2020-2021 Annual Report to Parliament – Administration of the Privacy Act - DND

1. Introduction

The Department of National Defence and the Canadian Armed Forces are pleased to present to Parliament their annual report on the administration of the Privacy Act.^{Footnote 1} Section 72 of the Act requires the head of every federal government institution to submit an annual report to Parliament on its administration each financial year. This report describes National Defence activities that support compliance with the Privacy Act for the fiscal year (FY) 1 April 2020 and ending 31 March 2021.

1.1 Purpose of the Privacy Act

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

These rights of protection and access are in accordance with the principles that individuals should have a right to know why their information is collected by the government, how it will be used, how long it will be kept and who will have access to it.

Back to top

2. Access to Information and Privacy at National Defence

2.1 Mandate of National Defence

2.1.1 Who we are

The Department of National Defence (DND) and the Canadian Armed Forces (CAF) make up the largest federal government department. Under Canada’s defence policy, the Defence Team will grow to over 125,000 personnel, including 71,500 Regular Force members, 30,000 Reserve Force members and 25,000 civilian employees.

2.1.2 What we do

DND and the CAF have complementary roles to play in providing advice and support to the Minister of National Defence, and implementing Government decisions regarding the defence of Canadian interests at home and abroad.

At any given time, the Government of Canada can call upon the CAF to undertake missions for the protection of Canada and Canadians and to maintain international peace and stability.

Canada’s defence policy presents a new strategic vision for defence: Strong, Secure, Engaged.^{Footnote 2} This is a vision in which Canada is:

The National Defence Act (NDA) establishes DND and the CAF as separate entities, operating within an integrated National Defence Headquarters as they pursue their primary responsibility of providing defence for Canada and Canadians.

2.2 National Defence organization

2.2.1 Senior leadership

The Governor General of Canada is the Commander-in-Chief of Canada. DND is headed by the Minister of National Defence. The Associate Minister of National Defence supports the Minister of National Defence. The Deputy Minister of National Defence is the Department’s senior civil servant. The CAF are headed by the Chief of the Defence Staff, Canada’s senior serving officer. These senior leaders each have different responsibilities:

• The Governor General is responsible for appointing the Chief of the Defence Staff on the recommendation of the Prime Minister, awarding military honours, presenting colours to CAF regiments, approving new military badges and insignia, and signing commission scrolls;
• The Minister of National Defence presides over the Department and over all matters relating to national defence;
• The Associate Minister is also responsible for defence files, as mandated by the Prime Minister, with the specific priority of ensuring that CAF members have the equipment they need to do their jobs;
• The Deputy Minister is responsible for policy, resources, interdepartmental coordination and international defence relations; and
• The Chief of the Defence Staff is responsible for command, control and administration of the CAF, as well as military strategy, plans and requirements.

2.2.2 Defence organization

The National Defence organizational structure is represented in the diagram below. Additional information about the National Defence organization is available online.^{Footnote 3}

Figure 1: National Defence Organization Chart

2.3 The Directorate of Access to Information and Privacy

2.3.1 Delegation of authority

In accordance with section 73(1) of the Privacy Act, a delegation of authority, signed by the Minister, designates the Deputy Minister, Corporate Secretary, Access to Information and Privacy (ATIP) Director, and ATIP Deputy Directors to exercise all powers and functions of the Minister, as the head of institution, under the Act. It also designates other specific powers and functions to employees within the Directorate Access to Information and Privacy (DAIP).

Under the authority of the Corporate Secretary, the ATIP Director administers and coordinates the Access to Information Act and the Privacy Act, and acts as the departmental ATIP Coordinator. In the administration of the Act, the ATIP Directorate seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required.

A copy of the Access to Information Act and Privacy Act Designation Order is provided at Annex A.

2.3.2 The ATIP Directorate

The ATIP Directorate is responsible for matters regarding access to information and privacy protection within the National Defence portfolio, except in the case of the following organizations: the Military Police Complaints Commission, the Military Grievances External Review Committee, the Communications Security Establishment, the Office of the National Defence and Canadian Forces Ombudsman, the Office of the Chief Military Judge and the Director of Defence Counsel Services, and the Canadian Forces Morale and Welfare Services.

The Director Access to Information and Privacy is managed by an Executive Director and supported by a Chief of Operations position that oversees all ATI Operations from intake to disclosure.  

The Chief of Operations centralizes all activities with access to information.  It ensures consistency across teams, performs quality assurance activities for data and compliance to processes, tracks performance as well as monitoring for the identification of trends and horizontal issues. The ATIP Intake team, Systems Liaison Team and ATI Operations teams report to Chief of Operations. The Chief of Operations, Privacy Operations, Policy and Governance Team and the Chief of Staff report to the Executive Director.

The Directorate’s ATIP program management workforce is divided functionally into four main areas, and supported by Defence organization liaison officers, as illustrated in the diagram at FIGURE 2.

Figure 2: National Defence ATIP Operational Workforce

The ATIP Directorate is supported by a Systems Liaison Team that maintains the ATIP application system/database and provide technical support to members of the team. A corporate services team assures the administrative and management functions of the directorate  that include business planning, financial management, human resources, physical security, and information and records management (IM/RM).

In response to a key National Defence priority, The ATIP Directorate provides a supporting role to the Departmental Litigation Oversight- Litigation Implementation Team. This unit performs an ATIP-like review of records in support of class action settlements such as the LBGT Class Action and Sexual Misconduct Class Action settlements.

Back to top

3. Highlights of the Statistical report

The statistical report at Annex B consists of data submitted by National Defence as part of Treasury Board Secretariat (TBS) annual collection of ATIP-related statistics. The following sections contain highlights, trends and an analysis of notable statistical data from a departmental perspective.

3.1 Requests received

During the reporting period, National Defence received 5,275 requests for personal information under the Privacy Act versus 6,475 in Fiscal Year 2019-20, representing an 18.5% decrease. This represents the fourth consecutive year of decreased requests for personal information and may be attributable to the implementation of the departmental initiative to pro-actively provide copies of health records to releasing CAF members that began in Fiscal Year 2018-19. Combined with 853 files carried over from the previous reporting period the total workload of 6,128 requests is the lowest National Defence has experienced in over six years. 

Figure 3: Privacy request workload (last five years)

Of note, for more than a decade, National Defence has ranked in the top five federal institutions for the highest volume of personal information requests received according to annual statistics compiled by TBS.^{Footnote 4}

A large portion of Privacy Act requests historically received by National Defence were requests from CAF members for their health records upon releasing from the Forces. As part of Canada’s Defence Policy, the Canadian Forces Health Services group began pro-actively providing releasing CAF members with copies of their health records in Fiscal Year 2018-19. This initiative is aligned with the Government’s commitment to transparency and has improved the transition experience for releasing CAF members to better prepare them for the shift to civilian life and has also resulted in the reduction in the number of medical record requests received.

3.2 Requests completed

National Defence closed a total of 4,904 privacy requests during the reporting period. This represents a 34% decrease over the previous Fiscal Year. The ATIP workload over the past five years is showing in FIGURE 4 below.  

Figure 4: Disposition of requests completed and total requests closed (last five years)

3.2.1 Pages reviewed

This year a total of 1,050,543 pages were reviewed. This represents a 55.9% reduction in pages processed from Fiscal Year 2019-20. As shown in FIGURES 4 & 6, National Defence noted a decrease in on-time performance over Fiscal Year 2019-20.

As represented in FIGURE 5, the number of pages reviewed represents the total pages processed for closed requests this Fiscal Year. This number does not include the number of pages processed for requests reviewed in the current Fiscal Year that were carried over into the next reporting period. 

Figure 5: Number of pages reviewed for requests closed, where records existed (last three years)

3.2.2 Exemptions and exclusions

Consistent with previous reporting periods, section 26 of the Privacy Act was the most frequently invoked exemption and was applied in 2,253 requests. This section of the Act protects personal information of individuals other than the requester.

3.2.3 Completion time

National Defence closed 2,925 requests within 30 days which represents 59.6% of the total volume of requests closed. This represents a 6.7% decrease of files closed within 30 days compared to the last reporting period. Of note, the number of files closed in excess of 121 days decreased significantly from 1,412 files in Fiscal Year 2019-20 to 988 during this reporting period.

Figure 6: Time to complete requests (the last five years)

Files closed beyond 30 days were not necessarily late as legal extensions may have been applied.

3.2.4 On-time compliance

A total of 3,158 requests (64.4%) were closed within statutory deadlines in Fiscal Year 2020-21. This represents a 10.6% drop in on-time compliance over the previous reporting period likely attributed to impacts as a result of the COVID Pandemic. The Province of Ontario lockdowns impacted the number of individuals permitted in office locations which impacted the ability to receive and scan records into the request processing system and redaction software system.

Workload continued to be a factor affecting on-time compliance; however, the most common reason for deemed refusal was “Other”, cited for nearly 76.5% of requests closed late during the reporting period. Some factors affecting performance and deemed refusal rates includes the unavailability of key officials and difficulties in obtaining relevant records.

Impacts to productivity resulting from staffing challenges continues to impact compliance. There continues to be ATIP staff turnover at all levels due to a competitive job market. New employees require a learning and adjustment period to realize performance potential. The hiring and training of new employees during a remote posture has also created additional workload for ATIP management and support services. Over the past year efforts have continued to staff vacant positions and train new staff. 

3.2.5 Disposition: Percentage of requests all disclosed vs. disclosed in part

Figure 7: All disclosed vs. disclosed in part (FY 2020-21)

3.3 Consultations received and completed

Historically, National Defence does not receive a lot of consultation requests relating to requests made under the Privacy Act. During the reporting period, National Defence received five requests for consultation, three were from other Government of Canada institutions and two were from other organizations. Six consultations were closed during the reporting period.

Back to top

4. COVID-19 Impacts to Privacy Operations

On March 13, 2020 DND/CAF initiated its Business Continuity Plan (BCP) in response to the evolving COVID-19 Pandemic which continued into the Fiscal Year 20/21 reporting period. DND/CAF has played a significant role in the Government of Canada’s response to COVID-19. Operation LASER^{Footnote 5} is the Canadian Armed Forces’ contribution to save lives, assist federal, provincial and territorial partners, and maintain CAF readiness, effectiveness and resilience. Ensuring the health and well-being of employees and CAF members and supporting Operation LASER remains a key departmental priority. The Defence Team including the ATIP Directorate pivoted to alternate work arrangements and a remote work posture immediately in response to the Pandemic. Initially, remote work challenges such as limited access to Virtual Private Networks (VPN) and remote access to the ATIP redaction software as well as Office of Primary Interest (OPI) access to paper records impacted productivity and processing of ATI and Privacy requests. Remote connectivity quickly stabilized and continued to improve as the Defence Team optimized the remote work posture. Key functions within the ATIP Directorate that could only be performed physically on site such as receipt of mail, opening of new requests, scanning of paper records, urgent requests and processing of secret materials were carried out while respecting public health measures. As per TBS guidance and best practices, the ATIP Directorate contacted requesters directly to notify of potential delays in processing requests as a result of the pandemic. National Defence took proactive steps at the beginning of the pandemic and leveraged technology to enable remote work by adopting and implementing the use of e-signatures, electronic record sharing, and the use of the Canada Post epost service to limit the reliance on paper records and traditional mail. The ATIP directorate continued to expand remote access to redaction which allowed National Defence to process records classified Protected B and below. ATIP employees were supported and equipped with the tools, equipment, systems and training to conduct their work remotely.

In May 2020, the Deputy Minister and Chief of Defence Staff issued a joint directive to the Defence Team which identified key departmental priorities including the continued performance of activities mandated by legislation and regulation. The ATIP Program and adherence to legislation was included within this priority and in early June the ATIP Directorate invoked its Business Resumption Plan and resumed on-site operations with a reduced capacity while adhering to stringent public health measures to safe guard health of employees. The ATIP Directorate’s employee orientation plan and approach to resumption of on-site work was adopted across the Defence Team as a best practice and was shared with other government departments ATIP Offices.

Consistent with other ATIP offices located in the National Capital Region, National Defence was impacted by the Ontario provincial lockdowns. The limitations on the number of staff allowed physically on-site while respecting public health guidance impacted the ability to process paper records and secret material; this has resulted in a backlog of ATI and Privacy requests and impacted overall performance for Privacy requests. In spite of the constraints associated with the pandemic, National Defence reviewed more pages and closed more ATI files compared to the previous year. The innovations and improvements adopted during the pandemic have improved the overall ATIP Program and will continue to be built upon in the coming years as we continue to modernize ATIP program delivery.

The COVID-19 ATIP Capacity supplemental statistical report at Annex C represents National Defence impacts to ATI Operations. ATIP Operations experienced partial capacity processing paper records in different classification levels for a total of 42 weeks. The institution experienced 41 weeks where partial capacity was affected in the processing of electronic records in different classification levels.

Back to top

5. Privacy protection and personal information management

5.1 Public interest disclosures

Paragraph 8(2)(m) of the Privacy Act permits the disclosure of personal information, without the consent of the individual to whom it relates, where the public interest in disclosure clearly outweighs any invasion of privacy that could result, or where the disclosure would clearly benefit the individual to whom the information relates.

During the reporting period, 70 disclosures of personal information were made in accordance with paragraph 8(2)(m). These public interest disclosures included information relating to Boards of Inquiry or Summary Investigations into the death or serious injury of a CAF member. The majority of disclosures were to the CAF member’s family or representative.

For each of the 70 disclosures made in the public interest during Fiscal Year 2020-21, the Office of the Privacy Commissioner (OPC) was notified of each release.

5.2 Privacy breaches

Privacy rights are a matter of ongoing public concern. In respect of sections 4 to 8 of the Privacy Act, which govern personal information management, the ATIP Directorate received 182 complaints regarding contravention of one or more of these provisions. The ATIP Directorate’s Privacy Incident Management team reviewed and resolved 206 complaints alleging a breach of privacy, of which 137 complaints were deemed to be well-founded.

5.2.1 Material privacy breaches

Treasure Board Secretariat defines a material privacy breach as one that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual, and/or involves a large number of affected individuals. National Defence reported one material privacy breach to TBS and the OPC this reporting period as per policy requirement.

5.3 Privacy impact assessments

National Defence collects, uses and discloses personal information in the delivery of mandated programs and services. In accordance with TB policy, the DND and the CAF undertake privacy impact assessments (PIA) to evaluate privacy impacts in the administration of these activities. A PIA provides a framework to identify the extent to which proposals comply with the Privacy Act and applicable privacy policies, assist program officials in avoiding or mitigating privacy risks, and promote informed program and system design choices.

National Defence completed^{Footnote 6}  one PIA during FY 2018-2019 in support of the program described below. The Department is preparing to post the summary on its website.

• In order to support Operation Honour, the Operation Honour Tracking and Analysis System (OPTHAS) was created. OPHTAS is a Protected B Microsoft Dynamics installation managed by DND/CAF with the purpose of providing a reporting database for the chain of command (CoC); to track, assess, and report sexual misconduct incidents and their eventual disposition, as well as to measure trends and evaluate the effectiveness of actions taken at all levels within the military.
• Litigation Implementation Team (LIT): Processing of Claim Forms for Class Action Final Settle Agreements - The LIT’s role is in support of the independent, court-appointed Administrator and Assessors in administering claims submitted by claimants under the terms of the class action settlement or judgement. In this role, the LIT must receive Claim Form information from the court appointed Administrator, verify claimant service with CAF and/or employment with DND or Staff of the Non-Public Fund Organization (SNPF) and, if required, review the claim and retrieve relevant government records of claimants. Subsequently, for selected claims the LIT must analyze the records against the claimant’s allegations within the claim and provide a response to the Administrator regarding the presence of records that are relevant to the claim, including the disclosure of relevant records.

• Litigation Implementation Team (LIT): Processing of Claim Forms for Class Action Final Settle Agreements - The LIT’s role is in support of the independent, court-appointed Administrator and Assessors in administering claims submitted by claimants under the terms of the class action settlement or judgement. In this role, the LIT must receive Claim Form information from the court appointed Administrator, verify claimant service with CAF and/or employment with DND or Staff of the Non-Public Fund Organization (SNPF) and, if required, review the claim and retrieve relevant government records of claimants. Subsequently, for selected claims the LIT must analyze the records against the claimant’s allegations within the claim and provide a response to the Administrator regarding the presence of records that are relevant to the claim, including the disclosure of relevant records.

5.4 DND/CAF personal information

5.4.1 Complex & Sensitive Personal Information

To ensure the appropriate protection of sensitive personal information within DND/CAF, the ATIP Directorate provides review and redaction services to support a number of departmental administrative processes including Boards of Inquiry, Summary Investigations, Reports involving allegations of Workplace Violence, Harassment and Grievances. Although these are not formal requests made under the Privacy Act, the information is being released from DND/CAF and privacy protection is a priority.

As demonstrated in FIGURE 8 below, the ATIP Directorate reviewed 113 files containing complex and sensitive personal information. This represents a total of 2,744 pages reviewed in Fiscal Year 2020-21 to ensure personal information is protected and not inappropriately disclosed.

Figure 8: Review of complex & sensitive personal information for release

Back to top

6. Complaints, Audits and Reviews

6.1 Complaints from the Office of the Privacy Commissioner

In Fiscal Year 2020-21, National Defence received a total of 28 formal complaints from the Office of the Privacy Commissioner (OPC), representing less than one percent of all requests closed during the reporting period.

Further to Part 8 of the Statistical Report, which notes complaints received and closed:

• Section 31:  When the OPC gives formal notice of their intention to investigate a complaint regarding the processing of a request under the Act. 
  • Defence received 28 such notices during Fiscal Year 2020-21 as compared to 22 such notices during Fiscal Year 2019-20.
• Section 33:  When the OPC requests further representations from institutions pursuant to an ongoing complaint investigation. 
  • Defence received 23 such notices during Fiscal Year 2020-21 in comparison to 50 such notices in the previous reporting period.
• Section 35:  When the OPC issues a findings report for a well-founded complaint upon conclusion of an investigation.
  • During the reporting period, 24 complaints were found to have merit. Note that these complaints are not necessarily from the 28 complaints received during the reporting period.

The 24 well-founded determinations represent 61.5% of all findings issued by the OPC to National Defence in Fiscal Year 2020-21. The vast majority of these complaints, 20 in total were administrative in nature (about delays and time extensions) and 4 were refusal complaints (regarding application of exemptions or possible missing records). Figure 8 below illustrates the type of complaints that had findings issued during the reporting period.

Figure 9: Type of complaint (FY 2020-21)

6.2 Court decisions

In Fiscal Year 2020-21, there were no court proceedings actioned in respect of requests processed by National Defence.

Back to top

7. Policies and procedures

7.1 Internal procedures

The ATIP Directorate continues to review and update procedures for processing personal information requests and managing privacy incidents to document process improvements and to ensure alignment with Treasure Board (TB) policies and directives. This reporting period, Privacy Operations created and implemented a Standard Operating Procedure (SOP) called the Electronic-Response process. Electronic-Response process allows OPI’s to share records electronically with DAIP, therefore eliminating the need for traditional mailing of records and paper-based processes. OPI’s have used this process to successfully transmit electronic records with the security classification up to Protected B to the ATIP Directorate. This innovation has resulted in efficiencies, eliminating delays in the delivery of regular mail and enabled employees to continue to work efficiently remotely during the COVID pandemic.

Back to top

8. Training and awareness

8.1 ATIP training program

Departmental ATIP training was initially impacted by the COVID pandemic. Formal ATIP training resumed in July 2020 on a virtual platform. National Defence uses a three-pronged approach for training, where Directorate training resources delivered the following training sessions to DND civilian and CAF military members with specific emphasis on those staff with ATIP responsibilities:

• Introductory courses (General ATIP or Privacy Fundamentals);
• Advanced courses (General ATIP or organization-specific content); and,
• ATIP awareness and engagement activities with the various branches and divisions.

8.2 Training and awareness activities

A total of 87 face-to-face training sessions were delivered to approximately 1,559 Defence employees and CAF members on the administration of both the ATI Act and Privacy Act, as well as on appropriate management of personal information under the control of the institution. These training sessions were provided through participation in ATIP 101 (introductory) sessions, ATIP 201 (advanced) sessions, GCDOCS privacy-focused training, and targeted training sessions for specific Defence organizations. Most training sessions were delivered by the ATIP Directorate staff in person or through video teleconference technologies, however some organizations conducted their own courses and one-on-one sessions. An example of organizations conducting their own training sessions included the 3 training events provided by the Canadian Forces Health Services group that covered a variety of Privacy topics – for a total of 135 persons trained. Defence employees and CAF members were also encouraged to take the Access to Information and Privacy Fundamentals course offered through the Canada School of Public Service.

In keeping with promoting awareness, the ATIP Directorate employees also provided guidance to third parties and requesters on the requirements of the Access to Information Act and the Privacy Act, TB policies and directives, and associated institutional procedures as required.

8.2.1 Canadian Forces Health Services training

The Canadian Forces Health Services (CFHS) operates a privacy office that is responsible for providing advice and support to the CFHS Group on policies and activities that involve personal health information. In accordance with their mandate, the CHFS privacy office maintains training modules to educate staff on the principles of “Privacy, Confidentiality and Security” to support appropriate use of the Canadian Forces Health Information System.

During this reporting period, over 2,278 of their staff attended training or completed mandatory modules offered specifically to the CFHS organization.

8.3 Employee well-being

In response to challenges caused by the COVID Pandemic and the impacts of remote work, the ATIP Directorate placed increased emphasis on directorate staff mental health, well-being and resilience. In addition to the ongoing ATIP operational training, virtual workplace well-being sessions were provided to all staff focusing on stress management, resilience, nutrition, and physical exercise to maintain mental health during the Pandemic. To support telework and ensure that supervisors were equipped to lead in a virtual work environment, training sessions on establishing effective virtual teams and managing remote teams were provided to all supervisors and managers in the Directorate. These courses provided tools to build virtual relationships, establish communication standards, leverage appropriate communication tools, support remote team members, and lead virtual team meetings.

Back to top

9. Initiatives and projects

9.1 Technological improvements

9.1.1 Remote access to redaction software

National Defence continues to explore and implement technological solutions to enhance ATIP business processes. The ATIP Directorate implemented remote access to the ATIP request processing and redaction software to employees this Fiscal Year which allowed the processing of ATI request remotely during the COVID Pandemic. New procedures, training and tools were developed and implemented to support the successful shift to remote processing.

The ATIP Directorate also widely adopted the use of Microsoft Teams and SMART Bridgit software to stay connected for meetings as well as onboarding and training new employees.

9.1.2 Shift to paperless processing

A shift towards paperless processing of ATIP requests continued this Fiscal Year. The adoption of electronic processes to reduce paper records such as use of network shared drives to share records electronically between DND/CAF record holders and the ATIP Directorate increased during the COVID Pandemic. The majority of OPIs switched over to electronic processes and are no longer providing paper records to the ATIP Directorate. Electronic signatures on letters to applicants and using Canada Post epost service to share records with applicants versus traditional mail has led to faster access to records for Canadians. This shift to paperless processing enabled the continued processing of ATI requests throughout the various Provincial lock downs.

9.1.3 New case management solution

The ATIP Directorate completed implementation of a new case management system this Fiscal Year to manage Privacy Incident Management, Privacy Impact Assessments, Personal Information Disclosures, and managing and tracking legal matters. This new case management system, ATIP OMNI, improves tracking and trend analysis for governance and compliance activities. It also includes features to maintain Personal Information Banks and Info Source management in a more automated manner.

Back to top

10. Monitoring compliance

The ATIP Directorate regularly monitors and reports on a number of ATIP metrics.  In Fiscal Year 2020-21, the Departmental ATIP Performance Dashboard that tracks OPI record retrieval timeliness and overall ATIP compliance continued to be refined to provide better overall awareness to senior leadership on ATIP performance and metrics. This monitoring allows the ATIP Directorate to track ATIP performance across the Department and identify areas for process improvements. This year National Defence piloted a new analytics tool which will enable senior leaders and OPI’s to easily monitor overall ATIP compliance and track individual request stats. The ATIP Directorate continues to receive ad hoc requests for statistics and performance reports to inform program delivery and identify trends.

Currently, the time to process requests for correction of personal information is not formally monitored as this number is regularly very low. In Fiscal Year 2020-21, the ATIP Directorate received only one request for correction.

Back to top

11. Privacy operating costs

11.1.1 Costs

The annual cost to administer the National Defence privacy program increased by 27.8% to approximately $4,687,927 Fiscal Year 2020-21.

11.1.2 Human Resources

During Fiscal Year 2020-21, an equivalent of 49.005 full-time employees were dedicated to administering the Privacy Act. For additional information refer to section 11 in Annex B.

Back to top

Annex A: Designation Order

National Defence and the Canadian Armed Forces

Access to Information Act and Privacy Act Designation Order

1. Pursuant to section 73 of the Access to Information Act and the Privacy Act, the Minister of National Defence, as the head of a government institution under these Acts, hereby designates the persons holding the following positions, or the persons occupying those positions on an acting basis, to exercise or perform all of the powers, duties and functions of the head of a government institution under these Acts:
   1. the Deputy Minister;
   2. the Corporate Secretary;
   3. the Director Access to Information and Privacy; and
   4. Deputy Directors Access to Information and Privacy.
2. Pursuant to section 73 of the above-mentioned Acts, the Minister also designates the following:
   1. those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
      • The application of the following provisions under the Access to Information Act: section 9; subsection 11(2), 11(3), 11(4), 11(5), 11(6); sections 19, 20, 23 and 24; subsections 27(1) and 27(4); paragraph 28 (1)(b), subsections 28(2) and 28(4); and
      • The response to requests made under the Access to Information Act if no records exist.
   2. those persons holding the position of Privacy Team Leader, or the persons occupying this position on an acting basis, to exercise or perform any of the powers, duties and functions of the head of an institution under the Privacy Act, other than under sub-paragraphs 8(2)(j) and 8(2)(m); and
   3. those persons holding the position of Privacy Senior Analyst, or the persons occupying this position on an acting basis, to exercise or perform the powers and duties in respect of the application of section 26 of the Privacy Act.

Original signed by

The Honourable Harjit S. Sajjan, PC, OMM, MSM, CD, MP
Minister of National Defence
Date: 2016-01-12

Back to top

Annex B: Statistical Report on the Privacy Act for 2020-2021

Government of Canada

Statistical Report on the Privacy Act

Name of institution: National Defence

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Requests Under the Privacy Act

1.1 Number of requests

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

2.2 Exemptions

2.3 Exclusions

2.4 Format of information released

2.5 Complexity

2.5.1 Relevant pages processed and disclosed

2.5.2 Relevant pages processed and disclosed by size of requests

2.5.3 Other complexities

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines

2.7.2 Requests closed behond legislated timelines (including any extension taken)

2.8 Requests for translation

Section 3: Disclosures under Subsections 8(2) and 8(5)

Section 4: Requests for Correction of Personal Information and Notations

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests

5.2 Length of extensions

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

6.3 Recommendations and completion time for consultations received from other organizations

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

7.2 Requests with Privy Council Office

Section 8: Complaints and Investigations Notices Received

Section 9: Privacy Impact Assessments (PIAs)

9.2 Personal Information Banks

Section 10: Material Privacy Breaches

Section 11: Resources Related to the Privacy Act

11.1 Costs

11.2 Human Resources

Note: Enter values to three decimal places.

Back to top

Annex C: Supplemental Statistical Report on the Access to Information and Privacy Act for 2020-2021

Government of Canada

Supplemental Statistical Report on the Access to Information Act and Privacy Act

Name of institution: National Defence

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Capacity to Receive Requests

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.

Section 2: Capacity to Process Records

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.

2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.

Back to top