Privacy Act – Annual Report – April 1, 2014, to March 31, 2015
Table of contents
- Introduction
- Part I — General information on the Public Service Commission of Canada
- Part II — Report on the Privacy Act
- 1. Organization of Delegation and Activities
- 2. Summary of Access to Information and Privacy Directorate Activities
- 3. Statistical report: Interpretation
- 3.1 Requests under the Act
- 3.2 Nature of requests
- 3.3 Inter-organizational consultations
- 3.4 Informal review of information
- 3.5 Disposition of requests completed
- 3.6 Exemptions invoked
- 3.7 Exclusions invoked
- 3.8 Extension of time limits
- 3.9 Completion time
- 3.10 Translation
- 3.11 Format of information released
- 3.12 Corrections and notations
- 3.13 Costs
- 4. Complaints
- 5. Privacy Impact Assessments
- Annex A – Delegation Instrument
- Annex B – 2014-2015 Annual Privacy Act Statistical Report
- Appendix I – Historical Comparisons
Introduction
The Privacy Act (R.S., 1985, c. P-21) was proclaimed on July 1, 1983.
The Privacy Act (the “Act”) gives individuals the right to access information about them that is held by the government. This is, however, subject to specific and limited exceptions.
The Act also protects individuals' privacy by preventing others from accessing their personal information and by giving them substantial control over the collection, use and disclosure of personal information.
Section 72 of the Act requires that the head of every federal government institution prepare an Annual Report, for submission to Parliament, on the administration of the Act within the institution. Every report shall be laid before each House of Parliament within three months after the financial year in respect of which it is made or, if that House is not then sitting, on any of the first 15 days next thereafter that it is sitting.
This Annual Report provides a summary of the management and administration of the Act within the Public Service Commission of Canada (PSC) for the fiscal year 2014-2015.
Additional copies
Additional copies of this report may be obtained by writing to:
Access to Information and Privacy Directorate
Public Service Commission of Canada
22 Eddy Street
Gatineau, Quebec K1A 0M7
Or at CFP.AIPRP-ATIPPSC@cfp-psc.gc.ca
Or by calling 819-420-6561 (fax: 819-420-6552)
The PSC's Privacy Act Annual Report is also available at
PSC's internet site
Part I – General information on the Public Service Commission of Canada
1.1 Raison d'être and mandate
Raison d'être
The mandate of the PSC is to promote and safeguard merit-based appointments and, in collaboration with other stakeholders, to protect the non-partisan nature of the public service. The PSC reports on its mandate to Parliament.
Under the delegated staffing system set out in the Public Service Employment Act (PSEA), the PSC fulfills its mandate by providing policy guidance and expertise, as well as by conducting effective oversight. In addition, the PSC delivers innovative staffing and assessment services.
Responsibilities
The PSC is responsible for promoting and safeguarding merit-based appointments that are free from political influence and, in collaboration with other stakeholders, for protecting the non-partisan nature of the public service. It reports independently on its mandate to Parliament
The PSC is mandated to:
- Make appointments to and within the public service, based on merit and free from political influence. The PSEA provides the authority to the Commission to delegate to deputy heads its authority to make appointments to positions in the public service. This authority is currently delegated to the deputy heads subject to the PSEA, across the federal government.
- Administer the provisions of the PSEA that are related to the political activities of employees and deputy heads. Part 7 of the PSEA recognizes the right of employees to engage in a political activity, while maintaining the principle of political impartiality in the public service. It also sets out specific roles and responsibilities for employees and for the PSC related to political activities.
- Oversee the integrity of the staffing system and, in collaboration with other stakeholders, ensure non-partisanship. This oversight role includes: the regulatory authority and policy-setting function; the ongoing support and guidance and the monitoring of the staffing performance of delegated organizations; the conduct of audits that provide an independent assessment of the performance and management of staffing activities and the conduct of investigations of staffing processes and improper political activities by public servants.
1.2 Strategic outcome and program alignment architecture
The PSC Program Alignment Architecture consists of one strategic outcome and four programs.
Public Service Commission Strategic outcome
To provide Canadians with a highly competent, non-partisan and representative public service, able to provide service in both official languages, in which appointments are based on merit and the values of fairness, access, representativeness and transparency.
Program activity – Staffing system integrity and political impartiality
The Staffing System Integrity and Political Impartiality program is focused on independently safeguarding merit and non-partisanship in the federal public service. This program includes developing and advancing strategic policy positions and directions; conducting policy research; establishing Public Service Commission (PSC) policies and standards; providing advice, interpretation and guidance; and administering delegated and non-delegated authorities, including official languages, the political activities regime and Priority Administration.
Program activity – Staffing services and assessment
The Staffing Services and Assessment program maintains the systems that link Canadians and public servants seeking employment opportunities in the federal public service with hiring departments and agencies. It provides assessment-related products and services in the form of research and development, consultation, assessment operations and counselling for use in recruitment, selection and development throughout the federal public service. This program also includes delivering staffing services, programs and products to departments and agencies, to Canadians and public servants, through client service units located across Canada.
Program activity – Oversight of integrity in staffing and of non-partisanship
The Oversight of Integrity in Staffing and of Non-partisanship program provides an accountability regime for the implementation of the appointment policy and regulatory framework for safeguarding the integrity of public service staffing and ensuring staffing is free from political influence. This program includes monitoring departments’ and agencies’ staffing performance and compliance with legislative requirements; conducting audits and studies; carrying out investigations; and reporting to Parliament on the integrity of public service staffing and the non-partisanship of the public service.
Program activity – Internal services
Internal Services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. These groups are: Management and Oversight Services; Communications Services; Legal Services; Human Resources Management Services; Financial Management Services; Information Management Services; Information Technology Services; Real Property Services; Materiel Services; Acquisition Services; and Travel and Other Administrative Services. Internal Services include only those activities and resources that apply across an organization and not to those provided specifically to a program.
Part II - Report on the Privacy Act
1. Organization of delegation and activities
1.1 Delegation order
Under section 3 of the Privacy Act (the Act), the President of the PSC is designated as the head of the government institution for purposes of the administration of the Act.
Pursuant to section 73 of the Act, deputy heads may delegate any of their powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head specified in the order.
The powers, duties and functions of the president, under the Act, are delegated to the Director of Access to Information, Privacy and Transition Projects, who is the PSC’s Access to Information and Privacy (ATIP) coordinator (see Annex A – Delegation Instrument).
1.2 The Access to Information and Privacy Coordinator
The ATIP coordinator is responsible and accountable for the development, coordination and implementation of effective policies, guidelines, systems and procedures to enable the efficient processing of requests under Access to Information Act and the Privacy Act.
The coordinator is also responsible for the development, coordination and implementation of policies, systems and procedures that are required by both Acts as well as Treasury Board of Canada (TB) directives and policies. The activities of the coordinator include:
- Processing requests made under both Acts;
- Acting as spokesperson for the PSC in dealings with the Treasury Board of Canada Secretariat (TBS), the Office of the Privacy Commissioner (OPC) and other government departments and agencies on matters related to the Act;
- Responding to consultation requests submitted by other federal institutions;
- Reviewing information collection in accordance with the Communications Policy of the Government of Canada and the Procedures for the Management of Public Opinion Research;
- Preparing the Annual Report to Parliament and other statutory reports, as well as other material that may be required by central agencies;
- Promoting awareness and providing advice to PSC employees to ensure responsiveness to the obligations of both acts, TB policies and their impact on various program initiatives; and
- Monitoring PSC compliance with both acts, regulations and relevant procedures and policies.
1.3 The Access to Information and Privacy Directorate
The Access to Information and Privacy Directorate (the Directorate) supports the ATIP Coordinator in administering the provisions of the Acts and related TB policies for the PSC. The Directorate is comprised of a manager and two analysts. During the course of this reporting period, the Directorate hired two consultants to assist with the processing of official requests. The Directorate also received ad hoc support from the Corporate Secretariat for updating Info Source, preparing reports and scanning and entering data.
The analysts are responsible for processing Access to Information Act and Privacy Act consultations and requests, preparing responses to complaints, reviewing the PSC’s Info Source chapter and supporting all other ATIP responsibilities.
The Directorate updates its intranet site on a regular basis and uses it as the primary vehicle for communicating with PSC employees. In addition, the Directorate delivers training sessions for PSC employees.
The Directorate also reviews office procedures to improve the support it provides to its branch liaison officers and promote a better understanding of their roles, responsibilities and obligations related to the processing of requests under both Acts.
1.4 Liaison officers
The Directorate processes requests with the assistance of liaison officers who are employees knowledgeable of their branch’s activities. There is one liaison officer and one back-up for each branch as well as for the Corporate Secretariat. In addition to acting as the point of contact between their branch and the Directorate, liaison officers are responsible for:
- Tasking the appropriate program experts within their branch to search for relevant records;
- Advising if there are other offices of primary interest;
- Keeping the Directorate apprised of any issues in relation to specific requests (e.g., excessive search time, interference with operations, consultations required); and
- Duly delivering to the Directorate the relevant records, complete with branch recommendations. Liaison officers play an important role in ensuring that the Commission conducts a thorough and complete search of its record holdings when processing information requests.
2. Summary of Access to Information and Privacy Directorate activities
2.1 Development of policies, directives, guidelines and other key documents
During this reporting period, the PSC drafted a guidance document to assist with the processing of privacy requests in relation to investigations conducted under the Public Service Employment Act (PSEA). Once approved, this tool will streamline the retrieval of these sensitive records and support consistency when reviewing them.
During the reporting period, the Directorate concluded the review of the PSC’s Privacy Breach Policy and Procedures. Both documents were approved by the Executive Management Committee (EMC). This policy meets and surpasses the objectives detailed in the TB Guidelines for Privacy Breaches and is an important part of the PSC’s privacy framework.
Under the revised procedures, any employee within the PSC must inform their immediate supervisor and the ATIP Directorate of any possible privacy breach. The ATIP Directorate will assist program experts and departmental security in addressing the potential breach. Under the revised PSC Privacy Breach Policy, all privacy breaches will be reported to the TBS and the OPC.
2.2 Advice and training
Advice
In addition to processing Access to Information Act and Privacy Act requests, the ATIP Office received 184 requests for advice from PSC managers and employees, as well as from other organizations and members of the public regarding a variety of issues and questions related to both Acts.
Some of the 184 requests for advice dealt with the following PSC initiatives:
- Providing advice on privacy impact assessments and other components of the PSC’s Privacy Management Framework due to the potential impact of renewal and legislative changes on programs and services;
- Answering questions related to the authorized disclosure of personal information and the protection of personal information in reports, memoranda of understanding, information-sharing agreements and contracts;
- Assisting program areas in the drafting and updating of privacy notice statements;
- Reviewing audit reports, responses to parliamentary questions and other documents prior to publication to ensure that information is released in accordance with the Act; and
- Answering general written enquiries from the general public.
Participation in the governance process
The ATIP Manager is a member of the Project Review Committee and the Security Committee. The ATIP coordinator is a member of the Information Management, Information Technology Committee and the Resource Management Committee. Active participation in these committees allows the ATIP Directorate to be aware of upcoming issues, initiatives and projects that may have ATIP implications. These fora allow open and frank discussion as well as the ability to provide ad hoc ATIP advice.
Training
During the reporting period, the Directorate developed, tested and implemented a new mandatory training program for supervisors and managers of the PSC. The primary goal is to ensure that managers and supervisors are fully aware of their responsibilities under the Access to Information Act, the Privacy Act and the related policies. The Directorate developed this mandatory course as a follow-up to the Internal Audit on the Management of Personal Information. (See section 2.7)
The Directorate provided three training sessions to 20 employees and managers on the provisions of the Access to Information Act and the Privacy Act and their impact on programs and initiatives.
The ATIP liaison working group met six times during the reporting period to discuss best practices address gaps and provide training opportunities.
The Directorate retained an industry-leading consultant to facilitate a three-day training course on Privacy Impact Assessments (PIAs). This training helped develop the Directorate’s capacity to review and guide departmental clients through the PIA process. The training was also made available to departmental clients with an interest in PIAs or who were expecting to conduct a PIA in the upcoming year.
2.3 Tracking system and imaging software
During the reporting period, the Directorate continued to use the AccessPro Case Management and AccessPro Redaction software and upgraded to the newest version available.
2.4 Collection, use and disclosure of personal information
2.4.1 Personal Information Banks
During this reporting period, the PSC reviewed its 69 Personal Information Banks (PIBs) to ensure that they were aligned with its Program Activity Architecture.
As part of the review, the Resourcing Services PIB was updated to reflect the merger of the Public Service Resourcing System (PSRS) and Publiservice. Amendments were also necessary due to the expected passing of Bill C-27 (Veterans Hiring Act).
2.4.2 Exempt banks
The PSC does not have any exempt banks. There were no denials of access under subsection 18(2) of the Act.
2.4.3. Disclosure under subsection 8(2) of the Act
Personal information under the control of a government institution should not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with subsection 8(2) of the Act.
Paragraph 8(2)(m) of the Act concerns cases where, in the opinion of the head of the institution, the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or where disclosure would clearly benefit the individual to whom the information relates.
During this reporting period, the PSC disclosed personal information under paragraph 8(2)(m) of the Act on two occasions. As required by subsection 8(5) of the Act, the PSC notified the Privacy Commissioner in writing of the disclosure of information in both instances.
2.4.4 Review of documents
The ATIP Directorate regularly reviews certain documents prior to disclosure or to project implementation in order to identify personal information that may have been included. These reviews also ensure that proper procedures for their release are followed and support the provisions of the Act.
Audit reports
The ATIP Directorate reviewed six audit reports over the course of the reporting period.
Project Initiation forms
In 2014-2015, the ATIP Directorate also routinely reviewed informatics technology Project Initiation Forms (PIF) and statements of sensitivities to:
- Ensure privacy requirements are addressed in new technology initiatives;
- Determine if there are requirements for a PIA; and
- Ensure that PIBs provide proper descriptions.
The ATIP Directorate closed two PIFs over the course of the reporting period, leaving seven active ones. Most of these are related to the technical aspects of the PSC’s office move from Ottawa to Gatineau, while others deal with Government of Canada initiatives such as Voice over Internet Protocol and e-mail transformation.
Privacy notice statements and contract clauses
The ATIP Directorate reviewed and provided advice regarding updates to six Privacy Notice Statements. No privacy/security contract clauses were reviewed over the course of this reporting period.
Memoranda of Understanding and statistical studies
The ATIP Directorate reviewed one Memorandum of Understanding and one statistical study during the reporting period.
2.5 Privacy breaches
During the reporting period, the PSC reported one privacy breach.
The incident involved the inadvertent publication on the departmental web site of an individual’s name in receipt of a Public Service Superannuation pension as part of the proactive disclosure of awarded contracts valued at over $10,000. In this case, a standing offer was negotiated, but no contract had yet been awarded. The name was subsequently removed from the departmental web site.
The incident was not deemed to be a material privacy breache. As such, there was no obligation to report these under the TB Guidelines for Privacy Breaches. However, this breach was reported to the TBS and the OPC in accordance with the revised PSC Policy on Privacy Breaches.
2.6 Internal audit on the management of personal information
During the reporting period, the PSC undertook an internal audit on the management of personal information. The final audit report and management action plan were approved by the President in March, 2015.
The audit found that:
- The PSC has developed an effective management control framework for the management of personal information at the organization.
- Roles and responsibilities are defined but could be better communicated.
- Most major systems and programs have undergone a risk assessment to determine the controls needed to manage personal information in the organization.
- There are some smaller programs that have not been assessed and would benefit from a review.
Management approved an action plan in response to this audit that included the following items:
- Develop and deliver mandatory training for supervisors and managers on the PSC’s Privacy Management Framework;
- Develop and present an annual report to EMC on PIAs that are completed, underway and required throughout the department;
- Review information sharing agreements in order to reduce the information being collected to what is required;
- Review the Priority Information Management System configuration to limit access to a need-to-know basis;
- Deploy secure USB keys and secure fax machines to those areas that require them;
- Review retention and disposal schedule for all personal information holdings; and
- Increase monitoring and reporting practices for privacy action plans and ensure that such action are included in the PSC’s planning process.
The 2015-16 report will include an update on the implementation of these measures.
3. Statistical report: Interpretation
3.1 Requests under the Act
From , to the PSC received 16 new requests under the Act, in addition to the two requests that were carried over from the previous period.
The PSC completed its response to 17 requests during the reporting period, requiring the review of 1,222 pages of information. One request was ongoing at the end of the reporting period and was carried forward to the next one.
For a historical comparison of requests received and responses completed, see Appendix I.
3.2 Nature of requests
As in previous years, the 17 closed requests covered a wide range PSC activities:
- Eight requests (47%) related to staffing activities. For the most part, they were from individuals seeking personal information and/or test results (including second language evaluation) obtained during selection processes.
- Eight requests (47%) were from individuals seeking information about themselves contained in PSC records.
- One request (6%) was from someone seeking information related to investigations conducted under the Public Service Employment Act (PSEA).
3.3 Inter-organizational consultations
The PSCreceived three requests for privacy consultations from other government organizations. The processing of these requests required the review of 97 pages of information.
In response to these three requests, the PSC determined that information should be:
- Disclosed in full for one requests;
- Disclosed in part for one requests; and
- Exempted in full for one request.
The PSCconsulted other government departments and agencies two times to process 2 of the 17 closed requests.
3.4 Informal review of information
In an attempt to increase and facilitate access, the PSC promotes informal methods of access whenever possible. Requesters may obtain access to their personal information on an informal basis by contacting the manager of the program area that controls the records. In these instances, the ATIP Directorate provides assistance and advice, as required.
3.5 Disposition of requests completed
For the 17 closed requests, information was released either in whole or in part in 12 cases (70%).
3.5.1 All disclosed
In seven of the 17 completed cases (41%), the applicants were provided with full access to the relevant records.
3.5.2 Disclosed in part
Based on the exemptions and exclusions of the Act, the PSC provided applicants with partial access in five of the 17 completed cases (29%).
3.5.3 Nothing disclosed (exemption or exclusion)
No request was entirely exempted or excluded under the provisions of the Act.
3.5.4 No records exists
The PSC was unable to process four requests (24%) due to the fact that no relevant information existed under the control of the organization.
3.5.5 Abandoned by the Applicant
One request (6%) was abandoned by the applicant.
3.6 Exemptions invoked
Sections 18 through 28 of the Act set out the exemptions intended to protect information pertaining to a particular public or private interest. During the reporting period, the most frequently invoked exemption was sections 26 – personal information of another individual. A historical comparison of exemptions is presented in Appendix I.
3.7 Exclusions invoked
Sections 68 to 69 of the Act outlines certain types of information to which the Act does not apply. These exclusions related to published material, library and museum material, material placed in Library and Archives Canada by or on behalf of third parties, some materials relating to the Canada Broadcasting Corporation and Cabinet Confidences.
The PSC did not invoke any exclusions during the reporting period.
3.8 Extension of time limits
Extensions of the 30-day statutory response time are permissible under section 15 of the Act. A request may be extended in accordance with multiple provisions of this section. During the reporting period extensions were invoked in the processing of two of the 17 completed requests (12%). In both cases, an extension was required in order to conduct consultations with other federal institutions.
3.9 Completion time
Of the 17 closed requests, the PSC responded to 15 within 30 days or less, representing 88% of all the requests completed. The remaining two requests (12%) were completed within 31 to 60 days.
Overall, the PSC was successful in responding to 100% of requests within the allowable time limits.
3.10 Translation
The PSC did not receive any requests for translation of information.
3.11 Format of information released
For 12 completed responses in which information was released, the applicants received copies of the information on paper in 10 cases and electronically in 1 instance. In the final instance the applicant was provided the opportunity to listen to recordings.
3.12 Corrections and notations
The PSC did not receive any formal requests for the correction of personal information under subsection 12(2) of the Act.
However, the ATIP Directorate did facilitate the annotation of personal information to a file in two instances. These requests did not meet the requirements of subsection 12(2) of the Act as they were not made following a formal request made under subsection 12(1) of the Act.
3.13 Costs
During the reporting period, the ATIP Directorate spent $110,329 on salaries and $27,770 on goods and services, including $17,030 for professional service contracts, for the administration of the Privacy Act.
The salary costs represented 1.52 full-time equivalent employees.
4. Complaints
4.1 Number of complaints
The OPCdid not receive any complaints regarding the Privacy Act requests presented to the PSC during the reporting period. However, nine complaints were carried over from the 2012-2013 reporting period. Of these, two were completed during the reporting period. Seven complaints remained active at the OPC at the end of the reporting period.
4.2 Nature of complaints
Most of the outstanding complaints allege a refusal of access due to missing records or improper use of exemptions. Two of the outstanding requests allege that personal information related to investigations conducted under the PSEA was improperly disclosed.
4.3 Complaints closed
The OPC concluded two investigations during the reporting period. The first dealt with the disclosure of personal information to a psychologist retained by the PSC. While the other pertained to a perceived failure by the PSC to correct or annotate personal information in accordance with subsection 12(2) of the Act. In both cases, the complaints were deemed to be not founded.
5. Privacy impact assessments
The Privacy Impact Assessment Policy (PIA) came into effect in and was replaced by the Directive on Privacy Impact Assessmentin . The goal of the policy is to allow government institutions to identify whether a program or a service delivery initiative involving the collection, use or disclosure of personal information, as defined in the Act, complies with privacy principles. PIAs also aim to avoid or mitigate any identifiable risks to privacy. The ATIP Directorate provides advice and guidance to PSC managers throughout the PIA production processes, including the review of PIA reports and liaison with the OPC.
The PSC completed its PIA on the Analytical Environment and forwarded it to the Office of the Privacy Commissioner of Canada and the Treasury Board of Canada Secretariat during the reporting period.
Summaries of completed Privacy Impact Assessments are posted on the PSC’s Internet site.
The ATIP Directorate will continue to support the development of the following PIAs in 2015-16:
- PIA Update for Priority Information Management System (PIMS) – User portal and other system enhancements; and
- Addendum to PIA on Public Service Resourcing System (PSRS) - Extension for internal staffing.
Annex A – Delegation Instrument
Privacy Act - Delegation Order
The President of the Public Service Commission of Canada, as head of the government institution, hereby designates Pursuant to section 73 of the Privacy Act, the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties or functions of the President as specified below and as more fully described in Annex A:
Position | Sections of the Privacy Act |
---|---|
Director, ATIP and Transition Projects, Corporate Management Branch | Act: (8)(2)(j), 8(4), 8(5), 9(1), 9(4), 10, 14, 15, 17(2)(b), 17(3)(b), 18(2), 19 - 28, 31, 33(2), 35(1), 35(4), 36(3), 37(3), 51(2)(b) 51(3), 72(1), 77 Regulations: 9, 11(2), 11 (4), 13(1), 14 |
This delegation is effective as of .
Anne-Marie Robinson
President
Appendix A:
Privacy Act
8(2)(j) | Disclosure for research purposes |
8(4) | Copies of requests under 8(2)(e) to be retained |
8(5) | Notice of disclosure under 8(2)(m) |
9(1) | Record of disclosures to be retained |
9(4) | Consistent uses |
10 | Personal information to be included in personal information banks |
14 | Notice where access requested |
15 | Extension of time limits |
17(2)(b) | Language of access |
17(3)(b) | Access to personal information in alternative format |
18(2) | Exemption (exempt bank) – Disclosure may be refused |
19(1) | Exemption – Personal information obtained in confidence |
19(2) | Exemption – Where authorized to disclose |
20 | Exemption – Federal-provincial affairs |
21 | Exemption – International affairs and defence |
22 | Exemption – Law enforcement and investigation |
22.3 | Exemption – Public Servants Disclosure Protection Act |
23 | Exemption – Security clearances |
24 | Exemption – Individuals sentenced for an offence |
25 | Exemption – Safety of individuals |
26 | Exemption – Information about another individual |
27 | Exemption – Solicitor-client privilege |
28 | Exemption – Medical record |
31 | Notice of intention to investigate |
33(2) | Right to make representation |
35(1) | Findings and recommendations of Privacy Commissioner (complaints) |
35(4) | Access to be given |
36(3) | Report of findings and recommendations (exempt banks) |
37(3) | Report of findings and recommendations (compliance review) |
51(2)(b) | Special rules for hearings |
51(3) | Ex parte representations |
72(1) | Report to Parliament |
77 | Carry out responsibilities conferred on the head of the institution by the regulations made under section 77 which are not included above. |
Privacy Regulations
9 | Reasonable facilities and time provided to examine personal information |
11(2) | Notification that correction to personal information has been made |
11(4) | Notification that correction to personal information has been refused |
13(1) | Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requestor |
14 | Disclosure of personal information relating to physical or mental health may be made to a requestor in the presence of a qualified medical practitioner or psychologist |
Annex B - 2014-2015 Annual Privacy Act Statistical Report
Statistical Report on the Privacy Act
Name of institution: Public Service Commission of Canada
Reporting period: 2014-04-01 to 2015-03-31
Part 1 - Requests under the Privacy Act
1.1 Number of requests
Number of Requests | |
---|---|
Received during reporting period | 16 |
Outstanding from previous reporting period | 2 |
Total | 18 |
Closed during reporting period | 17 |
Carried over to next reporting period | 1 |
Part 2 - Requests Closed During the Reporting Period
2.1 Dispostion and completion time
Disposition of requests | Completion Time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More than 365 Days |
Total | |
All disclosed | 4 | 3 | 0 | 0 | 0 | 0 | 0 | 7 |
Disclosed in part | 0 | 3 | 2 | 0 | 0 | 0 | 0 | 5 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 3 | 1 | 0 | 0 | 0 | 0 | 0 | 4 |
Request abandoned | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 8 | 7 | 2 | 0 | 0 | 0 | 0 | 17 |
2.2 Exemptions
Section | Number of requests |
Section | Number of requests |
Section | Number of requests |
---|---|---|---|---|---|
18(2) | 0 | 22(1)(a)(i) | 0 | 23(a) | 0 |
19(1)(a) | 0 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
19(1)(b) | 0 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
19(1)(c) | 0 | 22(1)(b) | 0 | 24(b) | 0 |
19(1)(d) | 0 | 22(1)(c) | 0 | 25 | 0 |
19(1)(e) | 0 | 22(2) | 0 | 26 | 3 |
19(1)(f) | 0 | 22.1 | 0 | 27 | 0 |
20 | 0 | 22.2 | 0 | 28 | 0 |
21 | 0 | 22.3 | 0 |
2.3 Exclusions
Section | Number of requests |
Section | Number of requests |
Section | Number of requests |
---|---|---|---|---|---|
69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
70(1)(c) | 0 | 70.1 | 0 |
2.4 Format of information released
Disposition | Paper | Electronic | Other formats |
---|---|---|---|
All disclosed | 5 | 1 | 1 |
Disclosed in part | 5 | 0 | 0 |
Total | 10 | 1 | 1 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of Requests |
Number of Pages Processed |
Number of Pages Disclosed |
Number of Requests |
---|---|---|---|
All disclosed | 655 | 611 | 7 |
Disclosed in part | 567 | 417 | 5 |
All exempted | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 1 |
Neither confirmed nor denied | 0 | 0 | 0 |
Total | 1222 | 1028 | 13 |
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition | Less than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 PagesProcessed |
More than 5000 Pages Processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests |
Pages Disclosed |
Number of requests |
Pages Disclosed |
Number of requests |
Pages Disclosed |
Number of requests |
Pages Disclosed |
Number of requests |
Pages Disclosed |
|
All disclosed | 6 | 108 | 0 | 0 | 1 | 503 | 0 | 0 | 0 | 0 |
Disclosed in part | 2 | 74 | 3 | 343 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 9 | 182 | 3 | 343 | 1 | 503 | 0 | 0 | 0 | 0 |
2.5.3 Other complexities
Disposition | Consultation Required |
Legal Advice Sought |
Interwoven Information |
Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 2 | 0 | 0 | 0 | 2 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 2 | 0 | 0 | 0 | 2 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of requests closed past the statutory deadline |
Principal Reason | |||
---|---|---|---|---|
Workload | External Consultation |
Internal Consultation |
Other | |
0 | 0 | 0 | 0 | 0 |
2.6.2 Number of days past deadline
Number of Days Past Deadline |
Number of Requests Past Deadline Where No Extension Was Taken |
Number of Requests Past Deadline Where An Extension Was Taken |
Total |
---|---|---|---|
1 to 15 days | 0 | 0 | 0 |
16 to 30 days | 0 | 0 | 0 |
31 to 60 days | 0 | 0 | 0 |
61 to 120 days | 0 | 0 | 0 |
121 to 180 days | 0 | 0 | 0 |
181 to 365 days | 0 | 0 | 0 |
More than 365 days | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
2.7 Requests for translation
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Part 3 – Disclosures under subsection 8(2) and 8(5)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
0 | 2 | 2 | 4 |
Part 4 – Requests for correction of personal information and notations
Disposition for Correction Requests Received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 0 |
Total | 0 |
Part 5 – Extensions
5.1 Reasons for extensions and disposition of requests
Disposition of Requests Where an Extension Was Taken |
15(a)(i) Interference With Operations |
15(a)(ii) Consultation |
15(b) Translation or Conversion |
|
---|---|---|---|---|
Section 70 | Other | |||
All disclosed | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 2 | 0 |
All exempted | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 |
No records exist | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 2 | 0 |
5.2 Length of extensions
Length of Extensions | 15(a)(i) Interference With Operations |
15(a)(ii) Consultation |
15(b) Translation Purposes |
|
---|---|---|---|---|
Section 70 | Other | |||
1 to 15 days | 0 | 0 | 0 | 0 |
16 to 30 days | 0 | 0 | 2 | 0 |
Total | 0 | 0 | 2 | 0 |
Part 6 – Consultations Received From Other Institutions and Organizations
6.1 Consultations received from other Government of Canada institutions and organizations
Consultations | Other Government of Canada Institutions |
Number of Pages to Review |
Other Organizations |
Number of Pages to Review |
---|---|---|---|---|
Received during the reporting period | 3 | 97 | 0 | 0 |
Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
Total | 3 | 97 | 0 | 0 |
Closed during the reporting period | 3 | 0 | 0 | 0 |
Pending at the end of the reporting period | 0 | 97 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More Than 365 Days |
Total | |
All disclosed | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
Disclosed in part | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
All exempted | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1 | 2 | 0 | 0 | 0 | 0 | 0 | 3 |
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More Than 365 Days |
Total | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7 – Completion Time of Consultations on Cabinet Confidences
7.1 Requests with Legal Services
Number of Days |
Fewer Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More than 5000 Pages Processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
|
1 to 15 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
Number of Days |
Fewer Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More than 5000 Pages Processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
|
1 to 15 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8 – Complaints and Investigations Notices Received
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
0 | 0 | 0 | 0 | 0 |
Part 9 – Privacy Impact Assessments (PIAs)
Number of PIA(s) completed | 1 |
---|
Part 10 – Resources related to the Privacy Act
10.1 Costs
Expenditures | Amount | |
---|---|---|
Salaries | $110,329 | |
Overtime | $0 | |
Goods and Services | $27,770 | |
|
$17,030 | |
|
$10,740 | |
Total | $138,099 |
10.2 Human Resources
Resources | Person Years Dedicated to Privacy Activities |
---|---|
Full-time employees | 1.49 |
Part-time and casual employees | 0.00 |
Regional staff | 0.00 |
Consultants and agency personnel | 0.03 |
Students | 0.00 |
Total | 1.52 |
Note: Enter values to two decimal places.
Appendix I – Historical Comparisons
Requests received
2005- 2006 |
2006- 2007 |
2007- 2008 |
2008- 2009 |
2009- 2010 |
2010- 2011 |
2011- 2012 |
2012- 2013 |
2013- 2014 |
2014- 2015 |
|
---|---|---|---|---|---|---|---|---|---|---|
Requests received | 41 | 36 | 30 | 39 | 31 | 28 | 28 | 32 | 18 | 16 |
Requests completed | 39 | 35 | 33 | 41 | 30 | 26 | 29 | 31 | 19 | 17 |
Exemptions
2005- 2006 |
2006- 2007 |
2007- 2008 |
2008- 2009 |
2009- 2010 |
2010- 2011 |
2011- 2012 |
2012- 2013 |
2013- 2014 |
2014- 2015 |
|
---|---|---|---|---|---|---|---|---|---|---|
22(1)(a) | 1 | 1 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 0 |
22(1)(b) | 1 | 0 | 4 | 0 | 1 | 0 | 3 | 2 | 1 | 0 |
22(1)(c) | 0 | 0 | 0 | 0 | 0 | 5 | 0 | 0 | 0 | 0 |
22.3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 0 |
24 | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
25 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
26 | 41 | 36 | 30 | 9 | 10 | 4 | 12 | 11 | 9 | 3 |
27 | 11 | 15 | 10 | 2 | 4 | 2 | 3 | 9 | 5 | 0 |
Page details
- Date modified: