Annual Report to Parliament on the Administration of the Privacy Act 2012-2013

Table of contents

Chapter 1– Report on the Privacy Act

About Public Safety Canada

Public Safety Canada plays a key role in discharging the Government’s fundamental responsibility for the safety and security of its citizens. The Department of Public Safety and Emergency Preparedness Act, 2005, and the Emergency Management Act, 2007, set out two fundamental roles for the Department: (i) to support the Minister’s responsibility for all matters, except those assigned to another federal minister, related to public safety and emergency management, including national leadership and (ii) to coordinate the efforts of Portfolio agencies as well as provide guidance on their strategic priorities. The Department’s leadership role is reflected in its strategic outcome, a safe and resilient Canada, and through the pursuit of the following programs: National Security, Border Strategies, Countering Crime, Emergency Management and Internal Services. The Department also delivers a number of grant and contribution programs related to emergency management and community safety. While portfolio agencies deliver public security operations according to their individual mandates, Public Safety Canada, in its portfolio coordination role, brings strategic focus to the overall safety and security agenda. In this capacity, the Department also contributes to the safety and security of Canadians. In fulfilling its mandate, Public Safety Canada works in consultation with other organizations and partners—federal departments and agencies, provinces and territories, non-government organizations, the private sector, foreign states, academia and communities. Public Safety Canada is structurally organized into six branches: Community Safety and Partnerships, Corporate Management, Emergency Management and Regional Operations, Law Enforcement and Policing, National Security, and Strategic Policy. These branches are supported by the Internal Audit and Evaluation Directorate, the Communications Directorate, and the Legal Services Directorate. The Department has regional presence in all provinces, as well as in the North to deliver a coordinated federal response to emergencies; ensure effective delivery of emergency management programming, Aboriginal policing and crime prevention programs; as well as improve partnerships with other levels of government and key regional stakeholders.

About the Public Safety Portfolio

The Public Safety Portfolio encompasses nine organizations for which the Minister of Public Safety is responsible. In addition to Public Safety Canada, the Portfolio includes the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), the Correctional Service of Canada (CSC), the Parole Board of Canada (PBC),and the Royal Canadian Mounted Police (RCMP). It also includes three arm’s-length review bodies: the RCMP External Review Committee, the Commission for Public Complaints Against the RCMP, and the Office of the Correctional Investigator. Each organization in the portfolio administers its own access to information and privacy programs, under authorities delegated to them by the Minister.

About the Privacy Act

The Privacy Act protects the privacy of all Canadian citizens and permanent residents of Canada regarding personal information held by a government institution against unauthorized use and disclosure. The Privacy Act also gives Canadians, including those in Canada who are not permanent residents or citizens, the right to access personal information held by the government.

Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament on the administration of the Act during the financial year. This report describes how Public Safety Canada administered the Privacy Act throughout fiscal year 2012-2013.

The Access to Information and Privacy (ATIP) Unit

The Access to Information and Privacy (ATIP) Unit is part of Public Safety Canada’s Executive Services Division within the Department’s Strategic Policy Branch. It consists of one Manager, two senior advisors, four analysts, one junior analyst and one administrative officer. The ATIP Manager served as the Department’s ATIP Coordinator throughout the reporting year.

The ATIP Unit is responsible for the coordination and implementation of policies, guidelines and procedures to ensure departmental compliance with the Access to Information Act and the Privacy Act. The Unit is responsible for responding to requests made under the Acts, as well as providing the following services to the Department:

Delegation of Authority

The Minister signed a new Delegation Order for the Privacy Act on February 18, 2013. Both the current and previous delegation instruments are reproduced at Annex A. The new delegation order aligned the delegation of authority with the management structure of the Strategic Policy Branch, which administers the program.

New or Revised Policies, Guidelines or Procedures

There were no new or revised guidelines, policies or procedures issued this fiscal year.

Training

The ATIP Unit provided two training sessions on privacy-related matters this fiscal year, where a total of 49 employees attended.

Challenges

Competing priorities

The ATIP Unit at Public Safety Canada has no resources dedicated to privacy policy or training, therefore these activities are often given secondary priority to the processing of requests for information under the Access to Information Act and Privacy Act. Requests under the Privacy Act are given equal priority to those under the Access to Information Act, but the policies, advice and training provided to the department can only be provided where time permits.

Increasing volume and complexity

While the number of requests under the Privacy Act has remained relatively stable, Public Safety Canada has seen a significant increase in the overall volume of requests (see Overall Workload Trends for details). The complexity of the requests received is also challenging. The Analysts in the ATIP Unit have significant experience both in the department and in ATIP which provides a great breadth of understanding of the subject matter; however, significant review must take place as much of the personal information requested is intertwined with other individuals’ personal information. 

Investigations

Two complaint notifications were received from the Privacy Commissioner this year. The first concerned the response of the department refusing to confirm or deny the existence of personal information. This complaint was deemed to be not well-founded. The second complaint received concerned the collection of personal information by the department. The investigation into this complaint is ongoing.

Appeals to the Court

No appeals to the Federal Court or the Federal Court of Appeal were submitted for the reporting year.

Privacy Impact Assessments Completed During the Year

The Canadian Cyber Incident Response Center’s (CCIRC) Collection of Digital Information

The Department completed a Privacy Impact Assessment (PIA) for the collection of digital information in three main ways: (1) compromised data passed on to CCIRC by partners; (2) reports on compromised systems sent to CCIRC; and (3) incident research and assessment undertaken by CCIRC.

This PIA can be found on the department’s website at http://www.publicsafety.gc.ca/cnt/trnsprnc/ccss-nfrmtn-prvc/prvc-mpct-ssssmnt/cndn-cbr-ncdnt-eng.aspx

Chapter II – Privacy Act Statistical Report

Summary

Public Safety Canada received 30 requests under the Privacy Act in 2012-2013. The volume of privacy requests is small compared to the volume of requests under the Access to Information Act. Of the 31 requests processed this fiscal year, 29 were completed within the statutory deadline. One PIA was completed and posted on the website.

Overall Workload Trends

Annex B provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2012 and March 31, 2013. The following section provides an overview and interpretation of this information.

In comparison to the past five years, the overall workload for the ATIP Unit increased this year. The figures below include formal Access and Privacy requests, and consultations received from other institutions.

The following table provides an overall breakdown of workload by category for the past five years.
  2008-2009 2009-2010 2010-2011 2011-2012 2012-2013
ATI requests received by Public Safety Canada 235 208 298 363 494
Privacy requests received by Public Safety Canada 12 37 32 55 30
ATI consultations received from other institutions 198 136 223 235 248
Privacy consultations received from other institutions 10 18 9 21 10
Total workload 455 399 562 674 782

Requests Received under the Privacy Act

The number of privacy requests received remains small compared to the volume of access to information requests. Public Safety collects little information directly from Canadians in comparison with portfolio agencies whose mandates are more operational in nature, such as the Royal Canadian Mounted Police (RCMP) and Correctional Service of Canada (CSC) who receive thousands of privacy requests annually.

Throughout the year, the Department received 30 new requests under the Privacy Act. Three were three carried forward from the previous year, resulting in a total of 33 requests for the 2012-2013 fiscal year. Of these requests, 31 were completed during the reporting period. Two requests have been carried forward to the next reporting year.

Extensions

Section 15 of the Privacy Act allows institutions to extend the legal deadline for processing a request if a search for responsive records cannot be completed within 30 days of receipt of the request or if the institution must consult with other institutions. During the 2012-2013 fiscal year, the Department invoked three extensions of 30 days or less. Two extensions were invoked due to a high volume of records and interference with operations, and one extension was required in order to undertake consultations with other federal institutions.

Performance in Meeting Statutory Response Deadlines

Of the 31 completed requests, 28 were completed within 30 days. One request was completed between 31-60 days, one between 181 and 365 days, and one in excess of 365 days. Of the 31 requests completed, 29 met the statutory deadline.

Disposition of Requests for 2012-2013

Fifteen requests received under the Privacy Act were disclosed without exemptions applied. Three were disclosed in part. One was exempted in its entirety, and five were abandoned.

Consultations from Other Institutions

The Department’s role in coordinating with other federal institutions as well as those within the Public Safety portfolio has resulted in the Department having an interest in the records processed by other institutions.

The Department received a total of 11 consultations from other institutions processing requests under the Privacy Act in 2012-2013.

Disclosures Pursuant to Paragraph 8(2)(m) of the Privacy Act

Subsection 8(2)(m) of the Privacy Act provides the head of the institution with the authority to disclose personal information where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where the disclosure would clearly benefit the individual to whom the information relates.

During the reporting period, Public Safety Canada disclosed personal information pursuant to paragraph 8(2)(m) of the Privacy Act in two instances.

The Minister has determined that he will be releasing publicly all reconsideration decisions he makes under the International Transfer of Offenders Act, and released two this fiscal year pursuant to paragraph 8(2)(m)(i) of the Privacy Act.

In both cases, the Office of the Privacy Commissioner was advised before the information was disclosed.

Appendix A – Delegation of Authority for the Privacy Act

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Access to Information Act*, hereby designates the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of the Department of Public Safety and Emergency Preparedness, under the provisions of the Act and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders.

Delegation Order – Privacy Act and Regulations
Section/ Article Action Deputy Minister & Associate Deputy Minister Assistant Deputy Minister – National Security Assistant Deputy Ministers, Chief Audit Executive, Director General Communications ATIP Manager Senior ATIP Advisors & ATIP Analysts
8(2)(j) Disclosure for research purposes      
8(2)(m) Disclosure inthe public interest or in the interest of the individual        
8(4) Copies of requests under 8(2)(e) to be retained      
8(5) Notice of disclosure under  8(2)(m)      
9(1) Record of disclosures to be retained      
9(4) Consistent uses  
10 Personal information to be included in personal information banks  
14 Notice when access requested      
15 Extension of time limits    
17(2)(b) Language of access      
17(3)(b) Access to personal information in alternative format      
18(2) Exemption (exempt bank) – Disclosure may be refused      
19(1) Exemption – Personal information obtained in confidence    
19(2) Exemption – Where authorized to disclose    
20 Exemption – Federal-provincial affairs    
21 Exemption – International affairs and defence    
22 Exemption – Law enforcement and investigations    
22.3 Exemption– Public Servants Disclosure Protection Act    
23 Exemption– Security clearances    
24 Exemption – Individuals sentenced for an offence    
25 Exemption – Safety of individuals    
26 Exemption– Information about another individual    
27 Exemption – Solicitor-client privilege    
28 Exemption – Medical record    
31 Notice of intention to investigate      
35(1) Findings and recommendations of Privacy Commissioner (complaints)      
35(4) Access to be given      
36(3) Reportof findings and recommendations (exempt banks)      
37(3) Report of findings and recommendations (compliance review)          
51(2)(b) Special rules for hearings      
51(3) Ex parte representations      
72(1) Annual report to Parliament      
Delegation Order – Privacy Regulations
Section/ Article Action Deputy Minister & Associate Deputy Minister Assistant Deputy Minister – National Security Assistant Deputy Ministers, Chief Audit Executive, Director General Communications ATIP Manager Senior ATIP Advisors & ATIP Analysts
9 Reasonable facilities and time provided to examine personal information      
11(2) Notification that correction to personal information has been made      
11(4) Notification that correction to personal information has been refused      
13(1) Disclosure of personal information relating to physical or mental health may be made toa qualified medical practitioner or psychologist for an opinion on whether to release information to the requester      
14 Disclosure of personal information relating to physical ormental health may be made to a requester in the presence of a qualified medical practitioner or psychologist      

Appendix B – Statistical Report for 2012-2013 on the Privacy Act

Name of institution: Public Safety Canada

Reporting period: 01/04/2012 to 31/03/2013

Part 1 – Requests under the Privacy Act

  Number of Requests
Received during reporting period 30
Outstanding from previous reporting period 3
Total 33
Closed during reporting period 31
Carried over to next reporting period 2

Part 2 – Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion Time
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 4 11 0 0 0 0 0 15
Disclosed in part 1 2 1 0 0 1 1 6
All exempted 0 1 0 0 0 0 0 1
All excluded 0 0 0 0 0 0 0 0
No records exist 6 1 0 0 0 0 0 4
Request abandoned 5 0 0 0 0 0 0 5
Total 13 15 1 0 0 1 1 31
2.2 Exemptions
Section Number of requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 1
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 1
22(1)(b) 0
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 1
26 6
27 2
28 0
2.3 Exclusions
Section Number of requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 15 0 0
Disclosed in part 3 3 0
Total 18 3 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages processed Number of pages disclosed Number of requests
All disclosed 95 95 15
Disclosed in part 3086 2290 6
All exempted 0 0 1
All excluded 0 0 0
Request abandoned 0 0 5
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100 pages processed 101-500 pages processed 501-1000 pages processed 1001-5000 pages processed More than 5000 pages processed
Number of Requests Pages disclosed Number of Requests Pages disclosed Number of Requests Pages disclosed Number of Requests Pages disclosed Number of Requests Pages disclosed
All disclosed 15 95 0 0 0 0 0 0 0 0
Disclosed in part 3 31 0 0 2 895 1 1364 0 0
All exempted 1 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Abandoned 5 0 0 0 0 0 0 0 0 0
Total 24 126 0 0 2 895 1 1364 0 0
2.5.3 Other complexities
Disposition Consultation required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 15 0 15
Disclosed in part 1 0 6 0 7
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Abandoned 0 0 5 0 5
Total 1 0 26 0 27

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Number of requests closed past the statutory deadline Principal Reason
Workload External consultation Internal consultation Other
2 2 0 0 0
2.6.2 Number of days past deadline
Number of days past deadline Number of requests past deadline where no extension was taken Number of requests past deadline where an extension was taken Total
1 to 15 days 0 0 0
16 to 30 days 0 0 0
31 to 60 days 0 0 0
61 to 120 days 0 0 0
121 to 180 days 0 0 0
181 to 365 days 0 2 2
More than 365 days 0 0 0
Total 0 2 2
2.7 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3 – Disclosures under subsection 8(2)

Paragraph 8(2)(e) Paragraph 8(2)(m) Total
0 2 2

Part 4 – Requests for correction of personal information and notations

  Number
Requests for correction received 0
Requests for correction accepted 0
Requests for correction refused 0
Notations attached 0

Part 5 – Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of requests where an extension was taken 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation or conversion
Section 70 Other
All disclosed 0 0 0 0
Disclosed in part 2 0 1 0
All exempted 0 0 0 0
All excluded 0 0 0 0
No records exist 0 0 0 0
Request abandoned 0 0 0 0
Total 2 0 1 0
5.2 Length of extensions
Length of extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation purposes
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 2 0 1 0
Total 2 0 1 0

Part 6 – Consultations received from other institutions and organizations

6.1 Consultations received from other government institutions and organizations
Consultations Other government institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 10 106 0 0
Outstanding from the previous reporting period 1 3 0 0
Total 11 109 0 0
Closed during the reporting period 11 109 0 0
Pending at the end of the reporting period 0 0 0 0
6.2 Recommendations and completion time for consultations received from other government institutions
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days than 365 days Total
Disclose entirely 2 0 0 0 0 0 0 2
Disclose in part 4 1 0 0 0 0 0 5
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 4 0 0 0 0 0 0 4
Total 10 1 0 0 0 0 0 11
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days than 365 days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Part 7 – Completion time of consultations on Cabinet confidences

Number of days Number of responses received Number of responses received past deadline
1 to 15 0 0
16 to 30 0 0
31 to 60 0 0
61 to 120 0 0
121 to 180 0 0
181 to 365 0 0
More than 365 0 0
Total 0 0

Part 8 – Resources related to the Privacy Act

8.1 Costs
Expenditures Amount
Salaries $32,398
Overtime $0
Goods and Services $8,737
  • Contracts for privacy impact assessments $0  
  • Professional services contracts $0
  • Other $8,737
Total $41,135
8.2 Human Resources
Resources Dedicated full-time Dedicated part-time Total
Full-time employees 0.00 1.00 1.00
Part-time and casual employees 0.00 0.00 0.00
Regional staff 0.00 0.00 0.00
Consultants and agency personnel 0.00 0.00 0.00
Students 0.00 0.00 0.00
Total 0.00 1.00 1.00
Date modified: