ARCHIVE - Privacy Act Annual Report 2009-2010
Archived Content
Information identified as archived is provided for reference, research or record-keeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Table of contents
- Chapter I - Report on the Privacy Act
- Chapter II - Privacy Act Statistical Report
- Figures and Analysis
- Requests Received Under the Privacy Act
- Extensions
- Performance in Meeting Statutory Response Deadlines
- Disposition of Requests for 2009-2010
- Consultations from Other Institutions
- Investigations
- Appeals to the Court
- Training
- Privacy Impact Assessments
- Data Matching and Data Sharing
- Disclosures Pursuant to Paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act
- Annex A: Delegation Orders - Privacy Act
- Annex B: Statistical Report - Privacy Act
Chapter I - Report on the Privacy Act
About Public Safety Canada
Public Safety Canada plays a key role in developing policies, delivering programs and ensuring cohesion and integration on policy and program issues within the Portfolio. The Department works with other federal departments, other levels of government, first responders, community groups, the private sector and other countries to achieve its objectives. Through the development and implementation of clearly articulated policies and programs, the Department works towards the achievement of its strategic outcome: A safe and resilient Canada.
The Department provides strategic policy advice and support to the Minister of Public Safety on a range of issues, including: national security; emergency management; law enforcement; border management; corrections; and crime prevention.
Approximately 65 percent of the Department's budget is devoted to delivering grant and contribution programs related to emergency preparedness and response, and community safety.About the Public Safety Portfolio
The Public Safety Portfolio is large and complex. It encompasses nine distinct organizations all of which directly contribute to the safety and security of Canadians. In addition to Public Safety Canada, the Portfolio includes the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), the Correctional Service of Canada (CSC), the National Parole Board (NPB), and the Royal Canadian Mounted Police (RCMP). It also includes three arms-length review bodies: the RCMP External Review Committee, the Commission for Public Complaints Against the RCMP, and the Office of the Correctional Investigator.
About the Privacy Act
The Privacy Act protects the privacy of all Canadian citizens and permanent residents of Canada regarding personal information held by a government institution against unauthorized use and disclosure. The Privacy Act also gives Canadians, including those in Canada who are not permanent residents or citizens, the right to access personal information held by the government.
Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament on the administration of the Act during the financial year. This report describes how Public Safety Canada administered the Privacy Act throughout fiscal year 2009-2010.The Access to Information and Privacy (ATIP) Unit
The Access to Information and Privacy (ATIP) Unit is part of Public Safety Canada’s Executive Services Division within the Department’s Strategic Policy Branch. It is comprised of one Manager, two senior advisors, four analysts and one junior analyst and one administrative officer. The ATIP Manager served as the Department’s ATIP Coordinator throughout the reporting year.
The ATIP Unit is responsible for the coordination and implementation of policies, guidelines and procedures to ensure departmental compliance with the Access to Information Act and the Privacy Act. The Unit also currently provides the following services to the Department:
- Processes consultations received from other institutions;
- Provides advice and guidance to employees and senior officials on ATIP related matters;
- Produces the Annual Reports to Parliament;
- Delivers ATIP awareness sessions to departmental employees;
- Coordinates regular updates to Info Source manuals;
- Reviews departmental documents, such as audits and evaluations, prior to proactively
- disclosing these on the departmental website;
- Develops departmental procedures for processing ATIP requests;
- Maintains the Department’s ATIP reading room; and
- Participates in forums for the ATIP community, such as the Treasury Board Secretariat’s ATIP Community meetings and working groups.
Delegation of Authority
The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to employees of the ATIP Unit through a delegation instrument signed by the Minister of Public Safety. The ATIP delegation instruments were revised in 2009. The approval of all exemptions remains equally shared by the department’s Deputy Minister, Associate Deputy Minister, five Assistant Deputy Ministers (ADMs), one Associate ADM, the Director General of Communications, and the Chief Audit Executive.
The current delegation instrument is reproduced at Annex A.Highlights and Accomplishments for 2008-2009
Public Safety Canada has continued to improve the way in which the Department responds to Privacy Act requests, by focusing on improving timeliness, efficiency and accuracy. Some of the highlights are as follows:
- The Department’s delegation orders were updated twice during the year to reflect how each Minister decided to delegate his responsibilities. The Deputy Minister issued a memorandum to all departmental officials having delegated authorities to inform them of their responsibilities;
- The ATIP Unit developed training materials to help departmental employees understand the Privacy Act and their role in protecting personal information. A total of five two-hour training sessions were held, and 42 departmental employees received training. The training material used for these sessions was also made available to all employees on the department’s intranet site; and
- The ATIP Unit ensured that the Department’s personal information holdings reflected in the standard Personal Information Banks developed by Treasury Board Secretariat were properly registered and included in the last Info Source update. One new institution-specific PIB was also created and registered.
Challenges
Staffing
As with most federal institutions, recruitment and retention of qualified ATIP professionals continues to be a significant challenge. The challenge at Public Safety Canada is further complicated by the requirement that many ATIP staff require security clearances at the very highest level given the nature of the Department’s business. Public Safety Canada continues to examine resources in the ATIP Unit.
Turnover of departmental staff poses challenges for recordkeeping and maintaining awareness of ATIP procedures.Chapter II - Privacy Act Statistical Report
Figures and Analysis
Annex Bprovides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2009 and March 31, 2010. The following section provides an overview and interpretation of this information.
The overall workload for the ATIP Unit has been relatively stable over the past five years. The figures below include formal Access and Privacy requests, and consultations received from other institutions. They do not reflect requests processed informally or other services that the ATIP Unit provides to the Department.
2005-2006 | 2006-2007 | 2007-2008 | 2008-2009 | 2009-2010 | |
---|---|---|---|---|---|
ATI requests received by Public Safety Canada |
172 | 229 | 296 | 235 | 208 |
Privacy requests received by Public Safety Canada |
11 | 11 | 17 | 12 | 37 |
ATI consultations received from other institutions | 159 | 177 | 175 | 198 | 136 |
Privacy consultations received from other institutions | 7 | 5 | 7 | 10 | 18 |
Total Workload | 349 | 422 | 495 | 455 | 399 |
Requests Received Under the Privacy Act
The number of privacy requests remains small compared to the volume of access to information requests. Public Safety Canada collects little information directly from Canadians and therefore receives very few privacy requests. In comparison, portfolio agencies whose mandates are more operational in nature, such as the Royal Canadian Mounted Police (RCMP) and Correctional Service of Canada (CSC), receive thousands of privacy requests annually.
Throughout the year, the Department received 37 new requests under the Privacy Act. Two were carried forward from the previous year, resulting in a total of 39 requests for the 2009-2010 fiscal year. Of these requests, 34 were completed during the reporting period. Five requests have been carried forward to the next reporting year.Extensions
Section 15 of the Privacy Act allows institutions to extend the legal deadline for processing a request if a search for responsive records cannot be completed within 30 days of receipt of the request or if the institution must consult with other institutions. During the 2009-2010 fiscal year, the Department invoked three extensions of 30 days or less. Two extensions were invoked due to a high volume of records and interference with operations, and one extension was required in order to undertake consultations with other federal institutions.
Performance in Meeting Statutory Response Deadlines
Of the 34 completed requests, 29 were completed within 30 days. Two requests were completed between 31-60 days, one between 61 and 120 days, and two were completed in 121 days or over.
Disposition of Requests for 2009-2010
Most of the privacy requests received in Public Safety Canada’s ATIP Unit are intended for one of the institutions within the Public Safety portfolio, such as the RCMP, CSC, CBSA or CSIS. Therefore, the Department is unable to process a significant number of the requests we receive, as the requested information is often not under the institution’s control. Of the 34 completed requests, the Department was unable to process 12.
Records were all disclosed in response to 6 requests, and 8 were disclosed in part. Three requests were abandoned and 5 were transferred to other institutions with the consent of the requester.Consultations from Other Institutions
The Department’s role in coordinating with other federal institutions as well as those within the Public Safety portfolio has resulted in the Department having a greater interest
in the records processed by other institutions.
Investigations
The investigation of two complaints carried forward from the previous reporting year, concerning the denial of access to personal information, was completed during the reporting year. The Privacy Commissioner considered both complaints to be not well founded, and one of these was reported as resolved.
Three new complaints were filed with the Privacy Commissioner this year, all alleging that the Department denied requesters access to their personal information. Two of these complaint investigations were concluded during the reporting year. The Privacy Commissioner considered both complaints to be not well founded, and one of these was reported as resolved. The investigation into the third complaint is ongoing.
Appeals to the Court
No appeals to the Federal Court or the Federal Court of Appeal were submitted for the reporting year.
Training
The ATIP Unit developed training materials to help departmental employees understand the Privacy Act and their role in protecting personal information. A total of five two-hour training sessions were held throughout the reporting year. A total of 42 departmental employees received training.
The training material used for these sessions was also made available to all employees on the Department’s intranet site.
The ATIP Unit intends to continue delivering privacy awareness sessions, subject to resource availability and operational requirements.Privacy Impact Assessments Completed During the Year
Integrated Query Tool
On behalf of federal public safety community, Public Safety Canada conducted an overarching privacy impact assessment which examines the common privacy-related impact associated with the use of the Royal Canadian Mounted Police 's (RCMP) Integrated Query Tool (IQT) which is an index of RCMP occurrence data. This public safety community is composed of federal departments and agencies of which the Canada Border Services Agency, Passport Canada and the Financial Transactions Reports Analysis Centre of Canada requested access to IQT. Each of these organizations have the legislative mandate and legal authority to access this information, and they evaluated their own privacy-related impact associated with the use of IQT.
N-III Police Information Portal (PIP) Component
On behalf of the public safety community, Public Safety Canada developed an overarching cross-jurisdictional information sharing privacy impact assessment which examines the privacy-related impact associated with the sharing of Canadian law enforcement information contained in the Police Information Portal (PIP). This community is composed of federal departments and agencies of which the Canada Border Services Agency, Passport Canada and the Financial Transactions Reports Analysis Centre of Canada, National Parole Board and the Department of Fisheries Oceans Canada requested access to PIP. All these departments have a legislative mandate and legal authority to access this information and they evaluated their own privacy-related impact associated with the use of PIP.
Emergency Management College – Learning Management System
The Department completed a Privacy Impact Assessment (PIA) for the Canadian Emergency Management College’s (CEMC) Learning Management System (LMS). The PIA recommended a number of activities designed to protect the personal information holdings in the system, including creating requisite personal information banks, providing privacy training to employees responsible for the information contained in the system, as well as developing a Memorandum of Understanding with public sector partners to ensure that issues surrounding the custody and control of personal information are clear to all parties.
All three PIAs have been submitted to the Office of the Privacy Commissioner.
Data Matching and Data Sharing Activities Reported for the Period
There were no data matching or data sharing activities to report.
Disclosures Pursuant to Paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act
Subsection 8(2) of the Privacy Act provides limited and specific circumstances under which institutions may disclose personal information without an individual’s consent. Treasury Board Secretariat identified four categories of disclosures made by virtue of specific paragraphs of this subsection that institutions must include in this year’s annual report. These categories concern disclosures made for law enforcement purposes, to Members of Parliament and those made in the public interest.
During the reporting period, Public Safety Canada did not disclose personal information pursuant to paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act.Annex A: Delegation Orders - Privacy Act
Annex B: Statistical Report - Privacy Act
- Date modified: