2019-2020 Annual Report to Parliament – Administration of the Privacy Act – DND

1. Introduction

The Department of National Defence and the Canadian Armed Forces are pleased to present to Parliament their annual report on the administration of the Privacy Act^{Footnote 1}. Section 72 of the Act requires the head of every federal government institution to submit an annual report to Parliament on its administration each financial year. This report describes National Defence activities that support compliance with the Privacy Act for the fiscal year (FY) commencing 1 April 2019 and ending 31 March 2020.

1.1. Purpose of the Privacy Act

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

These rights of protection and access are in accordance with the principles that individuals should have a right to know why their information is collected by the government, how it will be used, how long it will be kept and who will have access to it.

2. Access to Information and Privacy at National Defense

2.1. Mandate of National Defence

Who we are

The Department of National Defence (DND) and the Canadian Armed Forces (CAF) make up the largest federal government department. Under Canada’s defence policy, the Defence Team will grow to over 125,000 personnel, including 71,500 Regular Force members, 30,000 Reserve Force members and 25,000 civilian employees.

What we do

DND and the CAF have complementary roles to play in providing advice and support to the Minister of National Defence, and implementing Government decisions regarding the defence of Canadian interests at home and abroad.

At any given time, the Government of Canada can call upon the CAF to undertake missions for the protection of Canada and Canadians and to maintain international peace and stability.

Canada’s defence policy presents a new strategic vision for defence: Strong, Secure, Engaged^{Footnote 2}. This is a vision in which Canada is:

Back to top

The National Defence Act (NDA) establishes DND and the CAF as separate entities, operating within an integrated National Defence Headquarters as they pursue their primary responsibility of providing defence for Canada and Canadians.

2.2. National Defence organization

Senior leadership

The Governor General of Canada is the Commander-in-Chief of Canada. DND is headed by the Minister of National Defence. The Associate Minister of National Defence supports the Minister of National Defence. The Deputy Minister of National Defence is the Department’s senior civil servant. The CAF are headed by the Chief of the Defence Staff, Canada’s senior serving officer. These senior leaders each have different responsibilities:

• The Governor General is responsible for appointing the Chief of the Defence Staff on the recommendation of the Prime Minister, awarding military honours, presenting colours to CAF regiments, approving new military badges and insignia, and signing commission scrolls;
• The Minister of National Defence presides over the Department and over all matters relating to national defence;
• The Associate Minister is also responsible for defence files, as mandated by the Prime Minister, with the specific priority of ensuring that CAF members have the equipment they need to do their jobs;
• The Deputy Minister is responsible for policy, resources, interdepartmental coordination and international defence relations; and
• The Chief of the Defence Staff is responsible for command, control and administration of the CAF, as well as military strategy, plans and requirements.

Defence organization

The National Defence organizational structure is represented in the diagram below. Additional information about the National Defence organization is available online^{Footnote 3}.

Figure 1 : National Defence Organization Chart

2.3. The Directorate of Access to Information and Privacy

Delegation of authority

In accordance with section 73(1) of the Privacy Act, a delegation of authority, signed by the Minister, designates the Deputy Minister, Corporate Secretary, Access to Information and Privacy (ATIP) Director, and ATIP Deputy Directors to exercise all powers and functions of the Minister, as the head of institution, under the Act. It also designates other specific powers and functions to employees within the Directorate Access to Information and Privacy (DAIP).

Under the authority of the Corporate Secretary, the ATIP Director administers and coordinates the Access to Information Act and the Privacy Act, and acts as the departmental ATIP Coordinator. In the administration of the Act, the ATIP Directorate seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required.

A copy of the Access to Information Act and Privacy Act Designation Order is provided at Annex A.

The ATIP Directorate

The ATIP Directorate is responsible for matters regarding access to information and privacy protection within the National Defence portfolio, except in the case of the following organizations: the Military Police Complaints Commission, the Military Grievances External Review Committee, the Office of the National Defence and Canadian Forces Ombudsman, the Office of the Chief Military Judge and the Director of Defence Counsel Services, and the Canadian Forces Morale and Welfare Services.

As a result of ATIP program review, the ATIP Directorate conducted an organization review and design exercise supported by Human Resources and staff which resulted in organizational changes aimed to increase efficiencies, build a robust support system and to streamline Access Operations. The Director Access to Information and Privacy was elevated to an Executive Director level position and a new Chief of Operations position was created to oversee all ATI Operations from intake to disclosure. The System Liaison Team was staffed with a Database Administrator to support case management and redaction software and a Corporate Services Manager position was created to ensure strengthened oversight of our financial and human resources.

The Chief of Operations position established a centralized leadership role which ensures consistency across teams, quality assurance activities for data and compliance to processes, tracking performance as well as monitoring for the identification of trends and horizontal issues. The ATIP Intake team, Systems Liaison Team and ATI Operations teams report to Chief of Operations. The Chief of Operations, Privacy Operations, Policy and Governance Team and the Chief of Staff report to the Executive Director.

The Directorate’s ATIP program management workforce is divided functionally into four main areas, and supported by Defence organization liaison officers, as illustrated in the diagram at Figure 2.

Back to top

Figure 2: National Defence ATIP Operational Workforce

The ATIP Directorate is supported by a Systems Liaison Team that maintains the ATIP application system and database, and a Business Management Office that is responsible for business planning, budgeting, human resources, physical security, and other administrative duties.

In response to a key National Defence priority, The ATIP Directorate maintained a Litigation Support Team. This unit performs an ATIP-like review of records in support of class action settlements such as the LBGT Class Action and the DND/CAF Sexual Misconduct Class Action settlements.

Back to top

3. Highlights of the Statistical report

The statistical report at Annex B consists of data submitted by National Defence as part of Treasury Board Secretariat (TBS) annual collection of ATIP-related statistics. The following sections contain highlights, trends and an analysis of notable statistical data from a departmental perspective.

3.1. Requests received

During the reporting period, National Defence received 6,475 requests for personal information under the Privacy Act versus 6,637 in FY 2018-2019, representing a 2.4% decrease. This represents the third consecutive year of decreased requests for personal information and may be attributable to the implementation of the departmental initiative to pro-actively provide copies of health records to releasing CAF members that began in FY 2018-2019. Combined with 1814 files carried over from the previous reporting period the total workload of 8,289 requests is the lowest National Defence has experienced in over five years.

Carry forward

National Defence realized a significant 57% reduction in files carried forward into next FY. The number of requests carried over reduced from 4183 in FY 2018-19 to only 1814 requests this reporting period.

Figure 3: Privacy request workload (last five years)

Of note, for more than a decade, National Defence has ranked in the top five federal institutions for the highest volume of personal information requests received according to annual statistics compiled by TBS^{Footnote 4}.

A large portion of Privacy Act requests historically received by National Defence were applications from CAF members for their health and personnel records upon releasing from the Forces. As part of Canada’s Defence Policy, the Canadian Forces Health Services group began pro-actively providing releasing CAF members with copies of their health records in FY 2018-2019. This initiative is aligned with the Government’s commitment to transparency and has improved the transition experience for releasing CAF members to better prepare them for the shift to civilian life and has also resulted in the reduction in the number of personal information requests received.

3.2. Requests completed

National Defence closed a total of 7,436 privacy requests during the reporting period. This represents 1570 fewer files closed (a 17.4% decrease) over the previous FY. While the number of requests closed has decreased, Figure 4 also demonstrates a significant increase in on-time performance.

Figure 4: Disposition of requests completed and total requests closed (last five years)

Pages reviewed

National Defence consistently processes the highest volume of pages in response to personal information requests when compared to other federal government institutions.^{Footnote 5}

A total of 2,381,632 pages were reviewed this reporting period. This represents a 21.5% reduction in pages processed from FY 2018-2019. As shown in FIGURES 4 & 6, National Defence noted a significant increase in on-time performance.

Figure 5: Number of pages reviewed for requests closed, where records existed (last three years)

The number of pages reviewed represents the total pages processed for closed requests and does not include the number of pages processed for requests reviewed in the current FY that were carried over into the next reporting period.

Exemptions and exclusions

Consistent with previous reporting periods, section 26 of the Privacy Act was the most frequently invoked exemption and was applied in 3,733 requests. This section of the Act protects personal information of individuals other than the requester.

Completion time

As demonstrated in Figure 6, National Defence noted a significant improvement in on-time compliance for a third consecutive year. Defence closed 4,998 requests within 30 days which represents 67% of the total volume of requests closed. This represents a 21% increase of files closed within 30 days compared to the last reporting period. Additionally, the number of files closed in excess of 121 days decreased significantly from 3,637 files in FY 2018-19 to 1,412 during this reporting period.

Figure 6: Time to complete requests (the last five years)

Files closed beyond 30 days were not necessarily late as legal extensions may have been applied.

On-time compliance

National Defence noted a 26% improvement in on-time compliance over the previous reporting period. A total of 5,542 requests (75%) were closed within statutory deadlines in FY 2019-2020.

Improvements in compliance can be attributed to the establishment of a dedicated team focused on closing files within statutory deadlines. National Defence noted a 12% increase in files closed within 31-60 days over the previous reporting period.

Workload continued to be the most common reason for deemed refusal, cited for nearly 64% of requests closed late during the reporting period. Some factors affecting performance and deemed refusal rates include:

• Impacts to productivity and efficiency resulting from staffing challenges. There continues to be staff turnover at all levels due to a competitive job market. New employees require a learning and adjustment period to realize performance potential. The hiring and training of new employees also created additional workload for ATIP management and support services.

3.3. Consultations received and completed

During the reporting period, Defence received six requests for consultation, three were from other Government of Canada institutions and three were from other organizations.

Four of the six consultations received were closed during the reporting period.

4. COVID-19 Impacts to Privacy Operations

Operation LASER

Operation LASER^{Footnote 6} is the Canadian Armed Forces’ response to a worldwide pandemic situation.

During Operation LASER, the CAF implemented certain measures on their personnel and Department of National Defence (DND) employees to reduce the impacts of a pandemic situation. These measures were implemented in order to maintain operational capabilities and readiness to support Government of Canada objectives and requests for assistance.

On March 13, 2020, DND/CAF initiated its Business Continuity Plan (BCP) in response to the evolving COVID-19 pandemic. A limited number of employees across the Department designated as essential services were required to work at various office locations; while others were equipped with government supplied laptops, and established connectivity to the Defence Wide Virtual Private Network (VPN) to enable them to work remotely from home.

ATIP Operations

The ATIP Operations teams assumed a telework posture. VPN access was initially limited to ensure essential DND/CAF services could be performed. In addition to limited VPN capability, the majority of ATI work requires access to secure networks to review and redact information which significantly impacted ATI Operations. While the Privacy Operations team has the ability to process files remotely; VPN connectivity was limited in the initial BCP period which impacted Privacy Operations.

National Defence took a proactive approach to managing COVID-19 impacts to ATIP program delivery. Following TBS Guidance, applicants were notified of reduced capacity and the expectation of delays due to the exceptional circumstances. Individual applicants were each contacted directly to seek their consent to place request files on hold.

The COVID-19 supplemental statistical report at ANNEX C represents National Defence impacts to ATI Operations. A total of 175 requests made under the Privacy Act were received during the two-week COVID-19 period in March 2020 during FY 2019-2020.

Policy & Governance Team

The ATIP Policy & Governance (P&G) team provides strategic advice and support to management. This includes privacy advisory services to the department for matters relating to COVID-19 activities including the collection, use and disclosure of personal information relating to COVID-19 tracking. The P&G team assumed a telework posture with limited VPN connectivity during the initial COVID BCP period.

5. Privacy protection and personal information management

5.1. Public interest disclosures

Paragraph 8(2)(m) of the Privacy Act permits the disclosure of personal information, without the consent of the individual to whom it relates, where the public interest in disclosure clearly outweighs any invasion of privacy that could result, or where the disclosure would clearly benefit the individual to whom the information relates.

During the reporting period, 62 disclosures of personal information were made in accordance with paragraph 8(2)(m). These public interest disclosures included information regarding Boards of Inquiry or Summary Investigations into the death or serious injury of a CAF member; others related to disclosures providing information in CAF medical records, personnel records or military police reports. In all cases, the information was disclosed to the CAF member’s family or representative.

For each of the 62 disclosures made in the public interest during FY 2019-2020, the Office of the Privacy Commissioner (OPC) was notified in advance of each release.

5.2. Privacy breaches

Privacy rights are a matter of ongoing public concern. In respect of sections 4 to 8 of the Privacy Act, which govern personal information management, the ATIP Directorate received 136 complaints regarding contravention of one or more of these provisions. The ATIP Directorate’s Privacy Incident Management team reviewed and resolved 117 complaints alleging a breach of privacy, of which 66 complaints were deemed to be well-founded.

Material privacy breaches

TBS defines a material privacy breach as one that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual, and/or involves a large number of affected individuals. National Defence did not report any material privacy breaches this reporting period.

5.3. Privacy impact assessments

National Defence collects, uses and discloses personal information in the delivery of mandated programs and services. In accordance with TB policy, the DND and the CAF undertake privacy impact assessments (PIA) to evaluate privacy impacts in the administration of these activities. A PIA provides a framework to identify the extent to which proposals comply with the Privacy Act and applicable privacy policies, assist program officials in avoiding or mitigating privacy risks, and promote informed program and system design choices.

National Defence completed^{Footnote 7}  one PIA during FY 2018-2019 in support of the program described below. The Department is preparing to post the summary on its website.

• In support of Operation HONOUR, the Sexual Misconduct Reporting Centre (SMRC) was created in 2015 to provide confidential support to active Canadian Armed Forces (CAF) members affected by harmful and inappropriate sexual behavior and to help them make informed choices on available services and resources to meet their individual needs.
• The ATIP program PIA assesses the risks related to the collection, use, safeguarding, retention, and disclosure of personal information collected in support of the Directorate’s three business lines - processing requests under the Access to Information Act and the Privacy Act, as well as privacy incident management. This PIA also assessed the privacy management framework of DND, including the existing privacy policies and related activities.

In addition, DAIP continues to provide ongoing privacy advisory services to National Defence organizations assessing risks to personal information used in the administration of Defence programs.

Sexual Assault Review Program

In support of Operation HONOUR, which aims to eliminate sexual misconduct in the CAF, National Defence launched the Sexual Assault Review Program (SARP) to review unfounded sexual assault files investigated by the Military Police. An External Review Team (ERT), comprised of stakeholders and representatives from both the civilian and CAF communities, is responsible for conducting an annual review of unfounded investigations from the previous year. The ERT reports their findings to the Canadian Forces Provost Marshal and makes recommendations as to the conduct of the investigations, identifying policy, training or best practice proposals for consideration.

6. Complaints, Audits and Reviews

6.1. Complaints from the Office of the Privacy Commissioner

In FY 2019-20, National Defence received a total of 22 complaints from the Office of the Privacy Commissioner (OPC), representing less than one percent of all requests closed during the reporting period.

Further to Part 8 of the Statistical Report, which notes complaints received and closed:

• Section 31: When the OPC gives formal notice of their intention to investigate a complaint regarding the processing of a request under the Act. Defence received 22 such notices during FY 2019-20 as compared to 77 such notices during FY 2018/19 (a 71% decrease from the last reporting period).
• Section 33: When the OPC requests further representations from institutions pursuant to an ongoing complaint investigation. Defence received 50 such notices during FY 2019-20 in comparison to zero such notices in the previous reporting period.
• Section 35: When the OPC issues a findings report for a well-founded complaint upon conclusion of an investigation. During the reporting period, 45 complaints were found to have merit. Note that these complaints are not necessarily from the 22 complaints received during the reporting period.

The 45 well-founded determinations represent 54% of all findings issued in FY 2019-2020. The majority of these complaints – 43 – were administrative in nature (about delays and time extensions) and two were refusal complaints (regarding application of exemptions or possible missing records). FIGURE 7 illustrates the reasons for complaints that had findings issued during the reporting period.

Figure 7: Reasons for complaint (FY 2019-2020)

6.2. Court decisions

In FY 2019-20, the ATIP Directorate received one application for judicial review further to a well-founded complaint issued by the Office of the Privacy Commissioner. The complaint related to a delay wherein DND was in “deemed refusal”. Ultimately, the requester discontinued the application for judicial review and the Notice of Discontinuation was received by DND in January 2020.

7. Policies and procedures

7.1. Departmental policies

DND/CAF corporate administrative direction is set out in the comprehensive collection of Defence Administrative Orders and Directives (DAOD) that are issued under the authority of the Deputy Minister and the Chief of the Defence Staff.

During the reporting period, the ATIP Directorate finalized the revision of the suite of ATIP DAOD including:

• the policy on Administration of the Privacy Act,
• the directives on:
  • Privacy Act Requests,
  • Personal Information Management,
  • Privacy Incident Management,
  • Privacy Impact Assessments, and
  • Disclosure of Personal Information.

These policy instruments describe authorities and responsibilities to uphold legal requirements under the Privacy Act. To ensure information is accessible by all, the DAOD are published on the Defence Network for DND/CAF employees and members and are available on the internet to the general public.

Internal procedures

The ATIP Directorate continues to review and update procedures for processing personal information requests and managing privacy incidents, to document process improvements, and to ensure alignment with TB policies and directives. This reporting period, a Privacy Operations Directive was created and implemented. It is a tool to support analysts at all levels during the review of records and it ensures consistency across the Privacy Operations teams.

Additionally, the ATIP Directorate formalized a Standard Operating Procedure (SOP) describing the application of extensions under Section 15 to assure consistency and compliance when applying extensions. The SOP includes outlines of the reason(s) that an extension can be taken in accordance with the Privacy Act and describes how to capture the reason to support reporting requirements.

8. Training and awareness

8.1. ATIP training program

Departmental ATIP training remained consistent during this reporting period. The previously reported three-pronged training approach was maintained, where Directorate training resources delivered the following training sessions to DND civilian and CAF military members with specific emphasis on those staff with ATIP responsibilities:

• Introductory courses (General ATIP or Privacy Fundamentals);
• Advanced courses (General ATIP or organization-specific content); and,
• • ATIP awareness and engagement activities with the various branches and divisions.

Regional training sessions at Canadian Forces Bases Esquimalt, Edmonton, Cold Lake, Gagetown, Greenwood, Halifax, Shearwater, Kingston and Borden were also delivered during this reporting period.

8.2. Training and awareness activities

A total of 87 face-to-face training sessions were delivered to approximately 1,559 Defence employees and CAF members on the administration of both the ATI Act and Privacy Act, as well as on appropriate management of personal information under the control of the institution. These training sessions were provided through participation in ATIP 101 (introductory) sessions, ATIP 201 (advanced) sessions, GCDOCS privacy-focused training, and targeted training sessions for specific Defence organizations. Most training sessions were delivered by the ATIP Directorate staff in person or through video teleconference technologies, however some organizations conducted their own courses and one-on-one sessions. An example of organizations conducting their own training sessions included the 3 training events provided by the Canadian Forces Health Services group that covered a variety of Privacy topics – for a total of 135 persons trained. Defence employees and CAF members were also encouraged to take the Access to Information and Privacy Fundamentals course offered through the Canada School of Public Service.

In keeping with promoting awareness, the ATIP Directorate employees also provided guidance to third parties and requesters on the requirements of the Access to Information Act and the Privacy Act, TB policies and directives, and associated institutional procedures as required.

Integrated privacy training

The ATIP Directorate continued to collaborate on program-specific training offered by other Defence organizations to integrate supporting content on privacy protection concepts and personal information management practices. During FY 2019-2020, the ATIP Directorate participated in the GCDOCS on-boarding for information management specialists.

Canadian Forces Health Services training

The Canadian Forces Health Services (CFHS) operates a privacy office that is responsible for providing advice and support to the CFHS Group on policies and activities that involve personal health information. In accordance with their mandate, the CHFS privacy office maintains training modules to educate staff on the principles of “Privacy, Confidentiality and Security” to support appropriate use of the Canadian Forces Health Information System.

During this reporting period, members of CFHS Group completed these modules and over 135 of their staff attended training offered specifically to the CFHS organization.

8.3. Continuous Learning

As a result of the ATIP program review undertaken in 2017, the ATIP Directorate is fully committed to supporting the development and continuous learning for ATIP analysts. During the current reporting period, National Defence participated in a pilot project with several other government departments; Programme de formation professionnelle en intégration en emploi des analystes fédéraux en AIPRP – 1e édition^{Footnote 8} course hosted by L’Association des professionnels en accès à l’information et en protection de la vie privée^{Footnote 9} (AAPI). This course provides an overview of ATIP legislative considerations and is targeted at junior analysts. Four (4) ATIP analysts from National Defence participated. Additionally, a full day of professional development training was provided to all ATIP staff. The topics included personal information management, privacy incident management, the use of action codes in the ATIP case management and review of cabinet confidences.

9. Initiatives and projects

9.1. On-Time Team

Privacy Operations implemented a dedicated team to focus on compliance and processing requests within the 30-day legislated timeframe. Additionally, this team focused on applying legitimate extensions pursuant to Section 15 of the Act. These focused efforts realized an impressive increase in on-time compliance of 75% compared to 49% in the previous year.

9.2. Technological Improvements

Privacy Operations Telework

DAIP trialed the ability to review and redact privacy requests remotely during this reporting period. The trial period was successful and consequently, when the COVID-19 business continuity posture was implemented, many of the initial challenges associated with establishing a telework environment had been resolved.

New Case Management Solution

DAIP is developing an innovative case management system to better manage the ATIP related activities outside of formal ATIP requests. This new case management system will improve tracking and trend analysis for governance and compliance activities such as: the provision of advisory services pertaining to the Access to Information and Privacy Acts, Privacy Incident Management, Privacy Impact Assessment development, managing and tracking legal matters and Personal Information Disclosures. It also includes features to maintain Personal Information Banks and Info Source management in a more automated manner.

9.3. Litigation Support Team

To support a key National Defence priority, DAIP maintained a Litigation Support Team. The LGBT Class Action occurred during FY 2019-20 to apologize for discrimination conducted against the LGBT community. The Litigation Support Team reviewed 464 files providing direct support the Departmental Litigation Oversight team.

10. Monitoring compliance

DAIP regularly monitors and reports on a number of ATIP metrics. In FY 2019-2020, the Departmental ATIP Performance Dashboard was refined to provide better overall awareness to Defence leadership on ATIP performance and metrics. In addition, the Department continues to receive on-demand statistical reports and performance compared to previous fiscal years to identify trends. This monitoring allows the ATIP Directorate to track ATIP performance across the Department to identify potential areas for process improvements.

Currently, the time to process requests for correction of personal information is not formally monitored as this number is regularly very low. In FY 2019-2020, the ATIP Directorate received only one request for correction.

11. Privacy operating costs

Costs

The annual cost to administer the National Defence privacy program increased by 15 percent to approximately $3,756,410 FY 2019-2020.

Human Resources

During FY 2019-2020, an equivalent of 46.26 full-time employees were dedicated to administering the Privacy Act. For additional information refer to section 11 in Annex B.

Annex A: Designation Order

National Defence and the Canadian Armed Forces

Access to Information Act and Privacy Act Designation Order

1. Pursuant to section 73 of the Access to Information Act and the Privacy Act, the Minister of National Defence, as the head of a government institution under these Acts, hereby designates the persons holding the following positions, or the persons occupying those positions on an acting basis, to exercise or perform all of the powers, duties and functions of the head of a government institution under these Acts:
   1. the Deputy Minister;
   2. the Corporate Secretary;
   3. the Director Access to Information and Privacy; and
   4. Deputy Directors Access to Information and Privacy.
2. Pursuant to section 73 of the above-mentioned Acts, the Minister also designates the following:
   1. those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
      • The application of the following provisions under the Access to Information Act: section 9; subsection 11(2), 11(3), 11(4), 11(5), 11(6); sections 19, 20, 23 and 24; subsections 27(1) and 27(4); paragraph 28 (1)(b), subsections 28(2) and 28(4); and
      • The response to requests made under the Access to Information Act if no records exist.
   2. those persons holding the position of Privacy Team Leader, or the persons occupying this position on an acting basis, to exercise or perform any of the powers, duties and functions of the head of an institution under the Privacy Act, other than under sub-paragraphs 8(2)(j) and 8(2)(m); and
   3. those persons holding the position of Privacy Senior Analyst, or the persons occupying this position on an acting basis, to exercise or perform the powers and duties in respect of the application of section 26 of the Privacy Act.

Original signed by

The Honourable Harjit S. Sajjan, PC, OMM, MSM, CD, MP
Minister of National Defence
Date: 2016-01-12

Annex B: Statistical Report on the Privacy Act for 2019-2020

Government of Canada

Statistical Report on the Privacy Act

Name of institution: National Defence

Reporting period: 2019-04-01 to 2020-03-31

Section 1: Requests Under the Privacy Act

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

2.4 Format of information released

2.5 Complexity

2.5.1 Relevant pages processed and disclosed

2.5.2 Relevant pages processed and disclosed by size of requests

2.5.3 Other complexities

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines

2.7.2 Requests closed behond legislated timelines (including any extention taken)

2.8 Requests for translation

Section 3: Disclosures under Subsections 8(2) and 8(5)

Section 4: Requests for Correction of Personal Information and Notations

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests

5.2 Length of extensions

Back to top

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

6.3 Recommendations and completion time for consultations received from other organizations

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

7.2 Requests with Privy Council Office

Section 8: Complaints and Investigations Notices Received

Section 9: Privacy Impact Assessments (PIAs)

9.2 Personal Information Banks

Section 10: Material Privacy Breaches

Section 11: Resources Related to the Privacy Act

11.1 Costs

11.2 Human Resources

Annex C: Supplemental Statistical Report on the Privacy Act for 2019-2020

Supplemental Statistical Report on the Privacy Act

The following table reports the total number of formal requests received during two periods: 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 4 - Requests Received

The following table reports the total number of requests closed within the legislated timelines and the number of closed requests that were deemed refusals during two periods 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31

Table 5 - Requests Closed