ARCHIVE - Privacy Act Annual Report 2008-2009

Archived Content

Information identified as archived is provided for reference, research or record-keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

ARCHIVE - Privacy Act Annual Report 2008-2009 PDF Version (700 KB)

Table of contents

Chapter I - Report on the Privacy Act

About Public Safety Canada

Public Safety Canada (PS) was created in 2003 to provide leadership and coordination across all federal departments and agencies responsible for the safety of Canadians. The Department delivers a range of programs related to national emergency preparedness, critical infrastructure protection and community safety. Working towards a safe and resilient Canada, the Department provides leadership, coordinates and supports the efforts of federal organizations responsible for the national security and safety of Canadians. The Department also works with other levels of government, first responders, community groups, the private sector and other countries to achieve its objectives.

To keep Canadians safe from a range of threats, the Department provides strategic policy advice and support to the Minister of Public Safety on issues related to public safety, including: national security; emergency management; policing and law enforcement; interoperability and information-sharing; border management; corrections and conditional release; Aboriginal policing; and, crime prevention. Providing strategic public safety leadership, the Department works within a portfolio consisting of five agencies and three review bodies. These entities, including the Department, are united under the Public Safety Portfolio and report to the same minister, resulting in enhanced integration among federal organizations dealing with public safety issues. The Department supports the Minister in all aspects of his mandate and plays a national public safety leadership role while respecting the separate accountability of each Portfolio agency.

Also situated within the Department is the Office of the Inspector General of the Canadian Security Intelligence Service (CSIS), which carries out independent reviews of CSIS' compliance with the law, Ministerial direction and operational policy.

About the Public Safety Portfolio

The Public Safety Portfolio is responsible for public safety within the Government of Canada and consists of five agencies: the Canada Border Services Agency, the Canadian Security Intelligence Service, the Correctional Service of Canada, the National Parole Board, and the Royal Canadian Mounted Police (RCMP). It also includes three review bodies: the RCMP External Review Committee, the Commission for Public Complaints Against the RCMP, and the Office of the Correctional Investigator.

Each portfolio agency, review body, as well as IGCSIS, submit separate annual reports to Parliament on the administration of the Access to Information Act and the Privacy Act.

About the Privacy Act

The Privacy Act protects the privacy of all Canadian citizens and permanent residents of Canada regarding personal information held by a government institution against unauthorized use and disclosure. The Privacy Act also gives Canadians, including those in Canada who are not permanent residents or citizens, the right to access personal information held by the government.

Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament on the administration of the Act during the financial year. This report describes how Public Safety Canada administered the Privacy Act throughout fiscal year 2008-2009.

The Access to Information and Privacy (ATIP) Unit

The Access to Information and Privacy (ATIP) Unit is part of Public Safety Canada's Executive Services Division within the Department's Strategic Policy Branch. It is comprised of one Manager, two senior advisors, four analysts and one administrative officer. The ATIP Manager served as the Department's ATIP Coordinator throughout the reporting year.

The ATIP Unit is responsible for the coordination and implementation of policies, guidelines and procedures to ensure departmental compliance with the Access to Information Act and the Privacy Act.

The Unit also currently provides the following services to the Department:

Delegation of Authority

The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to the departmental ATIP Coordinator through a delegation instrument signed by the Minister of Public Safety. The approval of all exemptions remains with the Deputy Minister, the Associate Deputy Minister and all Assistant Deputy Ministers (ADMs).

A detailed delegation instrument is available at Annex A.

Highlights and Accomplishments for 2008-2009

Public Safety Canada has continued to improve the way in which the Department responds to ATIP requests, by focusing on improving timeliness, efficiency and accuracy. We implemented concrete measures in FY 2007-2008 that allowed us to achieve these goals, and we continued to build on these improvements over the year. Some of the highlights are as follows:

Challenges

Staffing

The ATIP Unit modified its organizational structure to allow greater flexibility in recruitment and is considering the creation of developmental positions in order to retain experienced employees while allowing for career progression. As with most federal institutions, recruitment and retention of qualified ATIP professionals continues to be a significant challenge. The challenge at Public Safety is further complicated by the requirement that many ATIP staff require security clearances at the very highest level given the nature of the Department's business.

Public Safety continues to examine resources in the ATIP Unit.

Chapter II - Privacy Act Statistical Report

Overall Workload Trends

Annex B provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2008 and March 31, 2009. The following section provides explanations and interpretations of this statistical information by analyzing the workload trends.

Figure 1 - Overall Workload Trend

Figure 1 - Overall Workload Trend

Over the past six years, the workload for the ATIP Unit has doubled. FY 2008-2009 saw a slight decrease in total volume from the previous year. Totals include formal Access and Privacy requests, and consultations from other institutions. The figures do not reflect requests processed informally or other services that the ATIP Unit provides to the Department.

Public Safety Canada plays a role in coordinating activities involving federal institutions within the Public Safety portfolio as well as with other organizations at all levels of government on matters relating to the safety of Canadians. Consequently, the Department processes nearly as many consultation requests from other institutions as formal ATIP requests. ATI-related work continues to dominate the ATIP unit's workload.

The following graph provides a categorical breakdown of workload trends over the past six years.

Figure 2 - Workload Trend by Category

Figure 2 - Workload Trend by Category

Requests Received Under the Privacy Act

Throughout the year, the Department received twelve (12) new requests under the Privacy Act. Five (5) were carried forward from the previous year, resulting in a total of seventeen (17) requests for the 2008-2009 fiscal year. Of these requests, fifteen (15) were completed during the reporting period. Two (2) requests have been carried forward to the following reporting year.

The number of privacy requests has remained fairly constant over the years, and this number is not expected to increase significantly. Public Safety Canada collects little information directly from Canadians and therefore receives very few privacy requests. In comparison, portfolio agencies whose mandates are more operational in nature, such as the Royal Canadian Mounted Police (RCMP) and Correctional Service of Canada (CSC), receive thousands of privacy requests annually.

The following graph illustrates the number of formal Privacy Act requests received by the Department.

Figure 3 - Formal Privacy Requests Received by Public Safety Canada

Figure 3 - Formal Privacy Requests Received by Public Safety Canada

Extensions

Section 15 of the Privacy Act allows institutions to extend the legal deadline for processing a request if a search for responsive records cannot be completed within 30 days of receipt of the request or if the institution must consult with other institutions. During the 2008-2009 fiscal year, the Department invoked one (1) extension of 30 days or under due to interference with operations.

Performance in Meeting Statutory Response Deadlines

Of the fifteen (15) completed requests, thirteen (13) were completed within 30 days. Two (2) requests were completed between 31-60 days.

Disposition of Requests for 2008-2009

Most of the privacy requests received in Public Safety Canada's ATIP Unit are intended for one of the institutions within the Public Safety portfolio, such as the RCMP, CSC, CBSA or CSIS. Therefore, the Department is unable to process most of the requests we receive, as the requested information is often not under the institution's control.

The following graph identifies the decisions taken for requests completed during the year.

Figure 4 - Disposition of Requests

Figure 4 - Disposition of Requests

Consultations from Other Institutions

The Department's role in coordinating with other federal institutions as well as those within the Public Safety portfolio has resulted in the Department having a greater interest in the records processed by other institutions. A significant amount of the ATIP Unit's workload involves responding to consultations in response to formal requests received by other institutions. These responsibilities are not reflected in the ATIP Unit's current resource levels.

The Department received a total of ten (10) consultations from other institutions processing requests under the Privacy Act in 2008-2009. The graph below summarizes the number of consultations received from other institutions over the past six years.

Figure 5 - Number of Privacy Consultations from Other Institutions

Figure 5 - Number of Privacy Consultations from Other Institutions

Investigations

Two (2) complaints were filed with the Privacy Commissioner this year. The investigation of these complaints is ongoing.

Appeals to the Court

No appeals to the Federal Court or the Federal Court of Appeal were submitted for the reporting year.

Training

The Department did not deliver any training to departmental employees with regard to their responsibilities respecting the Privacy Act throughout the reporting year.

Privacy Impact Assessments Completed During the Year

No Privacy Impact Assessments were completed during the reporting period.

Data Matching and Data Sharing Activities Reported for the Period

There were no data matching or data sharing activities to report.

Disclosures Pursuant to Paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act

Subsection 8(2) of the Privacy Act provides limited and specific circumstances under which institutions may disclose personal information without an individual's consent. Treasury Board Secretariat identified four categories of disclosures made by virtue of specific paragraphs of this subsection that institutions must include in this year's annual report. These categories concern disclosures made for law enforcement purposes, to Members of Parliament and those made in the public interest. During the reporting period, Public Safety Canada did not disclose personal information pursuant to paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act.

Annex A: Delegation Orders - Privacy Act

Annex A: Delegation Orders - Privacy Act

Annex B: Statistical Report - Privacy Act

Annex B: Statistical Report - Privacy Act

Supplemental Reporting Requirements for 2008-2009

Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA) Policy (which came into effect on May 2, 2002) through a variety of means. Institutions are therefore required to report the following information for this reporting period.

Indicate the number of:

Date modified: