2020-2021 Annual Report to Parliament – Administration of the Privacy Act - DND

1. Introduction

The Department of National Defence and the Canadian Armed Forces are pleased to present to Parliament their annual report on the administration of the Privacy Act.Footnote 1 Section 72 of the Act requires the head of every federal government institution to submit an annual report to Parliament on its administration each financial year. This report describes National Defence activities that support compliance with the Privacy Act for the fiscal year (FY) 1 April 2020 and ending 31 March 2021.

1.1 Purpose of the Privacy Act

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

These rights of protection and access are in accordance with the principles that individuals should have a right to know why their information is collected by the government, how it will be used, how long it will be kept and who will have access to it.

Back to top

2. Access to Information and Privacy at National Defence

2.1 Mandate of National Defence

2.1.1 Who we are

The Department of National Defence (DND) and the Canadian Armed Forces (CAF) make up the largest federal government department. Under Canada’s defence policy, the Defence Team will grow to over 125,000 personnel, including 71,500 Regular Force members, 30,000 Reserve Force members and 25,000 civilian employees.

2.1.2 What we do

DND and the CAF have complementary roles to play in providing advice and support to the Minister of National Defence, and implementing Government decisions regarding the defence of Canadian interests at home and abroad.

At any given time, the Government of Canada can call upon the CAF to undertake missions for the protection of Canada and Canadians and to maintain international peace and stability.

Canada’s defence policy presents a new strategic vision for defence: Strong, Secure, Engaged.Footnote 2 This is a vision in which Canada is:

Strong at home, with a military ready and able to defend its sovereignty, and to assist in times of natural disaster, support search and rescue, or respond to other emergencies.

Secure in North America, active in a renewed defence partnership in the North American Aerospace Defense Command (NORAD) and with the United States to monitor and defend continental airspace and ocean areas.

Engaged in the world, with the Canadian Armed Forces doing its part in Canada’s contributions to a more stable, peaceful world, including through peace support operations and peacekeeping.

The National Defence Act (NDA) establishes DND and the CAF as separate entities, operating within an integrated National Defence Headquarters as they pursue their primary responsibility of providing defence for Canada and Canadians.

2.2 National Defence organization

2.2.1 Senior leadership

The Governor General of Canada is the Commander-in-Chief of Canada. DND is headed by the Minister of National Defence. The Associate Minister of National Defence supports the Minister of National Defence. The Deputy Minister of National Defence is the Department’s senior civil servant. The CAF are headed by the Chief of the Defence Staff, Canada’s senior serving officer. These senior leaders each have different responsibilities:

2.2.2 Defence organization

The National Defence organizational structure is represented in the diagram below. Additional information about the National Defence organization is available online.Footnote 3

Figure 1: National Defence Organization Chart

2.3 The Directorate of Access to Information and Privacy

2.3.1 Delegation of authority

In accordance with section 73(1) of the Privacy Act, a delegation of authority, signed by the Minister, designates the Deputy Minister, Corporate Secretary, Access to Information and Privacy (ATIP) Director, and ATIP Deputy Directors to exercise all powers and functions of the Minister, as the head of institution, under the Act. It also designates other specific powers and functions to employees within the Directorate Access to Information and Privacy (DAIP).

Under the authority of the Corporate Secretary, the ATIP Director administers and coordinates the Access to Information Act and the Privacy Act, and acts as the departmental ATIP Coordinator. In the administration of the Act, the ATIP Directorate seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required.

A copy of the Access to Information Act and Privacy Act Designation Order is provided at Annex A.

2.3.2 The ATIP Directorate

The ATIP Directorate is responsible for matters regarding access to information and privacy protection within the National Defence portfolio, except in the case of the following organizations: the Military Police Complaints Commission, the Military Grievances External Review Committee, the Communications Security Establishment, the Office of the National Defence and Canadian Forces Ombudsman, the Office of the Chief Military Judge and the Director of Defence Counsel Services, and the Canadian Forces Morale and Welfare Services.

The Director Access to Information and Privacy is managed by an Executive Director and supported by a Chief of Operations position that oversees all ATI Operations from intake to disclosure.  

The Chief of Operations centralizes all activities with access to information.  It ensures consistency across teams, performs quality assurance activities for data and compliance to processes, tracks performance as well as monitoring for the identification of trends and horizontal issues. The ATIP Intake team, Systems Liaison Team and ATI Operations teams report to Chief of Operations. The Chief of Operations, Privacy Operations, Policy and Governance Team and the Chief of Staff report to the Executive Director.

The Directorate’s ATIP program management workforce is divided functionally into four main areas, and supported by Defence organization liaison officers, as illustrated in the diagram at FIGURE 2.

Figure 2: National Defence ATIP Operational Workforce

Figure 2: Long description

National Defence ATIP operational workforce

ATIP Intake receive requests from outside of the Department, send tasking notices to request records from National Defence organizations and prepare records for review.

ATI Operations process access to information requests, conduct line-by-line review of records, consult other parties for disclosure recommendations and apply Access to Information Act provisions.

The ATI Liaison Officers is a role performed within each of the organizations identified in the National Defence organization chart.  This role supports the ATIP program by coordinating the ATI activities for their respective groups.

Privacy Operations process personal information requests, conduct line-by-line review of records, apply Privacy Act provisions, process requests for disclosures in the public interest and retain records of disclosures to investigative bodies.

Policy and Governance provides strategic advice and issues management support, develop policy instruments, deliver training and awareness program, perform data analysis and report on program performance, manage privacy incident response process, and conduct privacy risk assessments.

The Privacy Liaison Officers is a role performed within each of the organizations identified in the National Defence organization chart.  This role supports the ATIP program by coordinating the privacy incident response activities for their respective groups.

The ATIP Directorate is supported by a Systems Liaison Team that maintains the ATIP application system/database and provide technical support to members of the team. A corporate services team assures the administrative and management functions of the directorate  that include business planning, financial management, human resources, physical security, and information and records management (IM/RM).

In response to a key National Defence priority, The ATIP Directorate provides a supporting role to the Departmental Litigation Oversight- Litigation Implementation Team. This unit performs an ATIP-like review of records in support of class action settlements such as the LBGT Class Action and Sexual Misconduct Class Action settlements.

Back to top

3. Highlights of the Statistical report

The statistical report at Annex B consists of data submitted by National Defence as part of Treasury Board Secretariat (TBS) annual collection of ATIP-related statistics. The following sections contain highlights, trends and an analysis of notable statistical data from a departmental perspective.

3.1 Requests received

During the reporting period, National Defence received 5,275 requests for personal information under the Privacy Act versus 6,475 in Fiscal Year 2019-20, representing an 18.5% decrease. This represents the fourth consecutive year of decreased requests for personal information and may be attributable to the implementation of the departmental initiative to pro-actively provide copies of health records to releasing CAF members that began in Fiscal Year 2018-19. Combined with 853 files carried over from the previous reporting period the total workload of 6,128 requests is the lowest National Defence has experienced in over six years. 

 

Figure 3: Privacy request workload (last five years)

Figure 3: Long description

Privacy Request workload

In 2016-2017, 8244 requests were received, 1465 requests were carried over from the previous reporting period. A combined workload of 9709 requests.

In 2017-2018, 7393 requests were received, 2659 requests were carried over from the previous reporting period. A combined workload of 10 052 requests.

In 2018-2019, 6637 requests were received, 4183 requests were carried over from the previous reporting period. A combined workload of 10 820 requests.

In 2019-2020, 6475 requests were received, 1814 requests were carried over from the previous reporting period. A combined workload of 8289 requests.

In 2020-2021, 5275 requests were received, 853 requests were carried over from the previous reporting period. A combined workload of 6128 requests.

Of note, for more than a decade, National Defence has ranked in the top five federal institutions for the highest volume of personal information requests received according to annual statistics compiled by TBS.Footnote 4

A large portion of Privacy Act requests historically received by National Defence were requests from CAF members for their health records upon releasing from the Forces. As part of Canada’s Defence Policy, the Canadian Forces Health Services group began pro-actively providing releasing CAF members with copies of their health records in Fiscal Year 2018-19. This initiative is aligned with the Government’s commitment to transparency and has improved the transition experience for releasing CAF members to better prepare them for the shift to civilian life and has also resulted in the reduction in the number of medical record requests received.

3.2 Requests completed

National Defence closed a total of 4,904 privacy requests during the reporting period. This represents a 34% decrease over the previous Fiscal Year. The ATIP workload over the past five years is showing in FIGURE 4 below.  

Figure 4: Disposition of requests completed and total requests closed (last five years)

Figure 4: Long description

Disposition of Request Completed and Total Requests Closed

In 2016-2017, 1727 were all disclosed, 3649 were disclosed in part, 56 where nothing was disclosed, 1257 where no records exist, and 365 were abandoned. A total of 7054 requests were closed.

In 2017-2018, 1722 were all disclosed, 2525 were disclosed in part, 39 where nothing was disclosed, 1223 where no records exist, and 362 were abandoned. A total of 5871 requests were closed.

In 2018-2019, 2492 requests were all disclosed, 4685 requests were disclosed in part, and 35 requests where nothing was disclosed, 1301 requests where no records exist, and 493 requests were abandoned. A total of 9006 requests were closed.

In 2019-2020, 1783 requests were all disclosed, 3747 requests were disclosed in part, and 36 where nothing was disclosed, 1369 requests where no records exist, 501 requests were abandoned. A total of 7436 requests were closed.

In 2020-2021, 982 requests were all disclosed, 2269 were disclosed in part, and 35 requests where nothing was disclosed, 1211 requests where no records exist, 407 were abandoned. A total of 4904 were closed.

3.2.1 Pages reviewed

This year a total of 1,050,543 pages were reviewed. This represents a 55.9% reduction in pages processed from Fiscal Year 2019-20. As shown in FIGURES 4 & 6, National Defence noted a decrease in on-time performance over Fiscal Year 2019-20.

As represented in FIGURE 5, the number of pages reviewed represents the total pages processed for closed requests this Fiscal Year. This number does not include the number of pages processed for requests reviewed in the current Fiscal Year that were carried over into the next reporting period. 

Figure 5: Number of pages reviewed for requests closed, where records existed (last three years)

Figure 5: Long description

Number of Pages Reviewed for Requests Closed, where Records Existed

In 2018-2019, 3 034 777 pages reviewed for 7705 requests closed

In 2019-2020, 2 381 632 pages reviewed for 6067 requests closed

In 2020-2021, 1 050 542 pages reviewed for 3693 requests closed

3.2.2 Exemptions and exclusions

Consistent with previous reporting periods, section 26 of the Privacy Act was the most frequently invoked exemption and was applied in 2,253 requests. This section of the Act protects personal information of individuals other than the requester.

3.2.3 Completion time

National Defence closed 2,925 requests within 30 days which represents 59.6% of the total volume of requests closed. This represents a 6.7% decrease of files closed within 30 days compared to the last reporting period. Of note, the number of files closed in excess of 121 days decreased significantly from 1,412 files in Fiscal Year 2019-20 to 988 during this reporting period.

Figure 6: Time to complete requests (the last five years)

Long description follows

Figure 6: Long description

Time to Complete Requests

In 2016-2017, 4020 requests were closed in 30 days or less, 642 requests were closed between 31-60 days, 619 requests were closed between 61-120 days and, 1773 requests were closed in 121 days or more

In 2017-2018, 2576 requests were closed in 30 days or less, 546 requests were closed between 31-60 days, 667 requests were closed between 61-120 days and, 2052 requests were closed in 121 days or more

In 2018-2019, 4134 requests were closed in 30 days or less, 717 requests were closed between 31-60 days, 518 requests were closed between 61-120 days and, 3637 requests were closed in 121 days or more

In 2019-2020, 4998 requests were closed in 30 days or less, 803 requests were closed between 31-60 days, 223 requests were closed between 61-120 days, and 1412 requests were closed in 121 days or more

In 2020-2021, 2925 requests were closed in 30 days or less, 539 requests were closed between 31-60 days, 452 requests were closed between 61-120 days, and 988 requests were closed in 121 days or more.

Files closed beyond 30 days were not necessarily late as legal extensions may have been applied.

3.2.4 On-time compliance

A total of 3,158 requests (64.4%) were closed within statutory deadlines in Fiscal Year 2020-21. This represents a 10.6% drop in on-time compliance over the previous reporting period likely attributed to impacts as a result of the COVID Pandemic. The Province of Ontario lockdowns impacted the number of individuals permitted in office locations which impacted the ability to receive and scan records into the request processing system and redaction software system.

Workload continued to be a factor affecting on-time compliance; however, the most common reason for deemed refusal was “Other”, cited for nearly 76.5% of requests closed late during the reporting period. Some factors affecting performance and deemed refusal rates includes the unavailability of key officials and difficulties in obtaining relevant records.

Impacts to productivity resulting from staffing challenges continues to impact compliance. There continues to be ATIP staff turnover at all levels due to a competitive job market. New employees require a learning and adjustment period to realize performance potential. The hiring and training of new employees during a remote posture has also created additional workload for ATIP management and support services. Over the past year efforts have continued to staff vacant positions and train new staff. 

3.2.5 Disposition: Percentage of requests all disclosed vs. disclosed in part

Figure 7: All disclosed vs. disclosed in part (FY 2020-21)

During the reporting period, Defence responded to a total of 4904 requests. A total of 20% of requests were all disclosed (982) and 46.3% (2269) of requests were disclosed in part. 

Long description follows

Figure 7: Long description

Requests All Disclosed and Disclosed in Part

2269 requests were disclosed in part

982 requests were all disclosed

3.3 Consultations received and completed

Historically, National Defence does not receive a lot of consultation requests relating to requests made under the Privacy Act. During the reporting period, National Defence received five requests for consultation, three were from other Government of Canada institutions and two were from other organizations. Six consultations were closed during the reporting period.

Back to top

4. COVID-19 Impacts to Privacy Operations

On March 13, 2020 DND/CAF initiated its Business Continuity Plan (BCP) in response to the evolving COVID-19 Pandemic which continued into the Fiscal Year 20/21 reporting period. DND/CAF has played a significant role in the Government of Canada’s response to COVID-19. Operation LASERFootnote 5 is the Canadian Armed Forces’ contribution to save lives, assist federal, provincial and territorial partners, and maintain CAF readiness, effectiveness and resilience. Ensuring the health and well-being of employees and CAF members and supporting Operation LASER remains a key departmental priority. The Defence Team including the ATIP Directorate pivoted to alternate work arrangements and a remote work posture immediately in response to the Pandemic. Initially, remote work challenges such as limited access to Virtual Private Networks (VPN) and remote access to the ATIP redaction software as well as Office of Primary Interest (OPI) access to paper records impacted productivity and processing of ATI and Privacy requests. Remote connectivity quickly stabilized and continued to improve as the Defence Team optimized the remote work posture. Key functions within the ATIP Directorate that could only be performed physically on site such as receipt of mail, opening of new requests, scanning of paper records, urgent requests and processing of secret materials were carried out while respecting public health measures. As per TBS guidance and best practices, the ATIP Directorate contacted requesters directly to notify of potential delays in processing requests as a result of the pandemic. National Defence took proactive steps at the beginning of the pandemic and leveraged technology to enable remote work by adopting and implementing the use of e-signatures, electronic record sharing, and the use of the Canada Post epost service to limit the reliance on paper records and traditional mail. The ATIP directorate continued to expand remote access to redaction which allowed National Defence to process records classified Protected B and below. ATIP employees were supported and equipped with the tools, equipment, systems and training to conduct their work remotely.

In May 2020, the Deputy Minister and Chief of Defence Staff issued a joint directive to the Defence Team which identified key departmental priorities including the continued performance of activities mandated by legislation and regulation. The ATIP Program and adherence to legislation was included within this priority and in early June the ATIP Directorate invoked its Business Resumption Plan and resumed on-site operations with a reduced capacity while adhering to stringent public health measures to safe guard health of employees. The ATIP Directorate’s employee orientation plan and approach to resumption of on-site work was adopted across the Defence Team as a best practice and was shared with other government departments ATIP Offices.

Consistent with other ATIP offices located in the National Capital Region, National Defence was impacted by the Ontario provincial lockdowns. The limitations on the number of staff allowed physically on-site while respecting public health guidance impacted the ability to process paper records and secret material; this has resulted in a backlog of ATI and Privacy requests and impacted overall performance for Privacy requests. In spite of the constraints associated with the pandemic, National Defence reviewed more pages and closed more ATI files compared to the previous year. The innovations and improvements adopted during the pandemic have improved the overall ATIP Program and will continue to be built upon in the coming years as we continue to modernize ATIP program delivery.

The COVID-19 ATIP Capacity supplemental statistical report at Annex C represents National Defence impacts to ATI Operations. ATIP Operations experienced partial capacity processing paper records in different classification levels for a total of 42 weeks. The institution experienced 41 weeks where partial capacity was affected in the processing of electronic records in different classification levels.

Back to top

5. Privacy protection and personal information management

5.1 Public interest disclosures

Paragraph 8(2)(m) of the Privacy Act permits the disclosure of personal information, without the consent of the individual to whom it relates, where the public interest in disclosure clearly outweighs any invasion of privacy that could result, or where the disclosure would clearly benefit the individual to whom the information relates.

During the reporting period, 70 disclosures of personal information were made in accordance with paragraph 8(2)(m). These public interest disclosures included information relating to Boards of Inquiry or Summary Investigations into the death or serious injury of a CAF member. The majority of disclosures were to the CAF member’s family or representative.

For each of the 70 disclosures made in the public interest during Fiscal Year 2020-21, the Office of the Privacy Commissioner (OPC) was notified of each release.

5.2 Privacy breaches

Privacy rights are a matter of ongoing public concern. In respect of sections 4 to 8 of the Privacy Act, which govern personal information management, the ATIP Directorate received 182 complaints regarding contravention of one or more of these provisions. The ATIP Directorate’s Privacy Incident Management team reviewed and resolved 206 complaints alleging a breach of privacy, of which 137 complaints were deemed to be well-founded.

5.2.1 Material privacy breaches

Treasure Board Secretariat defines a material privacy breach as one that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual, and/or involves a large number of affected individuals. National Defence reported one material privacy breach to TBS and the OPC this reporting period as per policy requirement.

5.3 Privacy impact assessments

National Defence collects, uses and discloses personal information in the delivery of mandated programs and services. In accordance with TB policy, the DND and the CAF undertake privacy impact assessments (PIA) to evaluate privacy impacts in the administration of these activities. A PIA provides a framework to identify the extent to which proposals comply with the Privacy Act and applicable privacy policies, assist program officials in avoiding or mitigating privacy risks, and promote informed program and system design choices.

National Defence completedFootnote 6  one PIA during FY 2018-2019 in support of the program described below. The Department is preparing to post the summary on its website.

5.4 DND/CAF personal information

5.4.1 Complex & Sensitive Personal Information

To ensure the appropriate protection of sensitive personal information within DND/CAF, the ATIP Directorate provides review and redaction services to support a number of departmental administrative processes including Boards of Inquiry, Summary Investigations, Reports involving allegations of Workplace Violence, Harassment and Grievances. Although these are not formal requests made under the Privacy Act, the information is being released from DND/CAF and privacy protection is a priority.

As demonstrated in FIGURE 8 below, the ATIP Directorate reviewed 113 files containing complex and sensitive personal information. This represents a total of 2,744 pages reviewed in Fiscal Year 2020-21 to ensure personal information is protected and not inappropriately disclosed.

Figure 8: Review of complex & sensitive personal information for release

Long description follows

Figure 8: Long description

Review of Complex Sensitive Personal Information

37 Harassement files (1579 pages)

1 Grievance file (8 pages)

75 Board of Inquiry / Summary Investigation files (1157 pages)

Back to top

6. Complaints, Audits and Reviews

6.1 Complaints from the Office of the Privacy Commissioner

In Fiscal Year 2020-21, National Defence received a total of 28 formal complaints from the Office of the Privacy Commissioner (OPC), representing less than one percent of all requests closed during the reporting period.

Further to Part 8 of the Statistical Report, which notes complaints received and closed:

The 24 well-founded determinations represent 61.5% of all findings issued by the OPC to National Defence in Fiscal Year 2020-21. The vast majority of these complaints, 20 in total were administrative in nature (about delays and time extensions) and 4 were refusal complaints (regarding application of exemptions or possible missing records). Figure 8 below illustrates the type of complaints that had findings issued during the reporting period.

Figure 9: Type of complaint (FY 2020-21)

Long description follows

Figure 9: Long description

Reasons for Complaint

6 Discontinued or resolved

9 Not well-founded

24 Well founded, 20 of which were Administrative, and 4 were Refusal Complaints

6.2 Court decisions

In Fiscal Year 2020-21, there were no court proceedings actioned in respect of requests processed by National Defence.

Back to top

7. Policies and procedures

7.1 Internal procedures

The ATIP Directorate continues to review and update procedures for processing personal information requests and managing privacy incidents to document process improvements and to ensure alignment with Treasure Board (TB) policies and directives. This reporting period, Privacy Operations created and implemented a Standard Operating Procedure (SOP) called the Electronic-Response process. Electronic-Response process allows OPI’s to share records electronically with DAIP, therefore eliminating the need for traditional mailing of records and paper-based processes. OPI’s have used this process to successfully transmit electronic records with the security classification up to Protected B to the ATIP Directorate. This innovation has resulted in efficiencies, eliminating delays in the delivery of regular mail and enabled employees to continue to work efficiently remotely during the COVID pandemic.

Back to top

8. Training and awareness

8.1 ATIP training program

Departmental ATIP training was initially impacted by the COVID pandemic. Formal ATIP training resumed in July 2020 on a virtual platform. National Defence uses a three-pronged approach for training, where Directorate training resources delivered the following training sessions to DND civilian and CAF military members with specific emphasis on those staff with ATIP responsibilities:

8.2 Training and awareness activities

A total of 87 face-to-face training sessions were delivered to approximately 1,559 Defence employees and CAF members on the administration of both the ATI Act and Privacy Act, as well as on appropriate management of personal information under the control of the institution. These training sessions were provided through participation in ATIP 101 (introductory) sessions, ATIP 201 (advanced) sessions, GCDOCS privacy-focused training, and targeted training sessions for specific Defence organizations. Most training sessions were delivered by the ATIP Directorate staff in person or through video teleconference technologies, however some organizations conducted their own courses and one-on-one sessions. An example of organizations conducting their own training sessions included the 3 training events provided by the Canadian Forces Health Services group that covered a variety of Privacy topics – for a total of 135 persons trained. Defence employees and CAF members were also encouraged to take the Access to Information and Privacy Fundamentals course offered through the Canada School of Public Service.

In keeping with promoting awareness, the ATIP Directorate employees also provided guidance to third parties and requesters on the requirements of the Access to Information Act and the Privacy Act, TB policies and directives, and associated institutional procedures as required.

8.2.1 Canadian Forces Health Services training

The Canadian Forces Health Services (CFHS) operates a privacy office that is responsible for providing advice and support to the CFHS Group on policies and activities that involve personal health information. In accordance with their mandate, the CHFS privacy office maintains training modules to educate staff on the principles of “Privacy, Confidentiality and Security” to support appropriate use of the Canadian Forces Health Information System.

During this reporting period, over 2,278 of their staff attended training or completed mandatory modules offered specifically to the CFHS organization.

8.3 Employee well-being

In response to challenges caused by the COVID Pandemic and the impacts of remote work, the ATIP Directorate placed increased emphasis on directorate staff mental health, well-being and resilience. In addition to the ongoing ATIP operational training, virtual workplace well-being sessions were provided to all staff focusing on stress management, resilience, nutrition, and physical exercise to maintain mental health during the Pandemic. To support telework and ensure that supervisors were equipped to lead in a virtual work environment, training sessions on establishing effective virtual teams and managing remote teams were provided to all supervisors and managers in the Directorate. These courses provided tools to build virtual relationships, establish communication standards, leverage appropriate communication tools, support remote team members, and lead virtual team meetings.

Back to top

9. Initiatives and projects

9.1 Technological improvements

9.1.1 Remote access to redaction software

National Defence continues to explore and implement technological solutions to enhance ATIP business processes. The ATIP Directorate implemented remote access to the ATIP request processing and redaction software to employees this Fiscal Year which allowed the processing of ATI request remotely during the COVID Pandemic. New procedures, training and tools were developed and implemented to support the successful shift to remote processing.

The ATIP Directorate also widely adopted the use of Microsoft Teams and SMART Bridgit software to stay connected for meetings as well as onboarding and training new employees.

9.1.2 Shift to paperless processing

A shift towards paperless processing of ATIP requests continued this Fiscal Year. The adoption of electronic processes to reduce paper records such as use of network shared drives to share records electronically between DND/CAF record holders and the ATIP Directorate increased during the COVID Pandemic. The majority of OPIs switched over to electronic processes and are no longer providing paper records to the ATIP Directorate. Electronic signatures on letters to applicants and using Canada Post epost service to share records with applicants versus traditional mail has led to faster access to records for Canadians. This shift to paperless processing enabled the continued processing of ATI requests throughout the various Provincial lock downs.

9.1.3 New case management solution

The ATIP Directorate completed implementation of a new case management system this Fiscal Year to manage Privacy Incident Management, Privacy Impact Assessments, Personal Information Disclosures, and managing and tracking legal matters. This new case management system, ATIP OMNI, improves tracking and trend analysis for governance and compliance activities. It also includes features to maintain Personal Information Banks and Info Source management in a more automated manner.

Back to top

10. Monitoring compliance

The ATIP Directorate regularly monitors and reports on a number of ATIP metrics.  In Fiscal Year 2020-21, the Departmental ATIP Performance Dashboard that tracks OPI record retrieval timeliness and overall ATIP compliance continued to be refined to provide better overall awareness to senior leadership on ATIP performance and metrics. This monitoring allows the ATIP Directorate to track ATIP performance across the Department and identify areas for process improvements. This year National Defence piloted a new analytics tool which will enable senior leaders and OPI’s to easily monitor overall ATIP compliance and track individual request stats. The ATIP Directorate continues to receive ad hoc requests for statistics and performance reports to inform program delivery and identify trends.

Currently, the time to process requests for correction of personal information is not formally monitored as this number is regularly very low. In Fiscal Year 2020-21, the ATIP Directorate received only one request for correction.

Back to top

11. Privacy operating costs

11.1.1 Costs

The annual cost to administer the National Defence privacy program increased by 27.8% to approximately $4,687,927 Fiscal Year 2020-21.

11.1.2 Human Resources

During Fiscal Year 2020-21, an equivalent of 49.005 full-time employees were dedicated to administering the Privacy Act. For additional information refer to section 11 in Annex B.

Back to top

Annex A: Designation Order

National Defence and the Canadian Armed Forces

Access to Information Act and Privacy Act Designation Order

  1. Pursuant to section 73 of the Access to Information Act and the Privacy Act, the Minister of National Defence, as the head of a government institution under these Acts, hereby designates the persons holding the following positions, or the persons occupying those positions on an acting basis, to exercise or perform all of the powers, duties and functions of the head of a government institution under these Acts:
    1. the Deputy Minister;
    2. the Corporate Secretary;
    3. the Director Access to Information and Privacy; and
    4. Deputy Directors Access to Information and Privacy.
  2. Pursuant to section 73 of the above-mentioned Acts, the Minister also designates the following:
    1. those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
      • The application of the following provisions under the Access to Information Act: section 9; subsection 11(2), 11(3), 11(4), 11(5), 11(6); sections 19, 20, 23 and 24; subsections 27(1) and 27(4); paragraph 28 (1)(b), subsections 28(2) and 28(4); and
      • The response to requests made under the Access to Information Act if no records exist.
    2. those persons holding the position of Privacy Team Leader, or the persons occupying this position on an acting basis, to exercise or perform any of the powers, duties and functions of the head of an institution under the Privacy Act, other than under sub-paragraphs 8(2)(j) and 8(2)(m); and
    3. those persons holding the position of Privacy Senior Analyst, or the persons occupying this position on an acting basis, to exercise or perform the powers and duties in respect of the application of section 26 of the Privacy Act.

 

Original signed by

The Honourable Harjit S. Sajjan, PC, OMM, MSM, CD, MP
Minister of National Defence
Date: 2016-01-12

Back to top

Annex B: Statistical Report on the Privacy Act for 2020-2021

Government of Canada

Statistical Report on the Privacy Act

Name of institution: National Defence

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Requests Under the Privacy Act

1.1 Number of requests

  Number of Requests
Received during reporting period 5,275
Outstanding from previous reporting period 853
Total 6,128
Closed during reporting period 4,904
Carried over to next reporting period 1,224

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

Disposition of requests Completion time
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More Than 365
Days
Total
All disclosed 108 484 116 111 74 87 2 989
Disclosed in part 31 851 323 274 300 412 72 2,269
All exempted 15 11 4 3 0 1 2 35
All excluded 0 0 0 0 0 0 0 0
No records exist 919 162 63 45 11 10 1 1,211
Request abandoned 309 36 33 19 6 3 1 407
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 1,381 1,544 539 452 391 513 84 4,904

2.2 Exemptions

Section Number of Requests
18(2) 0
19(1)(a) 2
19(1)(b)
1
19(1)(c)
16
19(1)(d)
23
19(1)(e)
0
19(1)(f)
0
20 0
21 31
22(1)(a)(i) 153
22(1)(a)(ii)
0
22(1)(a)(iii)
0
22(1)(b)
19
22(1)(c)
0
22(2) 0
22.1 0
22.2 0
22.3 2
22.4 0
23(a) 5
23(b)
0
24(a)
0
24(b)
0
25 1
26 2,253
27 98
27.1 0
28 0

2.3 Exclusions

Section Number of Requests
69(1)(a) 0
69(1)(b)
0
69.1 0
70(1) 0
70(1)(a)
0
70(1)(b)
0
70(1)(c)
0
70(1)(d)
0
70(1)(e)
0
70(1)(f)
0
70.1
0

2.4 Format of information released

Paper Electronic Other
395 2,856 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of Pages Processed Number of Pages Disclosed Number of Requests
1,050,543 971,771 3,693
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100 Pages Processed 101-500 Pages Processed 501-1,000 Pages Processed 1,001-5,000 Pages Processed More Than 5,000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 751 14,721 185 36,122 35 19,862 11 11,194 0 0
Disclosed in part 677 26,465 941 247,748 412 282,287 238 331,947 1 1,425
All exempted 33 0 0 0 0 0 1 0 1 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 404 0 2 0 0 0 1 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 1,865 41,186 1,128 283,870 447 302,149 251 343,141 2 1,425
2.5.3 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 1 0 2 3
Disclosed in part 2 5 0 9 16
All exempted 0 1 0 0 1
All excluded 0 0 0 0 0
Request abandoned 0 0 0 2 2
Neither confirmed nor denied 0 0 0 0 0
Total 2 7 0 13 22

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines
- Requests closed within legislated timelines
Number of requests closed within legislated timelines 3,160
Percentage of requests closed within legislated timelines (%) 64.4

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines

Number of Requests Closed Past the Legislated Timelines Principal Reason
Interference with Operations / Workload External consultation Internal Consultation Other
1,744 755 0 1 988

2.7.2 Requests closed behond legislated timelines (including any extension taken)

Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Where No Extension Was Taken Number of Requests Past Legislated Timelines Where an Extension Was Taken Total
1 to 15 days 221 9 230
16 to 30 days 90 2 92
31 to 60 days 232 3 235
61 to 120 days 398 6 404
121 to 180 days 361 3 364
181 to 365 days 343 4 347
More than 365 days 70 2 72
Total 1,715 29 1,744

2.8 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
194 70 70 334

Section 4: Requests for Correction of Personal Information and Notations

Dispositions for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 1
Total 1

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests

Number of requests where an extension was taken 15(a)(i) Interference with operations 15(a)(ii) Consultation
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal 15(b) Translation purposes or conversion
230 8 0 221 0 0 1 0 0

5.2 Length of extensions

Length of Extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal 15(b) Translation purposes or conversion
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 8 0 221 0 0 1 0 0
31 days or greater - - - - - - - 0
Total 8 0 221 0 0 1 0 0

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during reporting period 3 30 2 8
Outstanding from the previous reporting period 1 77 1 5
Total 4 107 3 13
Closed during the reporting period 3 30 3 13
Pending at the end of the reporting period 1 77 0 0

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendations Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed
0 0 1 2 0 0 0 3
Disclosed in part 0 0 0 0 0 0 0 0
All exempted
0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 1 2 0 0 0 3

6.3 Recommendations and completion time for consultations received from other organizations

Recommendations Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed
0 0 1 1 0 0 0 2
Disclosed in part 0 0 0 0 0 0 0 0
All exempted
0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 1 1
Total 0 0 1 1 0 0 0 3

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1,000 Pages Processed 1,001-5,000 Pages Processed More Than 5,000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

7.2 Requests with Privy Council Office

Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1,000 Pages Processed 1,001-5,000 Pages Processed More Than 5,000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
28 23 24 0 75

Section 9: Privacy Impact Assessments (PIAs)

Number of PIA(s) completed: 2
 

9.2 Personal Information Banks

- Personal Information Banks
Active 104
Created 0
Terminated 0
Modified 0

Section 10: Material Privacy Breaches

Number of material privacy breaches reported to TBS 1
Number of material privacy breaches reported to OPC 1

Section 11: Resources Related to the Privacy Act

11.1 Costs

Expenditures Amount
Salaries $3,759,306
Overtime $6,759
Good and Services $921,862
  • Professional services contracts
$734,129
  • Other
$187,733
Total $4,687,927

11.2 Human Resources

Resources Person Years Dedicated to Access to Information Activities
Full-time employees 43.630
Part-time and casual employees 1.625
Regional staff 0.000
Consultants and agency personnel 3.375
Students 0.375
Total 49.005

Note: Enter values to three decimal places.

Back to top

Annex C: Supplemental Statistical Report on the Access to Information and Privacy Act for 2020-2021

Government of Canada

Supplemental Statistical Report on the Access to Information Act and Privacy Act

Name of institution: National Defence

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Capacity to Receive Requests

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.

- Number of Weeks
Able to receive requests by mail  52
Able to receive requests by email  52
Able to receive requests through the digital request service 52

Section 2: Capacity to Process Records

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.

- No Capacity Partial Capacity Full Capacity Total
Unclassified Paper Records 0 27 25 52
Protected B Paper Records 0 35 17 52
Secret and Top Secret Paper Records 0 42 10 52

2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.

- No Capacity Partial Capacity Full Capacity Total
Unclassified Electronic Records 0 26 26 52
Protected B Electronic Records 0 35 17 52
Secret and Top Secret Electronic Records 0 41 11 52

Back to top

Page details

Date modified: