Annual Report Privacy Act 2017 to 2018
Chapter I - Report on the Privacy Act
1.0 Introduction
The Privacy Act protects the privacy of Canadian citizens and permanent residents against the unauthorized use and disclosure of personal information about themselves held by a government institution. It also provides individuals with a right of access to that information and the right to correct inaccurate personal information. In addition, the Privacy Act legislates how the government collects, stores, disposes, uses and discloses personal information.
Section 72 of the Privacy Act requires that the Head of every federal government institution submit an annual report to Parliament on the administration of this Act over the fiscal year. The Minister of Public Safety and Emergency Preparedness has delegated the administration of the Privacy Act, including the reporting of the Annual Report, to the Commissioner of the Correctional Service of Canada (CSC).
This report describes how CSC fulfilled its privacy responsibilities during the reporting period covering 2017-2018.
2.0 Organization
2.1 About Correctional Service of Canada
CSC was formed in 1979 through the amalgamation of the Canadian Penitentiary Service and the Parole Board of Canada (PBC). CSC has the fundamental obligation to contribute to public safety by actively encouraging and assisting offenders to become law-abiding citizens, while exercising reasonable, safe, secure and humane control.
It does this by operating under the rule of law, in particular the Correctional and Conditional Release Act (CCRA), which provides its legislative framework. The Commissioner of CSC has the authority, extending from the CCRA, to issue directives, procedures and guidelines to carry out the agency’s operations.
CSC contributes to public safety by administering court-imposed sentences for offenders sentenced to two years or more. This involves managing institutions (penitentiaries) of various security levels and supervising offenders on different forms of conditional release, while assisting them in become law-abiding citizens. CSC also administers post-sentence supervision of offenders with Long Term Supervision Orders for up to 10 years.
CSC works closely with its Public Safety Portfolio partners, including the Royal Canadian Mounted Police (RCMP), PBC, the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), and three review bodies, including the Office of the Correctional Investigator (OCI).
2.2 The Access to Information and Privacy (ATIP) Division
The Access to Information and Privacy (ATIP) Division is part of the Policy Sector and reports to the Director General of Rights, Redress and Resolution. The Division is responsible for the overall administration of the Access to Information Act (ATIA) and the Privacy Act. In addition, each sector, region, institution, district, parole office and community correctional centre has an access to information and privacy liaison who assists the national ATIP Division in administering its overall responsibilities.
During the 2017-2018 fiscal year, the ATIP Division continued to improve and streamline its processes with the overall goal of increasing the efficiency of the office.
The ATIP Division is funded for 54 full-time equivalents (FTE) and is comprised of one Director, his Assistant, three Deputy Directors, five Team Leaders, one Senior Policy Advisor, a Policy and Governance Unit, and 18 Analysts who process requests for information under the ATIA and Privacy Act.
There is also an Information Processing and Reporting Unit(IPRU) comprised of one Office Manager and a team of clerical support staff. The IPRU is responsible for processing incoming requests, generating routine correspondence, tasking the institutions in order to retrieve records for privacy requests, ensuring quality control, preparing final release packages for the mail, and providing general support to the ATIP office.
There are four Privacy teams dedicated to the processing of requests made under the Privacy Act - each team is led by one Team Leader and comprises analysts ranging from the PM-02 to PM-04 levels. There are 14 Analysts in total. The teams are responsible for reviewing and analyzing documents, providing guidance, conducting consultations, processing complaints received about their files from the Office of the Privacy Commissioner (OIC), and providing guidance and support to program areas on the application of the Privacy Act.
In addition, there are two backlog Teams that handle overdue PA requests.
The Policy and Governance Unit develops reports, policies, guidelines, tools and procedures to support ATIP requirements within CSC, oversees the Privacy Impact Assessment process, manages privacy breaches, processes complaints on the use and disclosure of personal information from the Office of the Privacy Commissioner (OPC) and acts as a complaints liaison for the ATIP Division, and provides training to CSC employees.
During the 2017-2018 fiscal year, there were 29 FTEs, one part-time employee and two casual employees whose time was devoted to Privacy Act activities. It is important to note that while the ATIP Division is funded for 54 FTEs, a number of staff are on extended leave or in a return to work situation, which greatly limits the number of FTEs that are in the office, working on ATIP files on a full-time basis.
2.3 Privacy Governance at CSC
CSC fulfills its commitment to ensure that privacy is a core consideration in its responsibilities for managing the personal information of its employees, of offenders and members of the public by:
- establishing processes and procedures to ensure that privacy principles are reflected in policy and program development;
- examining the impact on CSC of privacy issues raised by research and by the privacy community, especially the OPC;
- providing senior level review of privacy issues and challenges that arise at the operational level and rendering decisions where necessary; and
- reviewing particular risk issues escalated for its consideration (e.g. serious privacy breaches) and monitoring the implementation of Treasury Board policies.
2.4 Operational Challenges
CSC holds large amounts of personal information, and as a result the biggest challenges the ATIP Division continues to face are the volume of requests we receive under the Privacy Act, and trying to meet the legislated timelines. Examples include:
- The ATIP Division continues to receive routine requests from offenders for their personal information held in the 10 identified Personal Information Banks. Since the requesters do not narrow the scope of their requests and do not identify what information may be a priority for them to receive, ATIP continues to struggle with meeting the legislated timeframes while dealing with broad requests for extensive amounts of information. This contributes to a backlog of Privacy Act requests.
- ATIP has seen a trend in offenders submitting multiple requests. Since the Privacy Act does not have a section dealing with frivolous and vexatious requests, ATIP is obligated to process these requests.
- The ATIP Division continues to receive a number of employee requests. Many of these requests relate to discipline, harassment cases, grievances and terminations. As CSC deals with the backlog of Federal Public Sector Labour Relations and Employment Board (FPSLREB) hearings, ATIP is impacted since employees who are appearing before the FPSLREB typically submit requests in preparation for their hearings.
- The ATIP Division continues to receive large amounts of requests under sections 8(2)(e) and 8(2)(f) of the Privacy Act from the RCMP, Offices of the Attorney General, Canada Revenue Agency and police services. These requests are usually time sensitive, and therefore must be processed on an urgent basis.
- The ATIP Division vets disciplinary, harassment and fact-finding investigations for CSC. These tend to be time sensitive and generally have a two-week turnaround time.
- In addition to the increased number of complex requests, the ATIP Division resources were used to support Department of Justice (DOJ) on a number of ongoing litigation cases.
- Retention of qualified ATIP professionals continues to be a challenge as more staff retire and leave for other opportunities.
3.0 Highlights & Accomplishments
3.1 Improved Efficiencies
During the 2017-2018 fiscal year, CSC ATIP identified and implemented practices in an effort to make things more efficient. These include:
- Building the ATIP Division’s Human Resources component. During this past fiscal year, a number of staffing actions, including deployments, appointments and assignments were launched in an effort to build ATIP’s staff complement. The resulting actions included an acting appointment for a new ATIP Director, the permanent appointment of two PM-05 Team Leaders, two PM-04s, two CR-04s, one AS-01, and an external secondment of a PM 3 analyst.
- Three competitive processes have also been launched during this reporting period. These competitions are to hire two Deputy Directors at the PM-06 level and a Manager for the PRU Unit at the AS-03 level. These staffing actions are at the final stage and the successful candidates should be appointed early in the new upcoming fiscal year.
- In addition, competitive processes will also be launched to fill in all vacant positions from CR-4 to PM-05 levels.
- Finally, the ATIP Divisional management team has developed an ATIP Professional Development Program (ATIP-PDP) as part of its HR plan. The ATIP-PDP will be implemented in 2018-2019 and serves as a staffing program to address present and future operational needs. The program has been designed to develop individuals from the PM-02 to the PM-04 level, using external and internal qualified candidates. This program is similar to those used in other large ATIP Divisions.
- The implementation of a new process as a result of the Correctional Investigator’s “In the Dark” Report, to provide as much information as possible to family members of deceased offenders and to ensure follow up with a designated point of contact that can meet to discuss the specifics in a compassionate manner has been refined. This process has met with positive feedback from both the Correctional Investigator and family members.
- Participation in external ATIP community meetings and internal planning concerning proposed changes to the Privacy Act as part of Bill C-58. The ATIP Division continues to ensure that Privacy Impact Assessments (PIAs) are to be completed for all new programs or programs that have been significantly amended.
- Regional sites, including institutions, continue to scan documents to the ATIP Division through a secure drive which has resulted in records being provided for processing in a timelier fashion while at the same time contributing to a paperless environment.
- The use of encryption of emails allowing for the timely exchange of Protected B information with government partners, in particular the Office of the Privacy Commissioner (OPC).
- The continued use of a divisional complaints coordinator so that the ATIP Division can work closely with the OPC to respond to formal complaints and queries using a single point of contact.
- The Information Processing and Reporting Unit (formerly the Intake Unit) remains the central hub for the ATIP divisional intake process, providing ongoing support to the ATIP Division. One of their key activities is to clear and inventory the ATIP division’s file room to ensure that the Division is only keeping information required for retention.
3.2 Backlog
During the last fiscal year, CSC continued to make it a priority to address the backlog. As a result of the volume of requests coming in and in an effort to prevent additional files from going late, the ATIP Division now has two dedicated teams to address these files, while the remaining teams can focus on current requests.
The ATIP Division is faced with a historical backlog of PA requests. The backlog reduction is a main priority of the Division and specific teams and staff have been tasked to work on these overdue files. Overtime has been allocated to tackle these requests, with an emphasis on completing the oldest files in the inventory.
Over the course of the upcoming fiscal year, the ATIP Division will continue to explore a variety of ways to address the backlog.
3.3 Litigation Projects
During this fiscal year, CSC ATIP worked with the DOJ on a number of Litigation projects that resulted in the review and retrieval of documents to assist with the collection and indexing of documents in relation to ongoing court cases. A number of the ATIP Division’s resources were diverted from operational duties to respond quickly to these particular requests.
3.4 Development of Exemption Rationales
As a result of staff feedback, the ATIP Division continues to develop a set of rationales that will assist in the application and consistency of exemptions applied concerning various subjects. This document will be used by staff as a central resource for ATIP information, specifically in complaint responses.
3.5 Policies, Guidelines, and Procedures
Over the past year, the Policy and Governance Unit has continued to update internal guidelines and procedures as required, including the drafting of a Memorandum of Understanding (MOU) for provincial Crowns as part of a new process in response to Dangerous Offender Hearing requests. The MOU has been drafted and is in the consultation stage.
- The reporting on statistical information in response to Privacy Act requests to ensure accuracy and improved coordination.
- An Internal Service Directive and Guidelines have been drafted on how to process public interest disclosures. Once approved, this document will provide clear direction to CSC staff on how to treat public interest requests.
- The creation of an ATIP Bulletin that is provided to Senior Executives and Divisional staff. The newsletter is a communications tool designed to disseminate important ATIP information, such as policy developments, complaint findings of note and the implementation of any TBS Directives to respond to the Open Government ATIA legislative reform.
- Comments were provided to a number of Commissioner’s Directives, including Information Sharing with Offenders and Third Parties and Information Sharing with Media.
3.6 Training & Awareness
The Policy and Governance Unit plays a fundamental role in developing and delivering training to employees at National Headquarters (NHQ), Regional Headquarters and at the institutional level across Canada, as well as the ATIP staff, on ATIP related matters.
During this reporting period, the ATIP Division continued delivering ATIP Awareness training to the sectors and the regions in order to ensure CSC employees have an understanding of ATIP and the importance of their role in the process. One of the main components of training is to inform staff of the Privacy Breach Guidelines and how to report and to prevent breaches from occurring.
The format of the training uses question and answer sessions - an approach designed to focus on the employee’s role in order to assist them in responding to requests and fulfilling their obligations.
Employees were trained from various areas of CSC, including:
- Assistant Wardens and Deputy Wardens
- Security Intelligence Officers
- New Employee Orientation Program (NEOP) - Québec Region
A total of five training sessions were delivered this reporting period - 45 employees received ATIP training at NHQ. An additional four training sessions were delivered in the Québec Region, comprising 64 employees.
The Policy and Training Unit was changed to the Policy and Governance Unit (PGU) to properly reflect the work of the Unit. PGU continues to provide advice and answer questions and concerns regarding training, policy and guidelines, interpretations of the acts through its GEN-NHQ Policy and Training email account. Through the use of these email accounts, CSC staff is provided with a single point of contact to increase their knowledge of the ATIP legislation.
3.7 ATIP Website - Internal and External
CSC’s ATIP Division continued to work with the e-Communications colleagues on the Intranet Renewal Project. The new site will educate the wider CSC community on privacy related issues, including ATIP legislation, policies and procedures, directives, privacy breach prevention and reporting, Privacy Impact Assessment (PIA) procedures, and a list of ATIP Tips and Bulletins.
CSC’s external website is user-friendly and includes dedicated pages for instructions on submitting access and privacy requests and how to make a request for correction of personal information, the duty to assist, an up-to-date list of the PIAs, and frequently asked questions. To view the ATIP Division’s Internet site, please visit:
3.8 Info Source
CSC is responsible for providing comprehensive, accurate and up-to-date descriptions of its functions, programs, activities and Personal Information Banks (PIBs) that describe the collection, use, disclosure and retention of personal information in Info Source. CSC updates its PIBs on an annual basis to ensure that they are aligned with the appropriate Class of Records.
CSC’s Info Source chapter can be found on its external website:
3.9 Ongoing Activities and Monitoring Compliance
Throughout the 2017-2018 fiscal year officials of the ATIP Division supported the administration of the Privacy Act through many of its other activities, including:
- Providing privacy advice to various program areas regarding new initiatives, for example:
- Security - Enhanced Suitability Screening
- Learning and Development - Digital Education Pilot Project
- CORCAN
- Community Reintegration
- Correctional Operations
- Mental Health
- Health Sector
- Research
- Community Engagement
- Human Resources Management
- Information Management and Information Technology
- Citizenship and Engagement
- Corporate Services
- Reviewing CSC’s forms to ensure they contain the required privacy statements.
- Participating as a member of GCconnex - the Forum serves as a direct link to the ATIP community where members discuss issues including PIAs, policy developments and training initiatives.
- Participating as a member of the DOJ and TBS led initiatives concerning Privacy Act Reform and Open Government Initiatives.
- Attending networking functions with other ATIP colleagues such as the ATIP Community meetings presided by the Treasury Board Secretariat (TBS), as well as their workshops.
- Maintaining a relationship with the OPC. CSC has ongoing meetings and discussions with the OPC in order to address any ongoing issues stemming from complaints in order to come to a timely resolution.
- Assisting program areas with the completion of PIAs Checklists for new initiatives and projects, and reviewing them in order to determine if a full PIA is required.
- Assisting with the drafting of PIAs, Information Sharing Agreements, Privacy Notices and Memoranda of Understanding for new initiatives.
- Providing advice to CSC employees on privacy matters, including how to report on and prevent breaches of personal information and ensure that corrective measures are implemented and responding to general ATIP questions from our colleagues in the sectors and regions.
- Generating compliance reports, which are reviewed by Senior Management on a monthly basis, including briefings by the ATIP Director, to ensure that Privacy Act requests are being processed by legislative due dates. This includes a monthly review of ATIP processing times by the Director General of Rights, Redress and Resolution and the Assistant Commissioner, Policy Sector.
- The restructuring of the ATIP Division’s workflow to better organize and decrease the processing time for requests.
- Actively monitoring the intake and processing of files on a weekly basis as well as regularly reassessing priorities and redistributing workloads.
4.0 Privacy Impact Assessments
In accordance with the Treasury Board of Canada Secretariat policy, CSC undertakes Privacy Impact Assessments (PIAs) to determine whether privacy risks are present in all new or existing departmental programs, initiatives and projects that collect, use, disclose and retain personal information.
During the 2017-2018 fiscal year, CSC completed one PIA. At the end of the reporting period, there were four ongoing PIAs which are expected to be completed during the next reporting period The following is a brief description of the completed PIA:
Child Link:
Child Link is a video communication initiative used by CSC that provides inmates incarcerated at all federal Women Offender Institutions/Units with another means of interacting with their children or their community contacts’ children using live video (WebEx). One of Child Link’s goals is to help maintain and strengthen relationships between inmates and their children and/or their community contacts’ children. Child Link can also be used to support activities related to women inmates’ reintegration including contact withthe community related to a transfer or release pursuant to section 81 and 84 of the CCRA.
5.0 Privacy Breaches
CSC is among the top 10 federal departments that collect and handle the largest amount of personal information. Over the 2017-2018 reporting period, the ATIP Division processed 163 privacy breaches. It should be noted that most of the privacy breaches are low risk.
CSC takes breaches of personal information seriously and continues to educate staff on the protection of personal information as follows:
- An ongoing component of our training includes a comprehensive section on privacy breaches.
- Staff is continuously reminded of their obligations to safeguard and protect personal information and adopt privacy sensitive approaches in the workplace.
- The ATIP Division continues to work with all liaisons on how to report on privacy breaches, implement corrective measures and prevent further privacy breaches, in order to cultivate a culture of awareness regarding the importance of safeguarding personal information.
- The ATIP Division continues to monitor the daily situation reports of security incidents for breaches of personal information in order to ensure all breaches have been reported in accordance with the Breach Guidelines.
Of the total of 163 breaches reported, eight were identified as being high-level breaches. These breaches concerned sensitive health information of an offender being misplaced; victim information being shared, in error, with an offender, and offender information being incorrectly mailed to another offender. Given the vast amounts of personal information handled by CSC, a relatively small amount of high-level breaches occurs.
Of the 30 medium-level breaches reported, some of these breaches involved practices of not removing protected information from an office desk that an offender was using; CSC staff disclosing offender information to the media without their consent; health care test results being disclosed to an offender in error.
The ATIP Division reports its material breaches to the Office of the Privacy Commissioner and to TBS; however, given the limited staff resources, the ATIP Division is only able to report these breaches on a quarterly basis.
6.0 Delegation of Authority
The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to the departmental ATIP Coordinator through a delegation instrument signed by the Minister of Public Safety and Emergency Preparedness. The approval of exemptions remains with the Director, the Deputy Directors as well as the Team Leaders. Delegation for public interest releases, as well as research and statistics, rests with the Commissioner, the Senior Deputy Commissioner and the Assistant Commissioner of the Policy Sector.
A detailed delegation instrument can be viewed in Appendix A.
Chapter II - Privacy Act Statistical Report and Supplementary Reporting Requirements for 2017-2018
7.0 Statistical Report
See Appendix B for CSC’s Statistical Report on the Privacy Act.
8.0 Interpretation of the 2017-2018 Statistical Report
8.1 Requests Processed Under the Privacy Act
In 2017-2018, CSC received 6,211 requests for personal information, which was a 9 percent decrease from the previous year. A total of 10,328 requests were carried over from the previous reporting year, totaling 16,539 requests requiring processing in 2017-2018. CSC responded to 3,875 requests for personal information, representing 23 percent of the total number of requests received and outstanding from the previous reporting period. Please refer to Appendix B for the Statistical Report.
8.2 Disposition of Requests
Of the 3,875 requests completed during the 2017-2018 reporting period, 329 requests were full disclosures; 1282 were partial disclosure; 25 were withheld in their entirety; 470 were unable to be processed resulting from no records existing; 1,762 were abandoned by the applicant and seven were neither confirmed nor denied. In total, 505,801 pages were processed.
8.3 Exemptions
The majority of exemptions invoked by CSC fell under three sections of the Privacy Act:
- Subsection 26, used to protect personal information, was applied in 1,478 cases (43 percent)
- Subsection 22(1), used to protect information relating to law enforcement and investigations, was applied in 1,114 cases (33 percent)
- Subsection 21, used to protect information relating to international affairs and defence, was applied in 637 cases (19 percent)
A complete breakdown of the exemptions applied during this reporting period is as follows:
Exemption Description | Number of Times Applied |
---|---|
Obtained in Confidence | 5 |
Federal-Provincial Affairs | 3 |
International Affairs and Defence | 637 |
Law Enforcement & Investigation | 1114 |
Individuals Sentenced for an Offence | 160 |
Safety of the Individuals | 2 |
Information about another individual | 1478 |
Solicitor-Client Privilege | 23 |
Medical Record | 1 |
Library/Museum Material | 2 |
Total | 3425 |
8.4 Completion Time
During the reporting period, CSC completed 359 requests in less than 30 days; 277 between 31 and 60 days; 252 requests between 61 to 120 days; 131 requests between 121 to 180 days; and 2856 requests were completed in over 180 days. Of the requests completed, CSC was successful in responding to 14 percent within the legislated timelines, a 34 percent decrease from last fiscal year.
8.5 Informal Requests
During the reporting period CSC received 1, 030 informal requests. A total of 149 requests were carried over from the previous reporting year, totaling 1,179 informal requests requiring processing in 2017-2018. These include:
- releasing information through informal means where possible;
- processing requests under subsection 8(2) of the Privacy Act, excluding paragraphs 8(2)(e) and (m);
- reviewing investigation reports, including fact-finding, harassment, disciplinary, and Board of Investigation reports; and
- reviewing requests from employees concerning their personnel files.
A total of 120 informal requests were closed during 2017-2018.
8.6 Method of Access
Where information was available for release, copies were provided in 1,601 cases which included paper copies, electronic, CDs and examination.
8.7 Corrections and Notations
There were no requests for correction of personal information received last fiscal year.
8.8 Consultations from Other Institutions and Organizations
The ATIP Division’s workload involves responding to consultations in response to formal requests received by other institutions and organizations CSC works closely with its partners under the Public Safety portfolio such a CBSA, RCMP, CSIS, PBC and the OCI, in order to respond to consultations in a timely fashion. CSC is consulted on such matters as court cases, offender grievances and matters raised with the OCI, offender case files, and individuals who are to be deported after serving their sentences, to name a few examples.
During the 2017-2018 reporting period, the ATIP Division received a total of 35 consultations from other institutions and organizations.
The following chart provides the type and number of consultations received over the 2017-2018 reporting year:
Type of Consultation | Number of Consultations Received in 2017-2018 |
---|---|
Other government institutions | 27 |
Other organizations | 8 |
Total | 35 |
9.0 Supplementary Reporting Requirements
9.1 Complaints and Investigations
Applicants have the right of complaint to the OPC pursuant to the Privacy Act and may exercise this right at any time during the processing of their request. At the end of this reporting period, CSC received a total of 381 complaints and 314 findings were issued. There is an increase in the number of complaints received this fiscal year (344 complaints were received in 2016-2017).
The majority of the privacy complaints received during this reporting period concern delay/time limit complaints; followed by denial of access complaints. The delay complaints reflect the reality that CSC is a department that receives a high number of requests for voluminous files and must manage this work with competing priorities such as litigation projects and court cases with limited resources. CSC responded to 3,875 requests and received 381 complaints representing 10 percent of the requests processed by CSC.
The implementation of the TBS Security Standard within CSC continues to generate a number of privacy complaints. Other complaints of interest deal with the use of cameras within penal institutions, the use of cell phone technology and server searches for emails of retired staff.
The following chart provides a breakdown of the complaints made to the OPC:
Type of Complaint | Received | Finding | Active |
---|---|---|---|
Access | 32 | 28 | 41 |
Delay/Time Limits | 332 | 282 | 291 |
Collection | 2 | 0 | 0 |
Use and Disclosure | 13 | 2 | 0 |
Retention and Disposal | 0 | 0 | 1 |
Correction/Notation | 0 | 0 | 0 |
Exemptions | 0 | 0 | 0 |
Extension | 1 | 0 | 0 |
Language | 1 | 2 | 4 |
Total | 381 | 314 | 337 |
* Please note that some findings and active complaints have been carried over from previous years.
Some key issues raised and subsequent actions taken as a result of the privacy complaints CSC received and the OPC’s investigations and recommendations during this reporting period are:
- Timeliness of our responses to requests has remained an issue; however, as the backlog is reduced, it is expected that this will be resolved. Additional backlog teams have been created and overtime has been used to complete urgent backlog files.
- Some complaints arise out of privacy breaches. The ATIP Division continues to place an emphasis on training our Regional ATIP Liaisons so that they in turn can train regional employees on the protection of personal information. CSC ATIP reports all medium and high level breaches to the OPC and TBS, and continues to address any follow-up questions in a timely manner.
- Over the past year, the OPC has provided the ATIP Division with a number of recommendations concerning the management of privacy within CSC institutions. Subsequently, the basic handling procedures of personal information have been discussed with management at the institutions and new procedures have been implemented to ensure the proper handling of personal information.
- CSC has ongoing meetings and discussions with the OPC in order to address any ongoing issues stemming from complaints in order to come to a timely resolution.
9.2 Disclosures Made Pursuant to Paragraph 8(2)(e) of the Privacy Act
During the 2017-2018 fiscal year, 138 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act were made by CSC.
9.3 Disclosures Made Pursuant to Paragraph 8(2)(m) of the Privacy Act
During the 2017-2018 fiscal year, 10 disclosures pursuant to paragraph 8(2)(m) of the Privacy Act were made by CSC. These disclosures were to families further to deaths in custody.
The OPC was notified before all disclosures.
9.4 Federal Court
There were no federal court cases filed against CSC in this reporting period.
9.5 Resources
The ATIP Division expended a total of $2,498,435 - $2,370,221 in salary costs, and $109,986 in overtime costs. There was $18,228 in operating costs.
Appendix A: Privacy Act Delegation
The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Correctional Service of Canada, under the sections of the Act set out in the schedule opposite each position. This designation replaces all previous delegation orders.
Section Article | Action | Commissioner | Senior Deputy Commissioner | Assistant Commissioner, Policy | Director, ATIP | Deputy Director, ATIP | Team Leaders, ATIP & Senior Policy Advisor | Regional Deputy Commissioners | Wardens & District Directors | Regional Administrators, Communications and Executive Services |
---|---|---|---|---|---|---|---|---|---|---|
8(2)(e) | Disclose personal information to an investigative body specified in the Regulations for enforcing any law of Canada or a province or carrying out a lawful investigation | • | • | • | • | • | • | • | • | • |
8(2)(f) | Disclose personal information under an agreement or arrangement for the purpose of administering or enforcing any law or carrying out a lawful investigation | • | • | • | • | • | • | • | • | • |
8(2)(j) | Disclosure for research purposes | • | • | • | ||||||
8(2)(m) | Disclosure in the public interest or in the interest of the individual | • | • | • | ||||||
8(4) | Copies of requests under 8(2)(e) to be retained | • | • | • | • | • | • | • | • | • |
8(5) | Notice of disclosure under 8(2)(m) | • | • | • | ||||||
9(1) | Record of disclosures to be retained | • | • | • | • | • | • | • | • | • |
9(4) | Consistent uses | • | • | • | • | • | ||||
10 | Personal information to be included in personal information banks | • | • | • | • | • | • | |||
14 | Notice when access requested | • | • | • | • | • | • | |||
15 | Extension of time limits | • | • | • | • | • | • | |||
17(2)(b) | Language of access | • | • | • | • | • | • | |||
17(3)(b) | Access to personal information in alternative format | • | • | • | • | • | • | |||
18(2) | Exemption (exempt bank) - Disclosure may be refused | • | • | • | • | • | ||||
19(1) | Exemption - Information obtained in confidence | • | • | • | • | • | • | |||
19(2) | Exemption - Where authorized to disclose | • | • | • | • | • | • | |||
20 | Exemption - Federal-Provincial Affairs | • | • | • | • | • | • | |||
21 | Exemption - International affairs and defence | • | • | • | • | • | • | |||
22 | Exemption - Law enforcement and investigation | • | • | • | • | • | • | |||
22.3 | Exemption - Public Servants Disclosure Protection Act | • | • | • | • | • | • | |||
23 | Exemption - Security clearances | • | • | • | • | • | • | |||
24 | Exemption - Individuals sentenced for an offence | • | • | • | • | • | • | |||
25 | Exemption - Safety of individuals | • | • | • | • | • | • | |||
26 | Exemption - Information about another individual | • | • | • | • | • | • | |||
27 | Exemption - Solicitor-client privilege | • | • | • | • | • | • | |||
28 | Exemption - Medical record | • | • | • | • | • | • | |||
31 | Notice of intention to investigate | • | • | • | • | • | • | • | • | • |
35(1) | Findings and recommendations of Privacy Commissioner | • | • | • | • | • | • | • | • | • |
35(4) | Access to be given | • | • | • | • | • | • | • | • | • |
36(3) | Report of findings and recommendations (exempt banks) | • | • | • | • | • | • | • | • | • |
37(3) | Report of findings and recommendations (compliance review) | • | • | • | • | • | • | • | • | • |
51(2)(b) | Special rules for hearings | • | • | • | • | • | ||||
51(3) | Ex parte representations | • | • | • | • | • | • | • | • | • |
70 | Confidences of the Queen’s Privy Council for Canada | • | • | • | • | • | • | |||
72(1) | Annual Report to Parliament | • | • | |||||||
Privacy Regulations | ||||||||||
9 | Reasonable facilities and time provided to examine personal information | • | • | • | ||||||
11(2) | Notification that correction to personal information has been made | • | • | • | ||||||
11(4) | Notification that correction to personal information has been refused | • | • | • | ||||||
13(1) | Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requester | • | • | • | ||||||
14 | Disclosure of personal information relating to physical or mental health may be made to a requester in the presence of a qualified medical practitioner or psychologist | • | • | • | ||||||
Dated, at the City of Ottawa, this ____th day of ___________, 2016 ________________________________________________________________ Minister of Public Safety and Emergency Preparedness |
Appendix B: Statistical Report
Statistical Report on the Privacy Act
Name of institution: Correctional Service Canada
Reporting period: 2017-04-01 to 2018-03-31
Part 1: Requests Under the Privacy Act
1.1 Number of requests
Number of Requests | |
---|---|
Received during reporting period | 6211 |
Outstanding from previous reporting period | 10328 |
Total | 16539 |
Closed during reporting period | 3875 |
Carried over to next reporting period | 12664 |
Part 2: Requests Closed During the Reporting Period
2.1 Disposition and completion time
Disposition of Requests | Completion Time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed | 5 | 16 | 53 | 28 | 14 | 47 | 166 | 329 |
Disclosed in part | 17 | 41 | 136 | 104 | 44 | 114 | 826 | 1282 |
All exempted | 0 | 1 | 3 | 1 | 2 | 2 | 15 | 24 |
All excluded | 0 | 0 | 0 | 0 | 1 | 0 | 0 | 1 |
No records exist | 105 | 80 | 62 | 83 | 35 | 57 | 48 | 470 |
Request abandoned | 70 | 24 | 23 | 36 | 35 | 60 | 1514 | 1762 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 7 | 7 |
Total | 197 | 162 | 277 | 252 | 131 | 280 | 2576 | 3875 |
2.2 Exemptions
Section | Number of Requests | Section | Number of Requests | Section | Number of Requests |
---|---|---|---|---|---|
18(2) | 0 | 22(1)(a)(i) | 231 | 23(a) | 0 |
19(1)(a) | 5 | 22(1)(a)(ii) | 94 | 23(b) | 0 |
19(1)(b) | 3 | 22(1)(a)(iii) | 7 | 24(a) | 3 |
19(1)(c) | 381 | 22(1)(b) | 240 | 24(b) | 157 |
19(1)(d) | 248 | 22(1)(c) | 540 | 25 | 2 |
19(1)(e) | 0 | 22(2) | 1 | 26 | 1478 |
19(1)(f) | 0 | 22.1 | 0 | 27 | 23 |
20 | 0 | 22.2 | 0 | 28 | 1 |
21 | 0 | 22.3 | 1 |
2.3 Exclusions
Section | Number of Requests | Section | Number of Requests | Section | Number of Requests |
---|---|---|---|---|---|
69(1)(a) | 2 | 70(1) | 0 | 70(1)(d) | 0 |
69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
70(1)(c) | 0 | 70.1 | 0 |
2.4 Format of information released
Disposition | Paper | Electronic | Other Formats |
---|---|---|---|
All disclosed | 317 | 12 | 0 |
Disclosed in part | 1265 | 17 | 0 |
Total | 1582 | 29 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of Requests | Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
---|---|---|---|
All disclosed | 13612 | 12292 | 329 |
Disclosed in part | 438861 | 365366 | 1282 |
All exempted | 93 | 0 | 24 |
All excluded | 0 | 0 | 1 |
Request abandoned | 53235 | 39607 | 1762 |
Neither confirmed nor denied | 0 | 0 | 7 |
Total | 505801 | 417265 | 3405 |
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition | Less Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
All disclosed | 298 | 5835 | 29 | 4954 | 2 | 1503 | 0 | 0 | 0 | 0 |
Disclosed in part | 509 | 18068 | 545 | 1 | 7 | 3146 | 11 | 13917 | 3 | 16667 |
All exempted | 0 | 0 | 1 | 0 | 1 | 0 | 1 | 0 | 0 | 0 |
All excluded | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
Request abandoned | 135 | 218 | 5 | 813 | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 269 | 3702 | 39 | 7123 | 11 | 4788 | 12 | 13917 | 4 | 16667 |
2.5.3 Other complexities
Disposition | Consultation Required | Legal Advice Soughts | Interwoven Information | Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 0 | 3 | 3 | 6 |
Disclosed in part | 8 | 0 | 129 | 129 | 266 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 3 | 0 | 11 | 11 | 25 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 11 | 0 | 143 | 143 | 297 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed Past the Statutory Deadline | Principal Reason | |||
---|---|---|---|---|
Workload | External Consultation | Internal Consultation | Other | |
3341 | 3335 | 4 | 0 | 2 |
2.6.2 Number of days past deadline
Number of Days Past Deadline | Number of Requests Past Deadline Where No Extension Was Taken | Number of Requests Past Deadline Where An Extension Was Taken | Total |
---|---|---|---|
1 to 15 days | 70 | 25 | 95 |
16 to 30 days | 51 | 15 | 66 |
31 to 60 days | 61 | 12 | 73 |
61 to 120 days | 180 | 18 | 198 |
121 to 180 days | 72 | 4 | 76 |
181 to 365 days | 263 | 43 | 306 |
More than 365 days | 1431 | 1096 | 2527 |
Total | 2128 | 1213 | 3341 |
2.7 Requests for translation
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Part 3: Disclosures Under Subsections 8(2) and 8(5)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
138 | 10 | 0 | 148 |
Part 4: Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 0 |
Total | 0 |
Part 5: Extensions
5.1 Reasons for extensions and disposition of requests
Disposition of Requests Where an Extension Was Taken | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation or Conversion |
|
---|---|---|---|---|
Section 70 | Other | |||
All disclosed | 118 | 0 | 0 | 0 |
Disclosed in part | 663 | 1 | 4 | 2 |
All exempted | 10 | 1 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 |
No records exist | 39 | 0 | 0 | 0 |
Request abandoned | 546 | 0 | 1 | 0 |
Total | 1376 | 2 | 5 | 2 |
5.2 Length of extensions
Length of Extensions | 15(a)(i) Interference With Operations |
15(a)(ii) Consultation |
15(b) Translation purposes |
|
---|---|---|---|---|
Section 70 | Other | |||
1 to 15 days | 0 | 0 | 0 | 0 |
16 to 30 days | 1376 | 2 | 5 | 2 |
Total | 1376 | 2 | 5 | 2 |
Part 6: Consultations Received From Other Institutions and Organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
---|---|---|---|---|
Received during the reporting period | 38 | 973 | 4 | 33 |
Outstanding from the previous reporting period | 3 | 131 | 1 | 0 |
Total | 41 | 1104 | 5 | 33 |
Closed during the reporting period | 33 | 581 | 2 | 31 |
Pending at the end of the reporting period | 8 | 523 | 3 | 2 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed | 5 | 2 | 1 | 0 | 1 | 0 | 0 | 9 |
Disclosed in part | 6 | 9 | 4 | 0 | 0 | 0 | 0 | 19 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
Other | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 4 |
Total | 16 | 11 | 5 | 0 | 1 | 0 | 0 | 33 |
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
Part 7: Completion Time of Consultations on Cabinet Confidences
7.1 Requests with Legal Services
Number of Days | Fewer Than 100 Pages Processed | 101‒500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
Number of Days | Fewer Than 100 Pages Processed | 101‒500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8: Complaints and Investigations Notices Received
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
366 | 0 | 144 | 0 | 510 |
Part 9: Privacy Impact Assessments (PIAs)
Number of PIA(s) completed | 1 |
Part 10: Resources Related to the Privacy Act
10.1 Costs
Expenditures | Amount | |
---|---|---|
Salaries | $2,370,221 | |
Overtime | $109,986 | |
Goods and Services | $18,228 | |
|
$0 | |
|
$18,228 | |
Total | $2,498,435 |
10.2 Human Resources
Resources | Person Years Dedicated to Privacy Activities |
---|---|
Full-time employees | 29.00 |
Part-time and casual employees | 3.00 |
Regional staff | 0.00 |
Consultants and agency personnel | 0.00 |
Students | 0.00 |
Total | 32.00 |
Note: Enter values to two decimal places.
Page details
- Date modified: