2022-2023 Annual Report to Parliament - Administration of the Privacy Act
Department of National Defence and the Canadian Armed Forces
On this page
- Introduction
- Access to Information and Privacy at National Defence
- Highlights of the Statistical report
- COVID-19 Impacts to Privacy Operations
- Privacy protection and personal information management
- Complaints, audits and reviews
- Policies and procedures
- Training and awareness
- Initiatives and projects
- Monitoring compliance
- Privacy operating costs
1. Introduction
The Department of National Defence and the Canadian Armed Forces are pleased to present to Parliament their annual report on the administration of the Privacy Act. Section 72 of the Act requires the head of every federal government institution to submit an annual report to Parliament on its administration each financial year. This report describes National Defence activities that support compliance with the Privacy Act for the fiscal year (FY) commencing 1 April 2022 and ending 31 March 2023.
1.1 Purpose of the Privacy Act
The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and provide individuals with a right of access to that information.
These rights of protection and access are in accordance with the principles that individuals should have a right to know why their information is collected by the government, how it will be used, how long it will be kept and who will have access to it.
Service Agreements
The Department of National Defence and the Canadian Armed Forces had no service agreements pursuant to section 73.1 of the Privacy Act.
2. Access to Information and Privacy at National Defence
2.1 Mandate of National Defence
Who we are
The Department of National Defence (DND) and the Canadian Armed Forces (CAF) make up the largest federal government department. Under Canada’s defence policy, the Defence Team will grow to over 125,000 personnel, including 71,500 Regular Force members, 30,000 Reserve Force members and 25,000 civilian employees.
What we do
DND and the CAF have complementary roles to play in providing advice and support to the Minister of National Defence, and implementing Government decisions regarding the defence of Canadian interests at home and abroad.
At any given time, the Government of Canada can call upon the CAF to undertake missions for the protection of Canada and Canadians and to maintain international peace and stability.
Canada’s defence policy presents a strategic vision for defence: Strong, Secure, Engaged. This is a vision in which Canada is:
Strong at home, with a military ready and able to defend its sovereignty, and to assist in times of natural disaster, support search and rescue, or respond to other emergencies.
Secure in North America, active in a renewed defence partnership in the North American Aerospace Defense Command (NORAD) and with the United States to monitor and defend continental airspace and ocean areas.
Engaged in the world, with the Canadian Armed Forces doing its part in Canada’s contributions to a more stable, peaceful world, including through peace support operations and peacekeeping.
The National Defence Act (NDA) establishes DND and the CAF as separate entities, operating within an integrated National Defence Headquarters as they pursue their primary responsibility of providing defence for Canada and Canadians.
2.2 National Defence Organization
Senior leadership
The Governor General of Canada is the Commander-in-Chief of Canada. DND is headed by the Minister of National Defence. The Associate Minister of National Defence supports the Minister of National Defence. The Deputy Minister of National Defence is the Department’s senior civil servant. The CAF are headed by the Chief of the Defence Staff, Canada’s senior serving officer. These senior leaders each have different responsibilities:
- The Governor General is responsible for appointing the Chief of the Defence Staff on the recommendation of the Prime Minister, awarding military honours, presenting colours to CAF regiments, approving new military badges and insignia, and signing commission scrolls;
- The Minister of National Defence presides over the Department and over all matters relating to national defence;
- The Associate Minister is also responsible for defence files, as mandated by the Prime Minister, with the specific priority of ensuring that CAF members have the equipment they need to do their jobs;
- The Deputy Minister is responsible for policy, resources, interdepartmental coordination and international defence relations; and
- The Chief of the Defence Staff is responsible for command, control and administration of the CAF, as well as military strategy, plans and requirements.
Defence organization
The National Defence organizational structure is represented in the diagram below. Additional information about the National Defence organization is available online.
Figure 1: National Defence Organization Chart
2.3 The Directorate of Access to Information and Privacy
Delegation of Authority
In accordance with section 73(1) of the Privacy Act, a delegation of authority, signed by the Minister, designates the Deputy Minister, Corporate Secretary, Executive Director of Access to Information and Privacy, Access to Information Chief of Operations, and Access to Information and Privacy (ATIP) Deputy Directors to exercise all powers and functions of the Minister, as the head of institution under the Act. It also designates other specific powers and functions to employees within the Directorate Access to Information and Privacy.
Under the authority of the Corporate Secretary, the ATIP Executive Director administers and coordinates the Access to Information Act and the Privacy Act, and acts as the departmental ATIP Coordinator. In the administration of the Act, the ATIP Directorate seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required.
A copy of the Access to Information Act and Privacy Act Designation Order is provided at Annex A.
The ATIP Directorate
The ATIP Directorate is responsible for matters regarding access to information and privacy protection within the National Defence portfolio, except for the following organizations: the Military Police Complaints Commission, the Military Grievances External Review Committee, the Communications Security Establishment, the Office of the National Defence and Canadian Forces Ombudsman, the Director of Defence Counsel Services, and the Canadian Forces Morale and Welfare Services.
The ATIP Directorate is managed by an Executive Director, and supported by a corporate services team that is responsible for the administrative and management functions of the directorate, including business planning, financial management, human resources, physical security, and information and records management (IM/RM). The workforce is divided functionally into three main areas, further supported by Defence organization liaison officers, as illustrated in the diagram at Figure 2.
The Chief of Operations oversees all activities related to access to information, including ATIP Intake; and is supported by Deputy Directors across ATI Operations. This ensures consistency in the execution of departmental processes and application of the ATI Act and allows for quality assurance activities, tracking, reporting, and monitoring of trends and rising issues.
Deputy Directors oversee Privacy Operations, Privacy Management and Compliance (PMC), and ATIP Program Support (ATIP-PS).
Figure 2: National Defence ATIP Operational Workforce
Long description
National Defence ATIP operational workforce
ATI Operations Receive and process requests for records in accordance with the “rights of access” provided by the Access to Information Act and the Privacy Act. Seek and receive relevant records from National Defence organizations. Conduct line-by-line review of records. Consult other parties for disclosure recommendations. Apply ATI Act and Privacy Act provisions. Respond to formal complaints from the Offices of the Information Commissioner and the Privacy Commissioner
Privacy Management and Compliance Oversee departmental compliance with the Privacy Act and policy obligations. Provide expertise & strategic advice to senior management. Conduct privacy risk assessments. Provide privacy advisory services and responses to requests for disclosures in the public interest. Support the review of allegations of mismanagement of personal information; including formal complaints received from the Office of the Privacy Commissioner
ATIP Program Support Provide strategic advice and issues management support. Develop ATIP related internal policy instruments. Deliver ATIP training and awareness program. Perform data analytics and report on program performance. Maintain internal applications and provide technical support.
ATI & Privacy Liaison Officers Support the ATIP program by coordinating ATI and Privacy activities across offices of primary interest within their respective groups.
The Privacy Liaison Officers is a role performed within each of the organizations identified in the National Defence organization chart. This role supports the ATIP program by coordinating the privacy incident response activities for their respective groups.
To better support the ATIP Directorate and improve overall departmental compliance with the Privacy Act, the former Policy and Governance Section has been restructured as the Privacy Management and Compliance (PMC) Section and the ATIP Program Support (ATIP-PS) Section. This change provides the resources and focus necessary to address the institution’s Privacy Management Framework and support the incoming Chief Privacy Officer, while enhancing internal governance and program support activities.
The PMC section’s key objective is to oversee departmental compliance with the Privacy Act; the section manages privacy risk assessments; resolution of privacy breaches and systemic issues; provides guidance on privacy policy obligations as well as expertise and advice to senior management on contentious and sensitive issues while ensuring continuous improvements of privacy policy and service delivery for the department.
The ATIP-PS section delivers training and promotes ATIP awareness, performs data analytics and reports on program performance, and provides ATIP related advice and guidance to the ATIP Directorate and the wider DND/CAF community.
In addition to access to information and privacy protection activities, the ATIP Directorate provides support to the Departmental Litigation Oversight-Litigation Implementation Team. The Directorate conducts an ATIP-like review of records in support of class action settlements as required.
3. Highlights of the Statistical report
The statistical report at Annex B consists of data submitted by National Defence as part of Treasury Board Secretariat (TBS) annual collection of ATIP-related statistics. The following sections contain highlights, trends and an analysis of notable statistical data from a departmental perspective.
3.1 Requests received
During the reporting period, National Defence received 6,393 requests for personal information under the Privacy Act, representing a 3.8% increase from the previous reporting period. Combined with a carry-over of 815 files from FY 2021-22, this represents a total workload of 7,208 requests during the reporting period. The number of requests carried over increased 42% to 1,156 in the current reporting period.
Figure 3: Privacy Request Workload (Last Five Years)
Long description
- In 2018-2019, 6637 requests were received, 4183 requests were carried over from the previous reporting period. A combined workload of 10 820 requests.
- In 2019-2020, 6475 requests were received, 1814 requests were carried over from the previous reporting period. A combined workload of 8289 requests.
- In 2020-2021, 5275 requests were received, 853 requests were carried over from the previous reporting period. A combined workload of 6128 requests.
- In 2021-2022, 6158 requests were received, 1224 requests were carried over from the previous reporting period. A combined workload of 7382 requests.
- In 2022-2023, 6393 requests were received, 815 requests were carried over from the previous reporting period. A combined workload of 7208 requests.
Privacy Request workload
3.2 Requests completed
National Defence closed a total of 6,052 privacy requests during the reporting period. This represents a 7.8% decrease over the previous FY. The total ATIP workload over the past five years is represented in Figure 4 below.
Figure 4: Disposition of requests completed and total requests closed (Last five years)
Long description
Disposition of Request Completed and Total Requests Closed
- In 2018-2019, 2492 requests were all disclosed, 4685 requests were disclosed in part, and 35 requests where nothing was disclosed, 1301 requests where no records exist, and 493 requests were abandoned. A total of 9006 requests were closed.
- In 2019-2020, 1783 requests were all disclosed, 3747 requests were disclosed in part, and 36 where nothing was disclosed, 1369 requests where no records exist, 501 requests were abandoned. A total of 7436 requests were closed.
- In 2020-2021, 982 requests were all disclosed, 2269 were disclosed in part, and 35 requests where nothing was disclosed, 1211 requests where no records exist, 407 were abandoned. A total of 4904 were closed.
- In 2021-2022, 1270 requests were all disclosed, 3430 were disclosed in part, and 53 requests where nothing was disclosed, 1311 requests where no records exist, 503 were abandoned. A total of 6567 were closed.
- In 2022-2023, 1220 requests were all disclosed, 3015 were disclosed in part, and 43 requests where nothing was disclosed, 1312 requests where no records exist, 462 were abandoned. A total of 6052 were closed.
Pages reviewed
This year, a total of 1,282,023 pages were reviewed to close 4,740 requests. This represents an 18.8% decrease in pages processed from FY 2021-22 (Figure 5).
This number does not include the number of pages processed for requests reviewed in the current FY that were carried over into the next reporting period.
Figure 5: Number of pages reviewed for requests closed, where records existed (Last three years)
Long description
Number of Pages Reviewed for Requests Closed, where Records Existed
- In 2020-2021, 1 050 542 pages reviewed for 3693 requests closed
- In 2021-2022, 1 579 710 pages reviewed for 5256 requests closed
- In 2022-2023, 1 282 023 pages reviewed for 4740 requests closed
Exemptions and exclusions
Consistent with previous reporting periods, section 26 of the Privacy Act was the most frequently invoked exemption and was applied in 2,999 requests. This section of the Act protects personal information of individuals other than the requester.
Completion time
National Defence closed 3,181 requests within 30 days; this represents 52.6% of the total volume of requests closed. This equates to a 29% decrease of files closed within 30 days, compared to 4482 files closed within 30 days during the last reporting period. Of note, the number of files closed in excess of 180 days decreased by 53.4%, from 410 files in FY 2021-22 to 191 during this reporting period.
Figure 6: Time to complete requests (Last five years)
Long description
- Figure 6: Time to complete requests (last five years)
- In 2018-2019, 4134 requests were closed in 30 days or less, 717 requests were closed between 31-60 days, 518 requests were closed between 61-120 days and, 3637 requests were closed in 121 days or more
- In 2019-2020, 4998 requests were closed in 30 days or less, 803 requests were closed between 31-60 days, 223 requests were closed between 61-120 days, and 1412 requests were closed in 121 days or more
- In 2020-2021, 2925 requests were closed in 30 days or less, 539 requests were closed between 31-60 days, 452 requests were closed between 61-120 days, and 988 requests were closed in 121 days or more.
- In 2021-2022, 4482 requests were closed in 30 days or less, 938 requests were closed between 31-60 days, 442 requests were closed between 61-120 days and, 705 requests were closed in 121 days or more
- In 2022-2023, 3181 requests were closed in 30 days or less, 1720 requests were closed between 31-60 days, 628 requests were closed between 61-120 days and, 523 requests were closed in 121 days or more
Files closed beyond 30 days were not necessarily late as legal extensions under the legislation may have been applied.
Extension
Section 15 of the Privacy Act permits the statutory time limits to be extended if consultations are necessary, if translation is required or if the request is for a large volume of records and processing it within the original time limit would unreasonably interfere with the operations of the Department.
In total, 2163 extensions were applied during the FY 2022-23 reporting period. Each of the extensions were deemed necessary as meeting the original time limit would unreasonably interfere with the operations of the institution.
Number of Active Requests - Outstanding from Previous Reporting Periods
At the end of the FY 2022-23 reporting period, National Defence had 1156 active requests. A breakdown of outstanding requests by the reporting period in which the request was received, and whether the request is still within the legislated timelines (including extensions) is provided below in Figure 7.
Figure 7: Number of active requests (as of 31 March 2023)
Long description
Number of Active Requests- Outstanding from Previous Reporting Periods
- Of the requests received in 2022-23 (and active on March 31, 2023), 643 were within legislated timelines; 435 were beyond legislated timelines
- Of the requests received in 2021-22 (and active on March 31, 2023), 0 were within legislated timelines; 46 were beyond legislated timelines
- Of the requests received in 2020-21 (and active on March 31, 2023), 0 were within legislated timelines; 29 were beyond legislated timelines
- Of the requests received in 2019-20 or earlier (and active on March 31, 2023), 0 were within legislated timelines; 3 were beyond legislated timelines
Number of Active Complaints - Outstanding from Previous Reporting Periods
At the end of the reporting period, National Defence had 51 active complaints with the Office of the Privacy Commissioner of Canada (OPC). A breakdown of active complaints by reporting period is provided at Figure 8.
Figure 8: Number of active complaints (as of 31 March 2023)
Long description
Number of Active Complaints – Outstanding from Previous Reporting Periods
Of the complaints active on March 31, 2023:
- 24 complaints were received in 2022-23
- 19 complaints were received in 2021-22
- 5 complaints were received in 2020-21
- 3 complaints received in 2019-20 or earlier
On-time compliance
A total of 4,922 requests (81.3%) were closed within statutory deadlines in FY 2022-23. This represents a 0.5% increase in on-time compliance over the previous reporting period.
The most common reason for deemed refusal was “Interference with Operations/Workload,” cited for over 56% of requests closed late during the reporting period. As defined by TBS, this reason relates to requests where there is “interwoven information and review is required to determine exemptions, there were a large number of requests to be processed at the time, the request consisted of a high volume of records, there were difficulties in obtaining relevant information, or there were other ATIP-related tasks.”
Impacts to productivity resulting from staffing challenges continues to impact compliance. There continues to be ATIP staff turnover at all levels due to a competitive job market. New employees require a learning and adjustment period to realize performance potential. The hiring and training of new employees during a remote posture has also created additional workload for ATIP management and support services. Over the past year efforts have continued to staff vacant positions and train new staff.
Disposition: Percentage of requests all disclosed vs. disclosed in part
During the reporting period, Defence responded to a total of 6,052 requests; of which 20.2% were “all disclosed” (1,220) and 49.8% (3,015) were “disclosed in part.” The remaining requests were completed as all exempted, no records exist, or abandoned.
Figure 9: All disclosed vs. disclosed in part (FY 2022-23)
Long description
Requests All Disclosed and Disclosed in Part
- 3015 requests were disclosed in part
- 1220 requests were all disclosed
3.3 Consultations received and completed
Historically, National Defence does not receive many consultation requests relating to requests made under the Privacy Act. During the reporting period, National Defence received four requests for consultation; all four requests for consultation were received from other Government of Canada institutions. A total of three consultations were closed during the reporting period. Two requests for consultation were completed within 30 days, and one was completed between 121-180 days.
4. COVID-19 impacts to privacy operations
The ATIP office remained fully operational during FY 2022-23 reporting period; there were no significant impacts on ATIP performance attributable to COVID-19.
5. Privacy protection and personal information management
5.1 Public Interest Disclosures
Paragraph 8(2)(m) of the Privacy Act permits the disclosure of personal information, without the consent of the individual to whom it relates, where the public interest in disclosure clearly outweighs any invasion of privacy that could result, or where the disclosure would clearly benefit the individual to whom the information relates.
During the reporting period, 75 disclosures of personal information were made in accordance with paragraph 8(2)(m). Disclosures made in the public interest included but were not limited to, disclosures to the media relating to departmental actions in response to allegations of Sexual Misconduct and Hateful Conduct, and disclosures to CAF member’s family or representative relating to Boards of Inquiry or Summary Investigations into the death or serious injury of a CAF member.
For each of the 75 disclosures made in the public interest during FY 2022-23, the OPC was notified; wherever possible, notification occurred in advance of the disclosure.
5.2 Privacy Breaches
Privacy rights are a matter of increasing public concern. In respect of sections 4 to 8 of the Privacy Act, which govern the collection, retention, use and disclosure of personal information, the ATIP Directorate received 182 complaints regarding a contravention of one or more provisions of the Act. The ATIP Directorate’s Policy & Governance Team reviewed and resolved 148 complaints alleging a breach of privacy, of which 103 complaints were deemed to be well-founded.
Material Privacy Breaches
Treasury Board Secretariat defines a material privacy breach as one that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual, and/or involves a large number of affected individuals. National Defence reported 2 material privacy breaches to the OPC and TBS during this reporting period; each are described below.
- Unauthorized Disclosure: The identities of 55 individuals who were voluntary participants in a restorative engagement program were inadvertently disclosed when the recipient’s email addresses were visible in CC vice BCC as intended. Distribution was limited to the participating individuals; however, the matter was assessed as material based on the expectation of confidentiality inherent in the program. Containment actions were immediately taken to recall the email and provide instructions on how to fully delete it from the recipient systems. To support transparency, the responsible program official posted a notice acknowledging the breach via their website.
- Unauthorized Access: Two civilian employees who had legitimate access to the CF Health Information System during the performance of their duties were found to have accessed health information relating to an individual CAF member without a legitimate need to know. This matter was assessed as material based on the sensitivity of the information, and the implied willful action on the part of the two employees. The unauthorized access occurred more than 7 years before being discovered and reported to the ATIP office and the individuals involved are no longer employed by the department; therefore, no specific actions were taken in response to this matter.
5.3 Privacy Impact Assessments
National Defence collects, uses and discloses personal information in the delivery of mandated programs and services. In accordance with TB policy, the DND and the CAF undertake privacy impact assessments (PIA) to evaluate impacts to personal information in the administration of these activities. A PIA provides a framework to identify the extent to which proposals comply with the Privacy Act and applicable privacy policies, assist program officials in avoiding or mitigating privacy risks, and promote informed program and system design choices.
National Defence completedFootnote 1 five PIAs during FY 2022-23. The descriptions of PIAs are found below.
- Polygraph Examination – The Director General Defence Security (DGDS) protects, promotes, and supports security in the DND/CAF activities and operations by executing its functional authority leadership and implementing effective security programs. This PIA has been developed to assess the manner in which the Director General Defence Security (DGDS) utilizes polygraph examinations within the security screening processes of CAF members, DND employees, and DND/CAF contractors.
- Cellular Airborne Sensor for Search and Rescue (CASSAR) – DND/CAF began a process to procure and implement a Cellular Airborne Sensor for Search and Rescue (CASSAR) system. CASSAR systems use mobile phone detection capabilities to locate the mobile phones of persons in distress. The system turns phones into emergency beacons that quickly guide SAR teams to the precise location of the missing person, significantly improving the success of missions. CASSAR systems can also help reduce sweep times during SAR operations, and require less manpower, thereby significantly reducing SAR costs.
- Defence Intelligence Enterprise Program – The Defence Intelligence Program provides responsive, reliable and fully integrated intelligence capabilities, services and products to support and inform decisions and actions relating to potential and authorized military operations and activities assigned to National Defence, as well as any intelligence activities carried out by the Department in support of the Government of Canada's broader responsibilities with respect to national defence, national security or global affairs.
- Canadian Armed Forces Transition Group (CAF TG) – CAF TG delivers personalized, professional, and standardized casualty support and transition services to CAF members and their families to enable seamless transition and enhanced well-being with special attention provided to ill and injured personnel, their families and the families of the deceased.
- Casualty Identification Program (CasID) – DND’s Casualty Identification Program (CasID) helps to meet Canada’s legal and moral obligations in respect of Canada’s unaccounted-for military fatalities. Although active searches for the remains of Commonwealth service members were suspended in 1921, Commonwealth countries including Canada continue to attempt to identify the remains of missing service members found today. In Canada, this work is done by CasID, whose goal is to identify unknown Canadian service members and to provide those individuals with proper burials.
In addition, the ATIP Directorate continues to provide ongoing privacy advisory services to National Defence organizations assessing risks to personal information used in the administration of Defence programs.
5.4 Departmental personal information
Complex & Sensitive Personal Information
To ensure the appropriate protection of sensitive personal information within the Department, the ATIP Directorate provides review and redaction services to support a number of departmental administrative processes including Boards of Inquiry, Summary Investigations, Reports involving allegations of Workplace Violence, Harassment and Grievances. Although these are not formal requests made under the Privacy Act, the information is being released by the Department and privacy protection is a priority. The ATIP Directorate reviewed 136 files containing complex and sensitive personal information in FY 2022-23. This represents a total of 3,682 pages reviewed to ensure personal information is protected and not inappropriately disclosed.
6. Complaints, audits and reviews
6.1 Complaints from the Office of the Privacy Commissioner
In FY 2022-23, National Defence received a total of 65 formal complaints from the Office of the Privacy Commissioner (OPC); this represents less than one percent of all requests processed during the reporting period.
Further to Part 8 of the Statistical Report, which notes complaints received and closed:
- Section 31: When the OPC gives formal notice of their intention to investigate a complaint regarding the processing of a request under the Act.
- Defence received 65 such notices during FY 2022-23, compared to 54 such notices during FY 2021-22.
- Section 33: When the OPC requests further representations from institutions pursuant to an ongoing complaint investigation.
- Defence received 31 such notices during FY 2022-23 in comparison to 40 such notices in the previous reporting period.
- Section 35: When the OPC issues a findings report for a well-founded complaint upon conclusion of an investigation.
- During the reporting period, 27 complaints were found to have merit. Note that these complaints are not necessarily from the 65 complaints received during the reporting period.
The 27 well-founded determinations represent 54.0% of all findings issued by the OPC to National Defence in Fiscal Year 2022-23. Of the well-founded determinations, 26 were administrative in nature (relating to delays and time extensions) and one related to an unauthorized disclosure. Figure 10.
Significant efforts were placed on reducing the backlog of outstanding complaints with the OPC received in previous reporting periods. Throughout this FY, the ATIP Directorate collaborated closely with the OPC to find effective ways to manage complaints efficiently and as timely as possible. The ATIP Directorate consistently strives to maintain transparent communications and foster a positive working relationship with the OPC.
Figure 10: Complaints resolved (FY 2022-23)
Long description
Complaints Resolved
- 3 Not Well Founded
- 27 Well Founded
- 20 Resolved
6.2 Court Decisions
In FY 2022-23, there were no court proceedings actioned in respect of requests processed by National Defence.
7. Policies and procedures
7.1 Social Insurance Numbers
The Department of National Defence did not receive authority for new collection(s) or new consistent use(s) of Social Insurance Numbers during this reporting period.
8. Training and awareness
8.1 ATIP training program
Departmental ATIP training continued to be provided on a virtual platform. Directorate training staff delivered the following training sessions to Defence employees and CAF members with specific emphasis on those staff with ATIP responsibilities:
- Access to Information and Privacy Fundamentals (COR502 – Offered online by the Canada School of the Public Service, this course is a prerequisite for all departmental ATIP training);
- Introductory DND/CAF ATIP courses (ATIP 101 - General ATIP, or Privacy Fundamentals);
- Orientation session for new employees of the ATIP directorate;
- Advanced DND/CAF ATIP courses (ATIP 201 - Advanced ATIP or organization-specific content); and,
- ATIP awareness and engagement activities with the various branches and divisions.
8.2 Training and awareness activities
A total of 51 training sessions were delivered to approximately 747 individuals. This training was provided to Defence employees and CAF members on the administration of both the Access to Information Act and Privacy Act, as well as on appropriate management of personal information under the control of the institution. These virtual training sessions included ATIP 101, ATIP 201, and Privacy Protection and targeted training sessions for specific Defence organizations. Most training sessions were delivered by ATIP Directorate staff through video teleconference technologies, and some organizations conducted their own courses and sessions. An example of an organization conducting their own training sessions is the Canadian Forces Health Services group, which covered a variety of Privacy topics.
The ATIP Directorate continued to deliver new employee orientation, providing an introduction to the ATIP environment and the roles and responsibilities of the individual as an employee of an ATIP Directorate. During the reporting period, CSPS ATIP Fundamentals and the ATIP Directorate’s ATIP 101 courses were made mandatory for all DND managers, and all CAF managers supervising civilians.
Canadian Forces Health Services training
The Canadian Forces Health Services (CFHS) operates a privacy office that is responsible for providing advice and support to the CFHS Group on policies and activities that involve personal health information. In accordance with their mandate, the CHFS privacy office maintains training modules to educate staff on the principles of “Privacy, Confidentiality and Security” to support appropriate use of the Canadian Forces Health Information System.
During this reporting period, 2,366 Canadian Forces Health Services staff attended training or completed mandatory modules offered specifically to the CFHS organization.
9. Initiatives and projects
9.1 Technological Improvements
Onboarding to AORS
National Defence completed onboarding to the ATIP Online Request Service (AORS), allowing the ATIP Directorate to access and retrieve ATIP requests submitted via this online channel through the ATIP Online Management Tool (AOMT).
The Treasury Board of Canada Secretariat created AORS as a way for requesters to receive faster and more convenient service, while also providing a seamless channel to determine if the information they need is already available from previous requests.
AOMT is intended to improve the process by which institutions manage the receipt of requests and the engagement channel with the requester community.
Through the implementation of “2-factor authentication”, AORS/AOMT will augment the security of the ATIP request process.
9.2 Stewardship of Personal Information
Privacy Management Framework
With the creation of the Privacy Management and Compliance Section, a Privacy Management Framework (PMF) was developed to further implement clear responsibilities and accountabilities for the stewardship of personal information and support the Department’s compliance with the Privacy Act. The PMF and the appointment of the Corporate Secretary as the Chief Privacy Officer was endorsed at senior management level committee. This is a testament to the Department’s commitment to protecting personal information under its control.
10. Monitoring compliance
To effectively monitor and report on ATIP performance in National Defence, the ATIP Directorate produces a monthly performance dashboard which tracks OPI record retrieval timeliness, overall ATIP compliance and key metrics such as privacy breach complaints. The ATIP dashboard continued to be published using the Microsoft Power BI platform to improve usability and overall visibility to senior leadership on key metrics and ATIP performance. The monthly dashboard serves to track ATIP performance across the Department and identify organizations who may require assistance or training, and to identify areas for process improvements.
The ATIP Directorate routinely responds to ad hoc requests for statistics and performance reports to inform program delivery and identify trends.
Currently, the time to process requests for correction of personal information is not formally monitored as this number is regularly very low. In FY 2022-23, the ATIP Directorate did not receive any requests for correction.
11. Privacy operating costs
Costs
The annual cost to administer the National Defence privacy program decreased by 16.3% to approximately $3,371,282 for FY 2022-23.
Annex A: Designation order
National Defence and the Canadian Armed Forces
Access to Information Act and Privacy Act Designation Order
- Pursuant to section 73 of the Access to Information Act and the Privacy Act, the Minister of National Defence, as the head of a government institution under these Acts, hereby designates the persons holding the following positions, or the persons occupying those positions on an acting basis, to exercise or perform all of the powers, duties and functions of the head of a government institution under these Acts:
- the Deputy Minister;
- the Corporate Secretary;
- the Director Access to Information and Privacy; and
- Deputy Directors Access to Information and Privacy.
- Pursuant to section 73 of the above-mentioned Acts, the Minister also designates the following:
- those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
- The application of the following provisions under the Access to Information Act: section 9; subsection 11(2), 11(3), 11(4), 11(5), 11(6); sections 19, 20, 23 and 24; subsections 27(1) and 27(4); paragraph 28 (1)(b), subsections 28(2) and 28(4); and
- The response to requests made under the Access to Information Act if no records exist.
- those persons holding the position of Privacy Team Leader, or the persons occupying this position on an acting basis, to exercise or perform any of the powers, duties and functions of the head of an institution under the Privacy Act, other than under sub-paragraphs 8(2)(j) and 8(2)(m); and
- those persons holding the position of Privacy Senior Analyst, or the persons occupying this position on an acting basis, to exercise or perform the powers and duties in respect of the application of section 26 of the Privacy Act.
- those persons holding the position of Access Team Leader, or the persons occupying this position on an acting basis, to exercise or perform the powers, duties and functions in respect of:
Original signed by
The Honourable Harjit S. Sajjan, PC, OMM, MSM, CD, MP
Minister of National Defence
Date: 2016-01-12
Annex B: Statistical Report on the Privacy Act for 2022-2023
Statistical Report on the Privacy Act
Name of institution:
Department of National Defence
Reporting period:
2022-04-01 to 2023-03-31
Section 1: Requests Under the Privacy Act
1.1 Number of requests
| - | Number of Requests | |
|---|---|---|
| Received during reporting period | 6393 | |
| Outstanding from previous reporting period | 815 | |
Outstanding from previous reporting period |
743 | - |
Outstanding from more than one reporting period |
72 | |
| Total | 7208 | |
| Closed during reporting period | 6052 | |
| Carried over to next reporting period | 1156 | |
Carried over within legislated timeline |
643 | - |
Carried over beyond legislated timeline |
513 | |
1.2 Channels of requests
| Source | Number of Requests |
|---|---|
| Online | 3766 |
| 618 | |
| 1999 | |
| In person | 0 |
| Phone | 5 |
| Fax | 5 |
| Total | 6393 |
Section 2: Informal requests
2.1 Number of informal requests
| - | Number of Requests | |
|---|---|---|
| Received during reporting period | 0 | |
| Outstanding from previous reporting period | 0 | |
Outstanding from previous reporting period |
0 | - |
Outstanding from more than one reporting period |
0 | |
| Total | 0 | |
| Closed during reporting period | 0 | |
| Carried over to next reporting period | 0 | |
2.2 Channels of informal requests
| Source | Number of Requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
2.3 Completion time of informal requests
| Completion Time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.4 Pages released informally
| Less Than 100 Pages Processed | 101-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More Than 5,000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
3.1 Disposition and completion time
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 128 | 590 | 346 | 85 | 61 | 8 | 2 | 1220 |
| Disclosed in part | 16 | 875 | 1219 | 485 | 252 | 108 | 60 | 3015 |
| All exempted | 6 | 17 | 7 | 3 | 5 | 1 | 4 | 43 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 658 | 488 | 110 | 38 | 11 | 5 | 2 | 1312 |
| Request abandoned | 270 | 133 | 38 | 17 | 3 | 1 | 0 | 462 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1078 | 2103 | 1720 | 628 | 332 | 123 | 68 | 6052 |
3.2 Exemptions
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 6 |
| 19(1)(b) | 0 |
| 19(1)(c) | 12 |
| 19(1)(d) | 10 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 60 |
| 22(1)(a)(i) | 88 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 25 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 2 |
| 22.4 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 2999 |
| 27 | 108 |
| 27.1 | 0 |
| 28 | 1 |
3.3 Exclusions
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
3.4 Format of information released
| Paper | Electronic | Other | |||
|---|---|---|---|---|---|
| E-Record | Data set | Video | Audio | ||
| 271 | 3964 | 0 | 6 | 4 | 0 |
3.5 Complexity
3.5.1 Relevant pages processed and disclosed
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 1282023 | 1267158 | 4740 |
3.5.2 Relevant pages processed and disclosed by size of requests
| Disposition | Less Than 100 Pages Processed | 101-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More Than 5,000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| All disclosed | 1020 | 18193 | 155 | 33689 | 32 | 23016 | 13 | 18579 | 0 | 0 |
| Disclosed in part | 1069 | 46595 | 1117 | 299554 | 500 | 353710 | 326 | 470672 | 3 | 15858 |
| All exempted | 41 | 302 | 1 | 164 | 1 | 786 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 461 | 6 | 0 | 0 | 1 | 899 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2591 | 65096 | 1273 | 333407 | 534 | 378411 | 339 | 489251 | 3 | 15858 |
3.5.3 Relevant minutes processed and disclosed for audio formats
| Number of Minutes Processed | Number of Minutes Disclosed | Number of Requests |
|---|---|---|
| 1723 | 1310 | 4 |
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
| Disposition | Less than 60 Minutes processed | 60-120 Minutes processed | More than 120 Minutes processed | |||
|---|---|---|---|---|---|---|
| Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 8 | 0 | 0 | 3 | 1715 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 8 | 0 | 0 | 3 | 1715 |
3.5.5 Relevant minutes processed and disclosed for video formats
| Number of Minutes Processed | Number of Minutes Disclosed | Number of Requests |
|---|---|---|
| 1637 | 51 | 6 |
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
| Disposition | Less than 60 Minutes processed | 60-120 Minutes processed | More than 120 Minutes processed | |||
|---|---|---|---|---|---|---|
| Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 51 | 0 | 0 | 3 | 1507 |
| All exempted | 0 | 0 | 1 | 79 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 51 | 1 | 79 | 3 | 1507 |
3.5.7 Other complexities
| Disposition | Consultation Required | Assessment of Fees | Legal Advice Sought | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 2 | 0 | 2 |
| Disclosed in part | 2 | 0 | 5 | 0 | 7 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 1 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 0 | 7 | 0 | 9 |
3.6 Closed requests
3.6.1 Number of requests closed within legislated timelines
| Number of requests closed within legislated timelines | 4922 |
| Percentage of requests closed within legislated timelines (%) | 81.33 |
3.7 Deemed refusals
3.7.1 Reasons for not meeting legislated timelines
| Number of Requests Closed Past the Legislated Timelines | Principal Reason | |||
|---|---|---|---|---|
| Interference with Operations / Workload | External consultation | Internal Consultation | Other | |
| 1130 | 633 | 0 | 1 | 496 |
3.7.2 Requests closed beyond legislated timelines (including any extension taken)
| Number of Days Past Legislated Timelines | Number of Requests Past Legislated Timeline Where No Extension Was Taken | Number of Requests Past Legislated Timelines Where an Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 77 | 71 | 148 |
| 16 to 30 days | 73 | 59 | 132 |
| 31 to 60 days | 123 | 100 | 223 |
| 61 to 120 days | 179 | 226 | 405 |
| 121 to 180 days | 62 | 34 | 96 |
| 181 to 365 days | 40 | 25 | 65 |
| More than 365 days | 49 | 12 | 61 |
| Total | 603 | 527 | 1130 |
3.8 Requests for translation
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 228 | 75 | 75 | 378 |
Section 5: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 6: Extensions
6.1 Reasons for extensions
| Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | |||
| 2163 | 0 | 0 | 2163 | 0 | 0 | 0 | 0 | 0 | |
6.2 Length of extensions
| Length of Extensions | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 2163 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 2163 | 0 | 0 | 0 | 0 | 0 |
Section 7: Consultations Received From Other Institutions and Organizations
7.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during reporting period | 4 | 1420 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 4 | 1420 | 0 | 0 |
| Closed during the reporting period | 3 | 1411 | 0 | 0 |
| Carried over within negotiated timelines | 1 | 9 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendations | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
| Disclosed in part | 1 | 0 | 0 | 0 | 1 | 0 | 0 | 2 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 1 | 0 | 0 | 1 | 0 | 0 | 3 |
7.3 Recommendations and completion time for consultations received from other organizations
| Recommendations | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion Time of Consultations on Cabinet Confidences
8.1 Requests with Legal Services
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8.2 Requests with Privy Council Office
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5,000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
| Section 31 | Subsection 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 65 | 31 | 27 | 0 | 153 |
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)
10.1 Privacy Impact Assessments
| Number of PIAs completed | 5 |
| Number of PIAs modified | 0 |
10.2 Personal Information Banks
| Personal Information Banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution-specific | 61 | 3 | 0 | 6 |
| Central | 0 | 0 | 0 | 0 |
| Total | 61 | 3 | 0 | 6 |
Section 11 – Privacy Breaches
11.1 Material Privacy Breaches reported
| Number of material privacy breaches reported to TBS | 2 |
| Number of material privacy breaches reported to OPC | 2 |
11.2 Non-Material Privacy Breaches
| Number of non-material privacy breaches | 95 |
Section 12: Resources Related to the Privacy Act
12.1 Allocated Costs
| Expenditures | Amount | |
|---|---|---|
| Salaries | $2,805,072 | |
| Overtime | $8,045 | |
| Goods and Services | $558,165 | |
|
$553,274 | - |
|
$4,891 | |
| Total | $3,371,282 | |
12.2 Human Resources
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 48.544 |
| Part-time and casual employees | 4.000 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 4.000 |
| Students | 3.000 |
| Total | 59.544 |
Note: Enter values to three decimal places
Annex C: Supplemental Statistical Report on the Access to Information Act and Privacy Act for 2022-2023
Supplemental Statistical Report on the Access to Information Act and Privacy Act
Name of institution:
National Defence
Reporting period:
2022-04-01 to 2023-03-31
Section 1: Capacity to Receive Requests
Enter the number of weeks your institution was able to receive ATIP requests through the different channels.
| - | Number of Weeks |
|---|---|
| Able to receive requests by mail | 52 |
| Able to receive requests by email | 52 |
| Able to receive requests through the digital request service | 52 |
Section 2: Capacity to Process Records
2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.
| - | No Capacity | Partial Capacity | Full Capacity | Total |
|---|---|---|---|---|
| Unclassified Paper Records | 0 | 0 | 52 | 52 |
| Protected B Paper Records | 0 | 0 | 52 | 52 |
| Secret and Top Secret Paper Records | 0 | 0 | 52 | 52 |
2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.
| - | No Capacity | Partial Capacity | Full Capacity | Total |
|---|---|---|---|---|
| Unclassified Paper Records | 0 | 0 | 52 | 52 |
| Protected B Paper Records | 0 | 0 | 52 | 52 |
| Secret and Top Secret Paper Records | 0 | 0 | 52 | 52 |
Section 3: Open Requests and Complaints Under the Access to Information Act
3.1 Enter the number of open requests that are outstanding from previous reporting periods.
| Fiscal Year Open Requests Were Received | Open Requests that are Within Legislated Timelines as of March 31, 2023 | Open Requests that are Beyond Legislated Timelines as of March 31, 2023 | Total |
|---|---|---|---|
| Received in 2022-2023 | 175 | 505 | 680 |
| Received in 2021-2022 | 3 | 460 | 463 |
| Received in 2020-2021 | 3 | 263 | 266 |
| Received in 2019-2020 | 1 | 204 | 205 |
| Received in 2018-2019 | 0 | 88 | 88 |
| Received in 2017-2018 | 1 | 32 | 33 |
| Received in 2016-2017 | 0 | 32 | 32 |
| Received in 2015-2016 | 0 | 10 | 10 |
| Received in 2014-2015 | 0 | 0 | 0 |
| Received in 2013-2014 or earlier | 0 | 0 | 0 |
| Total | 183 | 1594 | 1777 |
3.2 Enter the number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods.
| Fiscal Year Open Complaints Were Received by Institution | Number of Open Complaints |
|---|---|
| Received in 2022-2023 | 71 |
| Received in 2021-2022 | 9 |
| Received in 2020-2021 | 6 |
| Received in 2019-2020 | 12 |
| Received in 2018-2019 | 3 |
| Received in 2017-2018 | 0 |
| Received in 2016-2017 | 1 |
| Received in 2015-2016 | 0 |
| Received in 2014-2015 | 0 |
| Received in 2013-2014 or earlier | 2 |
| Total | 104 |
Section 4: Open Requests and Complaints Under the Privacy Act
4.1 Enter the number of open requests that are outstanding from previous reporting periods.
| Fiscal Year Open Requests Were Received | Open Requests that are Within Legislated Timelines as of March 31, 2023 | Open Requests that are Beyond Legislated Timelines as of March 31, 2023 | Total |
|---|---|---|---|
| Received in 2022-2023 | 643 | 435 | 1078 |
| Received in 2021-2022 | 0 | 46 | 46 |
| Received in 2020-2021 | 0 | 29 | 29 |
| Received in 2019-2020 | 0 | 3 | 3 |
| Received in 2018-2019 | 0 | 0 | 0 |
| Received in 2017-2018 | 0 | 0 | 0 |
| Received in 2016-2017 | 0 | 0 | 0 |
| Received in 2015-2016 | 0 | 0 | 0 |
| Received in 2014-2015 | 0 | 0 | 0 |
| Received in 2013-2014 or earlier | 0 | 0 | 0 |
| Total | 643 | 513 | 1156 |
4.2 Enter the number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods.
| Fiscal Year Open Complaints Were Received by Institution | Number of Open Complaints |
|---|---|
| Received in 2022-2023 | 24 |
| Received in 2021-2022 | 19 |
| Received in 2020-2021 | 5 |
| Received in 2019-2020 | 2 |
| Received in 2018-2019 | 1 |
| Received in 2017-2018 | 0 |
| Received in 2016-2017 | 0 |
| Received in 2015-2016 | 0 |
| Received in 2014-2015 | 0 |
| Received in 2013-2014 or earlier | 0 |
| Total | 51 |
Section 5: Social Insurance Number (SIN)
| Has your institution begun a new collection or a new consistent use of the SIN in 2022-2023? | No |
Section 6: Universal Access under the Privacy Act
| How many requests were received from confirmed foreign nationals outside of Canada in 2022-2023? | 1 |
Page details
- Date modified: