Annual Report to Parliament on the Administration of the Privacy Act 2022-2023

B1. Introduction

This report is tabled in Parliament in accordance with section 72 of the Privacy Act under the direction of the Minister of Public Safety. The report describes how Public Safety Canada (Public Safety) administered and fulfilled its obligations under the Privacy Act between April 1, 2022, and March 31, 2023.

Purpose of the Privacy Act

The Privacy Act came into force on July 1, 1983, in order to protect the privacy of individuals by imposing obligations on government institutions subject to the Act. These obligations limit the collection, retention, use, disclosure and disposal of personal information held by these government institutions. It also gives individuals the right of access to their own personal information, with limited and specific exemptions, and the rights to request the correction of that information. Individuals who are not satisfied with an institution’s handling of their personal information or any matter related to a formal request made under the Privacy Act are entitled to complain to the Privacy Commissioner of Canada.

Mandate of Public Safety

Public Safety was created in 2003 to ensure coordination across all federal departments and agencies responsible for national security and the safety of Canadians. Our mandate is to keep Canadians safe from a range of risks such as natural disasters, crime and terrorism. Our mission is to build a safe and resilient Canada. Our vision is to, through outstanding leadership, achieve a safe and secure Canada and strong and resilient communities.

Legislation governing the department sets out three essential roles:

1. Support the Minister’s responsibility for all matters related to public safety and emergency management not assigned to another federal organization;
2. Exercise leadership at the national level for national security and emergency preparedness; and
3. Support the Minister’s responsibility for the coordination of entities within the Public Safety Portfolio.

B2. Organizational Structure

Public Safety

During the 2022-23 fiscal year, the department was organized into seven branches: Emergency Management and Programs, Crime Prevention, Portfolio Affairs and Communications, National and Cyber Security, Corporate Management, Firearms Compensation Program and the Indigenous Affairs Secretariat. The department also has a Chief Audit and Evaluation Executive and is supported by the Legal Services Unit.

Five Regional Offices represent the Atlantic, Quebec and Nunavut, Ontario, the Prairies and Northwest Territories, and British Columbia and Yukon. These offices are the primary point of contact for the department at the regional level. They deliver a coordinated federal response to emergencies; facilitate the effective delivery of emergency management, Indigenous policing and crime prevention programs; and improve partnerships with other levels of government and key regional stakeholders.

The Public Safety Portfolio: Partner Agencies and Review Bodies

The Canada Border Services Agency (CBSA) manages the nation's borders by enforcing Canadian laws governing trade and travel, as well as international agreements and conventions. CBSA facilitates legitimate cross-border traffic and supports economic development while stopping people and goods that pose a potential threat to Canada.

The Canadian Security Intelligence Service (CSIS) investigates and reports on activities that may pose a threat to the security of Canada. CSIS also provides security assessments, on request, to all federal departments and agencies.

The Correctional Service of Canada (CSC) helps protect society by encouraging offenders to become law-abiding citizens while exercising reasonable, safe, secure and humane control. CSC is responsible for managing offenders sentenced to two years or more in federal correctional institutions and under community supervision.

The Parole Board of Canada (PBC) is an independent body that grants, denies or revokes parole for inmates in federal prisons and provincial inmates in provinces without their own parole board. The PBC helps protect society by facilitating the timely reintegration of offenders into society as law-abiding citizens.

The Royal Canadian Mounted Police (RCMP) is Canada’s national police service and is the police of jurisdiction for all provinces and territories except Ontario and Quebec. The RCMP works at the community, provincial, territorial and federal levels to prevent crime; enforce the law; investigate offences; keep Canadians, and their interests, safe and secure; and assist Canadians in emergency situations/incidents. The RCMP also offers expertise at the international level by providing specialized training for police officers; conducting international policing activities, including peacekeeping; and sharing intelligence with trusted partners to support investigations, as well as disrupt and dismantle criminal operations.

The Civilian Review and Complaints Commission for the Royal Canadian Mounted Police (CRCC) investigates complaints from the public about the conduct of members of the RCMP in an open, independent and objective manner. The Commission also holds public hearings and conducts research and policy development to improve the public complaints process.

The Office of the Correctional Investigator (OCI) conducts independent, thorough and timely investigations about issues related to the Correctional Service of Canada. The OCI may initiate an investigation based on a complaint from (or on behalf of) an offender, as the result of a ministerial request, or on its own initiative.

The RCMP External Review Committee (ERC) is an independent agency that promotes fair and equitable labour relations within the RCMP. The Committee conducts an independent review of appeals in disciplinary, discharge and demotion matters, as well as certain kinds of grievances.

The Access to Information and Privacy (ATIP) Office

The department’s Access to Information and Privacy (ATIP) Office is responsible for the coordination and implementation of policies, guidelines, and procedures to ensure departmental compliance with the Access to Information Act as well as the Privacy Act. The ATIP Office is also responsible for responding to requests made under the Acts. In keeping with the department’s role to support the Minister in the coordination of entities within the Public Safety Portfolio, it also plays a leadership role with respect to ensuring alignment of approach with the ATIP Offices of other Public Safety Portfolio organizations. 

The ATIP Office is housed within the department’s Portfolio Affairs and Communications Branch, and is headed by the Director of ATIP and Executive Services, who is also responsible for Ministerial Correspondence and Secretariat Services. It is divided into two teams, the ATIP Operations Unit and the Privacy Policy and Governance Unit (PPGU), each of which is headed by a Manager who reports to the Director of ATIP and Executive Services. In 2022-23, the ATIP Office consisted of 17 full-time employees.

Public Safety was not a party to any service agreements to provide services to other organizations under section 73.1 of the Privacy Act during the fiscal year.

B3. Delegation Order

Public Safety’s current delegation order for the Privacy Act and related regulations was signed by the Minister of Public Safety and Emergency Preparedness on July 21, 2020. As of October 26, 2021, the responsibilities of the Minister of Public Safety and Emergency Preparedness were divided between two Ministers: the Minister of Public Safety and the Minister of Emergency Preparedness. Despite this change, the current Delegation Order remained valid for all exercise of delegated authorities by employees of the department under the Privacy Act and can be found in Annex A. 

The following authorities are granted under this delegation order:

• Full authority is granted to the Deputy Minister of Public Safety, the Associate Deputy Minister, the Assistant Deputy Minister of Portfolio Affairs and Communication Branch, the Director General of Cabinet and Parliamentary Affairs and Executive Services, the Director of ATIP and Executive Services, as well as the Manager of ATIP Operations.
• ATIP Operations Team Leaders and ATIP Analysts possess authority under Sections 15 of the Privacy Act and Assistant Deputy Ministers as well as Chief Audit Executives possess authority under Section 9(4) and 10 of the Privacy Act.

B4. Performance 2022-23

The following sections provide an overview of key data on Public Safety’s processing of Privacy Act requests between April 1, 2022, and March 31, 2023. The full statistical report can be found in Annex B, and the Supplemental Statistical Report can be found in Annex C.

Response within Legislated Timelines

In 2022-2023, Public Safety received 37 requests under the Privacy Act, a slight decrease compared to the previous year (40 requests). During the year, the department completed 40 requests. Of these, 35 (87.5%) requests were completed on time, a slight decrease compared to the previous year (92.5%).

The decrease of 5% is largely associated with the COVID-19 pandemic, during which time the ATIP Office was unable to process some of the department’s files due to employees working remotely. In 2021-22, the department restored full capacity to process requests, and since that time, the ATIP team has turned its attention to addressing the backlog of files. As these files are completed, they will continue to have the temporary effect of lowering Public Safety’s overall on-time completion rate.

Completion Times

A total of 40 files were completed during the fiscal year. Due to the focus on completing backlog files delayed by the pandemic, there was a slight increase in files with longer completion times (greater than 180 days), as seen in the table below.

Active Requests Outstanding from Previous Reporting Periods

At the end of the fiscal year, Public Safety had a total of 6 active requests that were carried over to the next reporting period. Of these, 2 were within the legislated timeline, while 4 were beyond the legislated timeline. Of the 4 files that were beyond the legislated timeline, 3 were related to the circumstances of the pandemic.

Active Complaints Outstanding from Previous Reporting Periods

At the end of the fiscal year, Public Safety had a total of 3 active complaints that were carried over to the next reporting period. The ATIP Office worked closely with the Office of the Privacy Commissioner during the year to ensure complaints were addressed, and no significant issues were flagged.

Reasons for Extensions

A total of 5 extensions were taken during the fiscal year.

Consultations from Other Institutions

Public Safety completed 3 consultations for another institution. Of these, 2 consultations were responded to in under 15 days, while 1 was responded to in over 365 days.

Disposition of Requests

Of the 40 completed requests, 12.5% had records that were entirely disclosed, and 17.5% had records that were disclosed in part. The remaining requests were either abandoned, or no records existed corresponding to the request.

Impacts of the COVID-19 Pandemic

A primary focus for the ATIP Office in 2022-23 was implementing plans to tackle the backlog of files delayed during the pandemic. While these measures were taken primarily to address the much larger backlog of requests received under the Access to Information Act, they also supported processing of backlog requests received under the Privacy Act. Key measures taken during the year included:

• Securing approval to hire additional resources to focus on the backlog effort;
• Conducting a systematic review of all backlog files, and developing a plan to task files to program areas on a priority basis;
• Creating a dedicated intake unit responsible for triaging and tasking out requests and receiving records from program areas; and
• Developing a “concierge”-style support service for specific program areas dealing with especially large volumes, or other complexities.

By March 31, 2022, the ATIP Office had addressed the majority of backlog privacy requests, and only 3 such requests remained at the end of the fiscal year.

B5. Training and Awareness       

Public Safety remains committed to promoting awareness and providing ongoing training opportunities to all employees. During the year, the ATIP team updated its training and outreach function to the department to reinforce knowledge and understanding of the legislation and ATIP process among policy and program areas. The team completely revised its training model, distributing the training function among a team of senior ATIP analysts, in order to better respond to the diverse needs of the department. ATIP also updated its training materials to simplify its approach and incorporate best practices from other departments.

Over the course of the year, the ATIP Office provided 21 training and information sessions on the Access to Information Act and Privacy Act. A variety of subject matter was presented, including strategies for retrieving records and applying exemptions, as well as requirements for proactive publication. A total of 393 people attended these sessions.

The PPGU also provides outreach and awareness concerning the department’s privacy obligations as well as resources available, through department-wide communication modes such as InfoBulletin and the Administrative Professionals Network Newsletter. The PPGU has also promoted Privacy Impact Assessment training hosted by the Office of the Privacy Commissioner. The PPGU routinely meets with new departmental programs to ensure the unit’s visibility and promote the importance of privacy principles. 

B6. Policies, Guidelines, and Procedures

During the year, the PPGU completed a series of operating procedures for Public Safety employees, to ensure that privacy considerations are being taken into account when initiating new programs, surveys, and outreach activities. The PPGU has also worked closely with the Information Management division, for example to support the transition away from the RDIMS file repository and the gradual roll out of GCDOCS at Public Safety. The team conducted a streamlining of current privacy resource materials available to the department, and current resource materials listed on Public Safety’s intranet were also updated to reflect current privacy operating standards. 

B7. Initiatives and Projects to Improve Privacy

During the year, the PPGU team launched outreach efforts to connect with a range of new internal clients, in order to increase opportunities to provide independent advice to Public Safety programs to support the safeguarding of personal information. The Privacy Policy Unit currently sits on the 3rd Party Solutions Approval Team, which also includes representatives of the department’s Information Management, IT Security, Accessibility, Official Languages, Contracting, and Engagement units.  With the goal of encouraging Privacy by design, new digital solutions are now vetted with a privacy lens. 

Similarly, the PPGU has also worked with contracting in the review of privacy implications with the issuance of contracts through the department.  Privacy review and analysis is ongoing with both Treasury Board Submissions and Memoranda to Cabinet. In the upcoming fiscal year, the PPGU will continue to incorporate privacy by design principals with programs and partners.  It will also complete a series of helpful guideline-based documents that will ensure that new and existing programs think privacy as they plan for the roll out of new initiatives.

The PPGU has also worked closely with Public Safety’s Research Division in the creation of Privacy decision guidelines.  These documents were created to inform programs on potential privacy implications that could be encountered during research initiatives.  The documents include a decision tree, as well as a privacy and ethics guide.

B8. Summary of Key Issues and Actions Taken on Complaints

During the year, despite the low number of complaints received, Public Safety’s ATIP Office maintained a constructive relationship with the Office of the Privacy Commissioner (OPC) and worked proactively with the OPC to address complaints in relation to Privacy Act requests.

B9. Material Privacy Breaches

There were no material privacy breaches reported during the reporting period.  

B10. Privacy Impact Assessments

No Privacy Impact Assessments were completed during the reporting period.

B11. Public Interest Disclosures Pursuant to paragraph 8(2)(m) of the Privacy Act

Paragraph 8(2)(m) of the Privacy Act provides the head of the institution with the authority to disclose personal information where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where the disclosure would clearly benefit the individual to whom the information relates.

No disclosures pursuant to paragraph 8(2)(m) of the Privacy Act were made by Public Safety this fiscal year.

B12. Monitoring Compliance

In an effort to monitor compliance, the department’s weekly ATIP report includes the list of new Privacy Act requests and deadlines for retrieval of materials. This report was shared with the Deputy Minister, Assistant Deputy Ministers, and other senior officials, and discussed at senior management meetings as required. In addition, ATIP performance is monitored at the ADM level through their Performance Management Agreements to ensure ATIP is a priority within the department. The Privacy Policy Unit reviews contracts and information sharing agreements when required and provides advice and guidance with respect to privacy protections.

Annex A: Delegation Order

Privacy Act Delegation Order

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of Public Safety and Emergency Preparedness, under the provisions of the Privacy Act and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders.

Dated, at the City of Ottawa, this 21st day of July, 2020.

The Honourable William Sterling Blair, P.C., C.O.M., M.P.
Minister of Public Safety and Emergency Preparedness

Annex B – Statistical Report

Section 1: Requests Under the Privacy Act

Section 2: Informal Requests

Section 3: Requests Closed During the Reporting Period

3.5 Complexity

3.6 Closed requests

3.7 Deemed refusals

Section 4: Disclosures Under Subsections 8(2) and 8(5)

Section 5: Requests for Correction of Personal Information and Notations

Section 6: Extensions

Section 7: Consultations Received From Other Institutions and Organizations

Section 8: Completion Time of Consultations on Cabinet Confidences

Section 9: Complaints and Investigations Notices Received

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)

Section 11: Privacy Breaches

Section 12: Resources Related to the Privacy Act

Annex C: Supplemental Statistical Report

Section 1: Capacity to Receive Requests under the Access to Information Act and the Privacy Act

Section 2: Capacity to Process Records under the Access to Information Act and the Privacy Act

Section 3: Open Requests and Complaints Under the Access to Information Act

Section 4: Open Requests and Complaints Under the Privacy Act

Section 5: Social Insurance Number (SIN)

Has your institution begun a new collection or a new consistent use of the SIN in 2022-2023?

• No
  

Section 6: Universal Access under the Privacy Act

How many requests were received from confirmed foreign nationals outside of Canada in 2022-2023?

• 0

Date modified:

2023-11-28