Sexual Assault Review Program

Name of Program/Activity
Sexual Assault Review Program (SARP)

Government Institution
Department of National Defence

Government official responsible for the PIA
R.P Delaney, Brigadier-General
Canadian Forces Provost Marshal and Commander of the Canadian Forces Military Police Group

Head of the government institution or Delegate for s.10 of the Privacy Act
Deirdra Finn
Director, Directorate Access to Information and Privacy

Description of Program or Activity (from the Departmental Results Framework)
Defence Team: Recruit, develop and support an agile and diverse Defence Team, within a healthy workplace free from harmful behaviour; support military families; and meet the needs of all retiring military personnel, including the ill and injured. Strengthen Canadian communities by investing in youth.

Institution specific class of record:
CAF Security and Investigations: DND MIS 085

Institution specific personal information bank:
Military Police Investigation Files: DND PPE 835

Legislated authority for activity:
The Canadian Forces Provost Marshall (CFPM) is the functional authority for the conduct of police duties and functions under the National Defence Act.

Summary of the project / initiative/ change:
The Canadian Forces Provost Marshal launched the Sexual Assault Review Program (SARP) in November 2018. The SARP is an open and transparent case review mechanism of “unfounded” sexual assault files investigated by the Canadian Forces Military Police (CFMP). The SARP will utilize an external review team comprised of subject matter experts in fields related to sexual assaults that may include professionals for the Department of National Defence, other government agencies and non-governmental organizations. The SARP will be invited to make broad recommendations relating to the conduct of investigations, including whether interviews were conducted appropriately, whether the investigation suggests bias on the part of the investigators, whether investigations were coded properly, and even whether further investigative steps are merited. The SARP will initially be asked to review every sexual assault investigation file that was concluded as “unfounded from 2010 until 2016, however, this will be an ongoing departmental activity.

Risk Area Identification and Categorization
In its Directive on Privacy Impact Assessment, Treasury Board has expressed that the PIA must include a completed risk identification and categorization section and make public those risk ratings. A risk rating must be assigned to each risk areas named and described in Appendix C of the Directive on Privacy Impact Assessment. The numbered risk scale is presented in an ascending order: the first level (1) represents the lowest level of potential risk for the risk area; the fourth level (4) represents the highest level of potential risk for the given risk area. For this PIA the risk areas and associated risk levels are as follows:

Risk Area Risk Level

Type of Program or Activity
Criminal investigation and enforcement or national security


Type of Personal Involved and Context
Sensitive personal information, including detailed profiles, allegations or suspicions, bodily samples and/or the context surrounding the personal information is particularly sensitive.
For example: personal information that reveals intimate details on the health, financial situation, religious or lifestyle choices of the individual and which, by association, reveals similar details about other individuals such as relatives.


Program or Activity Partners and Privacy Sector Involvement
Within the institution (among one or more programs within the same institution)


Duration of the Program
Long-term program or activity with no clear sunset date


Program Population
The program’s use of personal information for external administrative purposes affects certain individuals.


Technology and Privacy
The SARP review team will be provided with a standalone computer/laptop on which the files to be reviewed will have been uploaded in PDF format. The WiFi function, USB connectors and CD/DVD drive are disabled. The SARP does not have direct access to any Records management System for privacy/confidentiality reasons. All review is done on site.

Personal Information Transmission
The personal information is used within a closed system (i.e., no connections to the Internet, Intranet or any other system. The circulation of hard copy documents is controlled)


In the Event of a Privacy Breach Impacting the Individual and the Institution
Given the personal information is highly sensitive and serious in nature a breach could have serious implications on all individuals including victims, complainants, other witnesses, and the accused. If the information and details in the files is intentionally or unintentionally released, re-victimization could occur. Re-victimization is broadly defined as victimization that takes place at multiple points in time over the course of an individual’s lifetime.  The risks would be amplified for a file where minors are involved.

Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: