Language selection

Government of Canada / Gouvernement du Canada

Search

CDS/DM Directive to improve compliance with the Access to Information and Privacy Acts

June 2025

References

  1. Access to Information Act
  2. Privacy Act
  3. Government of Canada Directive on Access to Information Requests
  4. Defence Administrative Orders and Directives 1001-1, Access to Information Act Requests
  5. CDS/DM Directive for Stewardship of Digital Assets (accessible only on the National Defence network)

Situation

  1. (U) Application. This directive applies to all Department of National Defence (DND) employees, all Canadian Armed Forces (CAF) members, and any persons contributing to the production of records under the control of DND/CAF; hereinafter referred to as Defence Team.
  2. (U) General. The Government of Canada's Access to Information and Privacy (ATIP) program supports transparency and accountability by making government information 'open by default' while protecting sensitive data and enabling informed civic participation:
    1. The purpose of the Access to Information Act is to provide Canadian citizens, permanent residents and any person present in Canada, the right of access to information contained in government records, subject to certain specific and limited exceptions;
    2. The purpose of the Privacy Act is to protect the privacy of individuals with respect to their personal information. This Act governs the federal government's collection, retention, use and disclosure of that information. It also provides individuals with a right of access to their personal information;
    3. The Federal Accountability Act and Treasury Board Secretariat Directives apply to both the Access to Information Act and the Privacy Act and require that all government institutions "make every reasonable effort to assist" individuals making a request for records, regardless of who the requester is. This includes:
      1. making every reasonable effort to locate and retrieve the requested records;
      2. providing timely access to the requested information; and
      3. providing accurate and complete responses.
  3. The Defence Team includes 130,000 personnel operating across Canada and globally. There are 170 distinct operating systems across the full spectrum of security classifications. It is recognized that processing this information across systems is laborious given much of it includes Cabinet Confidence, proprietary, privileged, and classified data from allies, partners, industry, and other Government of Canada departments and agencies.
  4. As a result of the efforts undertaken in response to the Information Commissioner's 2019 systemic investigation, it has been determined that the Defence Team lacks sufficient capacity to meet the demand placed upon it by increasingly sophisticated, broad, and complex requests, exacerbated by a small group of requesters.
  5. (U) Problem Definition. The Defence Team is not in compliance with the Access to Information Act and the Privacy Act:
    1. Current ATIP processing times do not meet the legislated service standards;
    2. There is a critical need to improve Defence Team Information Management (IM) practices in order to improve compliance; and
    3. Responding to complaints, orders and litigation is consuming significant ATIP capacity and is adding to the number of ATIP requests in the backlog.
  6. (U) Intent. Improve compliance with the Acts in the shortest time possible by putting in place solutions to enable the Defence Team to meet its legislative obligations.
  7. (U) Priorities
    1. Respond to complaints and litigation;
    2. Establish demand-to-capacity parity for newly assigned requests as rapidly as possible to stop the backlog from growing any further; and
    3. Fulfill those requests that remain in the backlog.
  8. (U) Lexicon.
    1. Backlog. The number of ATIP requests that remain unresolved beyond the statutory deadlines set by the Acts;
    2. DAIP. The Directorate Access to Information and Privacy (DAIP) is the group responsible for the administration of both the Access to Information Act and the Privacy Act for the Defence Team;
    3. L1. Assistant Deputy Ministers (ADM) and the commanders of CAF elements are collectively referred to as Level One (L1);
    4. L1 ATIP Lead. L1 ATIP Lead(s) are the main points of contact for ATIP decision-making, and in some circumstances, they are also the designated signing authority for the L1; and
    5. TLO. Tasking and Liaison Officers (TLO) are the DAIP Tasking Officers' main point of contact for ATIP taskings within an L1. They coordinate the retrieval of records, provide severance recommendations, and remit the records responding to ATIP requests to DAIP.
  9. (U) Tasks:
    1. Common to all L1s
      1. Be accountable.
        1. Establish and enforce a culture of compliance; responding to ATIP requests by the deadline must be amongst the highest of priorities at all levels;
        2. L1s will sign a letter of agreement regarding compliance with ATIP service standards. ADM (Public Affairs) will update and promulgate the letter for L1 signature annually;
        3. All employees with ATIP responsibilities as a primary or secondary duty are to have included mandatory work objectives regarding Act compliance in their annual Performance Agreement / Performance and Competency Evaluation. ADM(Public Affairs) will update previously provided guidance for execution this year; and
        4. Designate and enforce annual training compliance of ATIP Leads, TLOs and supporting staff in sufficient number to address task load. Report training completion statistics to DAIP by the 1st of November annually.
        5. Improve IM practices by implementing the tasks outlined in the CDS/DM Directive for Stewardship of Digital Assets.
      2. Be responsive. TLOs will immediately engage DAIP tasking officers to attempt to rescope overly broad and complex ATIP requests into more specific requests;
      3. Be timely. L1s will submit files to DAIP in accordance with established timelines;
      4. Be realistic. Seek well-substantiated extensions to remain in compliance with requests that are too complex or substantial to fulfill within normal time constraints;
      5. Be digital. Paper returns will not be accepted by DAIP;
      6. Be diligent. Submissions must be complete and include accurate copies of the original documents and all associated attachments; and
      7. Be organized. Do not allow requests to fall into non-compliance and become part of the backlog.
        1. ADM(Digital Services)
          1. Establish the framework and capacity to batch search the entirety of the Defence Team repository structure for information assets of relevance on the D365 platform in response to ATIP requests, and for operational and investigative purposes.
        2. ADM(Policy)
          1. Effective 1 June 2025 – Cease all Directorate of Parliamentary Affairs requests for DAIP to review documentation, unless complex personal information is involved.
        3. ADM(Review Services)
          1. Effective 1 June 2025 – Cease all requests for DAIP to review ADM (RS) Audit and Evaluation reports, unless complex personal information is involved.
        4. ADM(Material)
          1. Assist with implementation of a scalable human resource contract for year-over-year augmentation to DAIP capability.
        5. ADM(Public Affairs)
          1. Continue to adjust the communications approach to demonstrate ongoing efforts to improve and enhance Defence Team transparency and the ATIP Program;
          2. Submit a well-substantiated personnel augmentation request to adjust baseline funding levels where process adjustments and technology alone cannot increase DAIP capacity to address ATIP demands. It must be sufficiently flexible and scalable as to be able to be readily adjusted to account for annual fluctuations in demand;
          3. Continue leading a Defence Team ATIP community of practice inclusive of DAIP staff and the L1s with sufficient monthly meetings to share knowledge, best practices, insights and, most importantly, to retain the focus on collective ATIP obligations;
          4. In consultation with Corporate Secretary, establish a quarterly senior leadership briefing via the appropriate governance table to review departmental ATIP compliance by comparing the demand signal to the capacity of DAIP analysts, and through L1 updates on the execution of their tasks outlined within this directive;
          5. Update and task the ATIP letter of agreement annually for L1 signature;
          6. Provide all L1s with draft performance objectives regarding Act compliance for inclusion in the Performance Agreement / Performance and Competency Evaluation of all employees with ATIP responsibilities as a primary or secondary duty; and
          7. Work with the Canadian Forces Legal Advisor, Government of Canada peers, and the Treasury Board Secretariat of Canada's ATIP policy team to evaluate impediments to equal access to ATIP and pertinent directives, in preparation for the review of the Acts which is set to begin in June 2025.
        6. Royal Canadian Air Force
          1. Effective 1 August 2025, provide the Directorate of Knowledge and Information Management the necessary Open Canada formatted data to recommence proactive disclosure of all administrative flights involving the Governor General, Prime Minister and Members of Parliament.
        7. Military Personnel Command / Chief of Military Personnel
          1. Commencing 1 June 2025, provide direction to L1s regarding the requirement to support transitioning CAF members with, at a minimum, copies of their conduct sheet (where one exists) and their Member's Personnel Record Resume prior to or at the final release interview, as well as a copy of their medical, and dental records, when requested;
          2. No later than 31 December 2025, when requested, provide transitioning CAF members copies of their medical, and dental records prior to release, and their service record (commonly called Pers Files) following completion of the release audit. This will include having policies in place related to veterans who may have not been granted access to this material prior to their release; and
          3. By no later than 1 November 2025, develop and implement a plan to fully digitize all personnel files (medical, dental, and service records) within two years of publication of this directive to better support the release of this information to CAF members when requested.
        8. Corporate Secretary
          1. In coordination with ADM (Public Affairs), establish a quarterly senior leadership briefing via the appropriate governance table to review departmental ATIP compliance.

Command

 
  1. (U) Office of Primary Interest. ADM (Public Affairs).
  2. (U) Office of Collateral Interest. ADM (Digital Services)
  3. (U) Point of Contact. Director General, Data Analytics, and Information Management.

M.A.J. Carignan Carignan
General
Chief of the Defence Staff

Stefanie Beck
Deputy Minister

Distribution List

Action

  1. VCDS
  2. CDRNORAD/DCDRNORAD
  3. SJS DOS
  4. Comd RCN
  5. Comd CA
  6. Comd RCAF
  7. Comd MILPERSCOM
  8. Comd CJOC
  9. Comd CFINTCOM
  10. Comd CANSOFCOM
  11. Comd CPCC
  12. JAG
  13. CANMILREP NATO
  14. DComd JFC Naples
  15. DSG
  16. ADM(Pol)
  17. ADM(Mat)
  18. ADM(Fin)/CFO
  19. ADM(IE)
  20. ADM(HR-Civ)
  21. ADM(DRDC)
  22. ADM(RS)
  23. ADM(PA)
  24. CFLA
  25. Corp Sec

Information

  1. MND
  2. Assoc MND
  3. NSIROCS

Page details

2025-06-17