Language selection

Government of Canada / Gouvernement du Canada

Search

DAOD 2006-1, Procedures for the Safeguarding and Authorized Disclosure of Information in the DND and the CAF

Table of Contents

  1. Introduction
  2. Definitions
  3. Overview
  4. Operating Principles and Procedures
  5. Compliance and Consequences
  6. Responsibilities
  7. References

1. Introduction

Date of Issue: 2022-01-12

Application: This DAOD is a directive that applies to employees of the Department of National Defence (DND employees) and an order that applies to officers and non-commissioned members of the Canadian Armed Forces (CAF members).

Approval Authority: Director General Defence Security (DGDS)

Enquiries: Director Defence Security Policy, Training and Awareness (DDSPTA)

2. Definitions

aggregation (recoupement)
The acquisition of sensitive information by collecting and correlating information of lesser sensitivity. (Defence Terminology Bank record number 20941)
classified information (renseignements classifiés)
Information is categorized as “classified” (that is, “Confidential,” “Secret” or “Top Secret”) when unauthorized disclosure could reasonably be expected to cause injury to the national interest. (Appendix Jof the Directive on Security Management, Treasury Board)
functional authority (autorité fonctionnelle)

Authority assigned in a policy framework DAOD by the Deputy Minister of National Defence and the Chief of the Defence Staff to a level one advisor or other senior official to develop and issue DAOD, manuals, standard operating procedures and other similar instruments in an assigned or authorized functional area.

Note: The term "functional authority" may also be used to refer to a level one advisor or other senior official who exercises functional authority. (Defence Terminology Bank record number 35214)

personal information (renseignements personnels)
Means information about an identifiable individual that is recorded in any form including, without restricting the generality of the foregoing,
  1. information relating to the race, national or ethnic origin, colour, religion, age or marital status of the individual,
  2. information relating to the education or the medical, criminal or employment history of the individual or information relating to financial transactions in which the individual has been involved,
  3. any identifying number, symbol or other particular assigned to the individual,
  4. the address, fingerprints or blood type of the individual,
  5. the personal opinions or views of the individual except where they are about another individual or about a proposal for a grant, an award or a prize to be made to another individual by a government institution or a part of a government institution specified in the regulations,
  6. correspondence sent to a government institution by the individual that is implicitly or explicitly of a private or confidential nature, and replies to such correspondence that would reveal the contents of the original correspondence,
  7. the views or opinions of another individual about the individual,
  8. the views or opinions of another individual about a proposal for a grant, an award or a prize to be made to the individual by an institution or a part of an institution referred to in paragraph (e), but excluding the name of the other individual where it appears with the views or opinions of the other individual, and
  9. the name of the individual where it appears with other personal information relating to the individual or where the disclosure of the name itself would reveal information about the individual,

but, for the purposes of sections 7, 8 and 26 and section 19 of the Access to Information Act, does not include

  1. information about an individual who is or was an officer or employee of a government institution that relates to the position or functions of the individual including,
    1. the fact that the individual is or was an officer or employee of the government institution,
    2. the title, business address and telephone number of the individual,
    3. the classification, salary range and responsibilities of the position held by the individual,
    4. the name of the individual on a document prepared by the individual in the course of employment, and
    5. the personal opinions or views of the individual given in the course of employment,
  2. the fact that an individual is or was a ministerial adviser or a member of a ministerial staff, as those terms are defined in subsection 2(1) of the Conflict of Interest Act, as well as the individual’s name and title,
  3. information about an individual who is or was performing services under contract for a government institution that relates to the services performed, including the terms of the contract, the name of the individual and the opinions or views of the individual given in the course of the performance of those services,
  4. information relating to any discretionary benefit of a financial nature, including the granting of a licence or permit, conferred on an individual, including the name of the individual and the exact nature of the benefit, and
  5. information about an individual who has been dead for more than twenty years.

(Section 3 of the Privacy Act)

protected information (renseignements protégés)
Information that is categorized as “Protected A,” “Protected B” or “Protected C” when unauthorized disclosure could reasonably be expected to cause injury outside of the national interest. (Appendix Jof the Directive on Security Management, Treasury Board)
unclassified information (renseignements non classifiés)
Information that is not categorized as protected information or classified information. (Defence Terminology Bank record number 696380)

3. Overview

Context

3.1 There are a number of DND and CAF policies, directives and standards dealing with the safeguarding and disclosure of information in the DND and the CAF. While these instruments all serve a valuable purpose in supporting DND activities and CAF operations, no single instrument provides the required high-level policy direction and guidance for the safeguarding and authorized disclosure of information in the DND and the CAF, including classified information, protected information and some unclassified information. This DAOD provides that direction and guidance.

3.2 The DND and CAF are committed to safeguarding information while respecting applicable legislation and Government of Canada, DND and CAF policies, directives and standards related to open government, transparency, access to information and engaging with the media and the Canadian public. Nothing in this DAOD should be interpreted as limiting the direction found in:

  1. the Access to Information Act (ATIA);
  2. the Privacy Act;
  3. the DAOD 1001 series on access to information;
  4. the DAOD 1002 series on personal information;
  5. DAOD 2008-0, Public Affairs Policy;
  6. the Treasury Board (TB) Directive on Open Government;
  7. the Open Government Implementation Plan: Department of National Defence and the Canadian Armed Forces;and
  8. the Government of Canada National Security Transparency Commitment.

Reporting of Wrongdoing

3.3 This DAOD does not limit the ability of a DND employee or CAF member to disclose information when reporting wrongdoing. Public servants may report wrongdoing in accordance with the Public Servants Disclosure Protection Act to the Senior Officer, Assistant Deputy Minister (Review Services) (ADM(RS)), their supervisor or the Public Sector Integrity Commissioner if they have reason to believe that wrongdoing has occurred. CAF members may disclose wrongdoing to ADM(RS) in accordance with the Canadian Forces Disclosure Process, or their chain of command in accordance with chapter IV of the DND and CF Code of Values and Ethics. If wrongdoing is reported, a DND employee is protected from reprisals by section 19 of the Public Servants Disclosure Protection Act, and a CAF member is protected by article 19.15, Prohibition of Reprisals, of the Queen’s Regulations and Orders for the Canadian Forces (QR&O).

Unclassified Information

3.4 Some unclassified information is sensitive because its disclosure could reasonably be expected to cause injury to important Government of Canada interests. For example, the disclosure of unclassified information that is exempt or excluded from disclosure under the Access to Information Act or personal information protected under the Privacy Act would be injurious. Therefore, the fact that information is unclassified does not necessarily mean that it may be disclosed and that it does not need to be safeguarded.

Purpose

3.5 The purpose of this DAOD is to provide the necessary direction and guidance for the proper safeguarding and authorized disclosure of information in the DND and the CAF.

3.6 This DAOD should be read in conjunction with:

  1. DAOD 1001-0, Access to Information;
  2. DAOD 1001-1, Access to Information Act Requests;
  3. DAOD 1002-0, Administration of the Privacy Act;
  4. DAOD 1002-1, Privacy Act Requests and Correction of Personal Information;
  5. DAOD 1002-6, Disclosure of Personal Information;
  6. DAOD 2006-0, Defence Security;
  7. DAOD 2008-0, Public Affairs Policy;
  8. DAOD 6000-0, Information Management and Information Technology;
  9. DAOD 7024-1, Internal Procedures for Disclosure by DND Employees of Wrongdoings in the Workplace;
  10. the TB Policy on Communications and Federal Identity;
  11. the Directive on Open Government;
  12. the National Defence Security Orders and Directives (NDSOD); and
  13. other applicable security-related Government of Canada, DND and CAF policies, directives and standards.

4. Operating Principles and Procedures

General Principles

4.1 In accordance with Government of Canada policy, the maximum amount of information should be disclosed to support transparency, accountability, citizen engagement and socio-economic benefits through reuse, subject to applicable restrictions associated with privacy, confidentiality and security. These restrictions are explained in this section.

4.2 Information is not to be safeguarded in order to prevent embarrassment or to conceal inefficiency, errors or problems.

4.3 The disclosure of protected information or classified information is governed by the following:

  1. the TB Policy on Government Security and associated policies, directives and standards;
  2. the NDSOD; and
  3. functional direction of the Chief of Defence Intelligence (CDI).

Note – The Release and Disclosure Coordination Office in the Canadian Forces Intelligence Command is the office of primary interest responsible for managing the disclosure process of classified information on behalf of the CDI.

Principles for Safeguarding and the Disclosure of information

4.4 The safeguarding and disclosure of personal information are conducted in accordance with the Privacy Act and the DAOD 1002 series.

4.5 Some information under the control of the government must be safeguarded in order to prevent the impairment of the proper functioning of government institutions and to promote good governance. In such circumstances, the public interest in the confidentiality of government information outweighs the interests served by disclosure. Information must be safeguarded if its disclosure could reasonably be expected to be injurious in accordance with these operating principles and procedures. The determination of whether the disclosure of information would be injurious is based on a reasonable person test which means: could the disclosure of the information reasonably be expected to cause injury?

4.6 The safeguarding of information is key to the ability of the DND and CAF to deliver and conduct activities and operations. Information in the DND and the CAF must be appropriately protected from unauthorized access, use, disclosure, modification, transmission, disposal or destruction throughout its lifecycle. Proper safeguarding includes the consideration of the category of information (classified information, protected information, personal information or unclassified information), the requirement for operational security and the aggregation of large volumes of information. Operational security and aggregation are important factors when considering the authorized disclosure of unclassified information.

4.7 DND employees and CAF members must at all times safeguard all information in the DND and the CAF, including unclassified information, that is exempt from disclosure under sections 13 to 24 of the ATIA or excluded under section 69 of that Act. Without limiting the generality of the foregoing, DND employees and CAF members must safeguard information from unauthorized disclosure if the disclosure could:

  1. be a breach of confidence (e.g. the information was obtained in confidence by the Government of Canada);
  2. be a breach of a privilege under the law (e.g. solicitor-client privilege, litigation privilege or a privilege under statute such as a confidence of the Queen’s Privy Council);
  3. reasonably be expected to be injurious to the conduct of international affairs, the defence of Canada or any state allied or associated with Canada;
  4. reasonably be expected to be injurious to the detection, prevention or suppression of subversive or hostile activities;
  5. reasonably be expected to be injurious to law enforcement or the conduct of lawful investigations;
  6. reasonably be expected to be injurious to the economic interests of Canada, the economic interests of certain government institutions or the interests of third parties;
  7. reasonably be expected to be injurious to the Government of Canada or third parties in the procurement process or in the design, development or production of a weapon or other defence equipment for the CAF;
  8. adversely affect the operations of government, including advice in support of government decision-making and policy development;
  9. reasonably be expected to threaten the safety of individuals;
  10. reasonably be expected to be injurious to the conduct by the Government of Canada of federal-provincial affairs; or
  11. be prohibited or restricted by statute, as set out in Schedule II of the ATIA.

4.8 DND employees and CAF members should consult the ATIA for additional details on the types of information listed in the previous paragraph. Additional information on access to information criteria is also available in the TB Access to Information Manual.

4.9 DND employees and CAF members have a clear requirement to safeguard information. For DND employees this requirement begins immediately upon their joining the public service when they make their public service oath or solemn affirmation, which includes the following statement: “I will not, without due authority, disclose or make known any matter that comes to my knowledge by reason of such employment”. For both DND employees and CAF members this requirement is also included in the DND and CAF Code of Values and Ethics, which provides that they are responsible for appropriately safeguarding information and disclosing it only after proper approval and through officially authorised means.

Briefings and Training

4.10 In order to achieve the purpose of this DAOD, DND employees, CAF members, contractors and other persons working in the DND and the CAF must receive appropriate security briefings and training, including the need to safeguard information. They must be briefed on the appropriate mechanisms for vetting and disclosing information, in line with the ATIA and Privacy Act, the Policy on Communications and Federal Identity, the Directive on Open Government, the NDSOD and other security directives.

Authorized Disclosure to Other Government Institutions, Allied Military Organizations and Foreign Entities

4.11 DND employees and CAF members are authorized to disclose information to other government institutions and allied military organizations when required in the course of their employment or duties. Other government institutions are those listed in the Financial Administration Act schedules. Before disclosing information, DND employees and CAF members must consider the sensitivity level of the information, an individual’s security screening level and a demonstrated need-to-know, i.e., that an individual’s duties require such access. Before disclosing information to a foreign entity, DND employees and CAF members must also comply with the Avoiding Complicity in Mistreatment by Foreign Entities Act and related direction. Any disclosure of personal information must be in accordance with the Privacy Act.

Procedures for the Disclosure of Information in the DND and the CAF

4.12 DND employees and CAF members must comply with the following laws, directives, orders and procedures for disclosure:

  1. for access to information, public affairs and open government: the laws, directives and orders set out in paragraph 3.2;
  2. for classified information and protected information: the policies, directives, orders and direction set out in paragraph 4.3;
  3. for personal information: the Privacy Act and the DAOD 1002 series; and
  4. for unclassified information: the procedures set out in paragraph 4.13.

Procedures for the Disclosure of Unclassified Information

4.13 A DND employee or CAF member must comply with the following procedures prior to the disclosure of any unclassified information:

If … then …
  • the DND employee or CAF member has primary management or leadership responsibility for information in the level one (L1) organization with functional authority for the information; and
  • the DND employee or CAF member confirms that the information would be exempt or excluded under the ATIA,

the information may not be disclosed except as provided by DAOD 1001-1, or as directed by the head of the government institution under the ATIA, in certain situations.
  • the DND employee or CAF member does not have primary management or leadership responsibility for the information in the L1 organization with functional authority for the information; and
  • the DND employee or CAF member believes that the information would be exempt or excluded under the ATIA,

the request must be forwarded to the person with primary management or leadership responsibility for the information in the applicable L1 organization with functional authority for the information.
  • the unclassified information does not contain any information that would be subject to an exemption or exclusion under the ATIA,

the information may be disclosed, after considering issues of aggregation and operational security, by the person with primary management or leadership responsibility for the information in the applicable L1 organization with functional authority for the information.

Note – Embarrassment to the DND or the CAF, or evidence of inefficiency, errors or problems in the DND or the CAF, is not a ground to deny disclosure of information.
  • the DND employee or CAF member has any uncertainty related to these procedures,

the situation must be discussed with their supervisor prior to any disclosure.

4.14 A deviation from the above procedures may only be authorized by or under the authority of the Deputy Minister or the Chief of the Defence Staff.

5. Compliance and Consequences

Compliance

5.1 DND employees and CAF members must comply with this DAOD. Should clarification of the policies or instructions set out in this DAOD be required, DND employees and CAF members may seek direction through their channel of communication or chain of command, as appropriate. Managers and military supervisors have the primary responsibility for and means of ensuring the compliance of their DND employees and CAF members with this DAOD.

Consequences of Non-compliance

5.2 DND employees and CAF members are accountable to their respective managers and military supervisors for any failure to comply with the direction set out in this DAOD. Non-compliance with this DAOD may result in administrative action, including the imposition of disciplinary measures, for a DND employee, and administrative or disciplinary action, or both, for a CAF member. Non-compliance may also result in the imposition of liability on the part of Her Majesty in right of Canada, DND employees and CAF members.

Note – In respect of the compliance of DND employees, see the TB Framework for the Management of Compliance for additional information.

6. Responsibilities

Responsibility table

6.1 The following table identifies the responsibilities associated with this DAOD:

The, a or an … is or are responsible for …

CDI
  • issuing functional direction governing the disclosure of defence intelligence or intelligence-derived information.

ADM (Information Management) (IM)
  • implementing, where applicable, information security controls on IM systems to prevent and detect unauthorized information disclosures;
  • leading information security incident response and mitigation actions resulting from this DAOD when IM systems are involved;
  • issuing information security policies, instructions, directives and standards related to this DAOD;
  • providing awareness products linked to the safeguarding of information and the aggregation of unclassified information; and
  • supporting investigations of unauthorized disclosure of information through the auditing of IM-related systems, to the extent authorized by law.

DGDS as the Chief Security Officer
  • providing awareness products linked to the safeguarding of information, including operational security; and
  • requesting investigations by the Canadian Forces Military Police Group (CF MP Gp) of unauthorized disclosures of information, when appropriate.

Commander, CF MP Gp
  • proceeding with investigations regarding the unauthorized disclosure of information, when appropriate.

unit security supervisors and information systems security officers
  • providing guidance and conducting security awareness training within their organizations, focused on the safeguarding of information, including operational security and aggregation of unclassified information.

DND employees and CAF members with primary management or leadership responsibility for information in an L1 organization with functional authority for the information
  • reviewing the content of any information to be disclosed and approving the disclosure of the information, in accordance with this DAOD and other applicable orders and directives.

DND employees and CAF members
  • safeguarding information in the DND and the CAF; and
  • ensuring that any disclosure of information is reviewed in accordance with this DAOD and other applicable orders, directives and instructions, and information is only disclosed in accordance with this DAOD.

7. References

Acts, Regulations, Central Agency Policies and Policy DAOD

Other References

Page details

Date modified: