Annual Report to Parliament on the Administration of the Privacy Act 2013-2014
Table of contents
- Chapter I – Report on the Privacy Act
- About Public Safety Canada
- About the Public Safety Portfolio
- About the Privacy Act
- The Access to Information and Privacy (ATIP) Unit
- Delegation of Authority
- New or Revised Policies, Guidelines or Procedures
- Training
- Challenges
- Competing Priorities
- Increase Volume and Complexity
- Investigations
- Appeals to the Court
- Privacy Impact Assessments Completed During the Year
- Office of Reconsideration – Passenger Protect Program
- Specified Persons Advisory Group – Passenger Protect Program
- Chapter II – Privacy Act Statistical Report
- Appendix A – Delegation of Authority for the Privacy Act
- Appendix B – Statistical Report for 2013-2014 on the Privacy Act
Chapter I – Report on the Privacy Act
About Public Safety Canada
Public Safety Canada plays a key role in discharging the Government's fundamental responsibility for the safety and security of its citizens. The Department of Public Safety and Emergency Preparedness Act, 2005, and the Emergency Management Act, 2007, set out two essential roles for the Department: (i) to support the Minister's responsibility for all matters, except those assigned to another federal minister, related to public safety and emergency management, including national leadership and (ii) to coordinate the efforts of Portfolio agencies as well as provide guidance on their strategic priorities. The Department provides strategic policy advice and support to the Minister of Public Safety and Emergency Preparedness on a range of issues, including national security, border strategies, countering crime and emergency management. While Portfolio agencies deliver public security operations according to their mandates, Public Safety Canada, in its portfolio coordination role, brings strategic focus to the overall safety and security agenda. The Department also delivers a number of grant and contribution programs to Canadians related to emergency management and community safety. In addition, Public Safety Canada's Government Operations Centre provides strategic-level coordination and direction on behalf of the Government of Canada in response to events that affect the national interest. Through the development and implementation of clearly articulated policies and programs, the Department works towards the achievement of its strategic outcome: “A safe and resilient Canada”. Public Safety Canada is structurally organized into five branches: Emergency Management and Programs, Community Safety and Countering Crime, Portfolio Affairs and Communications, National and Cyber Security, Corporate Management; and it also has a Chief Audit and Evaluation Executive. The Branches are supported by the Legal Services Unit. The Department has regional presence in all provinces, as well as in the North. Public Safety Canada's regional offices are a primary contact in the regions to deliver a coordinated federal response to emergencies; facilitate the effective delivery of emergency management, Aboriginal policing and crime prevention programs; and improve partnerships with other levels of government and key regional stakeholders.
About the Public Safety Portfolio
The Public Safety Portfolio encompasses nine organizations which directly contribute to the safety and security of Canadians. In addition to Public Safety Canada, the Portfolio includes: Canada Border Service Agency (CBSA); Canadian Security Intelligence Service (CSIS); Correctional Service of Canada (CSC); Parole Board of Canada (PBC); and the Royal Canadian Mounted Police (RCMP). It also includes three arm's-length review bodies: the RCMP External Review Committee; the Commission for Public Complaints against the RCMP; and the Office of the Correctional Investigator. Each organization in the portfolio administers its own access to information and privacy programs, under authorities delegated to them by the Minister.
About the Privacy Act
The Privacy Act protects the privacy of all Canadian citizens and permanent residents of Canada regarding personal information held by a government institution against unauthorized use and disclosure. The Privacy Act also gives Canadians, including those in Canada who are not permanent residents or citizens, the right to access personal information held by the government.
Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament on the administration of the Act during the financial year. This report outlines how Public Safety Canada administered the Privacy Act throughout fiscal year 2013-2014.
The Access to Information and Privacy (ATIP) Unit
The Access to Information and Privacy (ATIP) Unit is part of Public Safety Canada's Executive Services Division within the Department's Portfolio Affairs and Communications Branch. This year, the Portfolio Affairs & Communications Branch reallocated internally to fund one additional analyst's position in the ATIP Unit. As a result, the unit now consists of one ATIP Coordinator, two senior advisors, five analysts, one junior analyst and one administrative officer. The ATIP Manager served as the Department's ATIP Coordinator until September, and the Director of Executive Services served as Coordinator for the balance of the reporting year.
The ATIP Unit is responsible for the coordination and implementation of policies, guidelines and procedures to ensure departmental compliance with the Access to Information Act and the Privacy Act. The Unit is responsible for responding to requests made under the Acts, as well as providing the following services to the Department:
- processing consultations received from other institutions;
- providing advice and guidance to employees and senior officials on ATIP related matters;
- producing the Annual Reports to Parliament;
- delivering ATIP awareness sessions to departmental employees;
- coordinating regular updates to Info Source manuals;
- reviewing departmental documents, such as audits and evaluations, prior to proactively disclosing these on the departmental website;
- developing departmental procedures for processing ATIP requests;
- maintaining the Department's ATIP reading room; and
- participating in forums for the ATIP community, such as the Treasury Board Secretariat's ATIP Community meetings and working groups.
Delegation of Authority
The new Minister of Public Safety, appointed July 15, 2013, signed a new Delegation Order for the Privacy Act on January 23, 2014. Both the current and previous delegation instruments are reproduced at Annex A. The current delegation order reflects a change in departmental structure, delegating authority to apply exemptions under the Acts to the Senior Assistant Deputy Minister, as well as the Assistant Deputy Minister of the National Cyber and Security Branch.
New or Revised Policies, Guidelines or Procedures
There were no new or revised guidelines, policies or procedures issued this fiscal year.
Training
The ATIP Unit was unable to provide training sessions on the Privacy Act and departmental processes this fiscal year due to resource levels, a 126% increase in the volume of Privacy requests, and a continued high volume in the number of Access requests received.
Challenges
Competing Priorities
The ATIP Unit at Public Safety Canada has no resources dedicated to privacy policy or training, therefore these activities are often given secondary priority to the processing of requests for information under both the Access to Information Act and the Privacy Act. Requests under the Privacy Act are given equal priority to those under the Access to Information Act, but the policies, advice and training provided to the department can only be provided where time permits.
Increasing Volume and Complexity
The number of requests under the Privacy Act have more than doubled over the previous fiscal year and Public Safety has seen a significant increase in the overall volume of requests as well. Further, the complexity of the requests received is also challenging. The Analysts in the ATIP Unit have significant experience both in the department and in ATIP which provides a great breadth of understanding of the subject matter; however, significant review must take place as much of the personal information requested is intertwined with other individuals' personal information.
Investigations
There were no complaints received this year under the Privacy Act.
Appeals to the Court
There were no appeals to the Courts.
Privacy Impact Assessments Completed During the Year
Office of Reconsideration – Passenger Protect Program
The Department completed a first Privacy Impact Assessment (PIA) for the Passenger Protect Program pertaining to the Office of Reconsideration. This PIA was submitted to the Office of the Privacy Commissioner.
Specified Persons Advisory Group – Passenger Protect Program
The Department completed a second PIA for the Passenger Protect Program pertaining to the Specified Persons Advisory Group. This PIA was also submitted to the Office of the Privacy Commissioner.
Chapter II – Privacy Act Statistical Report
Summary
In 2013-2014, Public Safety Canada received 68 requests under the Privacy Act, an increase of approximately 127 per cent over the previous year. Despite this increase in requests, Public Safety Canada completed 100 per cent on time, the sixth consecutive year of over 90 per cent on time completion. The average number of days to process a request was 14. Ninety-seven per cent of all requests were completed within 30 days.
Overall Workload Trends
Annex B provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2013 and March 31, 2014. The following section provides an overview and interpretation of this information.
In comparison to the past five years, the overall workload for the ATIP Unit increased this year. The figures below include formal Access and Privacy requests, and consultations received from other institutions.
The following table provides an overall breakdown of workload by category for the past five years.
2009-2010 | 2010-2011 | 2011-2012 | 2012-2013 | 2013-2014 | |
---|---|---|---|---|---|
ATI requests received by Public Safety Canada | 208 | 298 | 363 | 494 | 465 |
Privacy requests received by Public Safety Canada | 37 | 32 | 55 | 30 | 68 |
ATI consultations received from other institutions | 136 | 223 | 235 | 248 | 255 |
Privacy consultations received from other institutions | 18 | 9 | 21 | 10 | 9 |
Total workload | 399 | 562 | 674 | 782 | 797 |
Requests Received under the Privacy Act
The number of privacy requests remains small compared to the volume of access to information requests. Public Safety collects little information directly from Canadians in comparison to portfolio agencies whose mandates are more operational in nature, such as the Royal Canadian Mounted Police (RCMP) and Correctional Service of Canada (CSC) who receive thousands of privacy requests annually.
Public Safety Canada received 68 new Privacy Act requests throughout the 2013-2014 fiscal year, representing an increase of approximately 127 per cent over the number of requests received the previous year (30). Two requests were carried forward from the previous fiscal year, resulting in a total of 70 requests to process during 2013-2014. Of these requests, 68 were completed during the reporting year, while the remaining two requests were carried forward to the next reporting year.
Extensions
Section 15 of the Privacy Act allows institutions to extend the legal deadline for processing a request if a search for responsive records cannot be completed within
30 days of receipt of the request or if the institution must consult with other institutions.
During the 2013-2014 fiscal year, the Department invoked two extensions of 16 to 30 days. The extensions invoked were due to a high volume of records and interference with operations.
Performance in Meeting Statutory Response Deadlines
Of the 68 completed requests, 45 were completed within 15 days, a further 21 were completed between 16-30 days and two between 31 and 60 days. All 68 of the requests were completed within the statutory deadline.
Disposition of Requests for 2013-2014
Thirteen requests received under the Privacy Act were disclosed without exemptions applied. Ten were disclosed in part, two were exempted in their entirety and two were abandoned. No records existed in response to 41 requests.
Consultations from other Institutions
The Department's role in coordinating with other federal institutions as well as those within the Public Safety portfolio has normally resulted in the Department having an interest in the records processed by other institutions. During fiscal year 2013-2014 a total of nine consultations from other institutions were received.
Disclosures Pursuant to paragraph 8(2)(m) of the Privacy Act
Subsection 8(2)(m) of the Privacy Act provides the head of the institution with the authority to disclose personal information where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where the disclosure would clearly benefit the individual to whom the information relates. During this reporting period however, Public Safety did not disclose personal information pursuant to paragraph 8(2)(m).
Appendix A – Delegation of Authority for the Privacy Act
Section/Article | Action | Deputy Minister & Associate Deputy Minister | Assistant Deputy Minister – National Security | Assistant Deputy Ministers, Chief Audit Executive, Director General Communications | ATIP Manager | Senior ATIP Advisors & ATIP Analysts |
---|---|---|---|---|---|---|
8(2)(j) | Disclosure for research purposes | ● | ● | |||
8(2)(m) | Disclosure inthe public interest or in the interest of the individual | ● | ||||
8(4) | Copies of requests under 8(2)(e) to be retained | ● | ● | |||
8(5) | Notice of disclosure under 8(2)(m) | ● | ● | |||
9(1) | Record of disclosures to be retained | ● | ● | |||
9(4) | Consistent uses | ● | ● | ● | ● | |
10 | Personal information to be included in personal information banks | ● | ● | ● | ● | |
14 | Notice when access requested | ● | ● | |||
15 | Extension of time limits | ● | ● | ● | ||
17(2)(b) | Language of access | ● | ● | |||
17(3)(b) | Access to personal information in alternative format | ● | ● | |||
18(2) | Exemption (exempt bank) – Disclosure may be refused | ● | ● | |||
19(1) | Exemption – Personal information obtained in confidence | ● | ● | ● | ||
19(2) | Exemption – Where authorized to disclose | ● | ● | ● | ||
20 | Exemption – Federal-provincial affairs | ● | ● | ● | ||
21 | Exemption – International affairs and defence | ● | ● | ● | ||
22 | Exemption – Law enforcement and investigations | ● | ● | ● | ||
22.3 | Exemption– Public Servants Disclosure Protection Act | ● | ● | ● | ||
23 | Exemption– Security clearances | ● | ● | ● | ||
24 | Exemption – Individuals sentenced for an offence | ● | ● | ● | ||
25 | Exemption – Safety of individuals | ● | ● | ● | ||
26 | Exemption– Information about another individual | ● | ● | ● | ||
27 | Exemption – Solicitor-client privilege | ● | ● | ● | ||
28 | Exemption – Medical record | ● | ● | ● | ||
31 | Notice of intention to investigate | ● | ● | |||
35(1) | Findings and recommendations of Privacy Commissioner (complaints) | ● | ● | |||
35(4) | Access to be given | ● | ● | |||
36(3) | Reportof findings and recommendations (exempt banks) | ● | ● | |||
37(3) | Report of findings and recommendations (compliance review) | |||||
51(2)(b) | Special rules for hearings | ● | ● | |||
51(3) | Ex parte representations | ● | ● | |||
72(1) | Annual report to Parliament | ● | ● |
Section/ Article | Action | Deputy Minister & Associate Deputy Minister | Assistant Deputy Minister – National Security | Assistant Deputy Ministers, Chief Audit Executive, Director General Communications | ATIP Manager | Senior ATIP Advisors & ATIP Analysts |
---|---|---|---|---|---|---|
9 | Reasonable facilities and time provided to examine personal information | ● | ● | |||
11(2) | Notification that correction to personal information has been made | ● | ● | |||
11(4) | Notification that correction to personal information has been refused | ● | ● | |||
13(1) | Disclosure of personal information relating to physical or mental health may be made toa qualified medical practitioner or psychologist for an opinion on whether to release information to the requester | ● | ● | |||
14 | Disclosure of personal information relating to physical ormental health may be made to a requester in the presence of a qualified medical practitioner or psychologist | ● | ● |
Appendix B – Statistical Report for 2013-2014 on the Privacy Act
PART 1 – Requests under the Privacy Act
Number of Requests | |
---|---|
Received during reporting period | 68 |
Outstanding from previous reporting period | 2 |
Total | 70 |
Closed during reporting period | 68 |
Carried over to next reporting period | 2 |
PART 2 – Requests closed during the reporting period
Disposition of requests | Completion Time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
All disclosed | 3 | 10 | 0 | 0 | 0 | 0 | 0 | 13 |
Disclosed in part | 5 | 3 | 2 | 0 | 0 | 0 | 0 | 10 |
All exempted | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 2 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 34 | 7 | 0 | 0 | 0 | 0 | 0 | 41 |
Request abandoned | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
Total | 45 | 21 | 2 | 0 | 0 | 0 | 0 | 68 |
Section | Number of requests | Section | Number of requests | Section | Number of requests |
---|---|---|---|---|---|
18(2) | 0 | 22(1)(a)(i) | 0 | 23(a) | 0 |
19(1)(a) | 0 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
19(1)(b) | 0 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
19(1)(c) | 0 | 22(1)(b) | 0 | 24(b) | 0 |
19(1)(d) | 0 | 22(1)(c) | 0 | 25 | 0 |
19(1)(e) | 0 | 22(2) | 0 | 26 | 10 |
19(1)(f) | 0 | 22.1 | 0 | 27 | 0 |
20 | 0 | 22.2 | 0 | 28 | 0 |
21 | 1 | 22.3 | 0 |
Section | Number of requests | Section | Number of requests | Section | Number of requests |
---|---|---|---|---|---|
69(1)(a) | 0 | 70(1)(a) | 0 | 70(1)(d) | 0 |
69(1)(b) | 0 | 70(1)(b) | 0 | 70(1)(e) | 0 |
69.1 | 0 | 70(1)(c) | 0 | 70(1)(f) | 0 |
70.1 | 0 |
Disposition | Paper | Electronic | Other formats |
---|---|---|---|
All disclosed | 7 | 6 | 0 |
Disclosed in part | 5 | 5 | 0 |
Total | 12 | 11 | 0 |
2.5 Complexity
Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
---|---|---|---|
All disclosed | 2594 | 2479 | 13 |
Disclosed in part | 9016 | 5487 | 10 |
All exempted | 0 | 0 | 2 |
All excluded | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 2 |
Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages disclosed | Number of Requests | Pages disclosed | Number of Requests | Pages disclosed | Number of Requests | Pages disclosed | Number of Requests | Pages disclosed | |
All disclosed | 6 | 73 | 7 | 2406 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 5 | 219 | 2 | 370 | 1 | 418 | 1 | 1212 | 1 | 3268 |
All exempted | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Abandoned | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 15 | 292 | 9 | 2776 | 1 | 418 | 1 | 1212 | 1 | 3268 |
Disposition | Consultation required | Legal Advice Sought | Interwoven Information | Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 0 | 13 | 13 | 26 |
Disclosed in part | 1 | 0 | 10 | 10 | 21 |
All exempted | 0 | 0 | 2 | 2 | 4 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Abandoned | 0 | 0 | 2 | 2 | 4 |
Total | 1 | 0 | 27 | 27 | 55 |
2.6 Deemed refusals
Number of requests closed past the statutory deadline | Principal Reason | |||
---|---|---|---|---|
Workload | External consultation | Internal consultation | Other | |
0 | 0 | 0 | 0 | 0 |
Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
---|---|---|---|
1 to 15 days | 0 | 0 | 0 |
16 to 30 days | 0 | 0 | 0 |
31 to 60 days | 0 | 0 | 0 |
61 to 120 days | 0 | 0 | 0 |
121 to 180 days | 0 | 0 | 0 |
181 to 365 days | 0 | 0 | 0 |
More than 365 days | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
PART 3 – Disclosures under subsection 8(2)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Total |
---|---|---|
0 | 0 | 0 |
PART 4 – Requests for correction of personal information and notations
Number | |
---|---|
Requests for correction received | 0 |
Requests for correction accepted | 0 |
Requests for correction refused | 0 |
Notations attached | 0 |
PART 5 – Extensions
Disposition of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation or conversion | |
---|---|---|---|---|
Section 70 | Other | |||
All disclosed | 0 | 0 | 0 | 0 |
Disclosed in part | 2 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 |
No records exist | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 |
Total | 2 | 0 | 0 | 0 |
Length of extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes | |
---|---|---|---|---|
Section 70 | Other | |||
1 to 15 days | 0 | 0 | 0 | 0 |
16 to 30 days | 2 | 0 | 0 | 0 |
Total | 2 | 0 | 0 | 0 |
PART 6 – Consultations received from other institutions and organizations
Consultations | Other government institutions | Number of pages to review | Other organizations | Number of pages to review |
---|---|---|---|---|
Received during the reporting period | 9 | 59 | 0 | 0 |
Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
Total | 9 | 59 | 0 | 0 |
Closed during the reporting period | 9 | 59 | 0 | 0 |
Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
Disclose entirely | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 5 |
Disclose in part | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 3 |
Total | 9 | 0 | 0 | 0 | 0 | 0 | 0 | 9 |
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
PART 7 – Completion time of consultations on Cabinet confidences
Number of days | Number of responses received | Number of responses received past deadline |
---|---|---|
1 to 15 | 0 | 0 |
16 to 30 | 0 | 0 |
31 to 60 | 0 | 0 |
61 to 120 | 0 | 0 |
121 to 180 | 0 | 0 |
181 to 365 | 0 | 0 |
More than 365 | 0 | 0 |
Total | 0 | 0 |
PART 8 – Resources related to the Privacy Act
Expenditures | Amount |
---|---|
Salaries | $202,756 |
Overtime | $0 |
Goods and Services | $0 |
Contracts for privacy impact assessments | $0 |
Professional services contracts | $0 |
Other | $0 |
Total | $202,756 |
Resources | Dedicated full-time | Dedicated part-time | Total |
---|---|---|---|
Full-time employees | 0.00 | 1.50 | 1.50 |
Part-time and casual employees | 0.00 | 0.00 | 0.00 |
Regional staff | 0.00 | 0.00 | 0.00 |
Consultants and agency personnel | 0.00 | 0.00 | 0.00 |
Students | 0.00 | 0.00 | 0.00 |
Total | 0.00 | 1.50 | 1.50 |
- Date modified: