2020-2021 Annual Report to Parliament – Administration of the Privacy Act - DND
On this page
- 1. Introduction
- 2. Access to Information and Privacy at National Defence
- 3. Highlights of the Statistical report
- 4. COVID-19 Impacts to Privacy Operations
- 5. Privacy protection and personal information management
- 6. Complaints, Audits and Reviews
- 7. Policies and procedures
- 8. Training and awareness
- 9. Initiatives and projects
- 10. Monitoring compliance
- 11. Privacy operating costs
- Annex A: Designation Order
- Annex B: Statistical Report on the Privacy Act for 2020-2021
- Annex C: Supplemental Statistical Report on the Access to Information and Privacy Act for 2020-2021
1. Introduction
The Department of National Defence and the Canadian Armed Forces are pleased to present to Parliament their annual report on the administration of the Privacy Act.Footnote 1 Section 72 of the Act requires the head of every federal government institution to submit an annual report to Parliament on its administration each financial year. This report describes National Defence activities that support compliance with the Privacy Act for the fiscal year (FY) 1 April 2020 and ending 31 March 2021.
1.1 Purpose of the Privacy Act
The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.
These rights of protection and access are in accordance with the principles that individuals should have a right to know why their information is collected by the government, how it will be used, how long it will be kept and who will have access to it.
2. Access to Information and Privacy at National Defence
2.1 Mandate of National Defence
2.1.1 Who we are
The Department of National Defence (DND) and the Canadian Armed Forces (CAF) make up the largest federal government department. Under Canada’s defence policy, the Defence Team will grow to over 125,000 personnel, including 71,500 Regular Force members, 30,000 Reserve Force members and 25,000 civilian employees.
2.1.2 What we do
DND and the CAF have complementary roles to play in providing advice and support to the Minister of National Defence, and implementing Government decisions regarding the defence of Canadian interests at home and abroad.
At any given time, the Government of Canada can call upon the CAF to undertake missions for the protection of Canada and Canadians and to maintain international peace and stability.
Canada’s defence policy presents a new strategic vision for defence: Strong, Secure, Engaged.Footnote 2 This is a vision in which Canada is:
Strong at home, with a military ready and able to defend its sovereignty, and to assist in times of natural disaster, support search and rescue, or respond to other emergencies.
Secure in North America, active in a renewed defence partnership in the North American Aerospace Defense Command (NORAD) and with the United States to monitor and defend continental airspace and ocean areas.
Engaged in the world, with the Canadian Armed Forces doing its part in Canada’s contributions to a more stable, peaceful world, including through peace support operations and peacekeeping.
The National Defence Act (NDA) establishes DND and the CAF as separate entities, operating within an integrated National Defence Headquarters as they pursue their primary responsibility of providing defence for Canada and Canadians.
2.2 National Defence organization
2.2.1 Senior leadership
The Governor General of Canada is the Commander-in-Chief of Canada. DND is headed by the Minister of National Defence. The Associate Minister of National Defence supports the Minister of National Defence. The Deputy Minister of National Defence is the Department’s senior civil servant. The CAF are headed by the Chief of the Defence Staff, Canada’s senior serving officer. These senior leaders each have different responsibilities:
- The Governor General is responsible for appointing the Chief of the Defence Staff on the recommendation of the Prime Minister, awarding military honours, presenting colours to CAF regiments, approving new military badges and insignia, and signing commission scrolls;
- The Minister of National Defence presides over the Department and over all matters relating to national defence;
- The Associate Minister is also responsible for defence files, as mandated by the Prime Minister, with the specific priority of ensuring that CAF members have the equipment they need to do their jobs;
- The Deputy Minister is responsible for policy, resources, interdepartmental coordination and international defence relations; and
- The Chief of the Defence Staff is responsible for command, control and administration of the CAF, as well as military strategy, plans and requirements.
2.2.2 Defence organization
The National Defence organizational structure is represented in the diagram below. Additional information about the National Defence organization is available online.Footnote 3
Figure 1: National Defence Organization Chart
2.3 The Directorate of Access to Information and Privacy
2.3.1 Delegation of authority
In accordance with section 73(1) of the Privacy Act, a delegation of authority, signed by the Minister, designates the Deputy Minister, Corporate Secretary, Access to Information and Privacy (ATIP) Director, and ATIP Deputy Directors to exercise all powers and functions of the Minister, as the head of institution, under the Act. It also designates other specific powers and functions to employees within the Directorate Access to Information and Privacy (DAIP).
Under the authority of the Corporate Secretary, the ATIP Director administers and coordinates the Access to Information Act and the Privacy Act, and acts as the departmental ATIP Coordinator. In the administration of the Act, the ATIP Directorate seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required.
A copy of the Access to Information Act and Privacy Act Designation Order is provided at Annex A.
2.3.2 The ATIP Directorate
The ATIP Directorate is responsible for matters regarding access to information and privacy protection within the National Defence portfolio, except in the case of the following organizations: the Military Police Complaints Commission, the Military Grievances External Review Committee, the Communications Security Establishment, the Office of the National Defence and Canadian Forces Ombudsman, the Office of the Chief Military Judge and the Director of Defence Counsel Services, and the Canadian Forces Morale and Welfare Services.
The Director Access to Information and Privacy is managed by an Executive Director and supported by a Chief of Operations position that oversees all ATI Operations from intake to disclosure.
The Chief of Operations centralizes all activities with access to information. It ensures consistency across teams, performs quality assurance activities for data and compliance to processes, tracks performance as well as monitoring for the identification of trends and horizontal issues. The ATIP Intake team, Systems Liaison Team and ATI Operations teams report to Chief of Operations. The Chief of Operations, Privacy Operations, Policy and Governance Team and the Chief of Staff report to the Executive Director.
The Directorate’s ATIP program management workforce is divided functionally into four main areas, and supported by Defence organization liaison officers, as illustrated in the diagram at FIGURE 2.
Figure 2: National Defence ATIP Operational Workforce
Figure 2: Long description
National Defence ATIP operational workforce
ATIP Intake receive requests from outside of the Department, send tasking notices to request records from National Defence organizations and prepare records for review.
ATI Operations process access to information requests, conduct line-by-line review of records, consult other parties for disclosure recommendations and apply Access to Information Act provisions.
The ATI Liaison Officers is a role performed within each of the organizations identified in the National Defence organization chart. This role supports the ATIP program by coordinating the ATI activities for their respective groups.
Privacy Operations process personal information requests, conduct line-by-line review of records, apply Privacy Act provisions, process requests for disclosures in the public interest and retain records of disclosures to investigative bodies.
Policy and Governance provides strategic advice and issues management support, develop policy instruments, deliver training and awareness program, perform data analysis and report on program performance, manage privacy incident response process, and conduct privacy risk assessments.
The Privacy Liaison Officers is a role performed within each of the organizations identified in the National Defence organization chart. This role supports the ATIP program by coordinating the privacy incident response activities for their respective groups.
The ATIP Directorate is supported by a Systems Liaison Team that maintains the ATIP application system/database and provide technical support to members of the team. A corporate services team assures the administrative and management functions of the directorate that include business planning, financial management, human resources, physical security, and information and records management (IM/RM).
In response to a key National Defence priority, The ATIP Directorate provides a supporting role to the Departmental Litigation Oversight- Litigation Implementation Team. This unit performs an ATIP-like review of records in support of class action settlements such as the LBGT Class Action and Sexual Misconduct Class Action settlements.
3. Highlights of the Statistical report
The statistical report at Annex B consists of data submitted by National Defence as part of Treasury Board Secretariat (TBS) annual collection of ATIP-related statistics. The following sections contain highlights, trends and an analysis of notable statistical data from a departmental perspective.
3.1 Requests received
During the reporting period, National Defence received 5,275 requests for personal information under the Privacy Act versus 6,475 in Fiscal Year 2019-20, representing an 18.5% decrease. This represents the fourth consecutive year of decreased requests for personal information and may be attributable to the implementation of the departmental initiative to pro-actively provide copies of health records to releasing CAF members that began in Fiscal Year 2018-19. Combined with 853 files carried over from the previous reporting period the total workload of 6,128 requests is the lowest National Defence has experienced in over six years.
Figure 3: Privacy request workload (last five years)
Figure 3: Long description
Privacy Request workload
In 2016-2017, 8244 requests were received, 1465 requests were carried over from the previous reporting period. A combined workload of 9709 requests.
In 2017-2018, 7393 requests were received, 2659 requests were carried over from the previous reporting period. A combined workload of 10 052 requests.
In 2018-2019, 6637 requests were received, 4183 requests were carried over from the previous reporting period. A combined workload of 10 820 requests.
In 2019-2020, 6475 requests were received, 1814 requests were carried over from the previous reporting period. A combined workload of 8289 requests.
In 2020-2021, 5275 requests were received, 853 requests were carried over from the previous reporting period. A combined workload of 6128 requests.
Of note, for more than a decade, National Defence has ranked in the top five federal institutions for the highest volume of personal information requests received according to annual statistics compiled by TBS.Footnote 4
A large portion of Privacy Act requests historically received by National Defence were requests from CAF members for their health records upon releasing from the Forces. As part of Canada’s Defence Policy, the Canadian Forces Health Services group began pro-actively providing releasing CAF members with copies of their health records in Fiscal Year 2018-19. This initiative is aligned with the Government’s commitment to transparency and has improved the transition experience for releasing CAF members to better prepare them for the shift to civilian life and has also resulted in the reduction in the number of medical record requests received.
3.2 Requests completed
National Defence closed a total of 4,904 privacy requests during the reporting period. This represents a 34% decrease over the previous Fiscal Year. The ATIP workload over the past five years is showing in FIGURE 4 below.
Figure 4: Disposition of requests completed and total requests closed (last five years)
Figure 4: Long description
Disposition of Request Completed and Total Requests Closed
In 2016-2017, 1727 were all disclosed, 3649 were disclosed in part, 56 where nothing was disclosed, 1257 where no records exist, and 365 were abandoned. A total of 7054 requests were closed.
In 2017-2018, 1722 were all disclosed, 2525 were disclosed in part, 39 where nothing was disclosed, 1223 where no records exist, and 362 were abandoned. A total of 5871 requests were closed.
In 2018-2019, 2492 requests were all disclosed, 4685 requests were disclosed in part, and 35 requests where nothing was disclosed, 1301 requests where no records exist, and 493 requests were abandoned. A total of 9006 requests were closed.
In 2019-2020, 1783 requests were all disclosed, 3747 requests were disclosed in part, and 36 where nothing was disclosed, 1369 requests where no records exist, 501 requests were abandoned. A total of 7436 requests were closed.
In 2020-2021, 982 requests were all disclosed, 2269 were disclosed in part, and 35 requests where nothing was disclosed, 1211 requests where no records exist, 407 were abandoned. A total of 4904 were closed.
3.2.1 Pages reviewed
This year a total of 1,050,543 pages were reviewed. This represents a 55.9% reduction in pages processed from Fiscal Year 2019-20. As shown in FIGURES 4 & 6, National Defence noted a decrease in on-time performance over Fiscal Year 2019-20.
As represented in FIGURE 5, the number of pages reviewed represents the total pages processed for closed requests this Fiscal Year. This number does not include the number of pages processed for requests reviewed in the current Fiscal Year that were carried over into the next reporting period.
Figure 5: Number of pages reviewed for requests closed, where records existed (last three years)
Figure 5: Long description
Number of Pages Reviewed for Requests Closed, where Records Existed
In 2018-2019, 3 034 777 pages reviewed for 7705 requests closed
In 2019-2020, 2 381 632 pages reviewed for 6067 requests closed
In 2020-2021, 1 050 542 pages reviewed for 3693 requests closed
3.2.2 Exemptions and exclusions
Consistent with previous reporting periods, section 26 of the Privacy Act was the most frequently invoked exemption and was applied in 2,253 requests. This section of the Act protects personal information of individuals other than the requester.
3.2.3 Completion time
National Defence closed 2,925 requests within 30 days which represents 59.6% of the total volume of requests closed. This represents a 6.7% decrease of files closed within 30 days compared to the last reporting period. Of note, the number of files closed in excess of 121 days decreased significantly from 1,412 files in Fiscal Year 2019-20 to 988 during this reporting period.
Figure 6: Time to complete requests (the last five years)
Figure 6: Long description
Time to Complete Requests
In 2016-2017, 4020 requests were closed in 30 days or less, 642 requests were closed between 31-60 days, 619 requests were closed between 61-120 days and, 1773 requests were closed in 121 days or more
In 2017-2018, 2576 requests were closed in 30 days or less, 546 requests were closed between 31-60 days, 667 requests were closed between 61-120 days and, 2052 requests were closed in 121 days or more
In 2018-2019, 4134 requests were closed in 30 days or less, 717 requests were closed between 31-60 days, 518 requests were closed between 61-120 days and, 3637 requests were closed in 121 days or more
In 2019-2020, 4998 requests were closed in 30 days or less, 803 requests were closed between 31-60 days, 223 requests were closed between 61-120 days, and 1412 requests were closed in 121 days or more
In 2020-2021, 2925 requests were closed in 30 days or less, 539 requests were closed between 31-60 days, 452 requests were closed between 61-120 days, and 988 requests were closed in 121 days or more.
Files closed beyond 30 days were not necessarily late as legal extensions may have been applied.
3.2.4 On-time compliance
A total of 3,158 requests (64.4%) were closed within statutory deadlines in Fiscal Year 2020-21. This represents a 10.6% drop in on-time compliance over the previous reporting period likely attributed to impacts as a result of the COVID Pandemic. The Province of Ontario lockdowns impacted the number of individuals permitted in office locations which impacted the ability to receive and scan records into the request processing system and redaction software system.
Workload continued to be a factor affecting on-time compliance; however, the most common reason for deemed refusal was “Other”, cited for nearly 76.5% of requests closed late during the reporting period. Some factors affecting performance and deemed refusal rates includes the unavailability of key officials and difficulties in obtaining relevant records.
Impacts to productivity resulting from staffing challenges continues to impact compliance. There continues to be ATIP staff turnover at all levels due to a competitive job market. New employees require a learning and adjustment period to realize performance potential. The hiring and training of new employees during a remote posture has also created additional workload for ATIP management and support services. Over the past year efforts have continued to staff vacant positions and train new staff.
3.2.5 Disposition: Percentage of requests all disclosed vs. disclosed in part
Figure 7: All disclosed vs. disclosed in part (FY 2020-21)
During the reporting period, Defence responded to a total of 4904 requests. A total of 20% of requests were all disclosed (982) and 46.3% (2269) of requests were disclosed in part.
Figure 7: Long description
Requests All Disclosed and Disclosed in Part
2269 requests were disclosed in part
982 requests were all disclosed
3.3 Consultations received and completed
Historically, National Defence does not receive a lot of consultation requests relating to requests made under the Privacy Act. During the reporting period, National Defence received five requests for consultation, three were from other Government of Canada institutions and two were from other organizations. Six consultations were closed during the reporting period.
4. COVID-19 Impacts to Privacy Operations
On March 13, 2020 DND/CAF initiated its Business Continuity Plan (BCP) in response to the evolving COVID-19 Pandemic which continued into the Fiscal Year 20/21 reporting period. DND/CAF has played a significant role in the Government of Canada’s response to COVID-19. Operation LASERFootnote 5 is the Canadian Armed Forces’ contribution to save lives, assist federal, provincial and territorial partners, and maintain CAF readiness, effectiveness and resilience. Ensuring the health and well-being of employees and CAF members and supporting Operation LASER remains a key departmental priority. The Defence Team including the ATIP Directorate pivoted to alternate work arrangements and a remote work posture immediately in response to the Pandemic. Initially, remote work challenges such as limited access to Virtual Private Networks (VPN) and remote access to the ATIP redaction software as well as Office of Primary Interest (OPI) access to paper records impacted productivity and processing of ATI and Privacy requests. Remote connectivity quickly stabilized and continued to improve as the Defence Team optimized the remote work posture. Key functions within the ATIP Directorate that could only be performed physically on site such as receipt of mail, opening of new requests, scanning of paper records, urgent requests and processing of secret materials were carried out while respecting public health measures. As per TBS guidance and best practices, the ATIP Directorate contacted requesters directly to notify of potential delays in processing requests as a result of the pandemic. National Defence took proactive steps at the beginning of the pandemic and leveraged technology to enable remote work by adopting and implementing the use of e-signatures, electronic record sharing, and the use of the Canada Post epost service to limit the reliance on paper records and traditional mail. The ATIP directorate continued to expand remote access to redaction which allowed National Defence to process records classified Protected B and below. ATIP employees were supported and equipped with the tools, equipment, systems and training to conduct their work remotely.
In May 2020, the Deputy Minister and Chief of Defence Staff issued a joint directive to the Defence Team which identified key departmental priorities including the continued performance of activities mandated by legislation and regulation. The ATIP Program and adherence to legislation was included within this priority and in early June the ATIP Directorate invoked its Business Resumption Plan and resumed on-site operations with a reduced capacity while adhering to stringent public health measures to safe guard health of employees. The ATIP Directorate’s employee orientation plan and approach to resumption of on-site work was adopted across the Defence Team as a best practice and was shared with other government departments ATIP Offices.
Consistent with other ATIP offices located in the National Capital Region, National Defence was impacted by the Ontario provincial lockdowns. The limitations on the number of staff allowed physically on-site while respecting public health guidance impacted the ability to process paper records and secret material; this has resulted in a backlog of ATI and Privacy requests and impacted overall performance for Privacy requests. In spite of the constraints associated with the pandemic, National Defence reviewed more pages and closed more ATI files compared to the previous year. The innovations and improvements adopted during the pandemic have improved the overall ATIP Program and will continue to be built upon in the coming years as we continue to modernize ATIP program delivery.
The COVID-19 ATIP Capacity supplemental statistical report at Annex C represents National Defence impacts to ATI Operations. ATIP Operations experienced partial capacity processing paper records in different classification levels for a total of 42 weeks. The institution experienced 41 weeks where partial capacity was affected in the processing of electronic records in different classification levels.
5. Privacy protection and personal information management
5.1 Public interest disclosures
Paragraph 8(2)(m) of the Privacy Act permits the disclosure of personal information, without the consent of the individual to whom it relates, where the public interest in disclosure clearly outweighs any invasion of privacy that could result, or where the disclosure would clearly benefit the individual to whom the information relates.
During the reporting period, 70 disclosures of personal information were made in accordance with paragraph 8(2)(m). These public interest disclosures included information relating to Boards of Inquiry or Summary Investigations into the death or serious injury of a CAF member. The majority of disclosures were to the CAF member’s family or representative.
For each of the 70 disclosures made in the public interest during Fiscal Year 2020-21, the Office of the Privacy Commissioner (OPC) was notified of each release.
5.2 Privacy breaches
Privacy rights are a matter of ongoing public concern. In respect of sections 4 to 8 of the Privacy Act, which govern personal information management, the ATIP Directorate received 182 complaints regarding contravention of one or more of these provisions. The ATIP Directorate’s Privacy Incident Management team reviewed and resolved 206 complaints alleging a breach of privacy, of which 137 complaints were deemed to be well-founded.
5.2.1 Material privacy breaches
Treasure Board Secretariat defines a material privacy breach as one that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual, and/or involves a large number of affected individuals. National Defence reported one material privacy breach to TBS and the OPC this reporting period as per policy requirement.
5.3 Privacy impact assessments
National Defence collects, uses and discloses personal information in the delivery of mandated programs and services. In accordance with TB policy, the DND and the CAF undertake privacy impact assessments (PIA) to evaluate privacy impacts in the administration of these activities. A PIA provides a framework to identify the extent to which proposals comply with the Privacy Act and applicable privacy policies, assist program officials in avoiding or mitigating privacy risks, and promote informed program and system design choices.
National Defence completedFootnote 6 one PIA during FY 2018-2019 in support of the program described below. The Department is preparing to post the summary on its website.
- In order to support Operation Honour, the Operation Honour Tracking and Analysis System (OPTHAS) was created. OPHTAS is a Protected B Microsoft Dynamics installation managed by DND/CAF with the purpose of providing a reporting database for the chain of command (CoC); to track, assess, and report sexual misconduct incidents and their eventual disposition, as well as to measure trends and evaluate the effectiveness of actions taken at all levels within the military.
- Litigation Implementation Team (LIT): Processing of Claim Forms for Class Action Final Settle Agreements - The LIT’s role is in support of the independent, court-appointed Administrator and Assessors in administering claims submitted by claimants under the terms of the class action settlement or judgement. In this role, the LIT must receive Claim Form information from the court appointed Administrator, verify claimant service with CAF and/or employment with DND or Staff of the Non-Public Fund Organization (SNPF) and, if required, review the claim and retrieve relevant government records of claimants. Subsequently, for selected claims the LIT must analyze the records against the claimant’s allegations within the claim and provide a response to the Administrator regarding the presence of records that are relevant to the claim, including the disclosure of relevant records.
- Litigation Implementation Team (LIT): Processing of Claim Forms for Class Action Final Settle Agreements - The LIT’s role is in support of the independent, court-appointed Administrator and Assessors in administering claims submitted by claimants under the terms of the class action settlement or judgement. In this role, the LIT must receive Claim Form information from the court appointed Administrator, verify claimant service with CAF and/or employment with DND or Staff of the Non-Public Fund Organization (SNPF) and, if required, review the claim and retrieve relevant government records of claimants. Subsequently, for selected claims the LIT must analyze the records against the claimant’s allegations within the claim and provide a response to the Administrator regarding the presence of records that are relevant to the claim, including the disclosure of relevant records.
5.4 DND/CAF personal information
5.4.1 Complex & Sensitive Personal Information
To ensure the appropriate protection of sensitive personal information within DND/CAF, the ATIP Directorate provides review and redaction services to support a number of departmental administrative processes including Boards of Inquiry, Summary Investigations, Reports involving allegations of Workplace Violence, Harassment and Grievances. Although these are not formal requests made under the Privacy Act, the information is being released from DND/CAF and privacy protection is a priority.
As demonstrated in FIGURE 8 below, the ATIP Directorate reviewed 113 files containing complex and sensitive personal information. This represents a total of 2,744 pages reviewed in Fiscal Year 2020-21 to ensure personal information is protected and not inappropriately disclosed.
Figure 8: Review of complex & sensitive personal information for release
Figure 8: Long description
Review of Complex Sensitive Personal Information
37 Harassement files (1579 pages)
1 Grievance file (8 pages)
75 Board of Inquiry / Summary Investigation files (1157 pages)
6. Complaints, Audits and Reviews
6.1 Complaints from the Office of the Privacy Commissioner
In Fiscal Year 2020-21, National Defence received a total of 28 formal complaints from the Office of the Privacy Commissioner (OPC), representing less than one percent of all requests closed during the reporting period.
Further to Part 8 of the Statistical Report, which notes complaints received and closed:
- Section 31: When the OPC gives formal notice of their intention to investigate a complaint regarding the processing of a request under the Act.
- Defence received 28 such notices during Fiscal Year 2020-21 as compared to 22 such notices during Fiscal Year 2019-20.
- Section 33: When the OPC requests further representations from institutions pursuant to an ongoing complaint investigation.
- Defence received 23 such notices during Fiscal Year 2020-21 in comparison to 50 such notices in the previous reporting period.
- Section 35: When the OPC issues a findings report for a well-founded complaint upon conclusion of an investigation.
- During the reporting period, 24 complaints were found to have merit. Note that these complaints are not necessarily from the 28 complaints received during the reporting period.
The 24 well-founded determinations represent 61.5% of all findings issued by the OPC to National Defence in Fiscal Year 2020-21. The vast majority of these complaints, 20 in total were administrative in nature (about delays and time extensions) and 4 were refusal complaints (regarding application of exemptions or possible missing records). Figure 8 below illustrates the type of complaints that had findings issued during the reporting period.
Figure 9: Type of complaint (FY 2020-21)
Figure 9: Long description
Reasons for Complaint
6 Discontinued or resolved
9 Not well-founded
24 Well founded, 20 of which were Administrative, and 4 were Refusal Complaints
6.2 Court decisions
In Fiscal Year 2020-21, there were no court proceedings actioned in respect of requests processed by National Defence.
7. Policies and procedures
7.1 Internal procedures
The ATIP Directorate continues to review and update procedures for processing personal information requests and managing privacy incidents to document process improvements and to ensure alignment with Treasure Board (TB) policies and directives. This reporting period, Privacy Operations created and implemented a Standard Operating Procedure (SOP) called the Electronic-Response process. Electronic-Response process allows OPI’s to share records electronically with DAIP, therefore eliminating the need for traditional mailing of records and paper-based processes. OPI’s have used this process to successfully transmit electronic records with the security classification up to Protected B to the ATIP Directorate. This innovation has resulted in efficiencies, eliminating delays in the delivery of regular mail and enabled employees to continue to work efficiently remotely during the COVID pandemic.
8. Training and awareness
8.1 ATIP training program
Departmental ATIP training was initially impacted by the COVID pandemic. Formal ATIP training resumed in July 2020 on a virtual platform. National Defence uses a three-pronged approach for training, where Directorate training resources delivered the following training sessions to DND civilian and CAF military members with specific emphasis on those staff with ATIP responsibilities:
- Introductory courses (General ATIP or Privacy Fundamentals);
- Advanced courses (General ATIP or organization-specific content); and,
- ATIP awareness and engagement activities with the various branches and divisions.
8.2 Training and awareness activities
A total of 87 face-to-face training sessions were delivered to approximately 1,559 Defence employees and CAF members on the administration of both the ATI Act and Privacy Act, as well as on appropriate management of personal information under the control of the institution. These training sessions were provided through participation in ATIP 101 (introductory) sessions, ATIP 201 (advanced) sessions, GCDOCS privacy-focused training, and targeted training sessions for specific Defence organizations. Most training sessions were delivered by the ATIP Directorate staff in person or through video teleconference technologies, however some organizations conducted their own courses and one-on-one sessions. An example of organizations conducting their own training sessions included the 3 training events provided by the Canadian Forces Health Services group that covered a variety of Privacy topics – for a total of 135 persons trained. Defence employees and CAF members were also encouraged to take the Access to Information and Privacy Fundamentals course offered through the Canada School of Public Service.
In keeping with promoting awareness, the ATIP Directorate employees also provided guidance to third parties and requesters on the requirements of the Access to Information Act and the Privacy Act, TB policies and directives, and associated institutional procedures as required.
8.2.1 Canadian Forces Health Services training
The Canadian Forces Health Services (CFHS) operates a privacy office that is responsible for providing advice and support to the CFHS Group on policies and activities that involve personal health information. In accordance with their mandate, the CHFS privacy office maintains training modules to educate staff on the principles of “Privacy, Confidentiality and Security” to support appropriate use of the Canadian Forces Health Information System.
During this reporting period, over 2,278 of their staff attended training or completed mandatory modules offered specifically to the CFHS organization.
8.3 Employee well-being
In response to challenges caused by the COVID Pandemic and the impacts of remote work, the ATIP Directorate placed increased emphasis on directorate staff mental health, well-being and resilience. In addition to the ongoing ATIP operational training, virtual workplace well-being sessions were provided to all staff focusing on stress management, resilience, nutrition, and physical exercise to maintain mental health during the Pandemic. To support telework and ensure that supervisors were equipped to lead in a virtual work environment, training sessions on establishing effective virtual teams and managing remote teams were provided to all supervisors and managers in the Directorate. These courses provided tools to build virtual relationships, establish communication standards, leverage appropriate communication tools, support remote team members, and lead virtual team meetings.
9. Initiatives and projects
9.1 Technological improvements
9.1.1 Remote access to redaction software
National Defence continues to explore and implement technological solutions to enhance ATIP business processes. The ATIP Directorate implemented remote access to the ATIP request processing and redaction software to employees this Fiscal Year which allowed the processing of ATI request remotely during the COVID Pandemic. New procedures, training and tools were developed and implemented to support the successful shift to remote processing.
The ATIP Directorate also widely adopted the use of Microsoft Teams and SMART Bridgit software to stay connected for meetings as well as onboarding and training new employees.
9.1.2 Shift to paperless processing
A shift towards paperless processing of ATIP requests continued this Fiscal Year. The adoption of electronic processes to reduce paper records such as use of network shared drives to share records electronically between DND/CAF record holders and the ATIP Directorate increased during the COVID Pandemic. The majority of OPIs switched over to electronic processes and are no longer providing paper records to the ATIP Directorate. Electronic signatures on letters to applicants and using Canada Post epost service to share records with applicants versus traditional mail has led to faster access to records for Canadians. This shift to paperless processing enabled the continued processing of ATI requests throughout the various Provincial lock downs.
9.1.3 New case management solution
The ATIP Directorate completed implementation of a new case management system this Fiscal Year to manage Privacy Incident Management, Privacy Impact Assessments, Personal Information Disclosures, and managing and tracking legal matters. This new case management system, ATIP OMNI, improves tracking and trend analysis for governance and compliance activities. It also includes features to maintain Personal Information Banks and Info Source management in a more automated manner.
10. Monitoring compliance
The ATIP Directorate regularly monitors and reports on a number of ATIP metrics. In Fiscal Year 2020-21, the Departmental ATIP Performance Dashboard that tracks OPI record retrieval timeliness and overall ATIP compliance continued to be refined to provide better overall awareness to senior leadership on ATIP performance and metrics. This monitoring allows the ATIP Directorate to track ATIP performance across the Department and identify areas for process improvements. This year National Defence piloted a new analytics tool which will enable senior leaders and OPI’s to easily monitor overall ATIP compliance and track individual request stats. The ATIP Directorate continues to receive ad hoc requests for statistics and performance reports to inform program delivery and identify trends.
Currently, the time to process requests for correction of personal information is not formally monitored as this number is regularly very low. In Fiscal Year 2020-21, the ATIP Directorate received only one request for correction.
11. Privacy operating costs
11.1.1 Costs
The annual cost to administer the National Defence privacy program increased by 27.8% to approximately $4,687,927 Fiscal Year 2020-21.
11.1.2 Human Resources
During Fiscal Year 2020-21, an equivalent of 49.005 full-time employees were dedicated to administering the Privacy Act. For additional information refer to section 11 in Annex B.
National Defence and the Canadian Armed Forces
Access to Information Act and Privacy Act Designation Order
- Pursuant to section 73 of the Access to Information Act and the Privacy Act, the Minister of National Defence, as the head of a government institution under these Acts, hereby designates the persons holding the following positions, or the persons occupying those positions on an acting basis, to exercise or perform all of the powers, duties and functions of the head of a government institution under these Acts:
- the Deputy Minister;
- the Corporate Secretary;
- the Director Access to Information and Privacy; and
- Deputy Directors Access to Information and Privacy.
- Pursuant to section 73 of the above-mentioned Acts, the Minister also designates the following:
- those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
- The application of the following provisions under the Access to Information Act: section 9; subsection 11(2), 11(3), 11(4), 11(5), 11(6); sections 19, 20, 23 and 24; subsections 27(1) and 27(4); paragraph 28 (1)(b), subsections 28(2) and 28(4); and
- The response to requests made under the Access to Information Act if no records exist.
- those persons holding the position of Privacy Team Leader, or the persons occupying this position on an acting basis, to exercise or perform any of the powers, duties and functions of the head of an institution under the Privacy Act, other than under sub-paragraphs 8(2)(j) and 8(2)(m); and
- those persons holding the position of Privacy Senior Analyst, or the persons occupying this position on an acting basis, to exercise or perform the powers and duties in respect of the application of section 26 of the Privacy Act.
- those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
Original signed by
The Honourable Harjit S. Sajjan, PC, OMM, MSM, CD, MP
Minister of National Defence
Date: 2016-01-12
Government of Canada
Statistical Report on the Privacy Act
Name of institution: National Defence
Reporting period: 2020-04-01 to 2021-03-31
Section 1: Requests Under the Privacy Act
1.1 Number of requests
Number of Requests | |
---|---|
Received during reporting period | 5,275 |
Outstanding from previous reporting period | 853 |
Total | 6,128 |
Closed during reporting period | 4,904 |
Carried over to next reporting period | 1,224 |
Section 2: Requests Closed During the Reporting Period
2.1 Disposition and completion time
Disposition of requests | Completion time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More Than 365 Days |
Total | |
All disclosed | 108 | 484 | 116 | 111 | 74 | 87 | 2 | 989 |
Disclosed in part | 31 | 851 | 323 | 274 | 300 | 412 | 72 | 2,269 |
All exempted | 15 | 11 | 4 | 3 | 0 | 1 | 2 | 35 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 919 | 162 | 63 | 45 | 11 | 10 | 1 | 1,211 |
Request abandoned | 309 | 36 | 33 | 19 | 6 | 3 | 1 | 407 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1,381 | 1,544 | 539 | 452 | 391 | 513 | 84 | 4,904 |
2.2 Exemptions
Section | Number of Requests |
---|---|
18(2) | 0 |
19(1)(a) | 2 |
19(1)(b) |
1 |
19(1)(c) |
16 |
19(1)(d) |
23 |
19(1)(e) |
0 |
19(1)(f) |
0 |
20 | 0 |
21 | 31 |
22(1)(a)(i) | 153 |
22(1)(a)(ii) |
0 |
22(1)(a)(iii) |
0 |
22(1)(b) |
19 |
22(1)(c) |
0 |
22(2) | 0 |
22.1 | 0 |
22.2 | 0 |
22.3 | 2 |
22.4 | 0 |
23(a) | 5 |
23(b) |
0 |
24(a) |
0 |
24(b) |
0 |
25 | 1 |
26 | 2,253 |
27 | 98 |
27.1 | 0 |
28 | 0 |
2.3 Exclusions
Section | Number of Requests |
---|---|
69(1)(a) | 0 |
69(1)(b) |
0 |
69.1 | 0 |
70(1) | 0 |
70(1)(a) |
0 |
70(1)(b) |
0 |
70(1)(c) |
0 |
70(1)(d) |
0 |
70(1)(e) |
0 |
70(1)(f) |
0 |
70.1 |
0 |
2.4 Format of information released
Paper | Electronic | Other |
---|---|---|
395 | 2,856 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
---|---|---|
1,050,543 | 971,771 | 3,693 |
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition | Less Than 100 Pages Processed | 101-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More Than 5,000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
All disclosed | 751 | 14,721 | 185 | 36,122 | 35 | 19,862 | 11 | 11,194 | 0 | 0 |
Disclosed in part | 677 | 26,465 | 941 | 247,748 | 412 | 282,287 | 238 | 331,947 | 1 | 1,425 |
All exempted | 33 | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 1 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 404 | 0 | 2 | 0 | 0 | 0 | 1 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1,865 | 41,186 | 1,128 | 283,870 | 447 | 302,149 | 251 | 343,141 | 2 | 1,425 |
2.5.3 Other complexities
Disposition | Consultation Required | Legal Advice Sought | Interwoven Information | Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 1 | 0 | 2 | 3 |
Disclosed in part | 2 | 5 | 0 | 9 | 16 |
All exempted | 0 | 1 | 0 | 0 | 1 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 2 | 2 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 2 | 7 | 0 | 13 | 22 |
2.6 Closed requests
2.6.1 Number of requests closed within legislated timelines
- | Requests closed within legislated timelines |
---|---|
Number of requests closed within legislated timelines | 3,160 |
Percentage of requests closed within legislated timelines (%) | 64.4 |
2.7 Deemed refusals
2.7.1 Reasons for not meeting legislated timelines
Number of Requests Closed Past the Legislated Timelines | Principal Reason | |||
---|---|---|---|---|
Interference with Operations / Workload | External consultation | Internal Consultation | Other | |
1,744 | 755 | 0 | 1 | 988 |
2.7.2 Requests closed behond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines | Number of Requests Past Legislated Timeline Where No Extension Was Taken | Number of Requests Past Legislated Timelines Where an Extension Was Taken | Total |
---|---|---|---|
1 to 15 days | 221 | 9 | 230 |
16 to 30 days | 90 | 2 | 92 |
31 to 60 days | 232 | 3 | 235 |
61 to 120 days | 398 | 6 | 404 |
121 to 180 days | 361 | 3 | 364 |
181 to 365 days | 343 | 4 | 347 |
More than 365 days | 70 | 2 | 72 |
Total | 1,715 | 29 | 1,744 |
2.8 Requests for translation
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Section 3: Disclosures under Subsections 8(2) and 8(5)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
194 | 70 | 70 | 334 |
Section 4: Requests for Correction of Personal Information and Notations
Dispositions for Correction Requests Received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 1 |
Total | 1 |
Section 5: Extensions
5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | ||||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | 15(b) Translation purposes or conversion | |
230 | 8 | 0 | 221 | 0 | 0 | 1 | 0 | 0 |
5.2 Length of extensions
Length of Extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | ||||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | 15(b) Translation purposes or conversion | |
1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 days | 8 | 0 | 221 | 0 | 0 | 1 | 0 | 0 |
31 days or greater | - | - | - | - | - | - | - | 0 |
Total | 8 | 0 | 221 | 0 | 0 | 1 | 0 | 0 |
Section 6: Consultations Received From Other Institutions and Organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
---|---|---|---|---|
Received during reporting period | 3 | 30 | 2 | 8 |
Outstanding from the previous reporting period | 1 | 77 | 1 | 5 |
Total | 4 | 107 | 3 | 13 |
Closed during the reporting period | 3 | 30 | 3 | 13 |
Pending at the end of the reporting period | 1 | 77 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendations | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed |
0 | 0 | 1 | 2 | 0 | 0 | 0 | 3 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 1 | 2 | 0 | 0 | 0 | 3 |
6.3 Recommendations and completion time for consultations received from other organizations
Recommendations | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed |
0 | 0 | 1 | 1 | 0 | 0 | 0 | 2 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
Total | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 3 |
Section 7: Completion Time of Consultations on Cabinet Confidences
7.1 Requests with Legal Services
Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More Than 5,000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More Than 5,000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and Investigations Notices Received
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
28 | 23 | 24 | 0 | 75 |
Section 9: Privacy Impact Assessments (PIAs)
Number of PIA(s) completed: | 2 |
---|
9.2 Personal Information Banks
- | Personal Information Banks |
---|---|
Active | 104 |
Created | 0 |
Terminated | 0 |
Modified | 0 |
Section 10: Material Privacy Breaches
Number of material privacy breaches reported to TBS | 1 |
Number of material privacy breaches reported to OPC | 1 |
Section 11: Resources Related to the Privacy Act
11.1 Costs
Expenditures | Amount | |
---|---|---|
Salaries | $3,759,306 | |
Overtime | $6,759 | |
Good and Services | $921,862 | |
|
$734,129 | |
|
$187,733 | |
Total | $4,687,927 |
11.2 Human Resources
Resources | Person Years Dedicated to Access to Information Activities |
---|---|
Full-time employees | 43.630 |
Part-time and casual employees | 1.625 |
Regional staff | 0.000 |
Consultants and agency personnel | 3.375 |
Students | 0.375 |
Total | 49.005 |
Note: Enter values to three decimal places.
Annex C: Supplemental Statistical Report on the Access to Information and Privacy Act for 2020-2021
Government of Canada
Supplemental Statistical Report on the Access to Information Act and Privacy Act
Name of institution: National Defence
Reporting period: 2020-04-01 to 2021-03-31
Section 1: Capacity to Receive Requests
Enter the number of weeks your institution was able to receive ATIP requests through the different channels.
- | Number of Weeks |
---|---|
Able to receive requests by mail | 52 |
Able to receive requests by email | 52 |
Able to receive requests through the digital request service | 52 |
Section 2: Capacity to Process Records
2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.
- | No Capacity | Partial Capacity | Full Capacity | Total |
---|---|---|---|---|
Unclassified Paper Records | 0 | 27 | 25 | 52 |
Protected B Paper Records | 0 | 35 | 17 | 52 |
Secret and Top Secret Paper Records | 0 | 42 | 10 | 52 |
2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.
- | No Capacity | Partial Capacity | Full Capacity | Total |
---|---|---|---|---|
Unclassified Electronic Records | 0 | 26 | 26 | 52 |
Protected B Electronic Records | 0 | 35 | 17 | 52 |
Secret and Top Secret Electronic Records | 0 | 41 | 11 | 52 |
Page details
- Date modified: