Privacy Act Annual Report 2010-2011
Table of contents
- Chapter I - Report on the Privacy Act
- Chapter II - Privacy Act Statistical Report
- Figures and Analysis
- Requests Received Under the Privacy Act
- Extensions
- Performance in Meeting Statutory Response Deadlines
- Disposition of Requests for 2010-2011
- Consultations from Other Institutions
- Investigations
- Appeals to the Court
- Training
- Privacy Impact Assessments Completed During the Year
- Disclosures Pursuant to Paragraphs 8(2) (m) of the Privacy Act
- Annex A: Delegation Order - Privacy Act
- Annex B: Statistical Report - Privacy Act
Chapter I - Report on the Privacy Act
About Public Safety Canada
Public Safety Canada Public Safety Canada exercises a broad leadership role that brings coherence to the activities of the departments and agencies responsible for public safety and security. The Department of Public Safety and Emergency Preparedness Act, 2005, and the Emergency Management Act, 2007, set out two fundamental roles for the Department: support to the Minister's responsibility for all matters except those assigned to another federal minister related to public safety and emergency management, including national leadership; and to coordinate the efforts of Portfolio agencies, as well as provide guidance on their strategic priorities. The Department's leadership role is reflected in its strategic outcome, a safe and resilient Canada, and through the pursuit of the following program activities: National Security, Border Strategies, Countering Crime, Emergency Management and Internal Services. The Department, in its portfolio coordination role, brings strategic focus to the overall safety and security agenda. In fulfilling its mandate, the Department works in consultation with other organizations and partners - federal departments and agencies, provinces and territories, non-government organizations, the private sector, foreign states, academia and communities.
About the Public Safety Portfolio
The Public Safety Portfolio encompasses nine organizations for which the Minister of Public Safety is responsible. In addition to Public Safety Canada, the Portfolio includes the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), the Correctional Service of Canada (CSC), the Parole Board of Canada (PBC),and the Royal Canadian Mounted Police (RCMP). It also includes three arm's-length review bodies: the RCMP External Review Committee, the Commission for Public Complaints Against the RCMP, and the Office of the Correctional Investigator. Each organization in the portfolio administers its own access to information and privacy programs, under authorities delegated to them by the Minister.
About the Privacy Act
The Privacy Act protects the privacy of all Canadian citizens and permanent residents of Canada regarding personal information held by a government institution against unauthorized use and disclosure. The Privacy Act also gives Canadians, including those in Canada who are not permanent residents or citizens, the right to access personal information held by the government.
Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament on the administration of the Act during the financial year. This report describes how Public Safety Canada administered the Privacy Act throughout fiscal year 2010-2011.
The Access to Information and Privacy (ATIP) Unit
The Access to Information and Privacy (ATIP) Unit is part of Public Safety Canada's Executive Services Division within the Department's Strategic Policy Branch. It consists of one Manager, two senior advisors, four analysts, one junior analyst and one administrative officer. The ATIP Manager served as the Department's ATIP Coordinator throughout the reporting year.
The ATIP Unit is responsible for the coordination and implementation of policies, guidelines and procedures to ensure departmental compliance with the Access to Information Act and the Privacy Act. The Unit is responsible for responding to requests made under the Acts, as well as providing the following services to the Department:
- processing consultations received from other institutions;
- providing advice and guidance to employees and senior officials on ATIP related matters;
- producing the Annual Reports to Parliament;
- delivering ATIP awareness sessions to departmental employees;
- coordinating regular updates to Info Source manuals;
- reviewing departmental documents, such as audits and evaluations, prior to proactively disclosing these on the departmental website;
- developing departmental procedures for processing ATIP requests;
- maintaining the Department's ATIP reading room; and
- participating in forums for the ATIP community, such as the Treasury Board Secretariat's ATIP Community meetings and working groups.
Delegation of Authority
The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to employees of the ATIP Unit through a delegation instrument signed by the Minister of Public Safety. The approval of all exemptions is delegated to the Department's Deputy Minister, Associate Deputy Minister, five Assistant Deputy Ministers (ADMs), one Associate ADM, the Director General of Communications, and the Chief Audit Executive.
The current delegation instrument is reproduced at Annex A.Highlights and Accomplishments for 2010-2011
Public Safety Canada has continued to improve the way in which the Department responds to Privacy Act requests, by focusing on improving timeliness, efficiency and accuracy. Some of the highlights are as follows:
- The ATIP Unit developed training materials to help departmental employees understand the Privacy Act and their role in protecting personal information.
Five two-hour training sessions were held, and 35 departmental employees received training. The training material used for these sessions was also made available to all employees on the department's intranet site; and, - The ATIP Unit ensured that the Department's personal information holdings reflected in the standard Personal Information Banks developed by Treasury Board Secretariat were properly registered and included in the last Info Source update. One new institution-specific Personal Information Bank was also created and registered.
New/Revised Policies/Guidelines or Procedures
Privacy Impact Assessment Framework
The ATIP Unit created, with the assistance of a number of other government departments, a Privacy Impact Assessment Framework in order to provide Public Safety employees with the information and resources required to conduct a Privacy Impact Assessment in an effective and efficient manner. This Framework was approved by the Deputy Minister and is being made available to all departmental employees on the departmental Intranet site.
Challenges
Staffing
As with most federal institutions, recruitment and retention of qualified ATIP professionals continues to be a challenge. The challenge at Public Safety Canada is further complicated by the requirement that many ATIP staff require security clearances at the very highest level given the nature of the Department's business. Public Safety Canada continues to examine resource levels in the ATIP Unit.
Turnover of departmental staff generally poses challenges for recordkeeping and maintaining awareness of ATIP procedures.
Chapter II - Privacy Act Statistical Report
Figures and Analysis
Annex B provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2010 and March 31, 2011. The following section provides an overview and interpretation of this information.
provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2010 and March 31, 2011. The following section provides an overview and interpretation of this information.
The following table provides an overall breakdown of workload by category for the past five years.
2006-2007 | 2007-2008 | 2008-2009 | 2009-2010 | 2010-2011 | |
---|---|---|---|---|---|
ATI requests received by Public Safety Canada |
229 | 296 | 235 | 208 | 298 |
Privacy requests received by Public Safety Canada |
11 | 17 | 12 | 37 | 32 |
ATI consultations received from other institutions | 177 | 175 | 198 | 136 | 223 |
Privacy consultations received from other institutions | 5 | 7 | 10 | 18 | 9 |
Total Workload | 422 | 495 | 455 | 399 | 562 |
Requests Received Under the Privacy Act
The number of privacy requests remains small compared to the volume of access to information requests. Public Safety Canada collects little information directly from Canadians and therefore receives very few privacy requests. In comparison, portfolio agencies whose mandates are more operational in nature, such as the Royal Canadian Mounted Police (RCMP) and Correctional Service of Canada (CSC), receive thousands of privacy requests annually.
Throughout the year, the Department received 32 new requests under the Privacy Act. Five were carried forward from the previous year, resulting in a total of 37 requests for the 2009-2010 fiscal year. Of these requests, 33 were completed during the reporting period. Four requests have been carried forward to the next reporting year.
Extensions
Section 15 of the Privacy Act allows institutions to extend the legal deadline for processing a request if a search for responsive records cannot be completed within 30 days of receipt of the request or if the institution must consult with other institutions. During the 2010-2011 fiscal year, the Department invoked ten extensions of 30 days or less. Five extensions were invoked due to a high volume of records and interference with operations, and five extensions was required in order to undertake consultations with other federal institutions.
Performance in Meeting Statutory Response Deadlines
Of the 33 completed requests, 20 were completed within 30 days. Three requests were completed between 31-60 days, seven between 61 and 120 days, and three were completed in 121 days or over.
Disposition of Requests for 2010-2011
Some privacy requests received in Public Safety Canada's ATIP Unit were intended for one of the institutions within the Public Safety portfolio, such as the RCMP, CSC, CBSA or CSIS. The Department was unable to process these requests as the requested information was not under the institution's control. Of the 33 completed requests, the Department was unable to process eight.
Records were all disclosed in response to seven requests, and 12 were disclosed in part. Two requests were abandoned and four were transferred to other institutions with the consent of the requester.
Consultations from Other Institutions
The Department's role in coordinating with other federal institutions as well as those within the Public Safety portfolio has resulted in the Department having an interest in the records processed by other institutions.
The Department received a total of nine consultations from other institutions processing requests under the Privacy Act in 2010-2011.
Investigations
Two complaints were filed with the Privacy Commissioner this year, both alleging that the Department denied the requesters access to their personal information. One of these complaint investigations was concluded this year, resulting in a finding of resolved. The investigation into the other complaint is ongoing.
Appeals to the Court
No appeals to the Federal Court or the Federal Court of Appeal were submitted for the reporting year.
Training
The ATIP Unit developed training materials to help departmental employees understand the Privacy Act and their role in protecting personal information. Five two-hour training sessions were held throughout the reporting year, and a total of 35 departmental employees received training.
The training material used for these sessions was also made available to all employees on the Department's intranet site.
The ATIP Unit intends to continue delivering privacy awareness sessions, subject to resource availability and operational requirements.
Privacy Impact Assessments Completed During the Year
Direct Deposit for Non-salary Payments
The Department completed a Privacy Impact Assessment (PIA) for the Direct Deposit of Non-salary Payments into Public Safety Canada employee's bank accounts. The deposits are for the reimbursement of non-salary payments such as expense claims and travel advances processed through the financial system (SAP).
This PIA was submitted to the Office of the Privacy Commissioner. PS has not yet begun posting PIA summaries on its website, but is examining the possibility of doing so in 2011-2012.
Disclosures Pursuant to Paragraph 8(2)(m) of the Privacy Act
Subsection 8(2)(m) of the Privacy Act provides the head of the institution with the authority to disclose personal information where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where the disclosure would clearly benefit the individual to whom the information relates.
During the reporting period, Public Safety Canada did not disclose personal information pursuant to paragraph 8(2)(m) of the Privacy Act.
Disclosures Pursuant to Paragraphs 8(2) (m) of the Privacy Act
Subsection 8(2) of the Privacy Act provides limited and specific circumstances under which institutions may disclose personal information without an individual’s consent. Treasury Board Secretariat identified four categories of disclosures made by virtue of specific paragraphs of this subsection that institutions must include in this year’s annual report. These categories concern disclosures made for law enforcement purposes, to Members of Parliament and those made in the public interest.
During the reporting period, Public Safety Canada did not disclose personal information pursuant to paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act.Annex A: Delegation Orders - Privacy Act
The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Privacy Act*, hereby designates the persons holding the positions set out below, to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Department of Public Safety and Emergency Preparedness, under the section of the Act set out opposite each position.
|
|
Deputy Minister & Associate Deputy Ministerh | Assistant Deputy Ministers, Associate Assistant Deputy Ministers, Director General Communications, Chief Audit Executive | ATIP Manager | Senior ATIP Advisors & ATIP Analysts |
---|---|---|---|---|---|
Section | Article | ||||
8(2)(j) |
Disclose for research purposes |
● |
|
|
|
8(2)(m) |
Disclose in the public interest or in the interest of the individual |
● |
|
|
|
8(4) |
Copies of requests under 8(2)(e) to be retained |
● |
● |
● |
|
8(5) |
Notice of disclosure under 8(2)(m) |
● |
|
|
|
9(1) |
Record of disclosures to be retained |
● |
● |
|
|
9(4) |
Consistent uses |
● |
● |
|
|
10 |
Personal information to be included in personal information banks |
● |
● |
|
|
14 |
Notice where access requested |
● |
|
● |
|
15 |
Extension of time limits |
● |
|
● |
● |
17(2)(b) |
Language of access |
● |
|
● |
|
17(3)(b) |
Access to personal information in alternative format |
● |
|
● |
|
18(2) |
Exemption (exempt bank) - Disclosure may be refused |
● |
● |
|
|
19(1) |
Exemption - Personal information obtained in confidence |
● |
● |
|
|
19(2) |
Exemption - Where authorized to disclose |
● |
● |
|
|
20 |
Exemption - Federal-provincial affairs |
● |
● |
|
|
21 |
Exemption - International affairs and defence |
● |
● |
|
|
22 |
Exemption - Law enforcement and investigation |
● |
● |
|
|
22.3 |
Exemption - Public Servants Disclosure Protection Act |
● |
● |
|
|
23 |
Exemption - Security clearances |
● |
● |
|
|
24 |
Exemption - Individuals sentenced for an offence |
● |
● |
|
|
25 |
Exemption - Safety of individuals |
● |
● |
|
|
26 |
Exemption - Information about another individual |
● |
● |
|
|
27 |
Exemption - Solicitor-client privilege |
● |
● |
|
|
28 |
Exemption - Medical record |
● |
● |
|
|
31 |
Notice of intention to investigate |
● |
|
● |
|
33(2) |
Right to make representation |
● |
● |
● |
● |
35(1) |
Findings and recommendations of Privacy Commissioner (complaints) |
● |
● |
● |
|
35(4) |
Access to be given |
● |
|
● |
|
36(3) |
Report of findings and recommendations (exempt banks) |
● |
● |
● |
|
37(3) |
Report of findings and recommendations (compliance review) |
● |
● |
● |
|
51(2)(b) |
Special rules for hearings |
● |
|
|
|
51(3) |
Ex parte representations |
● |
● |
|
|
72(1) |
Annual Report to Parliament |
● |
|
|
|
Privacy Regulations | |||||
9 |
Reasonable facilities and time provided to examine personal information |
● |
● |
● |
|
11(2) |
Notification that correction to personal information has been made |
● |
● |
● |
|
11(4) |
Notification that correction to personal information has been refused |
● |
● |
● |
|
13(1) |
Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requestor. |
● |
● |
● |
|
14 |
Disclosure of personal information relating to physical or mental health may be made to a requestor in the presence of a qualified medical practitioner or psychologist |
● |
● |
● |
|
Dated, at the City of Ottawa, this ____th day of ___________, 2010
Vic Toews, P.C., Q.C., M.P.
*R.S.C. 1985, c. P-21
Annex B: Statistical Report - Privacy Act
Received during reporting period | 32 |
Outstanding from previous period | 5 |
TOTAL | 37 |
Completed during reporting period | 33 |
Carried Forward | 4 |
All Disclosed | 7 |
Disclosed in part | 12 |
Nothing disclosed (excluded) | 0 |
Nothing disclosed (exempt) | 0 |
Unable to process | 8 |
Abandoned by applicant | 2 |
Transferred | 4 |
TOTAL | 33 |
Exemptions invoked
S. Art. 18(2) |
0 |
S. Art. 19(1)(a) |
0 |
(b) | 1 |
(c) | 0 |
(d) | 0 |
S. Art. 20 |
0 |
S. Art. 21 |
3 |
S. Art. 22(1)(a) |
1 |
(b) | 1 |
(c) | 1 |
S. Art. 22(2) |
0 |
S. Art. 23(a) |
0 |
(b) | 0 |
S. Art. 24 |
0 |
S. Art. 25 |
0 |
S. Art. 26 |
12 |
S. Art. 27 |
4 |
S. Art. 28 |
0 |
S. Art. 69(1)(a) |
0 |
(b) | 0 |
S. Art. 70(1)(a) |
0 |
(b) | 0 |
(c) | 1 |
(d) | 0 |
(e) | 0 |
(f) | 0 |
30 days or under | 20 |
31 to 60 days | 3 |
61 to 120 days | 7 |
121 days or over | 3 |
30 days or under | 31 days or over | |
---|---|---|
Interference with operations | 5 | 0 |
Consultation | 5 | 0 |
Translation | 0 | 0 |
TOTAL | 10 | 0 |
Translations requested | 0 |
Translations prepared - English to French | 0 |
Translations prepared - French to English | 0 |
Copies given | 19 |
Examination | 0 |
Copies and examination | 0 |
Corrections requested | 0 |
Corrections made | 0 |
Notation attached | 0 |
Financial (all reasons) | ($000) |
---|---|
Salary | 22 |
Administration (O and M) | 1 |
TOTAL | 23 |
Person year (decimal format) | 0.45 |
- Date modified: