Annual Report to Parliament 2024-2025 Administration of the Privacy Act

1. Introduction

The Department of National Defence (DND/CAF) and the Canadian Armed Forces (CAF) are pleased to present to Parliament its annual report on the administration of the Privacy Act^{Footnote 1} (the Act). Section 72 of the Act requires the head of every federal government institution to submit an annual report to Parliament on the administration of the Act each fiscal year. This report describes National Defence activities that support compliance with the Privacy Act for the fiscal year (FY) commencing 1 April 2024 and ending 31 March 2025.

1.1 Purpose of the Privacy Act

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and provide individuals with a right of access to that information.

These rights of protection and access are in accordance with the principles that individuals should have a right to know why their information is collected by the government, how it will be used, how long it will be kept and who will have access to it.

Service agreements

The Department of National Defence and the Canadian Armed Forces had no service agreements pursuant to section 73.1 of the Privacy Act during the fiscal year.

2. Access to Information and Privacy at National Defence

2.1 Mandate of National Defence and the Canadian Armed Forces

Who we are

The DND/CAF support a strategic vision for defence in which Canada is strong at home, secure in North America and engaged in the world. From regular forces to reserve forces and civilian employees, the Defence Team stretches from coast to coast to coast. Its membership represents the strength, skills and diversity of Canada, and brings the experience necessary to protect and support Canadians no matter what is asked of them.

What we do

DND and the CAF have complementary roles to play in:

• Providing advice and support to theMinister of National Defence
• Implementing Government decisions regarding the defence of Canadian interests at home and abroad.

The CAF serves on the sea, on land, in the air, and in space and cyberspace with the Royal Canadian Navy, the Canadian Army, the Royal Canadian Air Force and the Canadian Special Operations Forces Command. In 2024, Canada released its renewed defence policy,Our North, Strong and Free, which outlines Canada's plan to ensure the CAF remains ready, resilient and relevant in the context of increasing global uncertainty. This means doing more to keep us strong at home, secure in North America and engaged in the world, under six themes including:

• Supporting our people by placing focus on recruitment, retention and personal management, as well as investments into the quality of life for military members in form of support for health, housing and childcare. For all that CAF members give up for Canadians they all deserve to feel safe and valued in their workplace, it is our priority progress culture change.
• Strengthening the foundations of our military to ensure CAF members have the tools they need to do their job effectively and keep them safe. This will include modernizing existing capabilities and acquiring new ones; building civilian capacity; reviewing and reforming defence procurement; accelerating digital transformation.
• Building an innovative industrial base by leveraging innovation and fostering relationships with industry partners to sustain existing equipment and accelerate production capacity in Canada. This will allow the CAF to make reliable and valuable contributions to our allies and partners, particularly in the Euro-Atlantic and Indo-Pacific regions, in support of a more stable, peaceful world.
• Defending Canada in the Arctic and northern regions, where the changing physical and geopolitical landscapes have created new threats and vulnerabilities. By upgrading our continental defences to better detect incoming threats we can remain ready to assist when Canadians face natural disasters and other emergencies or are in need of search and rescue support.
• Defending North America as an active partner with the United States to restore continental defence and deterrence in all domains: sea, land, air, space and cyber, and through a modernized NORAD.
• Advancing Canada's global interests and values through continuing valuable Canadian Armed Forces contributions to global efforts to deter major power conflict, confront terrorism and insurgency, and address instability.

2.2 The Defence Team

The National DefenceAct (NDA) establishes DND and the CAF as separate entities, operating within an integrated National Defence Headquarters as they pursue their primary responsibility of providing defence for Canada and Canadians.

Senior leadership

The Governor General of Canada is the Commander-in-Chief of Canada. DND is headed by the Minister of National Defence. The Associate Minister of National Defence supports the Minister of National Defence. The Deputy Minister of National Defence is the Department's senior civil servant. The CAF are headed by the Chief of the Defence Staff, Canada's senior serving officer. These senior leaders each have different responsibilities:

• The Governor General is responsible for appointing the Chief of the Defence Staff on the recommendation of the Prime Minister, awarding military honours, presenting colours to CAF regiments, approving new military badges and insignia, and signing commission scrolls;
• The Minister of National Defence presides over the Department and over all matters relating to national defence;
• The Associate Minister is also responsible for defence files, as mandated by the Prime Minister, with the specific priority of ensuring that CAF members have the equipment they need to do their jobs;
• The Deputy Minister is responsible for policy, resources, interdepartmental coordination and international defence relations; and
• The Chief of the Defence Staff is responsible for command, control and administration of the CAF, as well as military strategy, plans and requirements.

Defence organization

The DND/CAF organizational structure is represented in the diagram below. Additional information about the DND/CAF organization is available online.^{Footnote 2} For a description of the groups and positions responsible for meeting each applicable proactive publication requirement under Part 2 of the Access to Information Act, see section 8.2 "Proactive Publication".

Figure 1: National Defence Organization Chart

2.3 The Directorate of Access to Information and Privacy

Delegation of authority

In accordance with section 73(1) of the Privacy Act, a delegation of authority, signed by the Minister, designates the Deputy Minister, Corporate Secretary, Executive Director of Access to Information and Privacy, and Access to Information and Privacy (ATIP) Deputy Directors to exercise all powers and functions of the Minister, as the head of institution under the Act. It also designates other specific powers and functions to employees within the Directorate Access to Information and Privacy.

Under the authority of the Corporate Secretary, the ATIP Executive Director administers and coordinates the Access to Information Act and the Privacy Act, and acts as the departmental ATIP Coordinator. In the administration of the Act, the ATIP Directorate seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required.

A copy of the Access to Information Act and Privacy Act Designation Order is provided at Annex A.

The ATIP Directorate

The ATIP Directorate is responsible for matters regarding access to information and privacy protection within the National Defence portfolio, except for the following organizations: the Military Police Complaints Commission, the Military Grievances External Review Committee, the Communications Security Establishment, the Office of the National Defence and Canadian Forces Ombudsman, the Director of Defence Counsel Services, and the Canadian Forces Morale and Welfare Services.

The ATIP Directorate is managed by an Executive Director and supported by a corporate services team that is responsible for the administrative and management functions of the directorate, including business planning, financial management, human resources, physical security, and information and records management (IM/RM). The workforce is divided functionally into three main areas, further supported by Defence Team organization liaison officers, as illustrated in the diagram at FIGURE 2.

The ATIP Operations Division oversees all activities related to access to information and privacy requests, including ATIP Intake. This ensures consistency in the execution of departmental processes and application of the Acts and allows for quality assurance activities, tracking, reporting, and monitoring of trends and rising issues.

The Defence Privacy Management (DPM) Division's primary mandate is to oversee departmental compliance with the Privacy Act; the division manages privacy impact assessments; resolution of privacy breaches and systemic issues; and provides guidance on privacy policy obligations as well as expertise and advice to senior management on contentious and sensitive issues while ensuring continuous improvements of privacy policy and service delivery for the department.

The ATIP-Program Support Division delivers training and promotes ATIP awareness, performs data analytics and reports on program performance, and provides ATIP related advice and guidance to the ATIP Directorate and the wider DND/CAF community.

During the reporting period the ATIP Directorate had the full-time equivalent of 70.29 employees and 4.5 consultants dedicated to Privacy Act activities.

Figure 2: National Defence ATIP Operational Workforce

3. Highlights of the Statistical Report

The statistical report at Annex B consists of data submitted by DND/CAF as part of Treasury Board Secretariat (TBS) annual collection of ATIP-related statistics. The following sections contain highlights, trends and an analysis of notable statistical data from a departmental perspective.

3.1 Requests received

During the reporting period, DND/CAF received 6,891 requests for personal information under the Privacy Act, representing a 0.5% increase from the previous reporting period. Combined with a carry-over of 1,495 files from FY 2023-24, this represents a total workload of 8,386 requests during the reporting period. At the end of FY 2024-25, the number of requests carried over to FY 2025-26 decreased 29% to 1,066.

Figure 3: Privacy Request Workload (Last Five Years)

3.2 Requests completed

DND/CAF closed a total of 7,320 privacy requests during the reporting period. This represents an 11.5% increase over the previous FY. The total ATIP workload over the past five years is represented in FIGURE 4 below.

Figure 4: Disposition of Requests Completed and Total Requests Closed (Last Five Years)

Pages reviewed

This year, a total of 1,539,185 pages were processed this FY. This represents an increase of 20% over FY 2023-24 where 1,282,442 pages were processed (FIGURE 5).

This number does not include the number of pages processed for requests reviewed in the current FY that were carried over into the next reporting period.

Figure 5: Number of Pages Reviewed for Requests Closed, Where Records Existed (Last Three Years)

Exemptions and exclusions

Consistent with previous reporting periods, section 26 of the Privacy Act was the most frequently invoked exemption and was applied in 3,054 requests. This section of the Act protects the releasing of personal information of individuals other than to the requester.

Completion time

DND/CAF closed 5,209 requests within the legislated timeline of 30 days; this represents 71.2% of the total volume of requests closed. This equates to an increase of 25% compared to the last reporting period with 46.2% of requests closed within 30 days.

Figure 6: Time to Complete Requests (Last Five Years)

Files closed beyond 30 days were not necessarily late as legal extensions under the legislation may have been applied.

Extensions

Section 15 of thePrivacy Actpermits the statutory time limits to be extended if consultations are necessary, if translation is required or if the request is for a large volume of records and processing it within the original time limit would unreasonably interfere with the operations of the Department.

In total, 188 extensions were applied during the FY 2024-25 reporting period. Each of the extensions were deemed necessary, as meeting the original time limit would unreasonably interfere with the operations of the institution.

Number of active requests - outstanding from previous reporting periods

At the end of the FY 2024-25 reporting period, DND/CAF had 1,066 active requests. A breakdown of outstanding requests by the reporting period in which the request was received, and whether the request is still within the legislated timelines (including extensions) is provided below in FIGURE 7.

Figure 7: Number of Active requests (as of 31 March 2025)

Number of active complaints - outstanding from previous reporting periods

At the end of the reporting period, National Defence had 45 active complaints with the Office of the Privacy Commissioner of Canada (OPC). A breakdown of active complaints by reporting period is provided at FIGURE 8.

On-time compliance

A total of 5,449 requests (74.4%) were closed within statutory deadlines in FY 2024-25. This represents a 4.7% increase in on-time compliance over the previous reporting period.

The most common reason for deemed refusal was "Interference with Operations/Workload," cited for over 60% of requests closed late during the reporting period.As defined by TBS, this reason relates to requests where there is"interwoven information and review is required to determine exemptions, there were a large number of requests to be processed at the time, the request consisted of a high volume of records, there were difficulties in obtaining relevant information, or there were other ATIP-related tasks."

Disposition: percentage of requests all disclosed vs. disclosed in part

During the reporting period, Defence responded to a total of 7,320 requests; of which 22.9% were "all disclosed" (1,676) and 41.8% (3,058) were "disclosed in part." The remaining requests were completed as all exempted, no records exist or abandoned.

3.3 Consultations received and completed

Historically, DND/CAF does not receive many consultation requests relating to requests made under the Privacy Act. During the reporting period, DND/CAF received eight requests for consultation; all eight requests for consultation were received from other Government of Canada institutions. A total of six consultations were closed during the reporting period; three requests for consultation were completed within 15 days, one was completed between 16 to 30 days and one was completed between 31 to 60 days.

4. Privacy Protection and Personal Information Management

4.1 Public interest disclosures

Paragraph 8(2)(m) of the Privacy Act permits the disclosure of personal information, without the consent of the individual to whom it relates, where the public interest in disclosure clearly outweighs any invasion of privacy that could result, or where the disclosure would clearly benefit the individual to whom the information relates.

During the reporting period, 67 disclosures of personal information were made in accordance with paragraph 8(2)(m). Disclosures made in the public interest included but were not limited to, disclosures to the media relating to departmental actions in response to allegations of misconduct, and disclosures to CAF member's family or representative relating to Boards of Inquiry or Summary Investigations into the death of a CAF member.

For each of the 67 disclosures made in the public interest during FY 2024-25, the OPC was notified; wherever possible, notification occurred in advance of the disclosure.

4.2 Privacy breaches

Personal information under the control of DND/CAF is subject to the Privacy Act, which governs the safeguarding, collection, retention, use and disclosure of personal information. The DPM Division receives reports of privacy breaches from the DND and the CAF and supports the department during the assessment, containment and notification stages. During this reporting period, 275 complaints were received regarding a contravention of one or more provisions of the Act. The DPM Division reviewed, resolved and issued a final determination relating to 309 complaints; of these, 238 were deemed to be well-founded.

Material privacy breaches

The TBS Policy on Privacy Protection defines a privacy breach as the improper or unauthorized access to, creation, collection, use, disclosure, retention, or disposal of personal information. A material breach is defined as a privacy breach that could reasonably be expected to create a real risk of significant harm to an individual. Two privacy breaches that met the threshold of a material breach were reported by DND/CAF to the OPC and the TBS.

One material privacy breach related to large amounts of personal information that was inadvertently stored on a common shared drive, and the second related to unauthorized access to the Canadian Forces Health Information System (CFHIS). In both cases, the personal information was promptly secured, access to records was removed, and a notification was issued to all affected personnel.

DND/CAF continues to refine our privacy breach management processes, to align with the updated definition for material privacy breaches, and to incorporate the updated tools to assess the real risk of significant harm to an individual and the institution.

4.3 Privacy impact assessments

DND/CAF collects, uses and discloses personal information in the delivery of mandated programs and services. In accordance with TBS policy, the DND and the CAF undertake privacy impact assessments (PIA) to evaluate impacts to personal information in the administration of these activities. A PIA provides a framework to identify the extent to which proposals comply with the Privacy Act and applicable privacy policies, assist program officials in avoiding or mitigating privacy risks, and promote informed program and system design choices.

DND/CAF completed^{Footnote 3} two PIAs during FY 2024-25. The descriptions of PIAs are found below.

• Evidence-Based Character Assessments for Leadership Selections and Promotions

• DND/CAF recognizes that leaders of good character are critical in protecting the health and welfare of Canadian ArmedForces (CAF)members, and in instilling confidence in the credibility and operational effectiveness of Canada's military. Accordingly, it important for senior military leaders to embody the values the CAF seeks to impart and those of contemporary Canadians. In 2020-2021, recognizing the above, DND/CAF began developing processes and procedures to improve the evaluation of its senior-most leadership candidates. Its goal was to develop more evidence-based assessments of those seeking promotions or appointments to senior military positions, and to more objectively assess the character of leadership hopefuls.

• Facilitating the Recruitment of Permanent Residents in the Canadian Armed Forces (CAF)

• Beginning in January 2025, DND/CAF and Immigration, Refugees and Citizenship Canada (IRCC) began sharing personal information about Permanent Residents (PR) who have expressed an interest in joining the CAF. The information exchanged will be used for the sole purpose of facilitating the enrollment and security screening of PRs and to expedite their onboarding to the CAF. The Project is part of a broader initiative at DND/CAF to replenish and enhance the CAFs ranks through the recruitment of trained military personnel from foreign countries, and to improve the appeal of military service through the use of citizenship and employment incentives.

In addition, the ATIP Directorate continues to provide ongoing privacy advisory services to DND/CAF organizations assessing risks to personal information used in the administration of Defence programs.

4.4 Departmental personal information

Complex & sensitive personal information

To ensure the appropriate protection of sensitive personal information within the Department, the ATIP Directorate provides review and redaction services to support a number of departmental administrative processes including Boards of Inquiry, Summary Investigations, reports involving allegations of Workplace violence, harassment and grievances. Although these are not formal requests made under the Privacy Act, the information is being released by the Department and privacy protection is a priority. The DPM Division reviewed 67 files containing complex and sensitive personal information in FY 2024-25. This represents a total of 889 pages reviewed to ensure personal information is protected and not inappropriately disclosed.

5. Complaints, Audits and Reviews

5.1 Complaints from the Office of the Privacy Commissioner

In FY 2024-25, DND/CAF received a total of 82 formal complaints from the Office of the Privacy Commissioner (OPC).

Statistical reporting requirements for complaints and investigations with the OPC are noted below:

• Section 31: When the OPC gives formal notice of their intention to investigate a complaint regarding the processing of a request under the Act.
  • Defence received 82 such notices during FY 2024-25; 82 such notices were also reported in the previous reporting period.
• Section 33:When the OPC requests further representations from institutions pursuant to an ongoing complaint investigation.
  • Defence received 92 such notices during FY 2024-25 in comparison to 83 such notices in the previous reporting period.
• Section 35: When the OPC issues a findings report for a well-founded complaint upon conclusion of an investigation.
  • During the reporting period, 42 complaints were found to have merit. Note that these complaints are not necessarily from the 82 complaints received during the reporting period.

The 42 well-founded determinations represent 45.2% of all findings issued by the OPC to DND/CAF in FY 2024-25. Of the well-founded determinations, 39 were administrative in nature (relating to delays and time extensions), one related to right of access and two related to an unauthorized disclosure. Figure 10.

Efforts continued to be placed on resolving outstanding complaints with the OPC received in previous reporting periods. The ATIP Directorate collaborated with the OPC to manage complaints effectively and consistently strives to maintain transparent communications to foster a positive working relationship with the OPC.

5.2 Court decisions

In FY 2024-25, two court proceedings were actioned as a result of requests processed by DND/CAF. Both were discontinued after responses were sent to the requesters.

5.3 Key actions taken on complaints

DND/CAF took actions during the reporting period to address the issues raised by the Office of the Privacy Commissioner and the Standing Committee on National Defence.

A multi-disciplinary ATIP working group consisting of representatives from the ATIP Directorate, the Directorate of Enterprise Architecture, and Review Services evaluated the ATIP process to identify areas for improvement. Subsequently an agile project management approach was implemented to develop initiatives aimed at improving the ATIP process across DND/CAF.

DND/CAF is committed to addressing process challenges through this ongoing effort and continues to monitor the implementation and effectiveness of the initiatives undertaken.

6. Policies and Procedures

In response to the TBS updates to the privacy policy suite issued in November 2024, the DPM Division reviewed and updated the Defence Administration Orders and Directives (DAOD) that pertain to the Department's administration of the Privacy Act. A DAOD is corporate administrative direction set out by the DND/CAF to supplement higher-level legal authorities and/or directives from the TBS and other central agencies. Internal consultations are scheduled for FY 2025-26, after which the updated direction relating to personal information management, privacy breach management, privacy impact assessments, and responsible disclosures of personal information will be provided to the department.

6.1 Social insurance numbers

As defined by the terms of the court ordered Final Settlement Agreement for the CAF-DND Sexual Misconduct Class Action lawsuit, Social Insurance Numbers (SIN) are incidentally collected to uphold the departments obligations as part of the Restorative Engagement (RE) Program, for survivors to share their experiences of sexual misconduct with senior CAF and/or DND representatives. A Privacy Impact Assessment (PIA) on the Sexual Misconduct Support and Resource Centre (SMSRC) RE program was completed in FY 2023-24. The SIN is used for historical file retrieval when it is the only identifier available for former government employees or military members. The collection and use of the SIN for the RE program is consistent with Appendix A of the TBS Directive on the SIN.

7. Training and Awareness

7.1 ATIP training program

Departmental ATIP training was provided on a virtual platform. Directorate training staff delivered the following training sessions to the Defence Team with specific emphasis on those staff with ATIP responsibilities:

• Access to Information and Privacy Fundamentals (COR502 – Offered online by the Canada School of the Public Service, this course is a prerequisite for all departmental ATIP training);
• Introductory DND/CAF ATIP courses [ATIP at DND (formally ATIP 101 - General ATIP), or Privacy Fundamentals];
• Orientation session for new employees of the ATIP Directorate;
• Advanced DND/CAF ATIP courses (ATIP 201 - Advanced ATIP or organization-specific content); and,
• ATIP awareness and engagement activities with the various branches and divisions.

7.2 Training and awareness activities

In the past year, DND/CAF launched a new online, self-directed training program—ATIP at DND—which replaced the previous ATIP 101 course. This modernized approach played a key role in achieving a 23.6% increase in training participationcompared to the previous year.

In addition, Advanced ATIP training sessionswere delivered virtually on a bi-weekly basis, reaching approximately 250 participants per session. These sessions provided Defence Team personnel and CAF members with comprehensive instruction on the administration of theAccess to Information Actand the Privacy Act, as well as guidance on the appropriate management of personal information under institutional control.

Furthermore, 4,174 DND/CAF personnel completed the Canada School of Public Service (CSPS) ATIP Fundamentals course during the reporting period. This course served as a mandatory prerequisite for all DND-specific ATIP training, reinforcing foundational knowledge across the organization

Canadian Forces Health Services training

The Canadian Forces Health Services (CFHS) operates a privacy office that is responsible for providing advice and support to the CFHS Group on policies and activities that involve personal health information. In accordance with their mandate, the CHFS privacy office maintains training modules to educate staff on the principles of "Privacy, Confidentiality and Security" to support appropriate use of the Canadian Forces Health Information System.

During this reporting period, 3,076 Canadian Forces Health Services staff attended training or completed mandatory modules offered specifically to the CFHS organization.

8. Initiatives and Projects

An initiative has been started to provide serving and released CAF members more direct access to their own commonly requested personal information. This approach is expected to streamline processing of these records, resulting in timely production of records and increased capacity within the ATIP Directorate.

During the reporting period, the DPM Division continued efforts to strengthen the Defence Privacy Management Program. Initiatives include:

A Privacy Risk Assessment Benchmark Questionnaire was completed in December 2023 to assess the sensitivity and complexity of programs involving personal information across the DND and the CAF. Efforts continued throughout this reporting period to compile the results of the questionnaire and validate the scores. The results were used to prioritize PIA work across the department in 2024-25 to ensure privacy services and support was aligned to support Defence priorities where personal information is involved.

The pilot project to reduce the administration for low-risk privacy breaches that was undertaken in FY 2023-24 was fully adopted during the current reporting period. All low-risk privacy breaches are reported, assessed and closed using a digital report of findings. This has increased the efficiency of case file administration for analysts allowing them to focus on detailed administration medium and high-risk privacy breaches. This reduced administration allowed DND/CAF to close 260 low-risk privacy breaches this reporting period; this represents an 89.78% increase in low-risk files closed over the previous year.

9. Monitoring Compliance

To provide effective oversight and reporting of ATIP performance within DND/CAF, the ATIP Directorate produces a monthly dashboard that measures the timeliness of OPI record retrieval, overall ATIP compliance, and critical indicators such as privacy breach complaints. Using Microsoft Power BI to publish the ATIP dashboard has enhanced its usability and visibility to senior leadership on key metrics and ATIP performance. The monthly dashboard serves to track ATIP performance across the Department and identify organizations who may require assistance or training, and to identify areas for process improvements.

Additionally, the ATIP Directorate responds to on-demand requests for statistics and performance reports to support program-specific requirements and departmental ATIP obligations.

Currently, the time to process requests for correction of personal information is not formally monitored as this number is regularly very low. In FY 2024-25, the ATIP Directorate did not receive any requests for correction.

The DPM Division offers Advisory Services to senior officials and executives of the DND/CAF when developing a contract or an Information Sharing Agreement to ensure that the appropriate privacy protections are included. Efforts to formalize a process with the contracting authority began this fiscal year. Efforts will continue into next reporting period, as DND/CAF works towards overhauling the department's InfoSource chapter.

Annex A: Delegation Order

Delegation of Authority Schedule - Access to Information Act

Delegation of the powers, duties and functions of the Minister of National Defence as the head of the institution for the Department of National Defence and the Canadian Armed Forces under theAccess to Information Act, R.S.C. 1985, c. A-1 (prior to and following June 21, 2019) and regulations.

To note: the Department of National Defence and the Canadian Armed Forces includes a number of organizations with varying degrees of independent authority. The powers, duties and functions in the present order shall not apply to the activities of the following organizations:

• The Military Police Complaints Commission;
• The National Defence and Canadian Forces Ombudsman;
• The Military Grievances External Review Committee;
• The Canadian Forces Morale and Welfare Services;
• The Director of Defence Counsel Services; and,
• Any other organization of the Department of National Defence and the Canadian Armed Forces to whom the Minister of National Defence may delegate such powers.

Delegation of Authority Schedule - Privacy Act

Delegation of the powers, duties and function of the Minister of National Defence as the head of the institution for the Department of National Defence and the Canadian Armed Forces under the Privacy Act, R.S.C. 1985, c. P-21 and regulation.

To note: the Department of National Defence and the Canadian Armed Forces includes a number of organizations with varying degrees of independent authority. The powers, duties and functions in the present order shall not apply to the activities of the following organizations:

• The Military Police Complaints Commission;
• The National Defence and Canadian Forces Ombudsman;
• The Military Grievances External Review Committee;
• The Canadian Forces Morale and Welfare Services;
• The Director of Defence Counsel Services; and,
• Any other organization of the Department of National Defence and the Canadian Armed Forces to whom the Minister of National Defence may delegate such powers.

Annex B: Statistical Report on the Privacy Act for 2024-2025

Statistical Report on the Privacy Act

Name of institution: Department of National Defence

Reporting period: 2024-04-01 to 2025-03-31

Section 1: Requests Under the Privacy Act

Section 2: Informal requests

Section 3: Requests Closed During the Reporting Period

3.2 Exemptions

Section	Number of Requests	Section	Number of Requests	Section	Number of Requests
18(2)	0	22(1)(a)(i)	35	23(a)	0
19(1)(a)	1	22(1)(a)(ii)	0	23(b)	0
19(1)(b)	2	22(1)(a)(iii)	0	24(a)	0
19(1)(c)	12	22(1)(b)	7	24(b)	0
19(1)(d)	11	22(1)(c)	0	25	0
19(1)(e)	0	22(2)	0	26	3054
19(1)(f)	0	22.1	0	27	91
20	0	22.2	0	27.1	0
21	33	22.3	0	28	0
-		22.4	0	-

3.5 Complexity

3.6 Closed requests

3.7 Deemed refusals

Section 4: Disclosures Under Subsections 8(2) and 8(5)

Section 5: Requests for Correction of Personal Information and Notations

Section 6: Extensions

Section 7: Consultations Received From Other Institutions and Organizations

Section 8: Completion Time of Consultations on Cabinet Confidences

Section 9: Complaints and Investigations Notices Received

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)

Section 11: Privacy Breaches

Section 12: Resources Related to the Privacy Act

Note: Enter values to three decimal places.

Annex C: Supplemental Statistical Report on the Access to Information Act and Privacy Act for 2024-2025

Name of institution:Department of National Defence

Reporting period: 2024-04-01 to 2025-03-31

Section 1: Open Requests and Complaints Under the Access to Information Act

Section 2: Open Requests and Complaints Under the Privacy Act

Section 3: Social Insurance Number

Section 4: Universal Access under the Privacy Act