Declaration of Victims Rights (DVR) Complaint Review Mechanism

Government Institution
Department of National Defence

Government official responsible for the PIA
Geneviève Lord
Director General, Conflict Solutions and Services

Head of the government institution or Delegate for section 10 of the Privacy Act
Anne Bank, Executive Director
Directorate Access to Information and Privacy

Standard or Institution Specific Class of Record:
DND CSA 520
Careers

Standard or Institution Specific Personal Information Bank:
DND PPU 874
Declaration of Victims Rights Complaints Review Mechanism

Background

In May 2018, the Government of Canada introduced Bill C-77, which amended the Code of Service Discipline, enhancing victims’ rights in the military justice system and enshrining a ‘Declaration of Victims Rights’ into Part III, Division 1.1 of the National Defence Act. The new Declaration of Victims Rights (DVR) largely mirrors the Canadian Victims Bill of Rights and the civilian criminal justice system, strengthening rights for victims of service offences. Bill C-77, which received royal assent in June 2019, also resulted in a series of procedural changes related to pre-trial custody, trial and sentencing within the military justice system, and reformed the summary trial process into a summary hearing process. Broadly speaking, the DVR establishes new rights for victims of service offences, including rights to information, protection, participation, and restitution.

Complaint Review Mechanism

In addition to providing fundamental rights to the victims of service offences, the DVR affords victims with the right to file a complaint. In any case where a victim of a service offence is of the opinion that their rights under the DVR have been infringed or denied, the victim has a right to file a complaint in accordance with the Code of Conduct’s supporting regulations. Where a victim’s concerns cannot be resolved through the chain of command, the victim may file a formal complaint with DND’s Director External Review (DER) for review.

The DER sits within the Department of National Defence and Canadian Armed Forces’ (DND/CAF) Conflict Solutions and Services (CSS) Program (formerly Integrated Conflict and Complaint Management). Among its many duties, DER is responsible for investigating, analyzing, responding to, and resolving complaints brought to the Canadian Human Rights Commission (CHRC) by members of the CAF. Under DND/CAF’s new Victims Rights Complaint Review Mechanism, DVR victims must file a complaint with the DER, who may review the complaint itself or direct that the complaint be heard by the Military Police or the Director of Military Prosecution. The assigned reviewer will determine if the complaint is founded and, if so, make recommendations to remedy the victim’s rights under the DVR.

Purpose and Scope of the Privacy Impact Assessment (PIA)

DND/CAF is named in the Schedule to the Privacy Act and is subject to the privacy policies and directives of the Government of Canada. Under the Policy on Privacy Protection, all federal institutions subject to the Privacy Act are required to undertake an assessment of the privacy impacts associated with the development or design of new programs or services involving personal information (or when making significant changes to an existing program or service). In keeping with the above, DND/CAF elected to undertake a PIA in relation to the DVR Complaint Review Mechanism and the process’ collection and use of personal information.

Whereas the DVR Complaint Process is still in the early stage of its operation – the Process was first launched in June 2022 – the PIA was intended to inform future process requirements and procedures, and to help support the program’s overall implementation. The PIA was limited to an assessment of the receipt, management, and administration of DVR complaints by DER and the limited collection, use, disclosure, and retention of personal information by Victim Liaison Officers. It also includes a review of the DER’s storage of complaints and complainant information.

The PIA did not include an assessment of the collection, use, disclosure, and retention of personal information in relation to other CSS services, or the personal information handling practices of other complaint reviewers (such as the Military Police and Military Prosecutions). Also excluded from the assessment is a review of case management features and functionality of the Integrated Complaint Registration Tracking System’ (ICRTS).

Summary Results

Based on the results of the PIA, privacy risks arising from the DVR Complaint Process are expected to be moderate.  Potential impacts on the privacy of complainants are being properly managed however by DND/CAF through legal, policy and technical measures geared at the protection of personal information. Recommendations included in the PIA are expected to reduce program risks to a low (or acceptable) level.

Risk Area Identification and Categorization

Type of Program or Activity Risk Level
Administration of Programs / Activity and Services
Program/activity involves regulatory compliance, investigations, enforcement.
4
Type of Personal Information Involved and Context Risk Level
Sensitive personal information, including unique identifiers, which may be used for identity fraud. 4
Program or Activity Partners and Private Sector Involvement Risk Level
Within the department (amongst one or more programs within the department) 
Program partners may include private sector organizations.
1
Duration of the Program or Activity Risk Level
Long–term program
The program is expected to operate without a pre-determined sunset date.
5
Program Population Risk Level
The program's use of personal information is for internal administrative purposes but only affects certain employees. 2
Technology and Privacy Risk Level
Does the new or modified program or activity involve the implementation of a new electronic system, software or application program including collaborative software (or groupware) that is implemented to support the program or activity in terms of the creation, collection or handling of personal information? No
Does the new or modified program or activity require substantial modifications to IT legacy systems and / or services? No
The new or modified program or activity involves the implementation of potentially privacy invasive technologies? No
Personal Information Transmission Risk Level
The personal information is used in a system that has connections to at least one other system. 3
The personal information may be transferred to a portable device or converted into a different medium.
Risk Impact to the Individual or Employee Risk Level
Inconvenience. 5
Reputational harm.
Psychological harm.
Physical security.
Risk Impact to the Department Risk Level
The embarrassment of public officials. 4
A short-term loss of institutional credibility.
Financial harm.
Legal action.

Back to top

Page details

Date modified: