Privacy Act — Annual Report — April 1, 2015, to March 31, 2016

Table of contents

Introduction

The Privacy Act (R.S., 1985, c. P-21) was proclaimed on .

The Privacy Act (the Act) gives individuals the right to access information about them that is held by the government. This is, however, subject to specific and limited exceptions.

The Act also protects individuals' privacy by preventing others from accessing their personal information and by giving them substantial control over the collection, use and disclosure of personal information.

Section 72 of the Act requires that the head of every federal government institution prepare an Annual Report, for submission to Parliament, on the administration of the Act within the institution. Every report shall be laid before each House of Parliament within three months after the financial year in respect of which it is made or, if that House is not then sitting, on any of the first 15 days next thereafter that it is sitting.

This Annual Report provides a summary of the management and administration of the Act within the Public Service Commission of Canada (PSC) for the fiscal year 2015–2016.

The PSC's Access to Information Act Annual Report is also available on the PSC's Internet site.

Part I — General information on the Public Service Commission of Canada

1. Raison d'être and mandateFootnote 1 

Raison d'être

The mandate of the Public Service Commission (PSC) is to promote and safeguard merit-based appointments and, in collaboration with other stakeholders, to protect the non-partisan nature of the public service. The PSC reports independently on its mandate to Parliament.

Under the delegated staffing system set out in the Public Service Employment Act (PSEA), the PSC fulfills its mandate by providing policy guidance and expertise as well as by conducting effective oversight. In addition, the PSC delivers innovative staffing and assessment services.

Responsibilities

The PSC is responsible for promoting and safeguarding merit-based appointments that are free from political influence and, in collaboration with other stakeholders, for protecting the non-partisan nature of the public service.

The PSC is mandated to:

  • Make appointments to and within the public service, based on merit and free from political influence. The PSEA provides the authority to the Commission to delegate to deputy heads its authority to make appointments to positions in the public service. This authority is currently delegated to the deputy heads subject to the PSEA, across the federal government;
  • Administer the provisions of the PSEA that are related to the political activities of employees and deputy heads. Part 7 of the PSEA recognizes the right of employees to engage in a political activity, while maintaining the principle of political impartiality in the public service. It also sets out specific roles and responsibilities related to political activities for employees and for the PSC; and
  • Oversee the integrity of the staffing system and, in collaboration with other stakeholders, ensure non-partisanship. This oversight role includes: The regulatory authority and policy-setting function, the ongoing support and guidance and the monitoring of the staffing performance of delegated organizations, the conduct of audits that provide an independent assessment of the performance and management of staffing activities and the conduct of investigations of staffing processes and improper political activities by public servants.

2. Strategic outcome and Program Alignment Architecture

The PSC Program Alignment Architecture consists of one strategic outcome and four programs.

Public Service Commission strategic outcome

To provide Canadians with a highly competent, non-partisan and representative public service, able to provide service in both official languages, in which appointments are based on merit and the values of fairness, access, transparency and representativeness.

Program activity – Staffing System Integrity and Political Impartiality

The Staffing System Integrity and Political Impartiality program is focused on independently safeguarding merit and non-partisanship in the federal public service. This program includes developing and advancing strategic policy positions and directions; conducting policy research; establishing PSC policies and standards; providing advice, interpretation and guidance and administering delegated and non-delegated authorities, including official languages, the political activities regime and Priority Administration.

Program activity – Staffing Services and Assessment

The Staffing Services and Assessment program maintains the systems that link Canadians and public servants seeking employment opportunities in the federal public service with hiring departments and agencies. It provides assessment-related products and services in the form of research and development, consultation, assessment operations and counselling for use in recruitment, selection and development throughout the federal public service. This program also includes delivering staffing services, programs and products to departments and agencies, to Canadians and public servants, through client service units located across Canada.

Program activity – Oversight of Integrity in Staffing and of Non-partisanship

The Oversight of Integrity in Staffing and of Non-partisanship program provides an accountability regime for the implementation of the appointment policy and regulatory framework for safeguarding the integrity of public service staffing and ensuring staffing is free from political influence. This program includes monitoring departments' and agencies' staffing performance and compliance with legislative requirements, conducting audits and studies, carrying out investigations and reporting to Parliament on the integrity of public service staffing and the non-partisanship of the public service.

Program activity – Internal Services

Internal Services are groups of related activities and resources that are administered to support the needs of programs and other corporate obligations of an organization. Internal Services include only those activities and resources that apply across an organization and not those provided to a specific program. The services provided are:

  • Management and Oversight;
  • Communications;
  • Legal;
  • Human Resources Management;
  • Financial Management;
  • Information Management;
  • Information Technology;
  • Real Property;
  • Materiel; and
  • Acquisition.

Part II — Report on the Access to Information Act

1. Organization of delegation and activities

1.1 Delegation order

Under section 3 of the Privacy Act (the Act), the President of the Public Service Commission (PSC) is designated as the head of the government institution for purposes of the administration of the Act.

Pursuant to section 73 of the Act, deputy heads may delegate any of their powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head specified in the order.

The powers, duties and functions of the President, under the Act, are delegated to the Director of Access to Information, Privacy and Transition Projects, who is the PSC's Access to Information and Privacy (ATIP) coordinator (see Annex A — Delegation Instrument).

1.2 The Access to Information and Privacy Coordinator

The ATIP coordinator is responsible and accountable for the development, coordination and implementation of effective policies, guidelines, systems and procedures to enable the efficient processing of requests under Access to Information Act and the Privacy Act.

The coordinator is also responsible for the development, coordination and implementation of policies, systems and procedures that are required by both Acts as well as Treasury Board of Canada policies and directives. The activities of the coordinator include:

  • Processing requests made under both Acts;
  • Acting as spokesperson for the PSC in dealings with Treasury Board Secretariat (TBS), the Office of the Privacy Commissioner (OPC) and other government departments and agencies on matters related to the Act;
  • Responding to consultation requests submitted by other federal institutions;
  • Reviewing information collection in accordance with the Communications Policy of the Government of Canada and the Procedures for the Management of Public Opinion Research;
  • Preparing the Annual Report to Parliament and other statutory reports, as well as other material that may be required by central agencies;
  • Promoting awareness and providing advice to PSC employees to ensure responsiveness to the obligations of both Acts, TBS policies and their impact on various program initiatives; and
  • Monitoring PSC compliance with both Acts, Regulations and relevant procedures and policies.

1.3 The Access to Information and Privacy Directorate

The Access to Information and Privacy Directorate (the Directorate) supports the ATIP coordinator in administering the provisions of the Acts and related TBS policies for the PSC. The Directorate is comprised of a manager and two analysts. Due to an extreme increase in requests during the course of this reporting period, the Directorate hired three consultants and one casual employee to assist with the processing of official requests. The Directorate also received ad hoc support from the Finance and Administration Directorate for updating Info Source.

The analysts are responsible for processing Access to Information Act and Privacy Act consultations and requests, preparing responses to complaints, reviewing the PSC's Info Source chapter and supporting all other ATIP responsibilities.

The Directorate updates its intranet site on a regular basis and uses it as the primary vehicle for communicating with PSC employees. In addition, the Directorate delivers training sessions for PSC employees.

The Directorate also reviews office procedures to improve the support it provides to its branch liaison officers and promote a better understanding of their roles, responsibilities and obligations related to the processing of requests under both Acts.

1.4 Access to Information and Privacy Act liaison officers

The Directorate processes requests with the assistance of ATIP liaison officers who are employees knowledgeable of their branch's activities. There is one liaison officer and one back-up for each branch as well as for the Corporate Secretariat. In addition to acting as the point of contact between their branch and the Directorate, ATIP liaison officers are responsible for:

  • Tasking the appropriate program experts within their branch to search for relevant records;
  • Advising if there are other offices of primary interest;
  • Keeping the Directorate apprised of any issues in relation to specific requests (e.g., excessive search time, interference with operations, consultations required); and
  • Duly delivering to the Directorate the relevant records, complete with branch recommendations. Liaison officers play an important role in ensuring that the Commission conducts a thorough and complete search of its record holdings when processing information requests.

2 Statistical report: Interpretation

During this reporting period, the PSC experienced an unprecedented increase of 1,200% in the number of requests received under both Acts. The total number of complaints to the offices of the Information Commissioner and the Privacy Commissioner increased even more drastically.

Total Access to Information and Privacy Requests graph
Description of Total Access to Information and Privacy Requests graph
Total Access to Information and Privacy Requests
  2005–06 2006–07 2007–08 2008–09 2009–10 2010–11 2011–12 2012–13 2013–14 2014–15 2015–16
Received 139 115 80 99 69 66 74 101 73 56 1,216
Completed 133 116 86 87 81 66 69 96 82 53 1,097

Most of the increases in the number of ATIP requests can be attributed to a small number of requesters who have submitted multiple requests. The PSC took significant steps and allocated temporary funding to manage the major increase in the number of ATIP request and respect the rights of all applicants. The PSC looks forward to participating in the planned review of the Privacy Act, especially on issues related to the management of multiple requests coming from unique requesters.

If the multiple requests submitted by unique requesters is not included, the total number of requests still represents an increase of a little less than 200% in the number of requests received under both Acts, compared with the previous reporting period.

2.1 Requests under the Privacy Act

From , to the PSC received 1,036 new requests under the Privacy Act (PA), in addition to one request that was carried over from the previous period. This represents a 6,375% increase in requests received, compared with the previous year and a 3,365% increase compared with the average number of requests received over the previous ten years.

If we ignore the multiple requests submitted by unique requesters, the PSC received 59 requests under the Act, which represents a 269% increase over the previous period.

Access to Information Requests graph
Description of Access to Information Requests graph
Access to Information Requests
  2005–06 2006–07 2007–08 2008–09 2009–10 2010–11 2011–12 2012–13 2013–14 2014–15 2015–16
Received 41 36 30 39 31 28 28 32 18 16 1,036
Completed 39 35 33 41 30 26 29 31 19 17 919

The PSC completed its response to 919 requests during the reporting period, requiring the review of 30,709 pages of records. There were 118 requests ongoing at the end of the reporting period and they were carried forward to the next reporting period.

2.2 Nature of requests

As in previous years, the 919 closed requests covered a wide range PSC activities:

  • Seven hundred and eighty six requests (85.5%) were for personal information held by specific employees of the PSC;
  • Forty-four requests (4.8%) pertained to investigations and audits conducted under the PSEA;
  • Twenty-seven requests (2.9%) dealt with staffing activities. For the most part, requesters were seeking information related to staffing documents, Priority Administration and assessments;
  • Twenty-three requests (2.5%) were for personal information in the processing files of the ATIP Directorate; and
  • The remaining 39 requests (4.3%) were on a variety of subjects.

However, if we ignore the multiple requests submitted by unique requesters, the nature of the remaining 47 requests is similar to that of the previous reporting period: 53.2% of requests were for staffing and assessment information, 6.4% of requests for information were related to PSC investigations and 40.4 were for other types of personal information.

2.3 Inter-organizational consultations

The PSC received 14 requests for consultation from other government departments and agencies. The processing of these requests required a review of 333 pages of documents. Only one consultation was outstanding at the end of the period and was carried over into the 2016–2017 reporting period.

In response to the 13 consultation requests completed during the reporting period, the PSC determined that information should be disclosed in full for 10 requests and disclosed in part for 3 requests.

The PSC consulted other government departments and agencies 49 times in relation to the processing of 40 of the requests completed during the reporting period.

2.4 Informal requests

In an attempt to increase and facilitate access, the PSC promotes informal methods of access whenever possible. Requesters may obtain access to their personal information on an informal basis by contacting the manager of the program area that controls the records. In these instances, the ATIP Directorate provides assistance and advice, as required.

In response to the increase in new requests and to expedite and facilitate the management of some of these requests, the PSC implemented a process for providing informal access to records related to the processing of ATIP requests. During the reporting period, informal access was provided to 78 of such files.

2.5 Disposition of requests completed

For the 919 closed requests, information was released either in whole or in part in 141 cases, representing 15.3% of the requests.

Disposition of Completed Requests chart
Description of Disposition of Completed Requests chart
Disposition of completed requests
Disposition Percentage
All disclosed 4.9%
Disclosed in part 10.4%
All exempted 2.2%
All excluded 0.0%
No records exist 60.3%
Request abandoned 20.3%
Neither confirmed nor denied 1.8%

When compared to the previous reporting period, there are significant increases in the proportion of requests where no relevant information could be located or the request was abandoned. This is accompanied by a corresponding drop in the number of requests where the records were disclosed, in part or fully.

Disposition and completed requests
Disposition 2015–16 2014–15
Number of Requests Percentage Number of Requests Percentage
All disclosed 45 4.9% 7 41.2%
Disclosed in part 96 10.4% 5 29.4%
All exempted 20 2.2% 0 0.0%
All excluded 0 0.0% 0 0.0%
No records exist 554 60.3% 4 23.5%
Request abandoned 187 20.3% 1 5.9%
Neither confirmed nor denied 17 1.8% 0 0.0%

2.6 Exemptions invoked

Sections 18 through 28 of the Act set out the exemptions intended to protect information pertaining to a particular public or private interest. During the reporting period, the most frequently invoked exemptions were paragraph 22(1)(b) [law enforcement and investigations], sections 26 [personal information of another individual] and section 27 [solicitor-client privilege].

There was a noticeable increase in the use of paragraph 22(1)(b) due to the number of requests related to active PSC investigations. A historical comparison of exemptions used is presented in Appendix I.

2.7 Exclusions invoked

Section 69 of the Act outlines certain types of information to which the Act does not apply. These exclusions relate to published material, library and museum material, material placed in Library and Archives Canada by or on behalf of third parties, some materials relating to the Canada Broadcasting Corporation and Cabinet Confidences.

The PSC did not invoke any exclusions during the reporting period.

2.8 Extensions of time limits

Extensions of the 30-day statutory response time are permissible under section 15 of the Act. A request may be extended in accordance with multiple provisions of this section. During the reporting period, a total of 57 extension provisions were invoked in the processing of 48 (5.2%) requests completed during the reporting period. This represents a reduction in the proportion of requests that were extended when compared to the previous year (12%).

2.9 Completion time

Of the 919 closed requests, the PSC responded to 866 within 30 days or less, representing 94.2% of all the requests completed. Forty-two requests (4.6%) were completed within 31 to 60 days, five (0.5%) within 61 to 120 days and six (0.7%) required more than 120 days to process.

Of these, 908 (98.8%) were closed within the allowable time limit.

2.10 Translation

The PSC did not receive any requests for translation of information.

2.11 Format of information released

Regarding the 141 requests for which information was released in whole or in part, records for 80 requests (56.7%) were provided on paper and 61 (43.3%) were provided electronically.

2.12 Corrections and notations

The PSC did not receive any formal requests for the correction of personal information under subsection 12(2) of the Act.

2.13 Costs

During the reporting period, the ATIP Directorate spent $311,141 on salaries and $112,716 on goods and services, including $49,173 for professional service contracts, for the administration of the Privacy Act.

The salary and professional service costs represented 4.18 full-time equivalent employees.

3. Summary of Access to Information and Privacy Directorate activities

3.1 Development of policies, directives, guidelines and other key documents

In response to the surge of requests received during the reporting period, the ATIP Directorate consulted other government organizations, the Office of the Information Commissioner and the OPC in order to identify best practices. Based on this consultation, the ATIP Directorate developed standardized categories in order to better respond to incoming requests.

The ATIP Directorate also changed its practices for requests involving records concerning ongoing PSC investigations and its application of the exemption related to administrative investigations, paragraph 22(1)(b). This new approach allows for greater discretion in the application of this exemption and will result, in many cases, in the release of more information to requesters.

3.2 Advice and training

Advice

In addition to processing ATIP requests, the Directorate provides advice to PSC managers and employees, as well as to other organizations and members of the public regarding a variety of issues and questions related to both Acts.

Requests for guidance and advice were of the following nature:

  • Providing advice on PIAs and other components of the PSC's Privacy Management Framework due to the potential impact of renewal and legislative changes on programs and services;
  • Answering questions related to the authorized disclosure of personal information and the protection of personal information in reports, Memoranda of Understanding (MOU), information-sharing agreements and contracts;
  • Assisting program areas in the drafting and updating of Privacy Notice Statements;
  • Reviewing audit reports, responses to parliamentary questions and other documents prior to publication to ensure that information is released in accordance with the Act; and
  • Answering general written enquiries from the public.
Participation in the governance process

The ATIP coordinator is a member of the Information Management, Information Technology Committee and the Resource Management Committee. The ATIP manager is a member of the Project Review Committee, the Security Committee and the Open Data Core Project Team. Active participation in these committees and various other working groups allows the Directorate to:

  • Be aware of upcoming issues, initiatives and projects that may have ATIP implications; and
  • Integrate ATIP considerations in the planning for and implementation of initiatives and projects.
Training

The Directorate delivered an ongoing mandatory training program for supervisors and managers of the PSC. The primary goal of the program is to ensure that managers are fully aware of their responsibilities under the Access to Information Act, the Privacy Act and related policies. The Directorate delivered 14 training sessions. A total of 72% of PSC managers and supervisors attended these sessions

In addition to this formal training program, the Directorate delivered two ad hoc training sessions to 25 employees on the provisions of both Acts and their impact on programs and initiatives.

The ATIP Liaison Working Group met six times during the reporting period to discuss best practices, address gaps and to provide training opportunities.

3.3 Tracking system and imaging software

The Directorate continued to use AccessPro Case Management and AccessPro Redaction software. These systems are upgraded once a year to the newest versions available.

3.4 Collection, use and disclosure of personal information

3.4.1 Personal Information Banks

During this reporting period, the PSC reviewed its 69 Personal Information Banks (PIBs) to ensure that they were aligned with its Program Activity Architecture.

As part of the review, PIBs were updated to reflect the merger of the Public Service Resourcing System (PSRS) and Publiservice. Amendments were also necessary due to the expected passing of Bill C-27 (Veterans Hiring Act).

3.4.2 Exempt banks

The PSC does not have any exempt banks. There were no denials of access under subsection 18(2) of the Act.

3.4.3. Disclosure under subsection 8(2) of the Act

Personal information under the control of a government institution should not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with subsection 8(2) of the Act.

Paragraph 8(2)(l) of the Act allows a federal institution to disclose personal information to another government institution in order to collect on a debt to the Crown. The PSC received two such requests during the reporting period and in both cases, the requested information was disclosed.

Paragraph 8(2)(m) of the Act concerns cases where, in the opinion of the head of the institution, the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or where disclosure would clearly benefit the individual to whom the information relates. This provision was not used during the reporting period.

3.4.4 Review of documents

The ATIP Directorate regularly reviews certain documents prior to disclosure or to project implementation in order to identify personal information that may have been included. These reviews also ensure that proper procedures for their release are followed and respect provisions of the Act.

The ATIP Directorate reviewed 15 audit reports over the course of the reporting period.

The ATIP Directorate reviewed and provided advice regarding updates to five Privacy Notice Statements. No privacy/security contract clauses were reviewed over the course of this reporting period.

The ATIP Directorate helped in the review of one MOU. This MOU had not been signed at the time of the drafting of this report.

3.5 Privacy breaches

The PSC reported nine privacy breaches.

Most of the incidents involved the accidental disclosure of personal information to the wrong individual as a result of human error.

One breached involved 211 former Canadian Forces members who may benefit from new priority provisions that were created as a result of the Veterans Hiring Act. An information notice was sent by email to these individuals with a visible distribution list. As a result, each of the 211 individuals was provided with the email addresses of 210 other individuals with a similar priority status. In order to correct the situation, an email was sent to the 211 individuals advising them of this breach and asking them to delete the original email. Furthermore, staff concerned were reminded of the importance of protecting personal information.

The PSC's internal Policy on Privacy Breaches does not distinguish between material and minor privacy breaches. As such, all privacy breaches are reported to the OPC and TBS. At the time of drafting of this report, the OPC had reported on six of the nine privacy breaches, including the larger breach discussed above. All six were deemed to be minor breaches.

3.6 Internal audit on the management of personal information

During the previous reporting period, the PSC undertook an internal audit on the management of personal information. During the reporting period, the PSC initiated the implementation of the associated action plan that included the following items:

  1. Develop and deliver mandatory training for supervisors and managers on the PSC's Privacy Management Framework. The training program was developed and deployed and will continue to be offered for new supervisors and managers.
  2. Develop and present an Annual Report to the Executive Management Committee (EMC) on PIAs that are completed, underway and required throughout the organization. The first such report was developed and presented. (See below for more information.)
  3. Review information sharing agreements in order to reduce the information being collected to what is required. This is an ongoing measure that has first been implemented as part of the review of an MOU with TBS and Public Works and Government Services Canada (now Public Services and Procurement Canada).
  4. Review the Priority Information Management System (PIMS) configuration to limit access to a need-to-know basis. This has been addressed by implementing function-based access rights in PIMS.
  5. Deploy secure USB keys and secure fax machines to those areas that require them. The PSC has recalled all organizational-issued unsecured USB keys and deployed secure ones. The PSC has also revised its policies to prevent the use of personal USB keys for government information.
  6. Review retention and disposal schedule for all personal information holdings. Some PSC program areas have started the review of the retention schedules for some of the larger collection of personal information, including the Public Services Resourcing System (also known as jobs.gc.ca) and the analytical environment. An organizional priority has been set for the 2016 2017 fiscal year to conduct a systematic review of all retention schedules.
  7. Increase monitoring and reporting practices for privacy action plans and ensure that such action are included in the PSC's planning process. The ATIP Directorate, routinely follows up with program areas on their privacy action plan. The results of these follow ups are integrated into the annual Status Report on PIAs. (See below for more information.)

3.7 Annual Report on the status of Privacy Impact Assessments

On , the ATIP Directorate presented the first annual and redesigned Status Report on PIAs to the EMC. The purpose of the redesigned report is to:

  • List all collections of personal information conducted by program areas;
  • Provide information on the status of PIAs at the PSC;
  • Identify gaps related to the management of risks associated with collections of personal information; and
  • Provide recommendations related to the elimination of these gaps.

A key recommendation from this report is for the ATIP Directorate to develop a PIA Architecture during the 2016 2017 fiscal year. This PIA Architecture will lead to an end-state model that will support the complete identification and proper management of risks associated with all PSC collections of personal information. This recommendation was approved by EMC and has been included in the Department's Integrated Business Plan as a priority.

4. Complaints

4.1 Number of complaints

The OPC received 231 complaint regarding Privacy Act requests presented to the PSC during the reporting period as well as eight complaints regarding the management of personal information by the PSC. All of the complaints received during the reporting period originated from a small group of individuals who submitted multiple requests. As it will be discussed below, most of these investigations are ongoing.

There were also seven complaints carried over from the 2014–2015 reporting period.

4.2 Nature of complaints

The complaints received during the reporting period breakdown as follows:

  • Thirty-four complaints regarding the use of extensions;
  • Twenty-four complaints that the PSC did not respond within the statutory deadline;
  • One hundred and sixty-five complaints regarding the denial of access following a request for personal information;
  • Four complaints regarding the collection of personal information; and
  • Four complaints regarding the disclosure of personal information.

4.3 Complaints closed

During the reporting period, the OPC confirmed that 14 investigations were discontinued with the consent of the complainant:

  • Two related to the time it took to respond;
  • Ten related to extensions claimed by the PSC;
  • One related to the collection of personal information by the PSC; and
  • One related to an alleged disclosure of personal information.

During the reporting period, the OPC deemed 37 complaints to not be well founded:

  • Seventeen related to the time it took to response;
  • Seventeen related to extension claimed the PSC; and
  • Three related to missing records.

During the reporting period, the OPC deemed eight complaints to be well founded:

  • Two related to the time it took to respond;
  • Three related to missing records;
  • One related to the use of exemptions; and
  • Two related to the unauthorized disclosure of personal information.

These eight complaints were deemed resolved by the OIC and no further action was required.

As a result of these investigations, the Directorate changed its procedure for documenting and justifying extensions under section 15 of the Act. The PSC also changed its process in regards to request related to ongoing PSC investigations, as described in section 3.1 of this report.

The remaining 179 investigations were carried over to the next reporting period.

5. Privacy Impact Assessments

The Privacy Impact Assessment Policy (PIA) came into effect in and was replaced by the Directive on Privacy Impact Assessment in . The goal of the directive is to allow government institutions to identify whether a program or a service delivery initiative involving the collection, use or disclosure of personal information, as defined in the Act, complies with privacy principles. PIAs also aim to avoid or mitigate any identifiable risks to privacy. The ATIP Directorate provides advice and guidance to PSC managers throughout the PIA production processes, including the review of PIA reports and liaison with the OPC.

The PSC completed a PIA on the PSRS (also known as jobs.gc.ca) and forwarded it to the OPC and TBS during the reporting period.

Summaries of completed PIAs are posted on the PSC's Internet site.

The ATIP Directorate will continue to support the development of the PIA Update for the Priority Information Management System (PIMS) regarding the implementation of the user portal and other system enhancements.


Annex A — Delegation Instrument

Privacy Act - Delegation Order

The President of the Public Service Commission of Canada, as head of the government institution, hereby designates Pursuant to section 73 of the Privacy Act, the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties or functions of the President as specified below and as more fully described in Annex A:

Sections of the Privacy Act
Position Sections of the Privacy Act
Director, ATIP and Transition Projects,
Corporate Management Branch
Act: (8)(2)(j), 8(4), 8(5), 9(1), 9(4), 10, 14, 15, 17(2)(b), 17(3)(b), 18(2), 19 - 28, 31, 33(2), 35(1), 35(4), 36(3), 37(3), 51(2)(b) 51(3), 72(1), 77

Regulations: 9, 11(2), 11 (4), 13(1), 14

This delegation is effective as of .

Predident signature
Anne-Marie Robinson
President
Date:

Appendix A:

Privacy Act

8(2)(j)
Disclosure for research purposes
8(4)
Copies of requests under 8(2)(e) to be retained
8(5)
Notice of disclosure under 8(2)(m)
9(1)
Record of disclosures to be retained
9(4)
Consistent uses
10
Personal information to be included in personal information banks
14
Notice where access requested
15
Extension of time limits
17(2)(b)
Language of access
17(3)(b)
Access to personal information in alternative format
18(2)
Exemption (exempt bank) – Disclosure may be refused
19(1)
Exemption – Personal information obtained in confidence
19(2)
Exemption – Where authorized to disclose
20
Exemption – Federal-provincial affairs
21
Exemption – International affairs and defence
22
Exemption – Law enforcement and investigation
22.3
Exemption – Public Servants Disclosure Protection Act
23
Exemption – Security clearances
24
Exemption – Individuals sentenced for an offence
25
Exemption – Safety of individuals
26
Exemption – Information about another individual
27
Exemption – Solicitor-client privilege
28
Exemption – Medical record
31
Notice of intention to investigate
33(2)
Right to make representation
35(1)
Findings and recommendations of Privacy Commissioner (complaints)
35(4)
Access to be given
36(3)
Report of findings and recommendations (exempt banks)
37(3)
Report of findings and recommendations (compliance review)
51(2)(b)
Special rules for hearings
51(3)
Ex parte representations
72(1)
Report to Parliament
77
Carry out responsibilities conferred on the head of the institution by the regulations made under section 77 which are not included above.

Privacy Regulations

9
Reasonable facilities and time provided to examine personal information
11(2)
Notification that correction to personal information has been made
11(4)
Notification that correction to personal information has been refused
13(1)
Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requestor
14
Disclosure of personal information relating to physical or mental health may be made to a requestor in the presence of a qualified medical practitioner or psychologist

Annex B — 2015–2016 Annual Privacy Act Statistical Report

Statistical Report on the Privacy Act
Name of institution: Public Service Commission of Canada
Reporting period: to

Part 1 - Requests under the Privacy Act

Number of requests
Number of Requests
Received during reporting period 1,036
Outstanding from previous reporting period 1
Total 1,037
Closed during reporting period 919
Carried over to next reporting period 118

Part 2 - Requests Closed During the Reporting Period

2.1 Dispostion and completion time

Dispostion and completion time
Disposition of requests Completion Time
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More than
365 Days
Total
All disclosed 2 41 2 0 0 0 0 45
Disclosed in part 2 54 29 5 4 2 0 96
All exempted 0 17 3 0 0 0 0 20
All excluded 0 0 0 0 0 0 0 0
No records exist 61 488 5 0 0 0 0 554
Request abandoned 184 2 1 0 0 0 0 187
Neither confirmed nor denied 0 15 2 0 0 0 0 17
Total 249 617 42 5 4 2 0 919

2.2 Exemptions

Exemptions
Section Number of requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 0
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 46
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 65
27 56
28 0

2.3 Exclusions

Exclusions
Section Number of
requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0

2.4 Format of information released

Format of information released
Disposition Paper Electronic Other formats
All disclosed 26 19 0
Disclosed in part 54 42 0
Total 80 61 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Relevant pages processed and disclosed
Disposition
of Requests
Number of
Pages Processed
Number of
Pages Disclosed
Number of
Requests
All disclosed 2,185 1,890 45
Disclosed in part 27,232 8,469 96
All exempted 1,115 0 20
All excluded 0 0 0
Request abandoned 177 0 187
Neither confirmed nor denied 0 0 17
Total 30,709 10,359 365
2.5.2 Relevant pages processed and disclosed by size of requests
Relevant pages processed and disclosed by size of requests
Disposition Less Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number
of
requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
All disclosed 41 404 3 246 0 0 1 1,240 0 0
Disclosed in part 61 1,141 27 2,076 3 1,401 4 3,781 1 70
All exempted 18 0 1 0 1 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 186 0 1 0 0 0 0 0 0 0
Neither confirmed nor denied 17 0 0 0 0 0 0 0 0 0
Total 323 1,545 32 2,322 4 1,401 5 5,021 1 70
2.5.3 Other complexities
Other complexities
Disposition Consultation
Required
Legal Advice
Sought
Interwoven
Information
Other Total
All disclosed 0 1 0 0 1
Disclosed in part 29 0 0 0 29
All exempted 4 0 0 0 4
All excluded 0 0 0 0 0
Request abandoned 1 0 0 0 1
Neither confirmed nor denied 0 0 0 0 0
Total 34 1 0 0 35

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Reasons for not meeting statutory deadline
Number of Requests Closed
Past the Statutory Deadline
Principal Reason
Workload External
Consultation
Internal
Consultation
Other
11 10 0 0 1
2.6.2 Number of days past deadline
Number of days past deadline
Number of Days
Past Deadline
Number of Requests
Past Deadline Where
no Extension Was Taken
Number of Requests
Past Deadline Where
an Extension Was Taken
Total
1 to 15 days 1 1 2
16 to 30 days 1 1 2
31 to 60 days 1 0 1
61 to 120 days 0 4 4
121 to 180 days 1 1 2
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 4 7 11

2.7 Requests for translation

Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3 – Disclosures under Subsection 8(2) and 8(5)

Disclosures under subsection 8(2) and 8(5)
Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Part 4 – Requests for correction of personal information and notations

Requests for correction of personal information and notations
Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Part 5 – Extensions

5.1 Reasons for extensions and disposition of requests

Reasons for extensions and disposition of requests
Disposition of Requests
Where an Extension Was
Taken
15(a)(i)
Interference
With Operations
15(a)(ii)
Consultation
15(b)
Translation
or
Conversion
Section 70 Other
All disclosed 2 0 0 0
Disclosed in part 25 0 22 0
All exempted 0 0 3 0
All excluded 0 0 0 0
No records exist 4 0 0 0
Request abandoned 0 0 1 0
Total 31 0 26 0

5.2 Length of extensions

Length of extensions
Length of Extensions 15(a)(i)
Interference
with Operations
15(a)(ii)
Consultation
15(b)
Translation
Purposes
Section 70 Other
1 to 15 days 17 0 2 0
16 to 30 days 14 0 24 0
Total 31 0 26 0

Part 6 – Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and organizations

Consultations received from other Government of Canada institutions and organizations
Consultations Other Government
of
Canada
Institutions
Number of
Pages to Review
Other
Organizations
Number of
Pages to Review
Received during the
reporting period
14 333 0 0
Outstanding from the
previous reporting period
0 0 0 0
Total 14 333 0 0
Closed during the
reporting period
13 269 0 0
Pending at the end of the
reporting period
1 64 0 0

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More Than
365 Days
Total
All disclosed 7 3 0 0 0 0 0 10
Disclosed in part 1 2 0 0 0 0 0 3
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 8 5 0 0 0 0 0 13

6.3 Recommendations and completion time for consultations received from other organizations

Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More Than
365 Days
Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Part 7 – Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

Requests with Legal Services
Number of Days Fewer Than
100 Pages
Processed
101-500
Pages
Processed
501-1000
Pages
Processed
1001-5000
Pages
Processed
More than
5000
Pages
Processed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

7.2 Requests with Privy Council Office

Requests with Privy Council Office
Number of Days Fewer Than
100 Pages
Processed
101-500
Pages
Processed
501-1000
Pages
Processed
1001-5000
Pages
Processed
More than
5000
Pages
Processed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
Number
of
Requests
Pages
Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8 – Complaints and Investigations Notices Received

Complaints and Investigations Notices Received
Section 31 Section 33 Section 35 Court action Total
231 137 44 0 412

Part 9 – Privacy Impact Assessments

Privacy Impact Assessments ( PIAs)
Number of PIA(s) completed 1

Part 10 – Resources related to the Privacy Act

10.1 Costs

Costs
Expenditures Amount
Salaries $311,141
Overtime $0
Goods and Services Professional services contracts $49,173
Other $63,543
Goods and Services Subtotal $112,716
Total $423,857

10.2 Human Resources

Human Resources
Resources Person Years Dedicated
to Privacy Activities
Full-time employees 3.49
Part-time and casual employees 0.21
Regional staff 0.00
Consultants and agency personnel 0.48
Students 0.00
Total 4.18

Appendix I — Historical Comparisons

Requests received

Requests received
2005-
2006
2006-
2007
2007-
2008
2008-
2009
2009-
2010
2010-
2011
2011-
2012
2012-
2013
2013-
2014
2014-
2015
2015-
2016
Requests received 41 36 30 39 31 28 28 32 18 16 1,036
Requests completed 39 35 33 41 30 26 29 31 19 17 919

Exemptions

Exemptions
2005-
2006
2006-
2007
2007-
2008
2008-
2009
2009-
2010
2010-
2011
2011-
2012
2012-
2013
2013-
2014
2014-
2015
2015-
2016
22(1)(a) 1 1 0 2 0 0 0 0 0 0 0
22(1)(b) 1 0 4 0 1 0 3 2 1 0 46
22(1)(c) 0 0 0 0 0 5 0 0 0 0 0
22.3 0 0 0 0 0 0 0 1 0 0 0
24 1 1 1 0 0 0 0 0 0 0 0
25 0 0 0 0 0 0 0 0 0 0 0
26 41 36 30 9 10 4 12 11 9 3 65
27 11 15 10 2 4 2 3 9 5 0 56

Footnotes

Page details

Date modified: