Language selection

Government of Canada / Gouvernement du Canada

Search

Annual Report to Parliament on the Privacy Act 2022 to 2023

On this page

List of acronyms

List of acronyms
AI
Artificial Intelligence
APCM
AccessPro Case Management
ATIA
Access to Information Act
ATIP
Access to Information and Privacy
ATIP Director
ATIP Division Departmental Coordinator
AOMT
Access to Information and Privacy Online Management Tool
BCSC
British Columbia Supreme Court
CBSA
Canada Border Services Agency
CCRA
Corrections and Conditional Release Act
CSC
Correctional Service Canada
CSIS
Canadian Security Intelligence Service
DLET
Disclosure and Law Enforcement Team
DOJ
Department of Justice
DRP
Disclosure Review Process
FTEs
Full Time Equivalents
IPRU
Intake, Processing and Retention Unit
LSU
Legal Services Unit
NHQ
National Headquarters
OIC
Office of the Information Commissioner (OIC)
OCI
Office of the Correctional Investigator
OPC
Office of the Privacy Commissioner
OPI
Office of Primary Interest
PA
Privacy Act
PAL
Public Access Link
PIA
Privacy Impact Assessments
PBC
Parole Board of Canada
PGU
Policy and Governance Unit
PS
Preventive Security
PSPC
Public Service and Procurement Canada
RCMP
Royal Canadian Mounted Police
RFP
Request for Proposal
RPSS
Request for Proposal Software Solution
RRR
The Rights, Redress and Resolution
SACC
Standard Acquisition Clauses and Conditions
SCRCM
Strategic Compliance, Reporting and Client Management Team
SIN
Social Insurance Number
SiNet
Security Intelligence Network
SIO
Security Intelligence Officers
SPRT
Strategic Privacy Response Team
TBS
Treasury Board Secretariat

List of figures

List of figures

List of tables

List of tables

1. Introduction

The Privacy Act (PA) protects the privacy of Canadian citizens and permanent residents against the unauthorized use and disclosure of personal information about them held by a government institution. It also provides individuals with a right of access to that information and the right to correct inaccurate personal information. In addition, the PA legislates how the government collects, stores, disposes of, uses, and discloses personal information.

Section 72 of the PA requires that the Head of every federal government institution submits an Annual Report to Parliament on the administration of this Act over the fiscal year. The Minister of Public Safety, Democratic Institutions and Intergovernmental Affairs has delegated the administration of the PA, including the reporting of the Annual Report, to the Commissioner of the Correctional Service of Canada (CSC).

This report describes how CSC fulfilled compliance with the PA during the reporting Fiscal Year (FY) period of April 1, 2022 to March 31, 2023.

2. Organizational structure

2.1 About the Correctional Service of Canada

The purpose of the federal correctional system, as defined in law, is to contribute to the maintenance of a just, peaceful, and safe society by carrying out sentences for offenders sentenced to two years or more imposed by courts. This is done through the safe and humane custody and supervision of offenders, and by assisting the rehabilitation of offenders and their safe reintegration into the community as law-abiding citizens through the provision of programs in penitentiaries and in the community (Corrections and Conditional Release Act (CCRA), s.3).

CSC works closely with its Public Safety portfolio partners, including the Royal Canadian Mounted Police (RCMP), the Parole Board of Canada (PBC), the Canada Border Services Agency (CBSA), and the Canadian Security Intelligence Service (CSIS), in addition to oversight bodies including the Office of the Correctional Investigator (OCI).

2.2 The Access to Information and Privacy Division

The Access to Information and Privacy (ATIP) Division reports to the Director General of Rights, Redress and Resolution under the Policy Sector and has nine units:

The Intake, Processing and Retention Unit (IPRU) is responsible for processing incoming requests, generating routine correspondence, tasking retrievals of records to Offices of the Primary Interest (OPIs), fostering the quality assurance of the ATIP process, preparing final release packages, responding to inquiries received on ATIP’s Toll Free number (1-844-757-8031), and providing general support to the office.

The Access to Information Operations team is responsible for reviewing records, conducting consultations with internal and external stakeholders, applying exemptions and exclusions, preparing release packages for requesters, and responding to complaints from the Office of the Information Commissioner (OIC).

The Privacy Operations team processes formal and informal requests under the PA and responds to complaints from the Office of the Privacy Commissioner (OPC). This team has been organized into three teams:

  1. The Privacy Urgent Team is responsible for responding to urgent formal privacy requests (e.g. documents requested by offenders/requesters for upcoming parole hearings, court purposes or other legal proceedings where time is of the essence, and where the individual consents to release of their personal information).
  2. The Strategic Privacy Response Team (SPRT) is responsible for reviewing offenders’ records related to health care, employment, admission and discharge, visits and correspondence, and education and training.
  3. The Privacy Complaint Team is responsible for responding to delay-complaints received by the OPC and to any judicial review applications related to these complaints.

The Policy and Governance Unit (PGU) acts as a single point of contact for privacy within CSC. It develops privacy policies, guidelines, tools and procedures to support ATIP requirements within CSC. In addition, the unit provides advice, guidance and support regarding ATIP legislation and related policies; promotes privacy awareness; and manages privacy breaches, and any improper collection, use and disclosure complaints filed with the OPC. The unit also oversees Privacy Impact Assessments (PIAs); reviews Memoranda of Understanding, Information Sharing Agreements, contracts, forms and Commissioner’s Directives; and delivers privacy training. The PGU is also responsible for the informal review of disciplinary, harassment and workplace violence reports for the department. This also includes complex privacy requests related to investigations as well as other sensitive files such as public interest disclosures.

The Disclosure and Law Enforcement Team oversees releases under 8(2) of the PA, including files for litigation; dangerous offender applications and long-term supervision orders; other court purposes; and on- going investigations.

The ATIP Transformation Teams (Backlog Teams) are responsible for processing files from CSC ATIP’s backlog, including assessing areas of ATIP operations that could be streamlined to foster efficiencies in addressing current legacy requests and preventing future backlog of requests.

The Strategic Compliance, Reporting and Client Management (SCRCM) Team is responsible for collecting, analyzing and presenting information using various search engines and data tools to support ATIP in its reporting requirements (including the ATIP Annual Reports) and compliance rates. When fully operational, this team will also be responsible for managing CSC ATIP’s relationships with its clients, and build on the existing work to promote and foster a culture of client satisfaction within CSC’s ATIP Division.

The ATIPXPress Migration Team is responsible to find or develop modern software solutions to assist the Rights Redress and Resolution Branch to increase productivity and efficiency through the use of new technological solutions.

The Digitization and Stakeholder Liaison Team was responsible for CSC ATIP’s digitization and modernization initiative, including leveraging new technology and the digitization of the ATIP process within CSC. This team was active until March 31, 2023, at which time its objectives were absorbed into the SCRCM team and the ATIPXPress Migration Team.

In addition, each sector, region, institution, district, parole office and community correctional centre has an ATIP liaison who assists the national ATIP Division in administering its overall responsibilities.

During the next (FY), ATIP will continue to build its capacity, including completing staffing for the second Access team, completing staffing on the Privacy Teams, adding a second dedicated team for the review of disciplinary, harassment and workplace violence reports and related privacy formal requests, and increase capacity to support policy work. Overall, CSC is currently in the process of adding another EX01 (Director, ATIP Modernization, Disclosure and Law Enforcement) position to support the management of the newly created teams in order to adequately increase CSC’s compliance with its statutory obligations under both the Access to Information Act (ATIA) and PA.

During the 2022 to 2023 fiscal year, there were 86.3 employees dedicated to privacy activities as follows:

CSC was not party to any service agreements under section 73.1 of the PA during this reporting period.

2.3 Initiatives and priorities

This section will outline CSC’s initiatives and priorities for ATIP, and unless otherwise noted is referring to both the ATIA and the PA, as well as both formal requests and informal requests such as information sharing with our public safety partners.

CSC is a large organization that employs approximately 18,000 employees across Canada while managing a yearly average of 21,000 offenders. The highest proportion of ATIP Division work in CSC are Privacy requests, effectively accounting for more than 90% of the total workload, while Access requests represent about 10% of all ATIP requests. Offenders and their legal representatives make 89% of the privacy requests.

Like several federal institutions, CSC has been facing many compelling challenges that have significantly increased during the past six fiscal years. However, CSC has taken important steps and launched many initiatives to address its challenges and better position ATIP for the future. At the beginning of the 2021 to 2022 fiscal year, CSC developed an ambitious Strategic Action Plan with the following objectives:

  1. gradually increase ATIA and PA compliance rates to attain the Treasury Board Secretariat (TBS) compliance standards
  2. increase customer satisfaction
  3. ensure production outpaces requests
  4. minimize and eventually eliminate existing backlog requests
  5. reduce the number and frequency of complaints submitted by requesters to both the OIC and OPC
  6. sustain productivity to prevent future backlog of requests, and
  7. take measures to become an employer of choice and a leader in the ATIP Community

CSC’s Strategic Action Plan was outlined in detail in CSC’s 2021 to 2022 Annual Reports.

Some of the challenges that CSC continues to manage include:

Given the continuing need to address these challenges and foster an environment to support CSC’s ability to comply with its legislative obligations, CSC refocused its activities to respond to its ATIP requirements through the following actions:

1. Temporary funding to increase production

From 2017 to 2018 to 2021 to 2022, CSC ATIP implemented and examined many initiatives to address its challenges, which were described in its previous Annual Reports.

During the current period, CSC ATIP received 2.84 million dollars in funding and succeeded in augmenting its overall complement on a permanent basis to 93 FTEs.

During the same period, the ATIP Division also continued to manage many competing priorities, including an increasing number of requests related to legal proceedings, which are sensitive and urgent in nature. To manage its backlog and its numerous competing priorities, CSC ATIP used its resources as efficiently and as strategically as possible, which has yielded significant results, described further in this section.

2. The 2021 Strategic Action Plan

In fiscal year 2021 to 2022, CSC developed a Strategic Action Plan for ATIP to address all issues/challenges described above on a more permanent basis. This framework continued into 2022 to 2023 and yielded positive results, which will be described below. The comprehensive Strategic Action Plan focuses on four pillars: (1) Our resources and people; (2) Our infrastructure; (3) Our culture and practices; and (4) Our results.

These four pillars identify various opportunities for (i) additional resources, including leveraging partnerships with academic institutions; (ii) working with our Information Management experts to strengthen our technological capabilities to fully digitize our ATIP processes; (iii) promoting a culture of client satisfaction; and (iv) ensuring accountability for timely and sustainable results.

Pillar 1: Our resources and people

Improving compliance with obligations under the PA and the ATIA is a high priority for CSC. The organization has forecasted it will require approximately 130 CSC ATIP has already secured human and financial resources for CSC’s ATIP program/function to allow a gradual increase in its production and compliance rates for both Acts. As such, from FY 2021 to 2022 to FY 2022 to 2023, CSC increased its complement from 54 to 93 FTEs. During fiscal year 2023 to 2024, CSC ATIP will continue to focus on hiring the outstanding additional staff required to meet its legal obligations under the ATIP legislation.

To provide high quality service standards to requesters, the ATIP Division must attract the right people for the job. To overcome the shortage of ATIP experts in the community, CSC has been hiring and training individuals with transferable skills who are seeking careers in the Public Service and ATIP. To that effect, CSC is increasing its presence in local universities and colleges to recruit students who are interested in pursuing a career in ATIP at CSC.

It is also CSC’s desire to position itself as an employer of choice. CSC ATIP is therefore also focusing on the continuing education and well-being of its staff. This includes equipping staff with proper tools, and training and mentoring analysts to increase their knowledge and application of the Acts.

CSC ATIP is also using talent management to invest in the organization’s most important resource - its people. To this end, CSC will continue to recruit candidates with highly desirable skill sets and provide ongoing learning and development opportunities. It will also recognize the value of its team members and encourage them to advance within the organization. Talent management is one of the many tools that CSC ATIP is using to recruit, retain and develop a workforce that is as productive as possible and likely to stay with the organization on a long-term basis.

Equally important, CSC ATIP is working on creating a Developmental Program for ATIP analysts. At the same time, CSC is focusing on promoting the well-being of staff and ensuring there is appropriate mental and physical health support in managing the demands of their duties and functions.

Pillar 2: Our infrastructure

Together with investments in resources and people, CSC is also putting the emphasis on modernizing its infrastructure to keep up with the changing reality of the ATIP environment and its associated challenges.

A team of specialists, led by a Deputy Director, ATIPXPress Migration, is responsible for CSC ATIP’s modernization initiative (including but not limited to the migration from AccessPro Case Management to ATIPXPress). CSC will leverage technology to streamline the ATIP process. As an interim measure, CSC worked with its Preventive Security experts to use its Security Intelligence Network (SiNET) as a platform to collect Protected C documents when it must process information requests from the courts and law enforcement agencies. Ultimately, the longer-term solution is to migrate to ATIPXPress, which will allow CSC to appropriately process and store Protected C information.

Given that offenders’ requests account for most of the privacy workload, and offenders and their legal representatives make 89% of the privacy requests, CSC continues to explore an Offender ATIP Portal. This option has many benefits including: (1) providing inmates access to technology with the opportunity to submit their ATIP requests electronically; (2) reducing the delays in receiving offender requests; (3) reducing/eliminating the amount of paper used to print the release packages to provide them to the offenders; and (4) significantly reducing mailing costs and delays in releasing documents to offenders.

Concurrently, CSC is exploring the piloting of tablets mobile devices for correctional institutions that provide inmates with communication, education and entertainment resources. These tablets will present an excellent opportunity to make an Offender ATIP Portal a reality, and ATIP will continue to explore this solution.

Additionally, to improve access to information, the CSC ATIP has been using the ATIP Online (AOMT) since 2020.

Pillar 3: Our culture and practices

From the initial ATIP request to ultimate disclosure, CSC’s practices must embody a culture of responsibility and client satisfaction. To achieve this goal, CSC will continue to foster close relationships with key external organizations and keep apprised of best practices, including improving our engagement and consultation with the Offices of the Privacy and Information Commissioners, and TBS’s Office of the Chief Information Officer.

CSC continues to also promote a right-of-access and client satisfaction culture. This culture shift encourages employees to recognize the rights of individuals to access their personal information and CSC’s duty to enhance government accountability and transparency. CSC also continues to enhance engagement with ATIP requesters to swiftly seek clarity where required and minimize delays in fulfilling their requests.

To serve our clients to the best of our abilities, the ATIP Division is also exploring ways of processing requests more efficiently. To this end, CSC is increasing consultation with Offices of Primary Interest (OPIs) in collecting and assessing information to ensure timely responses to requesters’ needs.

Furthermore, with additional resources, the ATIP teams will be able to play key and proactive roles in providing orientation, training and awareness to minimize legal risks and privacy breaches within the organization. In doing so, CSC ATIP will engage with regional management committees, institutional management committees, executive committees, sectors and regions to share best privacy practices and bring much-needed awareness in the areas of privacy and access to information.

Pillar 4: Our results

The ATIP Division is positioning itself not only to become an employer of choice, but also to be seen as a leader, a model and a flagship in the ATIP Community. CSC ATIP is therefore committed to increase PA and ATIA compliance rates over time, with the goal of attaining TBS compliance standards. It is very confident these three objectives will be achieved when its Strategic Action Plan is fully implemented, as shown by the positive results so far. As CSC continues to implement its plan, we will build on the existing results outlined below:

Positive and promising results:

Phase 1 of the 2021 Strategic Action Plan entailed, the creation of new teams including the Backlog Transformation Teams and the Disclosure and Law Enforcement Teams (DLET).

In fall 2022, CSC established the ATIP DLET responsible for engaging with Provincial and Territorial Crown Attorneys, Law Enforcement agencies and other public safety organizations to exchange information to foster public safety and protection of Canadians. Since commencing operations in fall 2022, DLET has responded to over 700 requests, reviewed 770,000 pages, and released approximately 550,000 pages to the requesting agencies. While these are not formal requests under the Access to Information Act or the Privacy Act, they are an important function of ATIP to meet CSC’s disclosure and information sharing requirements with its criminal justice and law enforcement partners.

Phase 2 of the Strategic Action Plan effectively entails the creation of new ATIP teams to gradually increase ATIA and PA compliance rates to meet TBS compliance standards.

The ATIP Division has created four of these new teams dedicated to Privacy requests and one to Access requests. These teams are currently partially staffed, and CSC will continue to fully staff them in 2023 to 2024. The full implementation of Phase 2 of the Strategic Action Plan will allow CSC to comply with the ATIA and PA and to uphold the right of access of requesters.

The new teams and initiatives from Phase 1 and 2 continue to yield positive results with an approximate 145% increase in overall production in 2022 to 2023 (from approximately 2.2 million pages closed in 2021 to 2022 to approximately 3.2 million pages closed in 2022 to 2023). Furthermore, it is worth noting that CSC is closing almost twice the number of pages received (3.2 million pages closed in 2022 to 2023 versus 1.7 million pages received). Over the next three years, CSC will aim to minimize and eliminate the existing legacy backlog requests, will strive to sustain productivity to prevent developing future backlog, and improve its compliance rate.

The following table and graph will show CSC’s overall production, including formal and informal requests under both Acts, and including both pages processed and pages resolved (abandoned, not relevant, etc.).

Production in previous years
Table 1: Production in previous years
All teams 2013 to 2014 2014 to 2015 2015 to 2016 2016 to 2017 2017 to 2018 2018 to 2019 2019 to 2020 2020 to 2021 2021 to 2022 2022 to 2023
Pages received 2,131,480 2,067,068 2,192,854 1,801,525 2,117,156 2,361,032 2,252,793 2,227,645 2,245,510 1,772,039
Pages closed 1,609,364 1,389,448 1,578,083 1,244,846 1,629,940 1,033,272 1,343,565 942,540 2,216,879 3,211,619
Carried forward 2,831,094 3,508,714 4,123,485 4,680,164 5,167,380 6,495,140 7,404,368 8,689,473 8,718,104 7,278,524
Source: ATIP Dashboard 2023-03-31

The following graph shows that during fiscal years 2021 to 2022 and 2022 to 2023, CSC ATIP was successful in changing the previous trend, and making significant progress in addressing the backlog.

Figure 1: Production in previous fiscal years
for image description read Text description for Figure 1: Production in previous fiscal years
Text description for Figure 1: Production in previous fiscal years

This graph shows that:

In 2014 to 2015:

  • 2,069,873 pages were received
  • 1,396,600 pages were closed, and
  • 3,509,010 pages were carried forward

In 2015 to 2016:

  • 2,193,485 pages were received
  • 1,578,100 pages were closed, and
  • 4,124,395 pages were carried forward

In 2016 to 2017:

  • 1,804,205pages were received
  • 1,245,079 pages were closed, and
  • 4,683,521 pages were carried forward

In 2017 to 2018:

  • 2,120,466 pages were received
  • 1,629,587 pages were closed, and
  • 5,174,400 pages were carried forward

In 2018 to 2019:

  • 2,361,250 pages were received
  • 1,031,446 pages were closed, and
  • 6,504,204 pages were carried forward

In 2019 to 2020:

  • 2,261,561 pages were received
  • 1,342,622 pages were closed, and
  • 7,723,143 pages were carried forward

In 2020 to 2021:

  • 2,237,960 pages were received
  • 944,276 pages were closed, and
  • 8,716,827 pages were carried forward

In 2021 to 2022:

  • 2,327,244 pages were received
  • 2,219,057 pages were closed, and
  • 8,825,014 pages were carried forward

In 2022 to 2023:

  • 2,102,270 pages were receive
  • 3,219,041 pages were closed, and
  • 7,708,243 pages were carried forward

CSC aims to increase and maintain efficiency in processing ATIP requests, eliminate the current backlog, avoid accumulating further legacy requests while improving CSC’s compliance rate. To achieve this goal, CSC ATIP production must continue to outpace the number of requests received.

Success will only be sustainable if CSC addresses both those historical requests as well as new requests simultaneously. These efforts, combined with targeted investments and cultural changes, will better equip CSC ATIP to move from reactive to proactive, and to deal with inevitable new complexities and challenges in the future.

CSC has also achieved positive results managing complaints.

Informal information sharing

Cultural changes and related options to avoid/curb future workload increases will also assist CSC ATIP to achieve its goals. For example, CSC ATIP continues to explore informal release of documents. To that effect, CSC launched a Pilot Project in two operational sites at the end of 2022 to 2023 - Stony Mountain Institution and Bowden Institution. In 2023 to 2024, CSC launched the Pilot Project in an additional operational site- Saskatchewan Penitentiary. Results of the pilot project will be communicated during the next reporting period.

Pilot project with the Department of Justice

In 2021 to 2022, CSC ATIP and CSC Legal Services Unit (LSU), in conjunction with the Department of Justice (DOJ) launched a Pilot Project entitled the Disclosure Review Process (DRP) 2.0 for litigation files. The DRP developed a process for the collection and review of documents that needed to be processed on an urgent basis and in a timely fashion for litigation purposes. Through this process, litigation teams lead the review of the collected CSC documents and determine what information is relevant, carry out the review and apply protections to all files, except for more sensitive files, including the Preventive Security and Discipline and Dissociation files. They also determine whether there are concerns with release, such as privileged information.

CSC’s LSU and DOJ litigation teams engage the DLET for their review of all relevant information contained in the Preventive Security and Discipline and Dissociation files, and any other security-related information. This approach prevents “double-work” e.g. where files are reviewed more than once or where second reviews are unnecessary. DOJ lawyers are trained to recognize personal information and protect it if it is not relevant for court purposes. As such, there is no value added for them to consult CSC ATIP to confirm and identify personal information included in these files. However, DOJ will consult the DLET to obtain expert advice on complex files involving security matters.

This pilot project continued in 2022 to 2023 and was improved as needed based on experience. The intention is to transition to a permanent process in 2023 to 2024.

Strategy for transforming our inventory of backlog files

During this period, CSC took significant steps to address our inventory of older files (backlog). We closed all 2013 Access and Privacy files and made significant progress in other areas as well. Two such areas include:

This transformation is a significant step to targeting our focus on requests where the requester still wants the records, which ultimately assists our clients and reduces our backlog.

ATIPXPress migration

Similar to other federal departments, CSC has been using AccessPro Case Management (APCM), an ATIP software for the management of both internal and external ATIP requests since the mid-2000s. In late 2021, CSC and other federal departments were notified by Treasury Board Secretariat (TBS) that APCM will become a legacy application effective June 2023. Given that this will affect several federal departments, TBS’ Office responsible for ATIP within the Government of Canada commenced the collection and coordination of business requirements to initiate a horizontal procurement process to replace APCM.

TBS finalized the Request for Proposal (RFP) in summer 2022. CSC has selected ATIPXpress, given the size of ATIP team and the complexity of requests (particularly privacy requests). CSC secured 1.2 million dollars for this purpose and initiated a procurement process in November 2022. In March 2023, CSC finalized a contract with the supplier and launched an implementation project for the new system.

The new Request for Proposal Software Solution (RPSS) solution will provide powerful new tools to the ATIP division to allow them to be more productive and effective in responding to requesters. Tools such as the Collaboration Portal and the Public Access Link (PAL) will allow our stakeholders to communicate and provide ATIP with requested documents safely and efficiently within the ATIPXpress system. The Electronic Document Review and Optical Character Recognition will add automation to the organization of records and the search for duplicate documents in larger files. Lastly, the selected product contains an Artificial Intelligence (AI) component that will provide support to the analyst by suggesting what could be redacted and will support new analysts on how to analyze a certain file.

We are very confident that the implementation of the new ATIPXpress will increase CSC’s ATIP division’s productivity and effectiveness to respond to all our requesters.

Goals and vision moving forward

In the 2023 to 2024 fiscal year, CSC ATIP will turn its focus to:

3. Delegation Order

The Commissioner of CSC is responsible for the administration of the PA. The Minister delegates this authority to members of departmental senior management, including the ATIP Division Departmental Coordinator (ATIP Director), to carry out their powers, duties and functions under the Act, in relation to ATIP requests. Certain authorities are delegated to positions in the ATIP Division at National Headquarters (NHQ) as shown in Appendix A of this report.

4. Performance 2022 to 2023

4.1 Requests processed under the Privacy Act

In 2022 to 2023, CSC received 5,292 requests for personal information, an approximate 12% decrease from the previous year. A total of 24,544 requests were carried over from the previous reporting year, totaling 29,836 requests requiring processing in 2022 to 2023. CSC responded to 9,479 requests for personal information, representing 39% of the total number of requests received and outstanding from the previous reporting period. Please refer to Appendix B for the Statistical Report.

Text Box: NUMBER OF REQUESTSIn 2022 to 2023, CSC received 5,292 requests for personal information, an approximate 12% decrease from the previous year. A total of 24,544 requests were carried over from the previous reporting year, totaling 29,836 requests requiring processing in 2022 to 2023. CSC responded to 9,479 requests for personal information, representing 39% of the total number of requests received and outstanding from the previous reporting period. Please refer to Appendix B for the Statistical Report.

Figure 2: Privacy request workload
for image description read Text description for Figure 2: Privacy request workload
Text description for Figure 2: Privacy request workload

This graph shows that:

In 2017 to 2018:

  • 6,211 requests were received
  • 10,328 were outstanding from the previous reporting period, and
  • 3,875 were closed

In 2018 to 2019:

  • 6,134 requests were received
  • 12,707 were outstanding from the previous reporting period, and
  • 2,895 were closed

In 2019 to 2020:

  • 7,063 requests were received
  • 16,008 were outstanding from the previous reporting period, and
  • 3,128 were closed

In 2020 to 2021:

  • 6,224 requests were received
  • 19,996 were outstanding from the previous reporting period, and
  • 2,469 were closed

In 2021 to 2022:

  • 5,981 requests were received
  • 24,628 were outstanding from the previous reporting period, and
  • 6,065 were closed

This graph shows the total workload of privacy requests as a sum of requests received during the reporting period and requests outstanding from the previous reporting period. The line illustrates the trend of files closed. As the graph outlines, there was a significant increase in the number of requests closed in 2022 to 2023, which can be attributed to the work completed by the new Transformation (Backlog) teams. This trend will continue as efficiencies continue to be implemented to address the long-standing backlog. 

4.2 Disposition of requests

Of the 9,479 requests completed during the 2022 to 2023 reporting period, 696 requests were full disclosures; 2,215 were partial disclosures; 14 were withheld in their entirety; no records existed for 531; 6,017 were abandoned by the requesters; and six were neither confirmed nor denied. In summary, 7% of requests were full disclosures and 23% were partial disclosures.

Figure 3: Disposition of requests
for image description read Text description for Figure 3: Disposition of requests
Text description for Figure 3: Disposition of requests

Requests completed during the 2021 to 2022 reporting period:

  • fully disclosed: 696
  • partial disclosure: 2,215
  • withheld in their entirety: 14
  • no records existed: 531
  • abandoned by requestors: 6,017
  • neither confirmed nor denied: 6

4.3 Exemptions and exclusions

During this reporting period, there were 6,037 exemptions applied and three exclusions applied. Most exemptions invoked by CSC were under three sections of the PA:

A complete breakdown of the exemptions applied during this reporting period is as follows:

Table 2: Exemptions and exclusions
Exemption description Number of times applied
Obtained in confidence 943
International affairs and defence 3
Law enforcement and investigation 1,654
Information obtained by Privacy Commissioner 1
Individuals sentenced for an offence 173
Safety of individuals 14
Personal information 3,117
Solicitor-client privilege 113
Medical records 19
Library/Museum material 3
Total 6,040

4.4 Extensions

A total of 4,512 extensions were required during this reporting period. Most of the extensions were taken due to a large volume of requests (4,500), and the others were due to a large volume of pages (11) and requiring further review to determine if any exemptions were warranted (1).

4.5 Completion time

During the reporting period, CSC completed 340 requests in 30 days or less; 214 requests between 31 and 60 days; 159 requests between 61 and 120 days; 130 requests between 121 and 180 days; and 8,636 requests in over 180 days.

Figure 4: Completion time
for image description read Text description for Figure 4: Completion time
Text description for Figure 4: Completion time

This graph shows that in the 2021 to 2022 reporting period, CSC completed:

  • 4% of requests in 30 days or less
  • 2% of requests between 31 and 60 days
  • 2% of requests between 61 and 120 days
  • 1% of requests between 121 and 180 days, and
  • 91% of requests in over 180 days

4.6 Deemed refusals

Over the years, an increasing number of files have been closed beyond the legislated timeline. During this fiscal year, 94% of the requests (8,930) were closed beyond the legislated timeline, representing a 5% increase from last fiscal year (89%). The increased proportion of requests closed beyond legislated timelines is largely attributed to the team continuing to work on older files. The ratio this year of files closed after 365 days and files closed before 365 days is 4.8 to 1; whereas last year, the ratio was 2.4 to 1.

Figure 5: Deemed refusals
for image description read Text description for Figure 5: Deemed refusals
Text description for Figure 5: Deemed refusals

This graph shows that:

In 2017 to 2018,

  • 3,341 requests were deemed refused
  • 3,875 were closed, and
  • 86 percent of the closed requests were deemed refused

In 2018 to 2019,

  • 2,552 requests were deemed refused
  • 2,895 were closed, and
  • 88 percent of the closed requests were deemed refused

In 2019 to 2020,

  • 2,640 requests were deemed refused
  • 3,128 were closed, and
  • 84 percent of the closed requests were deemed refused

In 2020 to 2021,

  • 2,210 requests were deemed refused
  • 2,469 were closed, and
  • 90 percent of the closed requests were deemed refused

In 2021 to 2022,

  • 5,426 requests were deemed refused
  • 6,065 were closed, and
  • 89 percent of the closed requests were deemed refused

4.7 Outstanding requests

At the end of this fiscal year, 20,357 requests were outstanding and were carried over to the 2023 to 2024 reporting period. Of those requests, 4,264 were received during this fiscal year, whereas 3,221 were received during the previous fiscal year. Also, 167 outstanding requests were received during fiscal year 2015 to 2016 or earlier; 943 in 2016 to 2017; 2,811 in 2017 to 2018; 3,016 in 2018 to 2019; and 3,155 in 2019 to 2020. Most of these requests, 19,441 in total, were beyond the legislated timelines as of March 31, 2023.

Figure 6: Outstanding requests
for image description read Text description for Figure 6: Outstanding requests
Text description for Figure 6: Outstanding requests

This graph shows that 422 requests received in 2015 to 2016 or earlier remain outstanding, of which none are within legislated timelines and 422 are beyond legislated timelines.

For 2016 to 2017,

  • 2,596 requests remain outstanding of which none are within legislated timelines, and
  • 2,596 are beyond legislated timelines

For 2017 to 2018,

  • 4,383 requests remain outstanding of which none are within legislated timelines, and
  • 4,383 are beyond legislated timelines

For 2018 to 2019,

  • 4,168 requests remain outstanding of which none are within legislated timelines, and
  • 4,168 are beyond legislated timelines

For 2019 to 2020,

  • 4,206 requests remain outstanding of which none are within legislated timelines, and
  • 4,206 are beyond legislated timelines

For 2020 to 2021,

  • 3,794 requests remain outstanding of which none are within legislated timelines, and
  • 3,794 are beyond legislated timelines

For 2021to 2022,

  • 4,975 requests remain outstanding of which 506 are within legislated timelines, and
  • 4,469 are beyond legislated timelines

4.8 Outstanding active complaints

During this reporting period, CSC received a total of 151 complaints, a 6% increase in the number of complaints received during the last fiscal year (143 complaints in 2021 to 2022). Of those 151 complaints, 54 remained active and were carried over to the next fiscal year 2023 to 2024. Other complaints carried over to fiscal year 2023 to 2024 include 26 complaints received during fiscal year 2021 to 2022, 15 complaints received in 2020 to 2021, four complaints received in 2019 to 2020, four complaints received in 2018 to 2019, three complaints received in 2017 to 2018, and one complaint received in 2016 to 2017. A total of 107 complaints were therefore still active as of March 31, 2023. Finally, a total of 144 findings were issued.

Most privacy complaints received during this reporting period are related to delay/time limit complaints, followed by denial of access.

4.9 Consultations from Other Institutions and Organizations

The ATIP Division’s workload involves responding to consultations in response to formal requests received by other institutions and organizations. CSC works closely with its partners in the Public Safety portfolio such as CBSA, RCMP, CSIS and PBC to respond to consultations in a timely fashion. CSC is consulted on such subjects as court cases, offender grievances, Office of the Correctional Investigator (OCI) matters, offender files, and deported individuals.

During the 2022 to 2023 reporting period, the ATIP Division received a total of 14 consultations from other government institutions and organizations, and started the fiscal year 2022 to 2023 with an additional 12 consultations carried over from the previous fiscal year 2021 to 2022.

4.10 Disclosures made pursuant to paragraph 8(2)(e) of the Privacy Act

During the 2022-2023 fiscal year, 189 disclosures pursuant to paragraph 8(2)(e) of the PA were made by CSC.

4.11 Informal requests

During the reporting period, CSC received 455 informal requests. A total of 183 requests were carried over from the previous reporting year, totaling 638 informal requests requiring processing in 2022 to 2023. These include:

A total of 569 informal requests were closed during 2022 to 2023, with a total of 421,738 pages released.

In addition, the PGU reviewed records informally for CSC with the spirit of the Act at the forefront, including disciplinary, harassment and workplace violence reports. The PGU processed 328 of these requests, totaling 21,447 pages reviewed and 14,834 pages released. The PGU also reviewed information sharing agreements/Memoranda of Understanding; contracts; Commissioner’s Directives; and forms. The PGU processed 162 of these requests, totaling 890 countable pages reviewed.

4.12 COVID-19 Impact

During this reporting period, ATIP operations were not affected by COVID-19 pandemic.

5. Training and awareness

CSC offered several training and awareness sessions in this period. In general, the sessions covered both Access to Information and Privacy topics, with some variance based on the training participants.

The PGU plays a fundamental role in developing and delivering training to employees at NHQ, Regional Headquarters and at the institutional level across Canada, as well as the ATIP staff, on ATIP related matters. PGU also continues to provide advice, and address questions and concerns regarding training, policy and guidelines, and interpretations of the Acts through its generic email account. Through the use of these email accounts, CSC staff is provided with a single point of contact to increase their knowledge of the ATIP legislation and related policies.

During this fiscal year, the ATIP Division offered three formal training and awareness sessions. The first was delivered in May 2022 to 15 participants concerning the management of protected information and privacy breaches. The second training was delivered in December 2022 in both official languages (15 participants for the English session and 17 participants of the French session) focusing on ATIP awareness for Independent External Decision-Makers. Finally, a third training session was delivered in March 2023 to 11 participants about ATIP basics and essentials.

In addition, two training sessions were provided by staff at the Prairies Regional Headquarters about ATIP awareness. One was provided to the Chiefs of Health Services and Regional Managers of Health Services, where approximately 25 participants were in attendance. The second session was delivered to health care and mental health staff at Saskatchewan Penitentiary with approximately 45 participants in attendance. Staff in the Atlantic Region also delivered one training session about general and region-specific ATIP topics to two staff members.

CSC ATIP delivered presentations to Stony Mountain Institution’s inmates, Warden and parole officers on the ATIP process in June 2022, where approximately 25-30 participants attended. CSC ATIP also delivered presentations to approximately 20-30 staff in the Offender Redress Division and seven staff in the Human Rights Division, to explain the role of ATIP and provide an overview of ATIP’s operations. Additionally, CSC ATIP delivered a presentation at Government of Canada wide Mentoring (Career Boot camp): Mentorship presentation to approximately 300-400 participants in February 2023. Lastly, CSC ATIP delivered a presentation at CSC-wide mentorship/learning sessions where 75 participants were in attendance and occurred several times over the reporting period. All employees have mandatory training on information management practices, as well as training specific to protecting and sharing offender information.

6. Policies, guidelines and procedures

Over the past year, the ATIP Division has continued to update internal guidelines and procedures as required, including:

7. Initiatives and projects to improve privacy

Informal sharing pilot project

The Rights, Redress and Resolution (RRR) division is advancing towards the modernization and digitization of the ATIP as it relates to offenders. A key component of the modernization process is to find new ways to increase offenders’ access to these services, including access to their personal information. In partnership between NHQ Policy sector (Rights, Redress and Resolution Branch), the Prairie Region has agreed to host the Informal Sharing Pilot Project at Stony Mountain Institution, Bowden Institution and Saskatchewan Penitentiary from winter 2022 to September 2023.

CSC-ATIP receives a high volume of requests under the Privacy Act and the Access to Information Act - approximately 7,000 requests each year. In reviewing the statistical breakdown of the types of ATIP requests over the last seven years, statistics show that requests for Case Management and Health Care information make up over 40% of all offender driven ATIP requests.

Some of the information within offender Case Management and Health Care/other files can be shared with an offender without requiring the offender to go through the formal ATIP request process. The implementation of informal information sharing at the site, would lead to a better avenue for sites to share information with offenders in a timely manner, and substantially reduce the number of ATIP requests for Case Management and Health Care files.

Modernizing these processes will allow CSC to strengthen its analytical capabilities and improve its response rate. In addition, the modernization of processes lay the required foundation for future digitization, which is essential in the current digital age. It is of the utmost importance in advancing CSC’s mandate both on a strategic, policy and operational fronts. Additionally, the process of consultation, awareness and implementation, can be used to shift the current culture to embrace modernization and digitization not as a system modification but as a transformative tool enabling both employees and offenders.

The Informal Sharing Pilot project is still underway. Results of the pilot project will be communicated during the next reporting period.

Information sharing with public safety partners under section 8(2)

Disclosure and Law Enforcement Team (DLET) is a new team in ATIP with specialized knowledge in security operations and law. This team manages all requests from Crown Attorneys, Department of Justice and CSC’s law enforcement partners. CSC is in the process of working with our public safety partners to ensure we can share crucial information with them while still appropriately respecting the privacy and charter rights of our offender population. The recent ruling of the Supreme Court of British Columbia in R. v. Flintroy, 2018 BCSC 1777 confirms that, for the purposes of section 8 of the Charter, paragraph 8(2)(f) of the Privacy Act is unlikely to constitute reasonable lawful authority for law enforcement to be provided with personal information subject to a reasonable expectation of privacy for the purposes of furthering a criminal investigation. Internally, CSC is working to establish a framework that will assist in maintaining our information sharing practices without imposing a significant burden on our partners. We are examining measures to facilitate information sharing with our partners including potential legislative reform, and requiring Court/Production Orders in the interim. This work is underway and will continue into 2023 to 2024.

8. Complaints, compliance investigations and audits

As a result of the OPC’s investigations, recommendations, and the number of privacy complaints received (and carried over), CSC’s ATIP Division undertook several strategic measures to respond to complaints during this 2022 to 2023 period. For example:

These measures have shown significant result in reducing the number of privacy complaints received by CSC.

There were no audits undertaken during this fiscal year.

CSC received one new complaint related to the improper collection, use and disclosure of personal information - 13 complaints were carried over from previous fiscal years. During this fiscal year, six complaints were closed and eight were carried over to fiscal year 2023 to 2024, eight of which were pending a finding from the OPC.

9. Monitoring compliance

The Strategic Compliance, Reporting and Client Management (SCRCM) Team produces weekly reports for senior management that outlines various outputs, including the number of requests received, closed and outstanding. The SCRCM also generates ad hoc reports to monitor and report on strategic areas or “quick wins” with the objective of identifying trends and measuring performance to increase compliance with legislated timeframes.

In addition, the IPRU actively monitors, triages, and clarifies incoming requests, regularly reporting to senior management any requirement to reassess priorities and redistribute workload to improve performance.

To monitor compliance with portions of the Privacy Act that are not related to formal requests, CSC shares draft copies of contracts, agreements and arrangements with the PGU. A Senior Policy Advisor from the PGU reviews these documents to ensure the appropriate privacy protections have been included. Statistics related to the PGU’s tasks are shared with ATIP’s Director and with the Rights, Redress and Resolutions’ Director General.

CSC is limiting inter-institutional consultation to only when required for the proper exercise of discretion, a process in which OPIs actively participate. CSC ATIP monitors statistics regarding extensions letters and no records responses on a weekly basis to ensure timely processing.

10. Material privacy breaches

During the 2022 to 2023 reporting period, the ATIP Division reported 13 material privacy breaches to the OPC and TBS. These breaches consisted of disclosure of personal information (1) due to human error; (2) to outside parties on actions taken as a result of these breaches include meeting with and providing reminders to staff of their obligations regarding the protection of personal information and revisiting procedures. These updates included ensuring documents belonging to different individuals are kept separate, reviewing shared drives to ensure sensitive documents are removed or their access is restricted, incorporating document sensitivity notices in emails.

CSC takes breaches of personal information seriously and continues to educate staff on the protection of personal information as follows:

11. Privacy impact assessments

In accordance with TBS policy, CSC undertakes Privacy Impact Assessments (PIA) to ensure new and re-designed programs, initiatives and projects involving the collection, use, disclosure and retention of personal information are complying with the PA.

No PIAs were completed during the 2022 to 2023 fiscal year.

One new initiative was reported to the OPC regarding the use of body scanners in CSC’s institutions. CSC pursued a new legal authority to introduce body scanners to scan individuals and detect contraband or unauthorized items hidden in or on a person. Two body scanners are being piloted and a PIA is currently underway to identify any risks and the corresponding mitigation strategies.

12. Public interest disclosures

Paragraph 8(2)(m) of the PA permits the disclosure of personal information where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where the disclosure would clearly benefit the individual to whom the information relates.

During the 2022 to 2023 fiscal year, three disclosures pursuant to paragraph 8(2)(m) of the PA were made by CSC. Three of the public interest disclosures were made to family members/next of kin and the executor of the estate following a death while in the care and custody of CSC. The OPC was notified before all of the disclosures occurred.

13. Federal court

The ATIP Division received two Notices of Application for Judicial Review in this reporting period, both stemming from time delay complaints by the OPC.

Appendix A: Delegation Order

Figure 7: Privacy Act Delegation Order
for image description read Text description for Figure 7: <em>Privacy Act</em> Delegation Order
Text description for Figure 7: Privacy Act Delegation Order

The Minister of Public Safety pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercises the powers, duties and functions of the Minister as the head of Correctional Service of Canada, under the provisions of the Privacy Act and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders:

Privacy Act Delegation Order
Delegates Authorities under the Privacy Act and Privacy Act Regulations

Commissioner, Senior Deputy Commissioner, Assistant Commissioner of Policy

 Full authority
Director General, Rights, Redress and Resolution, Director of ATIP, Deputy Directors of ATIP Full authority excluding sections 8(2)(m), 8(2)(j), and 8(5) of the Privacy Act
ATIP Team Leaders / Senior Policy Advisor Sections 8(2)(e), 8(2)(f), 8(4), 9(1), 10(1), 14, 15, 17(2)(b), 17(3)(b), 19(1), 19(2), 20 to 22, 22.3, 23 to 27, 27.1, 28, 31, 35(1), 35(4), 36(3), 37(3), 51(3), and 70 of the Privacy Act and sections 9, 11(2), 11(4), 13(1) and 14 of the Privacy Act Regulations
ATIP Analysts, ATIP Manager, Administrative Unit, ATIP Junior Information Officer, ATIP Clerks Section 15 of the Privacy Act
Regional Deputy Commissioners, Wardens and District Directors, Regional Administrators, Communications and Executive Services 8(2)(e), 8(2)(f), 8(4), 9(1), 31, 35(1), 35(4), 36(3), 37(3), and 51(3) of the Privacy Act

Dated at the City of Ottawa, this 29th day of June 2022

The Honourable Marco E. L. Mendicino, P.C., M.P.

Minister of Public Safety

Appendix B: Statistical Report on the Privacy Act

Statistical Report on the Privacy Act

Name of institution: Correctional Service of Canada

Reporting period: 2022-04-01 to 2023-03-31

Section 1: Requests under the Privacy Act

1.1 Number of requests received
Table 3: Number of requests received
Type of request Number of requests
Received during reporting period 5,292
Outstanding from previous reporting periods 24,544
  • Outstanding from previous reporting period
 4,975
  • Outstanding from more than one reporting period
 19,569
Total 29,836
Closed during reporting period 9,479
Carried over to next reporting period 20,357
  • Carried over within legislated timeline
 916
  • Carried over beyond legislated timeline
 19,441
1.2 Channels of requests
Table 4: Channels of requests
Source Number of requests
Online 194
Email 2,928
Mail 723
In person 0
Phone 0
Fax 1,447
Total 5,292

Section 2: Informal requests

2.1 Number of informal requests
Table 5: Number of informal requests
Type of request Number of requests
Received during reporting period 455

Outstanding from previous reporting periods

  • Outstanding from previous reporting period: 129
  • Outstanding from more than one reporting period: 54
 183
Total 638
Closed during reporting period 569
Carried over to next reporting period 69
2.2 Channels of informal requests
Table 6: Channels of informal requests
Source Number of requests
Online 1
Email 404
Mail 12
In person 27
Phone 0
Fax 11
Total 455
2.3 Completion time of informal requests
Table 7: Completion time of informal requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
200 64 77 77 37 38 76 569
2.4 Pages released informally
Table 8: Pages released informally
Type of request Less than 100 pages released 100 to 500 pages released 501 to 1,000 pages released 1,001 to 5,000 pages released More than 5,000 pages released
Number of requests 303 90 48 110 18
Pages released 5,472 23,738 34,529 220,788 137,211

Section 3: Requests closed during the reporting period

3.1 Disposition and completion time
Table 9: Disposition and completion time
Disposition of requests 1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 5 7 9 14 24 204 433 696
Disclosed in part 17 28 69 72 71 452 1,505 2,215
All exempted 0 0 0 1 0 4 7 12
All excluded 0 0 0 0 0 0 2 2
No records exist 108 137 129 54 26 16 61 531
Request abandoned 25 13 7 18 9 99 5,846 6,017
Neither confirmed nor denied 0 0 0 0 0 2 4 6
Total 155 185 214 159 130 777 7,859 9,479
3.2 Exemptions
Table 10: Exemptions
Section Number of requests
18(2) 0
19(1)(a) 10
19(1)(b) 1
19(1)(c) 605
19(1)(d) 327
19(1)(e) 0
19(1)(f) 0
20 0
21 3
22(1)(a)(i) 380
22(1)(a)(ii) 52
22(1)(a)(iii) 6
22(1)(b) 1
22(1)(c) 1,215
22(2) 0
22.1 1
22.2 0
22.3 0
22.4 0
23(a) 0
23(b) 0
24(a) 5
24(b) 168
25 14
26 3,117
27 113
27.1 0
28 19
3.3 Exclusions
Table 11: Exclusions
Section Number of requests
69(1)(a) 3
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
3.4 Format of information released
Table 12: Format of information released
Paper Electronic:
E-record		 Electronic:
Data set		 Electronic:
Video		 Electronic:
Audio		 Other
2,818 93 0 28 7 0
3.5 Complexity
3.5.1 Relevant pages processed and disclosed for paper and e-record formats
Table 13: Relevant pages processed and disclosed for paper and e-record formats
Number of pages processed Number of pages disclosed Number of requests
1,170,143 753,394 8,948
3.5.2 Relevant pages processed by request disposition for paper and e-record formats by size of requests
Table 14: Number of requests for paper and electronic records processed by disposition type and pages processed
Disposition Less than 100 pages processed 100 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
All disclosed 586 95 13 2 0
Disclosed in part 856 910 247 195 7
All exempted 10 1 0 0 1
All excluded 1 1 0 0 0
Request abandoned 5,536 350 85 46 0
Neither confirmed nor denied 6 0 0 0 0
Total 6,995 1,357 345 243 8
Table 15: Number of pages of paper and electronic records processed by disposition type and pages processed
Disposition Less than 100 pages processed 100 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
All disclosed 15,811 18,593 9,822 5,190 0
Disclosed in part 36,759 212,232 169,969 334,096 110,568
All exempted 53 348 0 0 23,084
All excluded 1 326 0 0 0
Request abandoned 12,297 84,868 58,923 77,203 0
Neither confirmed nor denied 0 0 0 0 0
Total 64,921 316,367 238,714 416,489 133,652
3.5.3 Relevant minutes processed and disclosed for audio formats
Table 16: Relevant minutes processed and disclosed for audio formats
Number of minutes processed Number of minutes disclosed Number of requests
197 185 7
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Table 17: Number of audio requests processed by disposition type and length of recording
Disposition Less than 60 minutes processed 60 to 120 minutes processed More than 120 minutes processed
All disclosed 3 0 0
Disclosed in part 3 1 0
All exempted 0 0 0
All excluded 0 0 0
Request abandoned 0 0 0
Neither confirmed nor denied 0 0 0
Total 6 1 0
Table 18: Length of audio requests processed by disposition type and length of recording
Disposition Less than 60 minutes processed 60 to 120 minutes processed More than 120 minutes processed
All disclosed 73 0 0
Disclosed in part 25 99 0
All exempted 0 0 0
All excluded 0 0 0
Request abandoned 0 0 0
Neither confirmed nor denied 0 0 0
Total 98 99 0
3.5.5 Relevant minutes processed and disclosed for video formats
Table 19: Number of video requests processed by disposition type and length of recording
Number of minutes processed Number of minutes disclosed Number of requests
6,658 3,556 57
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Table 20: Number of video requests processed by disposition type and length of recording
Disposition Less than 60 minutes processed 60 to 120 minutes processed More than 120 minutes processed
All disclosed 2 0 0
Disclosed in part 15 2 6
All exempted 1 0 1
All excluded 0 0 0
Request abandoned 29 0 0
Neither confirmed nor denied 1 0 0
Total 48 2 7
Table 21: Length of video requests processed by disposition type and length of recording
Disposition Less than 60 minutes processed 60 to 120 minutes processed More than 120 minutes processed
All disclosed 59 0 0
Disclosed in part 285 148 3,758
All exempted 8 0 2,400
All excluded 0 0 0
Request abandoned 0 0 0
Neither confirmed nor denied 0 0 0
Total 352 148 6,158
3.5.7 Other complexities
Table 22: Length of video requests processed by disposition type and length of recording
Disposition Consultation required Legal advice sought Interwoven information Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 0 0 0 0
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 0 0 0 0 0
3.6 Closed requests
3.6.1 Number of requests closed within legislated timelines
Table 23: Number of requests closed within legislated timelines
Number of requests closed within legislated timelines 549
Percentage of requests closed within legislated timelines (%) 5.791750185
3.7 Deemed refusals
3.7.1 Reasons for not meeting legislated timelines
Table 24: Reasons for not meeting legislated timelines
Number of requests closed past the legislated timelines Principal reason: Interference with operations / Workload Principal reason: External consultation Principal reason: Internal consultation Principal reason: Total
8,930 8,930 0 0 0
3.7.2 Request closed beyond legislated timelines (including any extension taken)
Table 25: Request closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines Number of requests past legislated timeline where no extension was taken Number of requests past legislated timeline where an extension was taken Total
1 to 15 days 5 52 57
16 to 30 days 8 26 34
31 to 60 days 24 47 71
61 to 120 days 16 113 129
121 to 180 days 9 154 163
181 to 365 days 55 987 1,042
More than 365 days 4,519 2,915 7,434
Total 4,636 4,294 8,930
3.8 Demandes de traduction
Tableau 26 : Demandes de traduction
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 4: Disclosures under subsections 8(2) and 8(5)

Table 27: Disclosures under subsections 8(2) and 8(5)
Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
189 3 3 195

Section 5: Requests for correction of personal information and notations

Table 28: Requests for correction of personal information and notations
Disposition for correction requests received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 6: Extensions

6.1 Reasons for extensions
Table 29: 15(a)(i) Interference with operations
Reason for extension Number of extensions taken
Further review required to determine exemptions 1
Large volume of pages 11
Large volume of requests 4,500
Documents are difficult to obtain 0
Total 4,512
Table 30: 15 (a)(ii) Consultation
Reason for extension Number of extensions taken
Cabinet confidence section (Section 70) 0
External 0
Internal 0
Total 0
Table 31: 15(b) Translation purposes or conversion
Reason for extension Number of extensions taken
15(b) Translation purposes or conversion 0
Total 0
6.2 Length of extensions
Table 32: 15(a)(i) Interference with operations
Length of Extensions Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain
1 to 15 days 0 0 1 0
16 to 30 days 1 11 4,999 0
31 days or greater 0 0 0 0
Total 1 11 4,500 0
Table 33: 15 (a)(ii) Consultation
Length of Extensions Cabinet confidence section (Section 70) External Internal
1 to 15 days 0 0 0
16 to 30 days 0 0 0
31 days or greater 0 0 0
Total 0 0 0
Table 34: 15(b) Translation purposes or conversion
Length of Extensions 15(b)Translation purposes or conversion
1 to 15 days 0
16 to 30 days 0
31 days or greater 0
Total 0

Section 7: Consultations received from other institutions and organizations

7.1 Consultations received from other Government of Canada institutions and other organizations
Table 35: Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 13 340 1 97
Outstanding from the previous reporting period 6 703 6 93
Total 19 1,043 7 190
Closed during the reporting period 15 414 1 8
Carried over within negotiated timelines 0 0 1 97
Carried over beyond negotiated timelines 4 629 5 85
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Table 36: Number of days to complete consultation requests by recommendation
Recommendation 1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
Disclose entirely 0 0 0 0 1 1 0 2
Disclosed in part 6 1 1 1 0 0 1 10
Exempt entirely 0 0 0 1 0 0 0 1
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 2 0 0 0 0 0 0 2
Other 0 0 0 0 0 0 0 0
Total 8 1 1 2 1 1 1 15
7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada
Table 37: Number of days to complete consultation requests by recommendation
Recommendations 1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 1 1
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 1 1

Section 8: Completion time of consultations on cabinet confidences

8.1 Requests with Legal Services
Table 38: Number of requests with Legal Services by number of days and number of pages processed
Number of days Fewers than 100 pages processed 100 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
1 to 15 0 0 0 0 0
16 to 30 0 0 0 0 0
31 to 60 0 0 0 0 0
61 to 120 0 0 0 0 0
121 to 180 0 0 0 0 0
181 to 365 0 0 0 0 0
More than 365 0 0 0 0 0
Total 0 0 0 0 0
Table 39: Pages disclosed by requests with Legal Services by number of days and number of pages processed
Number of days Fewers than 100 pages processed 100 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
1 to 15 0 0 0 0 0
16 to 30 0 0 0 0 0
31 to 60 0 0 0 0 0
61 to 120 0 0 0 0 0
121 to 180 0 0 0 0 0
181 to 365 0 0 0 0 0
More than 365 0 0 0 0 0
Total 0 0 0 0 0
8.2 Requests with Privy Council Office
Table 40: Number of requests with Privy Council Office by number of days and number of pages processed
Number of days Fewers than 100 pages processed 100 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
1 to 15 0 0 0 0 0
16 to 30 0 0 0 0 0
31 to 60 0 0 0 0 0
61 to 120 0 0 0 0 0
121 to 180 0 0 0 0 0
181 to 365 0 0 0 0 0
More than 365 0 0 0 0 0
Total 0 0 0 0 0
Table 41: Pages disclosed by requests with Privy Council Office by number of days and number of pages processed
Number of days Fewers than 100 pages processed 100 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
1 to 15 0 0 0 0 0
16 to 30 0 0 0 0 0
31 to 60 0 0 0 0 0
61 to 120 0 0 0 0 0
121 to 180 0 0 0 0 0
181 to 365 0 0 0 0 0
More than 365 0 0 0 0 0
Total 0 0 0 0 0

Section 9: Complaints and investigations notices received

Table 42: Complaints and investigations notices received
Section 31 Section 33 Section 35 Court action Total
151 155 144 2 452

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)

10.1 Privacy Impact Assessments
Table 43: Privacy Impact Assessments
Number of PIAs completed 0
Number of PIAs modified 0
10.2 Institution-specific and central Personal Information Banks
Table 44: Institution-specific and central Personal Information Banks
Personal Information Banks Active Created Terminated Modified
Institution-specific 25 0 0 0
Central 0 0 0 0
Total 25 0 0 0

Section 11: Privacy breaches

11.1 Material privacy breaches reported
Table 45: Material privacy breaches reported
Number of material privacy breaches reported to TBS 13
Number of material privacy breaches reported to OPC 13
11.2 Non-material privacy breaches
Table 46: Non-material privacy breaches
Number of non-material privacy breaches 23

Section 12: Resources related to the Privacy Act

12.1 Allocated Costs
Table 47: Allocated costs
Expenditures Amount
Salaries $6,440,999
Overtime $54,962
Goods and Services $1,265,478
  • Professional services contracts
 $0
  • Other
 $1,265,478
Total $7,761,439
12.2 Human resources
Table 48: Human resources
Resources Person years dedicated to privacy activities
Full-time employees 84.000
Part-time and casual employees 2.333
Regional staff 0.000
Consultants and agency personnel 0.000
Students 0.000
Total 86.333

Appendix C: 2022 to 2023 Supplemental Statistical Report on the Access to Information and Privacy Act

Supplemental Statistical Report on the Access to Information Act and the Privacy Act

Name of institution: Correctional Service of Canada

Reporting period: 2022-04-01 to 2023-03-31

Section 1: Capacity to receive requests under the Access to Information Act and the Privacy Act

Enter the number of weeks your institution was able to receive ATIP requests through the different channels
Table 49: Capacity to receive requests under the Access to Information Act and the Privacy Act
Type of request Number of weeks
Able to receive requests by mail 52
Able to receive requests by email 52
Able to receive requests through the digital request service 52

Section 2: Capacity to Process Records under the Access to Information Act and the Privacy Act

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels
Table 50: Capacity to process records under the Access to Information Act and the Privacy Act
Type of paper records No capacity Partial capacity Full capacity Total
Unclassified paper records 0 0 52 52
Protected B paper records 0 0 52 52
Secret and top secret paper records 0 0 52 52
2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels
Table 51: Number of weeks your institution was able to process electronic records in different classification levels
Type of electronic records No capacity Partial capacity Full capacity Total
Unclassified electronic records 0 0 52 52
Protected B electronic records 0 0 52 52
Secret and top secret electronic records 0 0 52 52

Section 3: Open requests and complaints under the Access to Information Act

3.1 Enter the number of open requests that are outstanding from previous reporting periods
Table 52: Enter the number of open requests that are outstanding from previous reporting periods
Fiscal year open requests were received Open requests that are within legislated timelines as of March 31, 2023 Open Requests that are beyond legislated timelines as of March 31, 2023 Total
Received in 2022 to 2023 59 101 160
Received in 2021 to 2022 28 141 169
Received in 2020 to 2021 10 71 81
Received in 2019 to 2020 0 54 54
Received in 2018 to 2019 4 23 27
Received in 2017 to 2018 1 9 10
Received in 2016 to 2017 0 2 2
Received in 2015 to 2016 1 2 3
Received in 2014 to 2015 0 6 6
Received in 2013 to 2014 or earlier 0 0 0
Total 103 409 512
3.2 Enter the number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods
Table 53: Number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods
Fiscal year open complaints were received by institution Number of Open Complaints
Received in 2022 to 2023 27
Received in 2021 to 2022 17
Received in 2020 to 2021 6
Received in 2019 to 2020 7
Received in 2018 to 2019 0
Received in 2017 to 2018 0
Received in 2016 to 2017 0
Received in 2015 to 2016 0
Received in 2014 to 2015 0
Received in 2013 to 2014 or earlier 0
Total 57

Section 4: Open requests and complaints under the Privacy Act

4.1 Enter the number of open requests that are outstanding from previous reporting periods
Table 54: Number of open requests that are outstanding from previous reporting periods
Fiscal year open requests were received Open requests that are within legislated timelines as of March 31, 2023 Open Requests that are beyond legislated timelines as of March 31, 2023 Total
Received in 2022 to 2023 916 3,348 4,264
Received in 2021 to 2022 0 3,221 3,221
Received in 2020 to 2021 0 2,780 2,780
Received in 2019 to 2020 0 3,155 3,155
Received in 2018 to 2019 0 3,016 3,016
Received in 2017 to 2018 0 2,811 2,811
Received in 2016 to 2017 0 943 943
Received in 2015 to 2016 0 81 81
Received in 2014 to 2015 0 86 86
Received in 2013 to 2014 or earlier 0 0 0
Total 916 19,441 20,357
4.2 Enter the number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods
Table 55: Number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods
Fiscal year open complaints were received by institution Number of Open Complaints
Received in 2022 to 2023 54
Received in 2021 to 2022 26
Received in 2020 to 2021 15
Received in 2019 to 2020 4
Received in 2018 to 2019 4
Received in 2017 to 2018 3
Received in 2016 to 2017 1
Received in 2015 to 2016 0
Received in 2014 to 2015 0
Received in 2013 to 2014 or earlier 0
Total 107

Section 5: Social Insurance Number (SIN)

Table 56: Social Insurance Number (SIN)
Did your institution receive authority for a new collection or new consistent use of the SIN in 2021 to 2022 No

Section 6: Universal access under the Privacy Act

Table 57: Universal Access under the Privacy Act
How many requests were received from confirmed foreign nationals outside of Canada in 200 to 2023 3

Page details

Date modified: