting period.
Privacy Training
The division delivered 12 Privacy Breach training sessions over the course of 2021–2022. A total of 146 employees attended this course.
PIA Training
In order for program areas to understand the Privacy Impact Assessment process, the ATIP Policy and Governance Unit developed a Privacy Impact Assessment (PIA) training. One PIA training session was delivered over the course of the 2021-22 reporting period. A total of 16 employees attended this course.
Biweekly Learning Sessions
The SSC ATIP Division takes innovation very seriously and a key focal point in which the Division focuses on is the personal development of its employees. The ATIP Division has established biweekly learning sessions where a variety of topics are discussed. Examples of the topics included but is not limited to: reviewing Sections 23 and 69 of the ATIA, career development and mental health.
Data Privacy Day
On January 28, 2022, SSC celebrated Data Privacy Day to raise awareness and demonstrate the importance of privacy and the protection of personal information in day-to-day activities. SSC’s ATIP division developed a pledge and communiqués, published content on social media by senior leaders and promoted Privacy training through SSC’s internal communication network. Awareness was disseminated through Twitter, LinkedIn and SSC’s internal communication channels.
Policies, Guidelines, Procedures and Initiatives
To maintain a high standard of excellence and to continually improve customer services under the Privacy Act, the Department undertook the following initiatives:
- The Policy and Governance Unit provided responses to 98 requests for privacy advice to branches and other government departments. These included privacy advice on MS365 tools, various privacy notice statements and the general strengthening of our privacy posture.
- The Policy and Governance Unit participated in discussions and collaborated with other branches when developing their vaccination policies and procedures. The Unit’s role in these discussions was to provide guidance and support from a privacy perspective.
- To help program areas acquire a better understanding of privacy requirements and risks, the Policy and Governance Unit developed a new templates for PIAs, a Privacy Risk Checklists (a preliminary assessment to determine if a PIA is required) and a Privacy Protocol for the use of personal information for non-administrative purposes.
- During the 2021-22 reporting period, the Policy and Governance Unit obtained Information Sharing Agreement (ISA) templates and participated in the ISA process for the NextGen initiative.
- The ATIP division continued to work in collaboration with TBS toward being an early adopter for the TBS‑led next-generation ATIP Request Processing Software Solution. This next-generation software will propel the division forward in order to better address current and future ATIP challenges.
Material Privacy Breaches
A privacy breach refers to the improper or unauthorized access, collection, use, disclosure, retention or disposal of personal information. A material breach involves sensitive personal information that could reasonably be expected to cause serious injury or harm to the individual.
During the reporting period, one material privacy breach occurred and was reported to the OPC.
- The breach involved an employee accessing unauthorized files.
In this case, notification letters were sent out to the affected individuals. The ATIP Division provided recommendations and advice on mitigation measures to departmental staff in order to safeguard personal information. Both the Office of the Privacy Commissioner and Treasury Board Secretariat were notified of the breach. In addition, SSC senior officials, including the Chief Privacy Officer, were notified of the breach during various stages of the investigation.
SSC also provided support in the investigation process of a multi-departmental material privacy breach that occurred in August of 2020. The breach was reported when many GC departments that use GC Key suffered a credential stuffing attack. While no breaches occurred within SSC, the department played an important role in providing support to the departments in implementing the GC Keys infrastructure. SSC was therefor tasked by the OPC to release all records related to the GC Key breach for the purpose of the investigation in May of 2021. SSC produced nearly 28,000 pages of records which was vetted by the Policy and Governance Unit and disclosed to the OPC.
The ATIP division monitors and documents all privacy breaches reported. The division also reviews how and where in the Department they occurred in order to provide tailored privacy breach training to specific groups to promote awareness and increase prevention.
Privacy Impact Assessments
One PIA (Digital Communications and Collaboration (DCC)) was completed during the 2020-21 reporting period but officially signed at the President-level on April 30, 2021. Due to the significant importance of this PIA for the ATIP community it was included in the previous annual report. For ease of reference we are including the link for a second year: Privacy Impact Assessment Summary of the Digital Communications and Collaboration (DCC) Service - Canada.ca
Throughout the 2021-22 reporting period, SSC’s ATIP division also shared the DCC (M365) PIA to 27departments. SSC anticipates this collaboration and sharing of the DCC PIA to continue in high demand for the next reporting period. 3 PIAs were at various stages of the approval process at the end of the 2021–2022 reporting period, they will be reflected on future reports. The Policy and Governance Unit also completed 33 Privacy Risk Checklists. This checklist allows the team to determine if a PIA is required. It assesses new programs and initiatives used at SSC, as well as SSC’s partners, in the collection, use, disclosure, storage and retention period of personal information. There was a 26% decrease in Privacy Risk Checklists this reporting period compared to 2020-21. The decrease could be explained by a restructuring of the Security Management and Governance group who is in charge of assessing Enterprise wide initiatives.
Annex A – Delegation Order
Shared Services Canada
Access to Information Act and Privacy Act Delegation Order
The Minister of Public Services and Procurement, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of Shared Services Canada, under the provisions of the acts and related regulations set out in the schedule opposite each position.
This designation replaces all previous delegation orders.
Schedule
| Position | Access to Information Act and Regulations | Privacy Act and Regulations |
|---|---|---|
| 1. President | Full authority | Full authority |
| 2. Executive Vice President | Full authority | Full authority |
| 3. Assistant Deputy Minister, Strategy and Engagement Branch | Full authority | Full authority |
| 4. Corporate Secretary and Chief Privacy Officer | Full authority | Full authority |
| 5. Director, Access to Information and Privacy Protection Division | Full authority | Full authority |
| 6. Deputy Directors, Operations and Policy and Governance, Access to Information and Privacy Protection Division | Full authority | Full authority |
Dated, at Ottawa,
this 11th day of February, 2022
The Honourable Filomena Tassi
Minister of Public Services and Procurement and Head of Shared Services Canada
Annex B – Statistical Report
Statistical Report on the Privacy Act
Name of institution: Shared Services Canada
Reporting period: 2021-04-01 to 2022-03-31
Part 1: Requests under the Privacy Act
1.1 Number of Requests Received
| Number of requests | ||
|---|---|---|
| Received during reporting period | 56 | |
| Outstanding from previous reporting period | 2 | |
| Outstanding from previous reporting period | 2 | |
| Outstanding from more than one reporting period | 0 | |
| Total | 58 | |
| Closed during reporting period | 47 | |
| Carried over to next reporting period | 11 | |
| Carried over within legislated timeline | 7 | |
| Carried over beyond legislated timeline | 4 | |
1.2 Channels of Requests
| Source | Number of requests |
|---|---|
| Online | 52 |
| 4 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 56 |
Part 2: Informal requests for information
2.1 Number of Informal Requests
| Number of requests | ||
|---|---|---|
| Received during reporting period | 0 | |
| Outstanding from previous reporting period | 0 | |
| Outstanding from previous reporting period | 0 | |
| Outstanding from more than one reporting period | 0 | |
| Total | 0 | |
| Closed during reporting period | 0 | |
| Carried over to next reporting period | 0 | |
2.2 Channels of Informal Requests
| Source | Number of requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
2.3 Completion Time of Informal Requests
| Completion time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.4 Pages Released Informally
Part 3: Requests closed during the reporting period
3.1 Disposition and Completion Time
| Less than 100 pages released | 101-500 pages released | 501-1000 pages released | 1001-5000 pages released | More than 5000 pages released | |||||
|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 5 |
| Disclosed in part | 1 | 0 | 5 | 3 | 0 | 0 | 0 | 9 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 28 | 0 | 0 | 0 | 0 | 0 | 0 | 28 |
| Request abandoned | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 5 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 39 | 0 | 5 | 3 | 0 | 0 | 0 | 47 |
3.2 Exemptions
| Section | Number of requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 6 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 8 |
| 27 | 2 |
| 28 | 0 |
3.3 Exclusions
| Section | Number of requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
3.4 Format of information released
| Paper | Electronic | Other formats | |||
|---|---|---|---|---|---|
| E-record | Data Set | Video | Audio | ||
| 0 | 14 | 0 | 0 | 0 | 0 |
3.5 Complexity
3.5.1 Relevant Pages Processed and Disclosed for Paper and e-Record Formats
| Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|
| 36805 | 2969 | 19 |
3.5.2 Relevant Pages Processed by Request Disposition for Paper and e-Record Formats by Size of Requests
| Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 5 | 94 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 69 | 1 | 344 | 1 | 856 | 5 | 13,295 | 1 | 22,147 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 11 | 163 | 1 | 344 | 1 | 856 | 5 | 13,295 | 1 | 22,147 |
3.5.3 Relevant Pages Processed and Disclosed for Audio Formats
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 0.000 | 0.000 | 0 |
3.5.4 Relevant Pages Processed per Request Disposition for Audio Formats by Size of Requests
| Disposition | Less than 60 minutes processed | 61-120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes Processed | Number of requests | Minutes Processed | Number of requests | Minutes Processed | |
| All disclosed | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Disclosed in part | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| All exempted | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| All excluded | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Request abandoned | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Neither confirmed nor denied | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Total | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
3.5.4 Relevant Pages Processed and Disclosed for Video Formats
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 0.000 | 0.000 | 0 |
3.5.5 Relevant Pages Processed per Request Disposition for Video Formats by Size of Requests
| Disposition | Less than 60 minutes processed | 61-120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes Processed | Number of requests | Minutes Processed | Number of requests | Minutes Processed | |
| All disclosed | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Disclosed in part | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| All exempted | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| All excluded | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Request abandoned | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Neither confirmed nor denied | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
| Total | 0 | 0.000 | 0 | 0.000 | 0 | 0.000 |
3.5.7 Other Complexities
| Disposition | Consultation required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 0 | 3 | 0 | 5 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 0 | 3 | 0 | 5 |
3.6 Closed requests
3.6.1 Number of requests closed within legislated timelines
| Requests closed within legislated timelines | |
|---|---|
| Number of requests closed within legislated timelines | 45 |
| Percentage (%) of requests closed within legislated timelines | 95.7 |
3.7 Deemed refusals
3.7.1 Reasons for not meeting legislative timelines
| Number of requests closed past the statutory deadline | Principal reason | |||
|---|---|---|---|---|
| Interference with Operations / Workload | External consultation | Internal consultation | Other | |
| 2 | 2 | 0 | 0 | 0 |
3.7.2 Requests closed beyond legislative timelines (including any extensions taken)
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 2 | 2 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 2 | 2 |
3.8 Requests for translation
| Translation requests | English to French | French to English | Total |
|---|---|---|---|
| Accepted | 0 | 0 | 0 |
| Refused | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Part 4: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 1 | 0 | 0 | 1 |
Part 5: Requests for Correction of Personal Information and Notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Part 6: Extensions
6.1 Reasons for extensions and disposition of requests
| Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 8 | 0 | 6 | 0 | 0 | 0 | 2 | 0 | 0 |
6.2 Length of extensions
| Length of Extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b)Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 6 | 0 | 0 | 0 | 2 | 0 | 0 |
| 31 days or greater | 0 | |||||||
| Total | 0 | 6 | 0 | 0 | 0 | 2 | 0 | 0 |
Part 7: Consultations received from other institutions and organizations
7.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations | Other government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 0 | 0 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.3 Recommendations and completion time for consultations received from other organizations
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8: Completion time for consultations on Cabinet confidences
8.1 Requests with Legal Services
| Number of Days | 100 Pages or Less Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8.2 Requests with the Privy Council Office
| Number of Days | 100 Pages or Less Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 9: Complaints and Investigations Notices received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 |
Part 10: Privacy Impact Assessments
10.1 Privacy Impact Assessments
| Number of PIAs completed | 1 |
|---|---|
| Number of PIAs modified | 0 |
10.2 Institution-Specific and Central Personal Information Banks
| Personal information banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution-Specific | 6 | 1 | 0 | 0 |
| Central | 0 | 0 | 0 | 0 |
| Total | 6 | 1 | 0 | 0 |
Part 11: Material Privacy Breaches
11.1 Material Privacy Breaches Reported
| Number of material privacy breaches reported to TBS | 1 |
|---|---|
| Number of material privacy breaches reported to OPC | 1 |
11.2 Non-Material Privacy Breaches
| Number of non-material privacy breaches | 25 |
|---|
Part 12: Resources related to the Privacy Act
12.1 Allocated Costs
| Expenditure | Amount | |
|---|---|---|
| Salaries | $570,913 | |
| Overtime | $0 | |
| Goods and services | $39,604 | |
| Professional services contracts | $0 | - |
| Other | $39,604 | - |
| Total | $610,517 | |
12.2 Human Resources
| Resources | Person-years dedicated to privacy activities |
|---|---|
| Full-time employees | 6.667 |
| Part-time and casual employees | 0.438 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 0.000 |
| Students | 0.208 |
| Total | 7.313 |
Note: Enter values to three decimal places.
Page details
- Date modified: