Privacy Act Annual Report 2010-2011

PDF (103 KB)

Table of contents

Chapter I - Report on the Privacy Act

About Public Safety Canada

Public Safety Canada Public Safety Canada exercises a broad leadership role that brings coherence to the activities of the departments and agencies responsible for public safety and security.  The Department of Public Safety and Emergency Preparedness Act, 2005, and the Emergency Management Act, 2007, set out two fundamental roles for the Department:  support to the Minister's responsibility for all matters except those assigned to another federal minister related to public safety and emergency management, including national leadership; and to coordinate the efforts of Portfolio agencies, as well as provide guidance on their strategic priorities.  The Department's leadership role is reflected in its strategic outcome, a safe and resilient Canada, and through the pursuit of the following program activities:  National Security, Border Strategies, Countering Crime, Emergency Management and Internal Services.  The Department, in its portfolio coordination role, brings strategic focus to the overall safety and security agenda.  In fulfilling its mandate, the Department works in consultation with other organizations and partners - federal departments and agencies, provinces and territories, non-government organizations, the private sector, foreign states, academia and communities.

About the Public Safety Portfolio

The Public Safety Portfolio encompasses nine organizations for which the Minister of Public Safety is responsible. In addition to Public Safety Canada, the Portfolio includes the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), the Correctional Service of Canada (CSC), the Parole Board of Canada (PBC),and the Royal Canadian Mounted Police (RCMP). It also includes three arm's-length review bodies: the RCMP External Review Committee, the Commission for Public Complaints Against the RCMP, and the Office of the Correctional Investigator.  Each organization in the portfolio administers its own access to information and privacy programs, under authorities delegated to them by the Minister.

About the Privacy Act

The Privacy Act protects the privacy of all Canadian citizens and permanent residents of Canada regarding personal information held by a government institution against unauthorized use and disclosure. The Privacy Act also gives Canadians, including those in Canada who are not permanent residents or citizens, the right to access personal information held by the government.

Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament on the administration of the Act during the financial year. This report describes how Public Safety Canada administered the Privacy Act throughout fiscal year 2010-2011.

The Access to Information and Privacy (ATIP) Unit

The Access to Information and Privacy (ATIP) Unit is part of Public Safety Canada's Executive Services Division within the Department's Strategic Policy Branch. It consists of one Manager, two senior advisors, four analysts, one junior analyst and one administrative officer. The ATIP Manager served as the Department's ATIP Coordinator throughout the reporting year.

The ATIP Unit is responsible for the coordination and implementation of policies, guidelines and procedures to ensure departmental compliance with the Access to Information Act and the Privacy Act.  The Unit is responsible for responding to requests made under the Acts, as well as providing the following services to the Department:

Delegation of Authority

The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to employees of the ATIP Unit through a delegation instrument signed by the Minister of Public Safety.   The approval of all exemptions is delegated to the Department's Deputy Minister, Associate Deputy Minister, five Assistant Deputy Ministers (ADMs), one Associate ADM, the Director General of Communications, and the Chief Audit Executive.

The current delegation instrument is reproduced at Annex A.

Highlights and Accomplishments for 2010-2011

Public Safety Canada has continued to improve the way in which the Department responds to Privacy Act requests, by focusing on improving timeliness, efficiency and accuracy. Some of the highlights are as follows:

New/Revised Policies/Guidelines or Procedures

Privacy Impact Assessment Framework

The ATIP Unit created, with the assistance of a number of other government departments, a Privacy Impact Assessment Framework in order to provide Public Safety employees with the information and resources required to conduct a Privacy Impact Assessment in an effective and efficient manner.  This Framework was approved by the Deputy Minister and is being made available to all departmental employees on the departmental Intranet site.

Challenges

Staffing

As with most federal institutions, recruitment and retention of qualified ATIP professionals continues to be a challenge.  The challenge at Public Safety Canada is further complicated by the requirement that many ATIP staff require security clearances at the very highest level given the nature of the Department's business. Public Safety Canada continues to examine resource levels in the ATIP Unit.

Turnover of departmental staff generally poses challenges for recordkeeping and maintaining awareness of ATIP procedures.

Chapter II - Privacy Act Statistical Report

Figures and Analysis

Annex B provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2010 and March 31, 2011. The following section provides an overview and interpretation of this information.

provides a summarized statistical report on Privacy Act requests processed by Public Safety Canada between April 1, 2010 and March 31, 2011. The following section provides an overview and interpretation of this information.

The following table provides an overall breakdown of workload by category for the past five years.

Workload by category
  2006-2007 2007-2008 2008-2009 2009-2010 2010-2011
ATI requests received by
Public Safety Canada
229 296 235 208 298
Privacy requests received by
Public Safety Canada
11 17 12 37 32
ATI consultations received from other institutions 177 175 198 136 223
Privacy consultations received from other institutions 5 7 10 18 9
Total Workload 422 495 455 399 562

Requests Received Under the Privacy Act

The number of privacy requests remains small compared to the volume of access to information requests. Public Safety Canada collects little information directly from Canadians and therefore receives very few privacy requests. In comparison, portfolio agencies whose mandates are more operational in nature, such as the Royal Canadian Mounted Police (RCMP) and Correctional Service of Canada (CSC), receive thousands of privacy requests annually.

Throughout the year, the Department received 32 new requests under the Privacy Act.  Five were carried forward from the previous year, resulting in a total of 37 requests for the 2009-2010 fiscal year.  Of these requests, 33 were completed during the reporting period.  Four requests have been carried forward to the next reporting year.

Extensions

Section 15 of the Privacy Act allows institutions to extend the legal deadline for processing a request if a search for responsive records cannot be completed within 30 days of receipt of the request or if the institution must consult with other institutions. During the 2010-2011 fiscal year, the Department invoked ten extensions of 30 days or less.  Five extensions were invoked due to a high volume of records and interference with operations, and five extensions was required in order to undertake consultations with other federal institutions.

Performance in Meeting Statutory Response Deadlines

Of the 33 completed requests, 20 were completed within 30 days.  Three requests were completed between 31-60 days, seven between 61 and 120 days, and three were completed in 121 days or over.

Disposition of Requests for 2010-2011

Some privacy requests received in Public Safety Canada's ATIP Unit were intended for one of the institutions within the Public Safety portfolio, such as the RCMP, CSC, CBSA or CSIS. The Department was unable to process these requests as the requested information was not under the institution's control.  Of the 33 completed requests, the Department was unable to process eight.

Records were all disclosed in response to seven requests, and 12 were disclosed in part. Two requests were abandoned and four were transferred to other institutions with the consent of the requester.

Consultations from Other Institutions

The Department's role in coordinating with other federal institutions as well as those within the Public Safety portfolio has resulted in the Department having an interest in the records processed by other institutions.

The Department received a total of nine consultations from other institutions processing requests under the Privacy Act in 2010-2011.

Investigations

Two complaints were filed with the Privacy Commissioner this year, both alleging that the Department denied the requesters access to their personal information.  One of these complaint investigations was concluded this year, resulting in a finding of resolved.  The investigation into the other complaint is ongoing.

Appeals to the Court

No appeals to the Federal Court or the Federal Court of Appeal were submitted for the reporting year.

Training

The ATIP Unit developed training materials to help departmental employees understand the Privacy Act and their role in protecting personal information.  Five two-hour training sessions were held throughout the reporting year, and a total of 35 departmental employees received training.

The training material used for these sessions was also made available to all employees on the Department's intranet site.

The ATIP Unit intends to continue delivering privacy awareness sessions, subject to resource availability and operational requirements.

Privacy Impact Assessments Completed During the Year

Direct Deposit for Non-salary Payments

The Department completed a Privacy Impact Assessment (PIA) for the Direct Deposit of Non-salary Payments into Public Safety Canada employee's bank accounts.  The deposits are for the reimbursement of non-salary payments such as expense claims and travel advances processed through the financial system (SAP).

This PIA was submitted to the Office of the Privacy Commissioner.  PS has not yet begun posting PIA summaries on its website, but is examining the possibility of doing so in 2011-2012.

Disclosures Pursuant to Paragraph 8(2)(m) of the Privacy Act

Subsection 8(2)(m) of the Privacy Act provides the head of the institution with the authority to disclose personal information where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where the disclosure would clearly benefit the individual to whom the information relates.

During the reporting period, Public Safety Canada did not disclose personal information pursuant to paragraph 8(2)(m) of the Privacy Act.

Disclosures Pursuant to Paragraphs 8(2) (m) of the Privacy Act

Subsection 8(2) of the Privacy Act provides limited and specific circumstances under which institutions may disclose personal information without an individual’s consent. Treasury Board Secretariat identified four categories of disclosures made by virtue of specific paragraphs of this subsection that institutions must include in this year’s annual report. These categories concern disclosures made for law enforcement purposes, to Members of Parliament and those made in the public interest. 

During the reporting period, Public Safety Canada did not disclose personal information pursuant to paragraphs 8(2)(e), (f), (g) and (m) of the Privacy Act.

Annex A: Delegation Orders - Privacy Act

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Privacy Act*, hereby designates the persons holding the positions set out below, to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Department of Public Safety and Emergency Preparedness, under the section of the Act set out opposite each position.

Delegation Orders - Privacy Act and Regulations

 

 

Deputy Minister & Associate  Deputy Ministerh Assistant Deputy Ministers, Associate Assistant Deputy Ministers, Director General Communications, Chief Audit Executive ATIP Manager Senior ATIP Advisors & ATIP Analysts
Section Article

8(2)(j)

Disclose for research purposes

 

 

 

8(2)(m)

Disclose in the public interest or in the interest of the individual

 

 

 

8(4)

Copies of requests under 8(2)(e) to be retained

 

8(5)

Notice of disclosure under 8(2)(m)

 

 

 

9(1)

Record of disclosures to be retained

 

 

9(4)

Consistent uses

 

 

10

Personal information to be included in personal information banks

 

 

14

Notice where access requested

 

 

15

Extension of time limits

 

17(2)(b)

Language of access

 

 

17(3)(b)

Access to personal information in alternative format

 

 

18(2)

Exemption (exempt bank) - Disclosure may be refused

 

 

19(1)

Exemption - Personal information obtained in confidence

 

 

19(2)

Exemption - Where authorized to disclose

 

 

20

Exemption -  Federal-provincial affairs

 

 

21

Exemption -  International affairs and defence

 

 

22

Exemption -   Law enforcement and investigation

 

 

22.3

Exemption - Public Servants Disclosure Protection Act

 

 

23

Exemption - Security clearances

 

 

24

Exemption -   Individuals sentenced for an offence

 

 

25

Exemption - Safety of individuals

 

 

26

Exemption - Information about another individual

 

 

27

Exemption - Solicitor-client privilege

 

 

28

Exemption - Medical record

 

 

31

Notice of intention to investigate

 

 

33(2)

Right to make representation

35(1)

Findings and recommendations of Privacy Commissioner  (complaints)

 

35(4)

Access to be given

 

 

36(3)

Report of findings and recommendations (exempt banks)

 

37(3)

Report of findings and recommendations (compliance review)

 

51(2)(b)

Special rules for hearings

 

 

 

51(3)

Ex parte representations

 

 

72(1)

Annual Report to Parliament

 

 

 

Privacy Regulations

9

Reasonable facilities and time provided to examine personal information

 

11(2)

Notification that correction to personal information has been made

 

11(4)

Notification that correction to personal information has been refused

 

13(1)

Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requestor.

 

14

Disclosure of personal information relating to physical or mental health may be made to a requestor in the presence of a qualified medical practitioner or psychologist

 

 

Dated, at the City of Ottawa, this ____th day of ___________, 2010


Vic Toews, P.C., Q.C., M.P.
*R.S.C. 1985, c. P-21

Annex B: Statistical Report - Privacy Act

Requests under the Access to Information Act
Received during reporting period 32
Outstanding from previous period 5
TOTAL 37
Completed during reporting period 33
Carried Forward 4
Disposition of requests completed
All Disclosed 7
Disclosed in part 12
Nothing disclosed (excluded) 0
Nothing disclosed (exempt) 0
Unable to process 8
Abandoned by applicant 2
Transferred 4
TOTAL 33

Exemptions invoked

Exemptions invoked
S.
Art. 18(2)
0
S.
Art. 19(1)(a)
0
(b) 1
(c) 0
(d) 0
S.
Art. 20
0
S.
Art. 21
3
S.
Art. 22(1)(a)
1
(b) 1
(c) 1
S.
Art. 22(2)
0
S.
Art. 23(a)
0
(b) 0
S.
Art. 24
0
S.
Art. 25
0
S.
Art. 26
12
S.
Art. 27
4
S.
Art. 28
0


Exclusions cited
S.
Art. 69(1)(a)
0
(b) 0
S.
Art. 70(1)(a)
0
(b) 0
(c) 1
(d) 0
(e) 0
(f) 0

Completion time
30 days or under 20
31 to 60 days 3
61 to 120 days 7
121 days or over 3

Extensions
  30 days or under 31 days or over
Interference with operations 5 0
Consultation 5 0
Translation 0 0
TOTAL 10 0

Translations
Translations requested 0
Translations prepared - English to French 0
Translations prepared - French to English 0

Method of access
Copies given 19
Examination 0
Copies and examination 0

Corrections and notation
Corrections requested 0
Corrections made 0
Notation attached 0

Costs
Financial (all reasons) ($000)
Salary 22
Administration (O and M) 1
TOTAL 23


Person year utilization (all reasons)
Person year (decimal format) 0.45
Date modified: