Annual Report to Parliament on the Administration of the Privacy Act – 2023-24
Table of contents
- Introduction
- Institutional mandate
- Delegated authority
- Organizational structure
- Performance 2023–24
- Requests received
- Completion time
- Exemptions
- Exclusions
- Consultations
- Internal consultations
- Challenges
- Complaints, audits and investigations
- Monitoring compliance
- Public interest disclosure
- Training and awareness
- Mandatory training
- ATIP internal training
- Mentoring
- Right to Know Week
- Data Privacy Day
- Policies, guidelines and procedures
- Initiatives and projects to improve privacy
- Summary of key issues and actions taken on complaints
- Material privacy breaches
- Privacy impact assessments
- Annex A—Delegation Order
- Annex B—Statistical report
Introduction
The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. It establishes the rules for the collection, use, disclosure, retention and disposal of such information. It also provides individuals with a right to be given access to, and to request a correction of, their personal information.
Shared Services Canada (SSC) is pleased to submit to Parliament its 2023-24 Annual Report on the Administration of the Privacy Act. This report is prepared and tabled in Parliament in accordance with section 72 of the PA. It covers the period from April 1, 2023, to March 31, 2024.
Institutional Mandate
SSC was created in 2011, to transform how the government manages and secures its information technology (IT) infrastructure.
SSC plays a key role in the government’s ability to deliver digital programs and services that improve the lives of Canadians, their families and communities.
SSC works in partnership with key public-sector and private-sector stakeholders to implement enterprise-wide approaches for managing IT infrastructure services and employ effective and efficient business management processes. Maintaining strong customer relationships and service management is essential to the successful delivery of SSC’s mandate.
Delegated Authority
The Minister of Public Services and Procurement is responsible for handling requests submitted under the PA. Pursuant to subsection 73(1) of the PA, the Minister has delegated full powers, duties and functions to members of the Department’s senior management, including the Director and the Deputy Directors of the Access to Information and Privacy (ATIP) Division, hereafter referred to as the ATIP Division (refer to Annex A).
Organizational structure
The ATIP Division is part of the Corporate Secretariat, which is overseen by the Director General, Corporate Secretariat and Chief Privacy Officer, situated within the Strategy and Engagement Branch (SEB).
The Division oversees the administration of the Access to Information Act (ATIA) and the PA, led by a Director serving as the Department’s ATIP coordinator. The Division’s work is performed through three units, each headed by a deputy director: the Operations Unit, the Special Projects Unit, and the Policy and Governance Unit. While an average of 24 person-years was dedicated to the ATIP program, 5.7 person-years, including 1.7 person-years located in the regions, was dedicated to the administration of the PA. Theses person-years include full-time equivalents, casual employees and students.
The Operations Unit is responsible for processing requests under both acts. Its duties include, but are not limited to, the following tasks:
- Performing line-by-line reviews of records requested and conducting external consultations as required to balance the public’s right of access and the government’s need to safeguard certain information in limited and specific cases.
- Liaising with subject-matter experts within SSC.
- Making recommendations on records that are disclosed proactively by the Department.
- Providing briefings to senior management as required on matters relating to requests and institutional performance.
- Acting as the main point of contact with the Office of the Information Commissioner (OIC) and the Office of the Privacy Commissioner (OPC) with respect to the resolution of complaints related to requests under both acts.
The Special Projects Unit oversees the creation and implementation of advanced technological solutions aimed at improving the ATIP process. Its responsibilities include, but are not limited to, the following:
- Exploring and harnessing new technologies and methodologies to create efficiencies in the ATIP process through better information management and automation.
- Taking training on new technologies and methodologies to remain at the forefront of advancements in information management and automation.
- Briefing senior management on the deployment, progress and impact of new technologies within the ATIP Division to ensure informed decision-making.
- Maintaining a comprehensive knowledge base of all implemented technologies, including troubleshooting guides, best practices and user manuals.
- Providing support and monitoring performance for technologies used in the ATIP Division.
- Engaging in strategic planning and execution of projects.
- Sharing with other departments and agencies the innovations introduced at SSC that have streamlined the ATIP processes.
The Policy and Governance Unit role is to provide strategic counsel and guidance on access to information and the protection of personal information to senior management. The scope of their responsibilities includes, but is not limited to, the following areas:
- Developing ATIP policy instruments and tools.
- Supporting program officials with privacy evaluations, which includes, Privacy Risk Checklist (PRC), Privacy Impact Assessments (PIA) and drafting personal information-sharing agreements.
- Preparing and delivering training and awareness sessions throughout the Department.
- Coordinating SSC’s annual reporting requirements.
- Publishing an updated version of SSC’s Info Source chapter.
- Acting as the main point of contact with the OIC and OPC with respect to various audits, reviews, systemic investigations and privacy breaches.
- Managing different levels of privacy breaches by conducting regular privacy training sessions, and promptly addressing any breaches to ensure the protection of sensitive information.
- The ATIP Division's execution of the acts benefits from the collaboration with subject matter experts across the Department, as employees are vital in quickly gathering records that needs to be reviewed.
Performance 2023–24
The Statistical Report (Annex B) on the administration of the PA provides a summary of the personal information requests and consultations processed during the 2023-24 reporting period.
Last year, SSC was not a party to any service agreements under section 73.1 of the PA.
Requests received
In 2023-24, SSC received 101 requests under the PA, which represents a 55 percent increase from the previous year. SSC successfully closed a total of 103 requests and carried over 2 requests to the next reporting period. These figures highlight SSC’s efficiency in processing and addressing these requests within the given period.
The rise in misdirected privacy requests, which went up to 62 this year from 39 last year, is partially due to improved tracking that more accurately represent the effort invested in managing emails and letters mistakenly sent to SSC. The similarity between the names of SSC and Service Canada often leads to SSC receiving requests that are meant for Service Canada.
In 2023-24, the ATIP Division experienced a slight decrease in the volume of pages processed, with a total of 35,509 pages, representing a 4 percent decrease from the previous year. SSC achieved 100 percent compliance rate, which is an increase from the 91.6 percent reported previously and exceeds the community average.
The ATIP Division continues to ensure it monitors its turnaround times in processing requests on a regular basis, and tracks the timeliness of their completion.
The Division completed 71 privacy advice rationales. These files consist of privacy advice that was provided to program areas, employees, management, and other departments on a range of initiatives, such as surveys, privacy questions, hybrid work, disclosures and procedural matters. The advent of new technologies has led to a heightened demand for the Privacy Unit’s expertise, resulting in an 18 percent rise in solicitations compared to last year.
Privacy requests – Text version
| Fiscal Year | Received | Processed |
|---|---|---|
| 2023-24 | 101 | 103 |
| 2022-23 | 65 | 72 |
| 2021-22 | 56 | 47 |
| 2020-21 | 59 | 60 |
| 2019-20 | 92 | 92 |
| 2018-19 | 113 | 115 |
| 2017-18 | 90 | 90 |
Completion Time
Section 15 of the PA allows the statutory time limits to be extended under certain circumstances, such as when consultations are required, if translation is needed or if the request is for a large volume of records and processing it within the original time limit would unreasonably interfere with the operations of the Department. In 2023-24, SSC used a total of 17 extensions. These extensions were invoked to provide sufficient processing time due to the increased volume of records.
Of the 103 privacy requests completed, SSC released records in full in 4 cases (3 percent). The Division noticed requests of increased complexity, such as grievance and labour relations cases that required detailed analysis. Furthermore, in the increasingly digital environment, a request can generate thousands of pages of records due to the large numbers of emails and other electronic documents.
Specifically, 11 requests generated more than 1,000 pages of records each, including 1 request of 6,800 pages. 39 percent of requests with records involved a large volume of pages. The Department invoked exemptions in 24 requests (23 percent). Of the remaining 79 requests (77 percent), either no records existed, or the request was abandoned. SSC has 2 active carried-over requests from 2022-23.
SSC responded to:
- 89 requests (86 percent) within 30 days
- 13 requests (13 percent) within 31 to 60 days
- 1 requestFootnote 1 (1 percent) within 61 to 120 days
Completion Time – Text version
| Completion time | 30 days or less | 31 to 60 days | 61 to 120 days |
|---|---|---|---|
| Percentage of requests completed | 86% | 13% | 1% |
Exemptions
The PA stipulates situations in which personal information is not subject to disclosure, and instances where its release is expressly forbidden. For instance, exemptions may apply to law enforcement investigations, information concerning individuals other than the requester, or information subject to solicitor-client privilege.
The majority of exemptions invoked by SSC related to:
- Section 26, safeguarding personal information: applied in 24 instances
- Paragraph 22(1)(b), refers to law enforcement and criminal investigations: applied in 2 instances
- Section 27, covering information under to solicitor-client privilege or the professional secrecy: applied in 2 instances
Exclusions
The PA does not apply to information that is already publicly available, such as government publications and material in libraries and museums. It also excludes material such as Cabinet Confidences. The ATIP Division did not apply any exclusions during the reporting period
Consultations
No consultation requests under the PA were received from other departments.
Internal consultations
Branches within SSC forward documents to the ATIP Division for review in accordance with the principles of the PA. SSC completed 39 internal consultations and reviewed a total of 5,353 pages. This represents an increase of 11 percent for completed requests and a substantial increase of 159 percent in pages reviewed. Furthermore, SSC was tasked to provide records to parliamentary committees throughout the year, which resulted in an increase in review required by the ATIP Division.
Challenges
The ATIP Division was able to effectively provide services to Canadians despite facing numerous challenges. Listed below are some of the obstacles faced by the Division, and how they were overcome:
- Secret records must flow through the secure network, which is only accessible at certain areas in the office. Therefore, SSC is working on upgrading its infrastructure to handle records with a secret security classification easily.
- The Division is facing issues recruiting employees. To address this, ATIP is exploring various innovative approaches, including participating in the Treasury Board Secretariat (TBS) recruitment campaigns specifically tailored for the ATIP community.
- The high volume of requests pertaining to the same two branches makes it challenging to provide records within the allotted time frame of five business days.
- Like many in the ATIP community, SSC began the year with a backlog of requests. By adopting new technologies and innovative approaches, the ATIP Division reallocated resources to reduce the backlog, thus ensuring that requesters received timely responses.
- The Division has encountered certain challenges with the rollout and utilization of the new ATIP processing software and is working closely with the company to address these issues.
- Due to new technologies with far-reaching privacy implications, increasingly complex privacy evaluations required the reallocation of resources to assess the privacy implications of these emerging technologies and initiatives.
Complaints, audits and investigations
SSC was not subject to complaints under section 35 of the PA during the reporting period. There are no outstanding complaints from the previous year. There were also no audits involving the Department conducted by the OPC. Additionally, SSC did not receive any notices of investigation from the OPC pursuant to section 31 of the PA.
Monitoring compliance
The Division implemented various internal procedures to ensure that privacy requests are processed in a timely and efficient manner. For example, the team monitors workloads and progress on privacy requests. This provided for adjustment as needed.
In 2023-24, SSC did not receive any requests to correct personal information under the PA.
Public interest disclosure
Paragraph 8(2)(e) of the PA allows the head of the institution to disclose personal information without the consent of the affected individual to an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed. In 2023-24, SSC made a single disclosure of personal information under this specific exception.
Training and awareness
The Division is dedicated to fostering a culture of ATIP excellence across SSC. As a result, the Division continues to develop and deliver training and awareness activities aimed at more openness and transparency throughout the Department. ATIP employees participated in many training sessions and conferences to broaden the knowledge of the entire Division. This year, the OPC met with all of the ATIP employees to provide insight into the PIA process and implications.
Mandatory training
In order to ensure that all SSC employees, regardless of their position or level, are made aware of their responsibilities related to ATIP and that they gain an in-depth understanding of the related best practices and principles, SSC launched, in collaboration with the Canada School of Public Service, the online Access to Information and Privacy Fundamentals course (I015) on July 14, 2016. While this course is optional for all federal public service employees through the Canada School of Public Service website, its completion has been made mandatory for all SSC employees. For this reporting period, 1,590 employees successfully completed the course. This represents a 16 percent increase from the previous reporting period where 1,367 employees completed the course.
ATIP internal training
The ATIP 101 training saw a decrease in participation, which could potentially be tied to some branches' reliance on pre-recorded sessions to onboard new employees. The Division promotes training in several ways internally and delivers it when participants sign up for specific sessions. The ATIP Division endeavours to find ways to increase participation as training is an important contributor to the continued success of ATIP management at SSC.
The ATIP Division also developed tasking request training, with the purpose of educating SSC employees on their roles and responsibilities as office of primary interest. One session was delivered in 2023-24.
The Division also delivered 2 privacy breach training sessions in 2023-24. This training serves to promote privacy best practices and advise employees of their privacy obligations to avoid the creation of privacy breaches.
To familiarize program areas with the PIA process, the ATIP Division has developed specialized training. In 2023-24, 1 session was delivered. The Division has now incorporated this training into the initial stage of the PIA process to provide support and guidance. As a result of this integration, the number of sessions delivered next year is expected to increase.
Mentoring
The ATIP Division takes innovation very seriously and focuses on the personal development of its employees. Experienced employees in the ATIP Division provide guidance and support to new employees by helping them navigate the culture, answering any questions and helping them learn the necessary skills to succeed. By investing in mentoring and coaching, SSC can improve employee retention and foster a culture of continuous learning and development.
Right to Know Week
Right to Know Week took place from September 26, 2023, to October 1, 2023, and has been celebrated for the past 19 years around the world. It is intended to raise awareness of an individual’s right to access government information, to promote freedom of information as an essential feature of democracy and good governance. The ATIP Division has engaged internal and external stakeholders by developing communiqués, publishing articles in SSC's internal newsletter, promoting ATIP training through internal communication channels, and sharing corporate messages on SSC's official social media accounts.
Data Privacy Day
On January 28, 2023, SSC celebrated Data Privacy Day to raise awareness and demonstrate the importance of privacy and the protection of personal information in day-to-day activities. The ATIP Division developed communiqués, published content on SSC social media accounts and promoted privacy training through SSC’s internal communication network.
Policies, guidelines and procedures
To enhance policy alignment with TBS and eliminate duplication of information and ensure accuracy, ATIP implemented several measures to update its policy suite. This included rescinding, amending and consolidating the information. The updated policy suite is now in the approval stages of the process and will be made available to SSC employees through MySSC+ the departmental intranet site.
Initiatives and projects to improve privacy
To help program areas acquire a better understanding of privacy requirements and risks, the Division is working on a standardized form that will facilitate our assessments of frequently used software and platforms when collecting or compiling personal information.
Summary of key issues and actions taken on complaints
The ATIP Division continues to work diligently to resolve complaints. As soon as a request is received, the Division works with requesters to fully understand the text to reduce the processing time and ensure the relevancy of the records provided. In addition, the Department has taken diverse actions to limit the number of complaints. For example, the Division regularly reviews its procedures to improve performance and reduce the response time to improve services to Canadians.
ATIP analysts receive ongoing training on the complaints process, and the handling of complaints received from the OPC. The Division has established a streamlined process for handling complaints where the Deputy Directors, of both the Operations and Policy Governance Units, are responsible for providing representations to the OPC. The Director and Deputy Directors continue to work closely with the OPC in resolving complaints.
Material privacy breaches
A privacy breach refers to the improper or unauthorized access, collection, use, disclosure, retention or disposal of personal information. A material breach involves sensitive personal information that could reasonably be expected to cause serious injury or harm to the individual. In 2023-24, 3 material breaches were reported to the OPC and TBS.
The ATIP Division monitors and documents all privacy breaches reported by promptly intervening to mitigate their effects and ensure adequate containment. The early intervention helps to minimize the impact of the privacy breaches. The Division also reviews how and where in the Department they occurred to provide tailored privacy breach training to specific groups to promote awareness and increase prevention.
Privacy impact assessments
One PIA was completed for the Next Generation HR and Pay pilot. The initiative tested a solution’s ability to meet objectives using HR and pay data from four departments. The pilot focused on three areas: personal information collected, migration to the new environment, and use of personal information. Real-life scenarios enabled the assessment of the solution’s handling of complex HR and pay situations. In November 2023, the NextGen HR and Pay organization was formally transferred from SSC to Public Services and Procurement Canada.
Additionally, several PIAs are in different phases of development or approval and will be accounted for in subsequent annual reports.
SSC continued its collaboration with other departments by sharing the Digital Communications and Collaboration Solution (DCC) PIA. The Division also completes PRCs to determine if a PIA is required. PRCs are internal preliminary processes used to identify and evaluate privacy risks of new programs and activities that affect the collection, use, disclosure, storage and retention of personal information. In 2023-24, 23 PRCs were completed and 4 were carried over to the next fiscal year.
There was a 41 percent reduction in PRC compared to the previous year. The decline is attributed to a shortage of specialized skills within the ATIP Division while there was an increase of work. The ATIP Division has hired additional resources with the necessary specialized knowledge to address this shortfall.
Annex A – Delegation Order
Shared Services Canada
Access to Information Act and Privacy Act Delegation Order
The Minister Public Services and Procurement, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of Shared Services Canada, under the provisions of the acts and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders.
Schedule
| Position | Access to Information Act and Regulations | Privacy Act and Regulations |
|---|---|---|
| President | Full authority | Full authority |
| Executive Vice President | Full authority | Full authority |
| Assistant Deputy Minister, Strategy and Engagement Branch | Full authority | Full authority |
| Corporate Secretary and Chief Privacy Officer | Full authority | Full authority |
| Director, Access to Information and Privacy Protection Division | Full authority | Full authority |
| Deputy Directors, Operations and Policy and Governance, Access to Information and Privacy Protection Division | Full authority | Full authority |
Dated, at Ottawa,
this day of , 2023
The Honourable Jean-Yves Duclos
Minister of Public Services and Procurement and Head of Shared Services Canada
Annex B — Statistical Report
Statistical Report on the Privacy Act
Name of institution: Shared Services Canada
Reporting period: 2023-04-01 to 2024-03-31
Section 1: Requests under the Privacy Act
| Number of requests | ||
|---|---|---|
| Received during the reporting period | 101 | |
| Outstanding from the previous reporting period | 4 | |
|
3 | |
|
1 | |
| Total | 105 | |
| Closed during the reporting period | 103 | |
| Carried over to the next reporting period | 2 | |
|
1 | |
|
1 | |
| Source | Number of requests |
|---|---|
| Online | 84 |
| 5 | |
| 12 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 101 |
Section 2: Informal Requests
| Number of requests | ||
|---|---|---|
| Received during the reporting period | 0 | |
| Outstanding from the previous reporting period | 0 | |
|
0 | |
|
0 | |
| Total | 0 | |
| Closed during the reporting period | 0 | |
| Carried over to the next reporting period | 0 | |
| Source | Number of requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
| Completion Time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Fewer than 100 pages released | 100-500 pages released | 501-1000 pages released | 1001-5000 pages released | More than 5000 pages released | |||||
|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 Days | Total | |
| All disclosed | 2 | 1 | 1 | 0 | 0 | 0 | 0 | 4 |
| Disclosed in part | 2 | 11 | 10 | 1 | 0 | 0 | 0 | 24 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 66 | 2 | 0 | 0 | 0 | 0 | 0 | 68 |
| Request abandoned | 5 | 0 | 2 | 0 | 0 | 0 | 0 | 7 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 75 | 14 | 13 | 1 | 0 | 0 | 0 | 103 |
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 18(2) | 0 | 22(1)(a)(i) | 0 | 23(a) | 0 |
| 19(1)(a) | 0 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
| 19(1)(b) | 0 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
| 19(1)(c) | 0 | 22(1)(b) | 2 | 24(b) | 0 |
| 19(1)(d) | 0 | 22(1)(c) | 0 | 25 | 0 |
| 19(1)(e) | 0 | 22(2) | 0 | 26 | 24 |
| 19(1)(f) | 0 | 22.1 | 0 | 27 |
2
|
| 20 | 0 | 22.2 | 0 | 27.1 | 0 |
| 21 | 0 | 22.3 | 0 | 28 | 0 |
| 22.4 | 0 |
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
| 69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
| 69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
| 70(1)(c) | 0 | 70.1 | 0 |
| Paper | Electronic | Other | |||
|---|---|---|---|---|---|
| E-record | Data set | Video | Audio | ||
| 0 | 27 | 0 | 0 | 1 | 0 |
3.5 Complexity
| Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|
| 35,509 | 6,662 | 35 |
| Disposition | Fewer than 100 pages released | 100-500 pages processed | 501-1000 pages processed | 1,001-5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | |
| All disclosed | 4 | 182 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 4 | 251 | 7 | 1,746 | 3 | 2,392 | 9 | 18,358 | 1 | 6,834 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 5 | 3 | 0 | 0 | 0 | 0 | 2 | 5,743 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 13 | 436 | 7 | 1,746 | 3 | 2,392 | 11 | 24,101 | 1 | 6,834 |
| Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|
| 1 | 1 | 1 |
| Disposition | Fewer than 60 minutes processed | 60 – 120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 1 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 1 | 0 | 0 | 0 | 0 |
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 0 | 0 | 0 |
| Disposition | Fewer than 60 minutes processed | 60 – 120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 |
| Disposition | Consultation required | Legal advice sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 |
3.6 Closed Requests
| Number of requests closed within legislated timeline | 103 |
| Percentage of requests closed within legislated timelines (%) | 100 |
3.7 Deemed Refusals
| Number of requests closed past the legislated timelines | Principal reason | |||
|---|---|---|---|---|
| Interference with operations/ Workload | External consultation | Internal consultation | Other | |
| 0 | 0 | 0 | 0 | 0 |
| Number of days past legislated timelines | Number of requests past legislated timeline where no extension was taken | Number of requests past legislated timeline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 1 | 0 | 0 | 1 |
Section 5: Requests for Correction of Personal Information and Notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 6: Extensions
| Number of extensions taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 17 | 2 | 15 | 0 | 0 | 0 | 0 | 0 | 0 |
| Length of Extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b)Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 2 | 14 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | ||||||||
| Total | 2 | 15 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Consultations received from other institutions and organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 0 | 0 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclosed entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclosed entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempted entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Excluded entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion time for consultations on Cabinet Confidences
| Number of days | Fewer than 100 pages processed | 100-500 pages processed | 501-1000 pages processed | 1,001-5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of days | Fewer than 100 pages processed | 100-500 pages processed | 501-1000 pages processed | 1,001-5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 |
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)
| Number of PIAs completed | 1 |
|---|---|
| Number of PIAs modified | 0 |
| Personal information banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution Specific | 0 | 0 | 0 | 0 |
| Central | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
Section 11: Privacy Breaches
| Number of material privacy breaches reported to TBS | 3 |
|---|---|
| Number of material privacy breaches reported to OPC | 3 |
| Number of non-material privacy breaches | 26 |
|---|
Section 12: Resources related to the Privacy Act
| Expenditure | Amount | |
|---|---|---|
| Salaries | $564,232 | |
| Overtime | $0 | |
| Goods and services | $19,000 | |
|
$0 | - |
|
$19,000 | |
| Total | $583,232 | |
| Resources | Person-years dedicated to Access to Privacy activities |
|---|---|
| Full-time employees | 3.870 |
| Part-time and casual employees | 0.080 |
| Regional staff | 1.770 |
| Consultants and agency personnel | 0.000 |
| Students | 0.000 |
| Total | 5.720 |
Note: Enter values to three decimal places.
Page details
- Date modified: