Annual Report on the Administration of the Access to Information Act and the Privacy Act for the 2017 to 2018 fiscal year
From Employment and Social Development Canada
On this page
- Executive summary
- 1. Introduction
- 2. Organizational Structure
- 3. The Privacy Management Framework and Privacy Governance in ESDC
- 4. Delegations
- 5. Initiatives and Procedures
- 6. Performance Reporting
- 7.Complaints, Investigations and Court Actions
- 8. Internal Audits
- 9. Public Interest Disclosures
- 10. Material Privacy Breaches
- 11. Training and Awareness Activities
- 12. Moving Forward
- Annex A: Delegation Orders
- Annex B: Summaries of Completed Privacy Impact Assessments
- Annex C: Statistical Reports
Alternate formats
Large print, braille, MP3 (audio), e-text and DAISY formats are available on demand by ordering online or calling 1 800 O-Canada (1-800-622-6232). If you use a teletypewriter (TTY), call 1-800-926-9105.
Executive summary
The mission of Employment and Social Development Canada (ESDC), including the Labour Program and Service Canada, is to build a stronger and more inclusive Canada, to support Canadians to live productive and rewarding lives and to improve Canadians’ quality of life. Many of the federal government’s largest and most well-known programs and services are provided by the Department in fulfillment of its broad mandate.
As a result, ESDC is a major user of personal information and other data in order to deliver key programs and services to Canadians as well as to deliver programs and services on behalf of other federal institutions. Moreover, ESDC operates within one of the most complex privacy regimes in government, within which it carries out the vast scale and scope of the Department’s collection, use, retention and disclosure activities. Given the magnitude of ESDC’s responsibilities, the protection of Canadians’ privacy rights and the safeguarding of personal information is a key priority for the Department.
As a federal institution, ESDC is subject to the Access to Information Act and the Privacy Act. Both Acts require the Department to submit an annual report to Parliament on their administration at the conclusion of every fiscal year. This consolidated report describes ESDC’s major strategic and operational highlights for both access to information and privacy during the reporting period.
Modernization and transformation were dominant themes in 2017-18. The fiscal year was characterized by legislative and policy reform processes for both access to information and privacy. Change is underway in ESDC as well — the Department launched its Service Transformation Plan with the goal of leaping forward in the way programs and services are delivered in order to meet the current and evolving needs of Canadians.
To complement this work, the Department moved to strengthen the management of privacy in ESDC by:
- Supporting Privacy Act reform activities and undertaking extensive consultations within the Department to identify opportunities that could be addressed in the Act to improve programs and services for Canadians; and
- Initiated a review of ESDC’s privacy governance architecture to ensure that the Department is positioned to respond proactively to advances in technology, the use of data, and the evolving nature of the risks to personal information.
With respect to access to information, activities focussed on legislative reform and the evolving complexity of access to information requests and processing functions. Initiatives to advance access to information included:
- Engaging the Department to raise awareness about Access to Information Act reform to ensure that ESDC is prepared to comply with the anticipated amendments;
- Supporting the Open Government initiative and exploring opportunities to proactively release material frequently requested under access requests; and
- Modernizing access to information procedures across the Department towards improving analysis, reporting and proactive practices for searches and processing.
ESDC continues to experience some of the largest volumes of access to information and privacy requests among federal institutions. In the Treasury Board Secretariat’s 2016-17 ranking of Government of Canada institutions, the Department ranked sixth with respect to the volumes of access to information requests received, and third for the number of privacy requests (2017-18 rankings are not available at this time). During 2017-18, the total number of requests under both Acts increased by 2.2% from the previous fiscal year. The total number of pages processed under the Access to Information Act more than doubled to almost one million. Formal Privacy Act requests increased by 6% this past reporting period in comparison with 2016-17, with almost 800,000 pages processed. Even with this large workload, the Department’s initiatives to modernize and strengthen its business processes resulted in an 83% compliance rate for Access to Information Act requests (compared to 77% percent in 2016-17), while maintaining a 99% compliance rate for Privacy Act requests.
ESDC anticipates that the trend of large and increasing volumes of requests will continue in future years, in part because of the proposed proactive disclosure requirements for access to information. Ensuring that ESDC’s accesses to information and privacy request processes are efficient and effective will be important for the Department to continue to respond to requests in a timely manner.
These achievements, and detailed results described in this report, are a snapshot of the degree of responsibility, stewardship and effort that ESDC’s employees demonstrated every day to fulfill the Department’s legal responsibilities as well as to protect the information and privacy rights of Canadians.
1. Introduction
1.1 Presentation of the Report
Section 72 in both the Access to Information and Privacy Acts requires the head of a federal institution to submit an annual report to Parliament on the administration of each Act following the end of every fiscal year. The Department of Employment and Social Development (ESDC) is pleased to present its consolidated annual report on the administration of the Access to Information Act and the Privacy Act for the 2017-18 fiscal year to Parliament.
This year, the Department has developed a single report in order to provide greater contextualization of ESDC’s Access to Information Act and Privacy Act activities than could otherwise be reflected by separate submissions. The amalgamated format of this report provides a better representation of the hard work and accomplishments of ESDC’s dedicated professionals who administer both Acts.
1.2 About Employment and Social Development Canada
Employment and Social Development Canada (ESDC), which includes the Labour Program, and Service Canada, provides many of the federal government’s most well known programs and services. Because of the broad scope and national scale of its mandate, it is one of the largest and most decentralized federal departments, with over 21,000 employees across the country. Each day, ESDC interacts with thousands of Canadians by delivering services that play important roles in their lives. Canadians expect high-quality, easy-to-access, and secure services that are responsive to their needs, whether they are interacting online, through call centres, or in person.
ESDC’s programs and services affect Canadians throughout the course of their lives. For example, the Department provides pension income to seniors, supports unemployed workers, helps students finance their post-secondary education and assists parents who are raising young children. ESDC delivers many of the Government of Canada’s cornerstone programs and services, such as Employment Insurance, Old Age Security, the Canada Pension Plan, and the Canada Student Loans Program. Overall, the Department is responsible for delivering over $125 billion in benefits directly to individuals and organizations, which represent 95 percent of the Department's expenditures.
The Labour Program contributes to social and economic well-being by fostering safe, healthy, fair and inclusive work environments, and cooperative workplace relations in workplaces falling under federal jurisdiction. The Labour Program also supplies labour relations mediation services, enforces minimum working conditions, promotes decent work and fosters respect for international labour standards.
The Department’s service delivery arm, Service Canada, provides Canadians with a single point of access to ESDC programs and benefits, as well as other Government of Canada programs and services. It operates a network of 590 in-person points of service across the country comprising of 320 Service Canada Centres, 238 scheduled outreach sites and 32 stand-alone Passport offices. In addition to in-person services, Service Canada also serves the needs of Canadians online at Canada.ca, through the My Service Canada Account, and by telephone through “1-800 O-Canada” and its network of call centres.
While the primary focus of Service Canada’s regional service delivery network is the day-to-day operations of serving Canadians, it is uniquely placed to pursue collaborative efforts with local partners and other orders of government. It manages numerous formal arrangements with provincial and territorial governments, which undertake the delivery of substantial programs on behalf of ESDC.
1.3 Our Ministers
The activities of ESDC are governed by federal legislation and reflected in the mandates of its three Ministers:
- The Honourable Jean-Yves Duclos, Minister of Families, Children and Social Development;
- The Honourable Patty Hajdu, Minister of Employment, Workforce Development and Labour; and
- The Honourable Kristy Duncan, Minister of Science and Minister of Sport and Persons with Disabilities.
The Honourable Jean-Yves Duclos is the Minister responsible for the purposes of the Access to Information Act, the Privacy Act, and the Department’s enabling legislation — the Department of Employment and Social Development Act (DESDA).
1.4 About the Access to Information Act and the Privacy Act
The Access to Information Act provides Canadian citizens and permanent residents with a right of access to information in records under the control of a government institution, subject to limited and specific exemptions and exclusions, and in accordance with the principle that government information should be available to the public.
The Privacy Act protects the privacy of Canadian citizens, permanent residents and individuals present in Canada with respect to personal information about themselves held by a government institution that is subject to the Act, and provides them with a right of access to that information. The Privacy Act sets out provisions for the collection, use, retention and disclosure of personal information by government institutions.
1.5 Personal information provisions in the Department of Employment and Social Development Act
In addition to the Privacy Act, the management of personal information by ESDC is governed by additional legislative obligations set out in the Department’s enabling Act. The Department of Employment and Social Development Act provides rules that apply to personal information that is obtained by ESDC. These provisions set out the conditions for:
- disclosing personal information;
- making available information contained in the social insurance register;
- using personal information for internal policy analysis, research and evaluation purposes; and
- disclosing personal information for research or statistical analysis.
The Department of Employment and Social Development Act also provides an offence provision for the inappropriate use and disclosure of personal information under the control of ESDC.
2. Organizational Structure
2.1 Corporate Secretary and Chief Privacy Officer
The Corporate Secretariat is responsible for the management of access to information and privacy operations, the development of privacy policy, and the provision of privacy advice and guidance in ESDC. The Branch’s effectiveness in these functions is founded on a comprehensive understanding of the Department’s business requirements by dedicated and experienced employees who are able to adapt to changing demands and seek innovative solutions to meet emerging challenges.
The Branch is headed by the Corporate Secretary who reports to the Associate Deputy Minister and is responsible for the administration of the Access to Information Act. The Corporate Secretary is also the Department’s Chief Privacy Officer (CPO). The CPO is the Department’s functional authority on all privacy matters, which includes the provision of authoritative advice and functional direction to all ESDC Branches and Regions. The CPO is responsible for the establishment of comprehensive privacy management frameworks, programs, privacy review processes, and risk-based approaches to the management of personal information. The Directors of the Privacy Management Division and the Access to Information and Privacy Operations Division report to the Corporate Secretary and provide support in the administration of both the Privacy Act and the Access to Information Act within ESDC.
Text description of Figure 1
This organizational chart displays a hierarchy beginning with the Corporate Secretary and Chief Privacy Officer of ESDC at the top. From this level, a dotted line leads to the bottom to the Regional Access to Information and Privacy Managers. Directly below the Corporate Secretary and Chief Privacy Officer are two levels: The Privacy Management Division and the Access to Information and Privacy Operations Division.
Directly below the Privacy Management Division are three units: the Policy and Risk Team, Compliance and Advisory Services and the Strategy and Planning Team. Directly below the Access to Information and Privacy Operations Division are also three units: the Operations Unit, the Incident Management and Legislative Disclosures Unit and the Strategic Issues Management Team.
2.2 Access to Information and Privacy Operations Division
The Access to Information and Privacy Operations Division (ATIP Ops) carries out the Department’s legislated requirements under the Access to Information Act, the Privacy Act and parts of the Department of Employment and Social Development Act. It leads and advises on the processing of all ESDC requests under the Access to Information Act, performs line-by-line reviews of records requested under the Access to Information Act and the Privacy Act, and delivers training and awareness sessions to Departmental employees on the administration of the Acts. The Director of ATIP Ops is the Department’s designated ATIP Coordinator. Approximately 16 ATIP Ops employees were dedicated to processing access to information requests in 2017-18.
The day-to-day administration of the Access to Information Act is a collaborative endeavor between ATIP Ops and the Department’s network of branch and regional Liaison Officers who support this work by undertaking searches, collecting records and making recommendations. The Liaison Officers play an intermediary role between ATIP analysts and subject matter experts located across ESDC’s programs. The regions also play an important role by processing the majority of privacy requests received at ESDC.
In addition, ATIP Ops provides responses to legal instruments, public interest disclosures and privacy complaints not related to the processing of Privacy Act requests. It is also responsible for determining when a privacy breach has occurred in the event of a security incident involving personal information. Finally, the Division provides leadership on both the Department’s preparations to implement the proposed Access to Information Act amendments and ESDC’s Open Information activities.
In addition to processing requests under the Access to Information Act, ATIP Ops also contributed to other Departmental-wide activities for which ATIP Ops advice and expertise is sought. For instance, ATIP Ops staff frequently reviews Proactive Disclosure (e.g., contracts, position reclassification, travel and hospitality expenses), informal requests (e.g., audits and administrative investigations) and Open Government publications (e.g., datasets) to identify sensitivities such as personal information and cabinet confidences. While these figures are not accounted for within this report’s statistical information, such collaborative arrangements are an important part of strengthening transparency and accountability.
2.3 Privacy Management Division
The Privacy Management Division (PMD) is the Departmental focal point for the management of ESDC’s privacy program. PMD supports the horizontal coordination and implementation of Departmental privacy policies and initiatives. It also manages the Department’s privacy risk management function — including the Privacy Impact Assessment (PIA) process — the development of information sharing agreements involving personal information, and the provision of privacy compliance advice for ESDC’s programs and services. In addition, PMD is also responsible for providing strategic and analytical privacy advice to ESDC’s senior leaders. The Department’s privacy awareness campaigns and personal information management training is also led by the Division. During the 2017-18 fiscal year, PMD had an average complement of 20 full time equivalents.
3. The Privacy Management Framework and Privacy Governance in ESDC
3.1 Privacy Management Framework
Given the importance of safeguarding personal information at ESDC, the Department has adopted, and continues to implement, a risk-based and proactive approach to privacy management that promotes the integration of privacy into program design and project planning. This approach emphasizes the importance of building privacy directly into the architecture of programs, systems, technologies and business processes. ESDC’s Privacy Management Framework consists of five key elements, as described in the following table.
| Element | Definition |
|---|---|
| Governance and Accountability | Roles and responsibilities for privacy management are clearly defined to meet legal requirements, regulations, policies, standards and public expectations. |
| Stewardship of Personal Information | Appropriate privacy protections are implemented to manage personal information through its life cycle. |
| Assurance of Compliance | Formal processes and practices are established to ensure adherence to privacy specifications, policies, standards and laws. |
| Effective Risk Management | Structured and coordinated risk assessments are conducted to limit the probability and impact of negative events and maximize opportunities through risk identification, assessment and prioritization. |
| Culture, Training and Awareness | The protection of personal information is a core organizational value and is fundamental to maintaining the public’s trust. Formal privacy training and awareness activities promote a privacy-aware organization that values the protection and stewardship of personal information. |
3.2 Departmental Policy on Privacy Management
The purpose of Departmental Policy on Privacy Management (DPPM) is to sustain a robust privacy regime for the protection and judicious use of personal information within ESDC. The policy defines the roles and responsibilities for privacy, further stating that all employees are responsible for safeguarding and protecting personal information under their custody and control. The DPPM also specifies functional responsibilities and accountabilities for senior management. These include the CPO, the Departmental Security Officer, and the Departmental IT Security Coordinator.
The expected results from the application of the DPPM include the sound management and safeguarding of personal information within the Department, robust practices for the identification, assessment and management of risks to personal information, and the establishment of clear accountabilities, governance structures and mechanisms to protect and manage personal information in ESDC.
3.3 Privacy Governance at ESDC
In addition to the authorities and mandate of the Chief Privacy Officer, ATIP Ops and PMD, ESDC uses a committee structure to support privacy governance, risk oversight, and decision-making in the Department. ESDC’s primary governance committee for privacy and the safeguarding of personal information is the director general-level Privacy and Information Security Committee (PISC). Co-chaired by the Chief Privacy Officer and ESDC’s Departmental Security Officer, PISC is mandated to review matters related to privacy and the protection of personal information. The Committee supports the horizontal coordination and prioritization of issues, plans, and strategies related to the management and protection of personal information. PISC is supported by the Databank Review Working Group, which reviews the use of personal information for non-administrative purposes, namely policy analysis, research and evaluation activities.
PISC reports to the Assistant Deputy Minister-level Corporate Management Committee (CMC), which is responsible for overseeing the Department’s management agenda, including the operationalization of the ESDC’s security measures. Chaired by the Associate Deputy Minister, CMC is composed of Branch and Region heads as well as the Department’s senior leaders of key functional activities.
4. Delegations
Section 73 of both the Access to Information Act and the Privacy Act empower the head of an institution to delegate any of the powers, duties or functions assigned to him or her by these Acts to employees of that institution. Delegation orders set out the powers, duties and functions for the administration for each Act that have been delegated by the head of the institution and to whom delegation has been assigned. The approved delegation instruments are reproduced in Annex A.
5. Initiatives and Procedures
5.1 Access to Information Activities and Initiatives
ESDC undertook a number of access to information activities over the reporting period, most notable of which was the development of a strategy to prepare ESDC for the anticipated legislative and policy changes resulting from Access to Information Act reform. There were also important initiatives undertaken to support the Open Government agenda and to improve access to information request processing to meet increasing volumes.
Access to Information Act Reform: Implementation Readiness
The proposed legislative reform of the Access to Information Act would consist of several changes to the daily administration of the Act, and would entrench into law provisions to disclose frequently requested information proactively. To meet the anticipated obligations, ESDC created an intradepartmental working group to ensure Departmental readiness to comply with the proposed amendments. The working group reviewed business processes with a view to eliminate barriers in support of the daily administration of the Act, ensured awareness across Branches and Regions about upcoming reform and shared best practices for compliance with the new requirements. ATIP Ops also proactively engaged ESDC Branches and Regions to raise awareness across the Department about the implications of Access to Information Act reform, and continues to provide strategic support to the Treasury Board Secretariat on Access to Information Act reform.
Open Government
Open Government is a federal initiative to increase openness, transparency and accountability through greater public access to government data and information. This includes providing access to data, information and digital records in a manner that makes them easy to locate and reuse. With support from ESDC’s Innovation, Information and Technology Branch, ATIP Ops led the Department’s Open Information component of the Open Government initiative. Together with key partners and stakeholders, ATIP Ops explored linkages across access to information, proactive disclosure and Open Information to leverage opportunities. For example, through the intradepartmental working group referenced above, ESDC has reviewed processes and identified solutions towards simplifying the proactive disclosure of frequently requested information.
Process Modernization
With an emphasis on modernization and innovation, the same intradepartmental working group that was tasked with Access to Information Act reform and the Open Government initiative, was leveraged to provide an integrated approach to identify challenges and develop solutions for ATIP processes. ESDC started implementing these improvements based on the working group’s recommendations and identified best practices. For example, ATIP Ops is now proactively tasking Branches on a monthly basis for lists of briefing material prepared for ESDC’s Ministers and senior leaders and is seeing improvements in the timeliness of responses. Improvements have also been made to reporting and monitoring processes to help the Department’s Branches and Regions meet legislated deadlines.
5.2 Privacy Activities and Initiatives
In 2017-18, ESDC continued to advance a proactive, risk-based approach to privacy management and to support the development of a culture of “stewardship” within the Department for personal information under ESDC’s control. The reporting year was highlighted by strategic activities designed to position ESDC to support service delivery innovation and meet the challenges of a constantly evolving privacy environment that is driven by rapid technological change. Importantly, an underlying objective of these initiatives is to strengthen the identification and assessment of privacy-related risks as well as to improve processes to oversee that mitigations are in place.
The following are highlights of key ESDC privacy activities and accomplishments during 2017-18:
Privacy Act Reform
ESDC has been working closely with officials from the Department of Justice on its Privacy Act reform initiative given its significance to ESDC in both its day-to-day activities and its transformation agenda. It invited Justice Officials to speak at key ESDC governance committees and to participate in ESDC’s service transformation workshops along with other federal institutions with service delivery mandates. More importantly, the Department undertook an extensive internal consultation to identify opportunities that could be addressed in an updated Privacy Act that would help improve the Department’s programs and services for Canadians.
Privacy Governance Review
In late 2017-18, ESDC initiated a review of its privacy governance architecture to ensure that the Department is able to respond to the evolving nature of, and risks to, the use of personal information resulting from the advances in technology and the increased use of data. ESDC’s privacy governance mechanisms also have to be positioned to support the Department’s service transformation initiative. The review’s scope includes the committee structure and approval authorities. It is expected to be completed in 2018-19.
Privacy Impact Assessments
In accordance with the Treasury Board’s Directive on Privacy Impact Assessments, ESDC is required to conduct a PIA before establishing any new or substantially modified program or activity involving the administrative use of personal information. Among a PIA’s purposes, the identification and assessment of risks to privacy and the articulation of a risk mitigation plan are among the most important.
In 2017-18, ESDC completed 11 PIAs. Copies of approved PIA reports were provided to the Treasury Board Secretariat, and to the Office of the Privacy Commissioner. Summaries of these PIAs can be found in Annex B. ESDC is preparing to post these summaries on its website.
Provision of Privacy Advice and Guidance
In addition to Privacy Impact Assessments, PMD provided privacy advice and undertook privacy compliance reviews for Departmental programs and initiatives. The Division responded to 334 requests for privacy policy advice and compliance reviews on various products and material such as information sharing agreements, consent forms, privacy notice statements, contracts, statements of work, forms, and surveys and questionnaires. The Division also provided privacy policy advice for many Treasury Board submissions and Memoranda to Cabinet.
Information Sharing Agreements Involving Personal Information
An Information Sharing Agreement (ISA) is a written arrangement between parties that outlines the terms and conditions under which personal information is shared between them. Part 4 of the Department of Employment and Social Development Act sets out the provisions for the sharing of personal information under limited and specific circumstances. During the 2017-18 fiscal year, PMD provided advice and guidance to program areas on 129 ISAs and assisted in the completion of an additional 62 agreements.
Update to Information about Programs and Information Holdings
ESDC maintains an inventory of its personal information holdings as well as relevant details about personal information under its control (formerly known as Info Source). This compilation assists individuals to exercise their rights under the Privacy Act as well as the Access to Information Act.In 2017-18, ESDC completed a comprehensive review and updated the Department’s information on its programs and information holdings, which included an assessment of the content and revisions to the descriptions where required. The Department will publish the update in 2018-19. In this update, 32 Personal Information Bank descriptions will be amended, nine new ones will be added and 39 sub-programs and class of records will be revised.
6. Performance Reporting
The key 2017-18 performance data for the Access to Information Act and the Privacy Act is presented in the summary tables below. The detailed Statistical Reports for both Acts are found in Annex C.
6.1 Requests and Consultations: Total Volume
In terms of workload, in 2017-18 ESDC experienced an increase (2.2%) overall in terms of the total number of access to information and privacy requests and requests for consultations compared to the previous fiscal year.
Text description of Figure 2
| Fiscal Year | Requests received under the Access to Information Act | Requests Received under the Privacy Act | Requests for Consultations received under the Access to Information Act | Requests Received under the Privacy Act | Total Requests Received |
|---|---|---|---|---|---|
| 2014 to 2015 | 1,160 | 7,998 | 157 | 11 | 9,326 |
| 2015 to 2016 | 1,572 | 8,353 | 163 | 25 | 10,113 |
| 2016 to 2017 | 2,268 | 8,353 | 185 | 8 | 10,814 |
| 2017 to 2018 | 1,942 | 8,852 | 220 | 35 | 11,049 |
In 2017-18, although access to information requests decreased slightly, privacy requests increased and have done so steadily since 2014-15 representing a significant portion of the ATIP workload for the Department.
| Activity | 2014-15 | 2015-16 | 2016-17 | 2017-18 |
|---|---|---|---|---|
| Formal requests received under the Access to Information Act | 1,160 | 1,572 | 2,268 | 1,942 |
| Requests completed during the reporting period | 1,055 | 1,439 | 2,276 | 1,899 |
| Number of pages processed | 139,549 | 257,249 | 438,368 | 970,992 |
| Number of requests completed within legislated timeframes (including extensions) | 799 | 1,178 | 1,748 | 1,567 |
| Number of requests completed beyond legislated timeframes | 256 | 261 | 528 | 332 |
| Proportion of requests that were responded to within legislated timeframes | 76% | 82% | 77% | 83% |
| Complaints to the Information Commissioner | 29 | 42 | 23 | 40 |
| Activity | 2014-15 | 2015-16 | 2016-17 | 2017-18 |
|---|---|---|---|---|
| Formal requests received under the Privacy Act | 7,998 | 8,353 | 8,353 | 8,852 |
| Requests completed during the reporting period | 7,781 | 8,240 | 8,510 | 8,817 |
| Number of requests completed within legislated timeframes (including extensions) | 7,539 | 8,033 | 8,439 | 8,728 |
| Number of requests completed beyond legislated timeframes | 242 | 207 | 71 | 89 |
| Proportion of requests that were responded to within legislated timeframes | 97% | 98% | 99% | 99% |
| Public interest disclosures | 211 | 230 | 300 | 329 |
| Material privacy breachesFootnote 1 | 3 | 18 | 141 | 128 |
| Complaints to the Privacy Commissioner | 18 | 12Footnote 2 | 22 | 15 |
6.2 Total Requests Received and Completed
Access to Information Act
In 2017-18, ESDC received 1,942 requests under the Access to Information Act, a 14% decrease from the previous reporting year when the Department received 2,268 requests. This is the first time in recent years that ESDC did not experience a significant increase in the number of requests received. This decrease can, in part, be attributed to a new business process whereby certain access requests that should have been submitted as privacy requests were transferred to the regions for processing as privacy requests. Between December 1, 2017 and March 31, 2018, 119 access requests converted to privacy requests were transferred from National Headquarters to the regions.
Description of figure 3
| Year | Received | Completed |
|---|---|---|
| 2014 to 2015 | 1,160 | 1,055 |
| 2015 to 2016 | 1,572 | 1,439 |
| 2016 to 2017 | 2,268 | 2,276 |
| 2017 to 2018 | 1,942 | 1,899 |
Privacy Act
In 2017-18, ESDC received 8,852 requests under the Privacy Act, a 6% increase from the previous reporting year, when the Department received 8,353 requests. The Department has experienced an 11% increase over the past four years. In addition, the number of requests completed by ESDC increased by 4% from 8,510 requests completed in the 2016-17 fiscal year to 8,817 requests in the 2017-18 fiscal year.
Within ESDC, privacy requests typically originate from clients seeking a copy of records (e.g., relating to their Canada Pension Plan file) as well as from federal employees seeking to obtain a copy of their personal information.
Description of figure 4
| Year | Received | Completed |
|---|---|---|
| 2014 to 2015 | 7,998 | 7,781 |
| 2015 to 2016 | 8,353 | 8,240 |
| 2016 to 2017 | 8,353 | 8,510 |
| 2017 to 2018 | 8,852 | 8,817 |
6.3 Requests by Calendar Days taken to Complete
Access to Information Act
In 2017-18, ESDC continued to improve its processing performance for requests made under the Access to Information Act and completed a majority of requests within the first 30 days. A total of 1,081 requests (57%), were completed within the first 30 days compared to 53% in 2016-17.
Description of figure 5
| Year | 30 Calendar Days | 31-60 Calendar Days | 61 or more Calendar Days |
|---|---|---|---|
| 2014 to 2015 | 447 | 312 | 296 |
| 2015 to 2016 | 787 | 352 | 300 |
| 2016 to 2017 | 1,200 | 516 | 560 |
| 2017 to 2018 | 1,081 | 371 | 447 |
Privacy Act
In 2017-18, ESDC continued to improve its processing performance for requests made under the Privacy Act as well as completed a substantial majority of requests within the first 30 days. A total of 8,595 (99%) requests were completed within the first 30 days.
Description of figure 6
| Year | 30 Calendar Days | 31-60 Calendar Days | 61 or more Calendar Days |
|---|---|---|---|
| 2014 to 2015 | 6,983 | 663 | 135 |
| 2015 to 2016 | 7,169 | 999 | 72 |
| 2016 to 2017 | 8,237 | 252 | 24 |
| 2017 to 2018 | 8,595 | 179 | 43 |
6.4 Timeframes
Access to Information Act
In 2017-18, the Department met legislated timelines for 1,567 requests made under the Access to Information Act. Despite the fluctuation of resources over the course of the reporting year and number of pages processed, the majority of requests continued to be completed within legislated timeframes with a compliance rate of 83%. This represents an increase of six percentage points compared to the Department’s 2016-17 compliance rate (77%) and suggests that the Department’s business process redesign, increased monitoring and capacity-building activities started in the previous fiscal year are bearing fruit.
Institutions may apply for an extension beyond the original 30-day statutory timeframe in cases where meeting the statutory date is not feasible due to the volume of pages to be processed; where consultation is required that could not reasonably be conducted within the initial 30 days or; where notice is given to a third party. In 2017-18, ESDC requested 456 extensions.
ESDC was unable to meet legislated timelines for 332 requests during the reporting year which is an improvement from the previous year when the Department was unable to meet legislated timelines for 528 requests.
Description of figure 7
| Year | Within | Beyond |
|---|---|---|
| 2014 to 2015 | 76% | 24% |
| 2015 to 2016 | 82% | 18% |
| 2016 to 2017 | 77% | 23% |
| 2017 to 2018 | 83% | 17% |
Privacy Act
In 2017-18, ESDC met legislated timelines for 8,728 requests, which represents a compliance rate of 99%, a performance similar to the previous reporting year. ESDC was unable to meet legislated timelines for 89 requests during the reporting year.
Institutions may apply for an extension beyond the original 30-day statutory timeframe in cases where meeting the statutory date is not feasible due to the volume of pages to be processed; where consultation is required that could not reasonably be conducted within the initial 30 days or; for translation purposes or to convert a record to another format. In 2017-18, ESDC requested 76 extensions.
Description of figure 8
| Year | Within | Beyond |
|---|---|---|
| 2014 to 2015 | 97% | 3% |
| 2015 to 2016 | 98% | 2% |
| 2016 to 2017 | 99% | 1% |
| 2017 to 2018 | 99% | 1% |
6.5 Timeframe Monitoring
Access to Information Act
Except for certain circumstances that allow for extensions, the Access to Information Act contains a statutory timeline of 30 calendar days (about 20 working days) to provide responses to requests. ESDC’s ATIP Ops has a long-standing history of keeping senior management informed throughout the process when responding to Access to Information Act requests. Given the legislated timeframes and ESDC’s commitment to respecting both the letter and spirit of the Access to Information Act, the Department established the following process and responsibilities:
| Roles and Responsibilities | Description |
|---|---|
| Retrieval of Relevant Records and Formulation of Recommendations | Once a request is received, it is tasked to the relevant branches and/or regions, the Offices of Primary Interest (OPIs). The OPIs have eight working days to retrieve all responsive records and present them, along with any recommendations, to ATIP Ops. |
| Line-by-line Review of the Responsive Records | ATIP Ops has eight working days to complete a thorough line-by-line review of the records and to invoke any applicable exemptions and/or exclusions. |
| Advance Release Notice | Key stakeholders receive a notification that the release package has been posted electronically on a secure internal web site at least four working days prior to the scheduled release date. This mechanism allows all implicated parties to review the information prior to release. |
In support of timeframe monitoring, ATIP Ops generates a weekly “look ahead” report that is shared with the Minister’s Office, Deputy Minister’s Office, and ADMs (e.g., ADMs for legal services and communications) that provides an overview of upcoming releases. As well, a quarterly report that captures key ATIP processing performance indicators is shared with all DMs and ADMs within the Department. Additionally, ATIP Ops began sharing individual access to information performance reports with each branch and region, a process change which began in summer 2017. These improvements position branches and regions to be more proactive in the monitoring of tasked access to information requests.
Privacy Act
ESDC’s regional offices manage the majority of the privacy request workload and prepare weekly reports concerning new requests, workload and status for the tracking of on-time performance for privacy requests. Regional offices also produce performance reports on a monthly, quarterly and yearly basis. These reports provide regional management (Managers and Team Leaders) with the performance status for their specific region.
6.6 Pages Processed and Disclosed
Access to Information Act
In 2017-18, the Department experienced a significant increase from the previous fiscal year in terms of the total number of pages of documents processed and disclosed for requests under the Access to Information Act (see graph below). This is in line with the trend observed since 2014-15. Of the 970,000 pages processed this fiscal year, 774,731 pages were released in response to one request involving data sets. Although this type of request does not require extensive line-by-line review prior to disclosure, it still requires sufficient internal capacity and resources to process requests involving data sets.
Description of figure 9
| Year | Processed | Disclosed |
|---|---|---|
| 2014 to 2015 | 139,549 | 121,801 |
| 2015 to 2016 | 257,249 | 216,929 |
| 2016 to 2017 | 438,368 | 410,089 |
| 2017 to 2018 | 970,992 | 943,669 |
Privacy Act
On the privacy side, the total number of pages of documents processed for requests slightly decreased, while the total number of pages disclosed in the 2017-18 fiscal year slightly increased. During the reporting period, 798,436 pages were processed for exemptions and exclusions which represented a decrease of 3% from the previous fiscal year when 818,954 pages were processed. Out of the total number of pages processed, 771,256 pages were disclosed which is a small increase from the previous year when 769,173 pages were disclosed.
Description of figure 10
| Year | Processed | Disclosed |
|---|---|---|
| 2014 to 2015 | 633,787 | 603,090 |
| 2015 to 2016 | 789,762 | 740,582 |
| 2016 to 2017 | 818,954 | 769,173 |
| 2017 to 2018 | 798,436 | 771,256 |
6.7 Sources of Requests under the Access to Information Act
In 2017-18, the most common source of requests under the Access to Information Act was from the media (649), followed by the general public (611) and business/private sector (357). This trend continued from the previous fiscal year where the media was the main source of requesters. Lists of briefing notes and the actual briefing note documentation have been the most common type of material requested.
During the reporting period, 8% (162) of requesters declined to identify themselves, which represents a decrease of 12 percentage points from 2016-17 when 20% (445) of requesters declined to identify themselves.
| Source | 2014-15 | 2015-2016 | 2016-2017 | 2017-2018 |
|---|---|---|---|---|
| Media | 156 (13%) | 257 (16%) | 670 (30%) | 649 (33%) |
| Academia | 14 (1%) | 19 (1%) | 22 (1%) | 39 (2%) |
| Business/Private Sector | 436 (38%) | 395 (25%) | 438 (19%) | 357 (18%) |
| Organization | 220 (19%) | 105 (7%) | 113 (5%) | 124 (6%) |
| Public | 286 (25%) | 492 (31%) | 580 (26%) | 611 (31%) |
| Decline to Identify | 48 (4%) | 304 (19%) | 445 (20%) | 162 (8%) |
Exemptions and Exclusions
ESDC is one of the largest holders of personal information in the Government of Canada which affects the frequency in with which certain exemptions and exclusions are applied under the Access to Information and Privacy Acts.
Access to Information Act
Exemptions
While the Access to Information Act gives a right of access to records held by government institutions, information within these records may be withheld by applying limited and specific exemptions.
Due to the nature of ESDC’s mandate, most of the information under the Department’s control contains personal information about individuals and must be withheld under the mandatory exemptions set out in section 19 (Personal information) unless certain conditions are met. Although section 21 (Advice) was not the most frequently applied exemption for the 2017-18 fiscal year, it continued to represent a significant percentage of the total (applied in 362 instances). This can be attributed to the number of requests for briefing notes.
The following table (Table 6) outlines the most frequently invoked exemptions during the past four fiscal years.
| Section | 2014-15 | 2015-2016 | 2016-2017 | 2017-2018 |
|---|---|---|---|---|
| s. 19 - Personal information | 347 (31%) | 405 (29%) | 501 (23%) | 385 (27%) |
| s. 16 - Law enforcement and investigations | 214 (19%) | 193 (14%) | 269 (13%) | 149 (10%) |
| s. 20 - Third party information | 174 (15%) | 170 (12%) | 229 (11%) | 152 (11%) |
| s. 21 - Advice and recommendations | 202 (18%) | 247 (18%) | 658 (31%) | 362 (25%) |
| s. 24 - Statutory prohibitions against disclosure | 74 (7%) | 170 (12%) | 186 (9%) | 149 (10%) |
Exclusions
The Access to Information Act allows for the exclusion of certain types of information, specifically records that are already available to the public (section 68) and confidences of the Queen’s Privy Council for Canada (section 69), which require consultation with the Department of Justice. In 2017-18, ESDC excluded records based on section 69 for 137 requests.
Privacy Act
Exemptions
While the Privacy Act gives a right of access to records held by government institutions, information within these records may be withheld by applying limited and specific exemptions.
Due to the nature of ESDC’s mandate and its personal information holdings, the exemption under the Privacy Act that was applied most frequently is section 26, which protects personal information about another individual as defined by section 3 of the Act. This exemption occurred in 5,898 instances of completed requests during the 2017-18 reporting year.
Exclusions
The Privacy Act allows for the exclusion of certain types of information such as records that are already available to the public (section 69) and confidences of the Queen’s Privy Council for Canada (section 70). For 2017-18, ESDC did not exclude any records for requests under the Privacy Act.
6.8 Consultations received from other Government of Canada Institutions and Other Organizations
Access to Information Act
In 2017-18, ESDC received 220 external consultation requests, which originated from other Government of Canada institutions and other organizations and required a review of an additional 11,567 pages. This is a significant increase from the previous fiscal year during which ESDC received 173 requests for external consultations and reviewed an additional 5,164 pages.
The Department was able to close 210 requests for consultations of which 124 (59%) were completed within 30 days. More than half (145 or 69%) resulted in a recommendation to disclose the records in their entirety and 45 recommended that the consulting institution or organization disclose in part.
Privacy Act
ESDC received 35 external consultation requests in 2017-18, which originated from Government of Canada institutions and other organizations, requiring an additional review of 5,355 pages. This is a significant increase from the previous reporting year when ESDC received only eight requests for external consultations and reviewed an additional 132 pages.
The Department was able to close 34 requests for consultations of which 29 (85%) were completed within 30 days. In addition, 23 (68%) of the consultations resulted in a recommendation to disclose the records entirely and 11 (32%) recommended that the consulting institution or organization disclose in part.
6.9 Requests for the Correction of Personal Information under the Privacy Act
Under the Privacy Act, individuals have a right to request the correction of any erroneous personal information pertaining to them that is retained by a government institution, provided that the individual can adequately substantiate the request. ESDC accepted three requests for correction of personal information in 2017-18.
7. Complaints, Investigations and Court Actions
7.1 Access to Information Act
During the 2017-18 reporting period, the Department was notified by the Office of the Information Commissioner of 40 access complaints. The Department received findings on 27 complaints. There were no court actions during the reporting period. Please see Table 7 for more information / analysis on the nature of complaints and findings.
7.2 Privacy Act
During the 2017-18 reporting period, the Department was notified by the Office of the Privacy Commissioner of 29 privacy complaints. The Department received findings on 43 complaints. There were no court actions during the reporting period. Please see Table 7 for more information and analysis on the nature of complaints / findings.
| Access to Information Act | Privacy Act | |
|---|---|---|
| Complaints | ||
| Complaints received | 40 | 29 |
Denied access |
8 | 6 |
Unreasonable time extension |
7 | 0 |
Processing delays |
9 | 4 |
Improperly applied exemptions |
9 | 0 |
Use and disclosure |
NA | 2 |
Complaints resolved or ongoing through “early resolution” |
7 | 17 |
| Investigations | ||
| Findings received | 27 | 43 |
Well-founded |
8 | 8 |
Not well-founded |
0 | 7 |
Complaints resolved during investigation |
0 | 1 |
Complaints resolved informally |
13 | 21 |
Discontinued |
6 | 6 |
| Court Actions | ||
| Number of court actions | 0 | 0 |
8. Internal Audits
8.1 Access to Information-related Audits
Audit of the Access to Information Process
In 2016, ESDC undertook an internal audit on the administration of access to information to determine whether processes are operating as intended and in compliance with the Access to Information Act. While the audit concluded that the ESDC access to information function complies with the Act, opportunities were identified to improve oversight, increase timeliness of responses, address resourcing challenges, augment data integrity and to move forward with initiatives to modernize the access to information function. ATIP Ops committed to implementing the audit’s recommendations, and over the last two years has actively pursued activities to continue to increase compliance and respond to access to information requests more efficiently.
During 2017-18, ATIP Ops focused on increasing capacity, addressing backlogs, engaging with senior management and continuing access to information trend and data analysis reporting to support operations. It worked closely with the broader Government of Canada ATIP community to identify long-term solutions for access to information analyst recruitment, training and retention of skilled resources.
On a priority basis, ATIP Ops followed up on the internal audit recommendations throughout the reporting period and successfully implemented all audit recommendations by the end of fiscal year 2017-18, and therefore, managed to increase its access to information compliance rate. Going forward, the Division will continue to pursue modernization activities to strengthen the Department's access to information function.
8.2 Privacy-related Audits
Through its audit plan, ESDC continued to address the management of risks to privacy and the safeguarding of personal information with targeted examinations. During 2017-18, PMD was involved in the following audits, elements of which will be ongoing at the start of the 2018-19 fiscal year:
Audit of Risk Management Practices
PMD was consulted and asked to provide feedback to ESDC’s Internal Audit Services Branch regarding the risk management processes used by the Corporate Secretariat and the Department. The objective of the audit was to provide assurance to senior management that ESDC’s risk management framework and practices were adequate, functioned as intended and supported informed decision-making. The audit was still ongoing at the end of the 2017-18 reporting period.
Audit of the Management and Implementation of Select Privacy Impact Assessments (PIAs)
The objective of the audit was to determine whether the PIA approach resulted in the implementation of privacy practices that complied with legal and policy requirements. The audit was conducted using a number of methodologies including document reviews and analyses, interviews with management and staff from PMD, ESDC’s branches and Ontario and Québec Regions, as well as judgmental and risk-based sampling and review of 15 PIAs.
Since the audit was not concluded at the end of 2017-18, the results of the examination will be described in the 2018-19 Annual Report.
9. Public Interest Disclosures
In accordance with section 8(2) of the Privacy Act, Part 4 of the Department of Employment and Social Development Act takes precedence over the Privacy Act concerning to the use and disclosure of personal information. ESDC’s disclosures in the public interest are not made under section 8(2)(m) of the Privacy Act, but under section 37(1) of the Department of Employment and Social Development Act. This section states that personal information may be disclosed “…if the Minister is of the opinion that the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or that disclosure would clearly benefit the individual to whom the information relates.” As with public interest disclosures under the Privacy Act, these disclosures were reported to the Office of the Privacy Commissioner (OPC).
In 2017-18, the Department approved the disclosure of personal information in the public interest in 329 instances. The Department processed 288 public interest disclosures in the regions, which involved individuals who were threatening to harm themselves or others. In instances where there is an imminent threat to the safety and security of individuals, regional employees have the delegated authority to make the disclosures. Given the urgency of these situations, the OPC is informed after the disclosure is made.
ATIP Ops approved the disclosure of personal information in an additional 41 cases. Of the 41 cases, the OPC was informed prior to the disclosure in 29 instances (verbally with a follow up letter, or by letter only), and by letter after the disclosure in 12 occasions.
| Reason for Disclosure | Number of Disclosures |
|---|---|
| Regional disclosures | 288 |
| NHQ disclosures | |
Homicide investigation |
3 |
Locate an individual/next of kin |
6 |
Fraud/suspected elder abuse |
4* |
Violence/threat of violence/bomb threat/vandalism |
13 |
Missing person |
6 |
Suicide threat/self-harm/wellness check |
5 |
Other |
4 |
| Subtotal | 41 |
| TOTAL | 329 |
*In one instance, disclosure was authorized and the Department had notified the OPC in advance by letter. The information was not disclosed.
10. Material Privacy Breaches
A privacy breach refers to the improper or unauthorized collection, use, disclosure, retention or disposal of personal information. According to the Treasury Board Secretariat, “a material privacy breach has the highest risk impact and is defined as involving sensitive personal information; and could reasonably be expected to cause serious injury or harm to the individual and/or involves a large number of affected individuals”.
Because of the scope and breadth of ESDC’s mandate, the Department has one of the largest personal information holdings in the Government of Canada. For some ESDC programs, detailed and often sensitive personal information is needed to determine program eligibility or to receive benefits and services. Personal information is handled by a large number of employees to deliver services across the country by using ESDC’s numerous IT systems and databases. Moreover, the personal information held by the Department is sought by, and disclosed to, a large number of partners and stakeholders for many purposes, including the delivery of their programs, the determination of the eligibility for federal and provincial programs and benefits, the authentication of individuals, identity management, research and statistics, integrity operations, performance management, and legal proceedings. In short, the magnitude and complexity of ESDC’s personal information management responsibilities are considerable, and are characterized by millions of transactions that involve personal information every year.
In 2017-18, there were 128 material breaches representing a 9% decrease compared to 141 breaches in 2016-17 (See Table 9 below). These breaches were the result of operational processes such as information lost in transit in the postal system.
Over the last three years, additional time and resources have been invested to foster a privacy-aware organization through formal privacy training and awareness activities. The Department continues to explore ways to reduce the number of breaches. For example, in 2018-19, the Canada Student Loans Program will implement an e-delivery model for its Master Student Financial Assistance Agreement (MSFAA) which will result in enhanced self-service capabilities for full-time students. In the first phase of enhancements, identity verification, as well as document signing and submission will be possible to perform electronically. This will eliminate the need to send paper documentation by mail, thereby, significantly reducing the risk of misdirected documents.
Additionally, the Department will also work closely with its Passport Operations partners — Immigration, Refugees and Citizenship Canada, Global Affairs Canada and Canada Post — to clarify accountabilities for the reporting of passport breaches, as recommended in the Privacy Commissioner’s 2016-2017 Annual Report to Parliament on the Personal Information Protection and Electronic Documents Act and the Privacy Act.
| No. of Material Breaches | Summary and nature of Information breached | Communication and notification strategies | Actions undertaken in response |
|---|---|---|---|
| 99 | Individual program benefit applications were lost. | Affected individuals were contacted by letter and/or phone to inform them of the breach. |
|
| 29 | Personal information (some included supporting documents) incorrectly shared with the wrong individuals, third parties. | Personal letters were sent to affected individuals informing them of the breach. |
|
| Total Number of Material Breaches: 128 | |||
11. Training and Awareness Activities
11.1 Privacy and Access to Information Training
ESDC has a comprehensive and mandatory online training strategy to educate, increase knowledge of, and raise awareness about the stewardship of information, which includes the management and safeguarding of personal information as a key component. As part of the Department’s commitment to maintain the security of its systems and to protect the personal information of its clients and colleagues, all ESDC employees are required to maintain valid certification in Stewardship of Information and Workplace Behaviours (SIWB). Launched in 2014, and updated in 2016, SIWB addresses access to information, information management, security, and values and ethics in addition to the management of personal information.
SIWB certification is valid for two years and must be maintained by all Departmental employees. In total, 24,288 employees (which include students, casuals, terms and indeterminate staff) were assigned to complete either the certification or re-certification, of which 20,613 employees (85%) successfully succeeded by the end of the 2017-18 fiscal year. ESDC will follow-up with the remaining employees in 2018-19.
In addition, the online training module, Privacy and Access to Information – It’s Everybody’s Business, has trained 9,113 employees since 2014-15, including 3,651 employees during the reporting period.
In addition to online training and certification, ESDC undertook a number of in-person or WebEx training sessions and activities to educate and increase knowledge of access to information and privacy for employees in the Department. Since 2014-15, the Department delivered 179 in-person sessions to 4,681 employees. In 2017-18, ESDC delivered 35 in-person sessions to 1,467 employees.
Description of figure 11
| Year | Stewardship of Information and Effective Workplace Behaviours | Privacy and Access to Information – It’s Everybody’s Business |
|---|---|---|
| 2014 to 2015 | 13,800 | 1,356 |
| 2015 to 2016 | 1,678 | 1,742 |
| 2016 to 2017 | 20,613 | 3,651 |
Description of figure 12
| Year | Training Sessions | Employees Trained |
|---|---|---|
| 2014 to 2015 | 37 | 1,120 |
| 2015 to 2016 | 48 | 1,131 |
| 2016 to 2017 | 59 | 963 |
| 2017 to 2018 | 35 | 1,467 |
11.2 Access to Information Awareness
During 2017-18, 10 training sessions were held in the National Capital Region, consisting of 240 participants, while another eight sessions were held in the Regions, totalling 307 participants. ATIP Ops is working to improve its capacity to offer training sessions with the intention of increasing the number of sessions held in 2018-19. ATIP Ops has also engaged with individual Branches and Regions within ESDC (e.g., providing presentations to senior executives) to raise awareness on Access to Information Act reform and its implications for the Department’s proactive disclosure and access to information activities.
11.3 Privacy Awareness
Throughout 2017-18, the Department continued to promote practical, easy to understand, and readily available privacy-related information and guidance to employees to reinforce the application of appropriate privacy and personal information safeguarding practices. This included organizing various privacy-themed information events such as Privacy Awareness Month during May 2017, a Data Privacy Day in January 2018, and a series of specialized knowledge talks. During Privacy Awareness Month, information kiosks were set up and staffed, and hundreds of information pamphlets and brochures, which were developed by the Department and the Office of the Privacy Commissioner, were distributed to ESDC staff.
PMD also developed and introduced a streamlined privacy checklist tool to assess the degree of privacy engagement necessary for a given initiative. It is used during the early design stage, and often as part of the Memorandum to Cabinet and Treasury Board submission development processes. The use of the tool resulted in early engagements by PMD with the Department’s Branches which promoted meaningful discussions about, and a greater understanding of, an initiative’s privacy implications.
12. Moving Forward
According to the Treasury Board Secretariat’s 2016-17 Access to Information and Privacy Statistical Report, ESDC ranked sixth in 2016-17 out of all federal institutions in terms of number of access requests and pages disclosed and third with respect to privacy requests and pages disclosed. ESDC anticipates that the trend of a heavy demand for records under the control of ESDC, whether in the form of access requests or privacy requests, will continue in future years. With significant request volumes, pages released, Access to Information Act reform and new proactive disclosure requirements, having efficient business processes is more crucial than ever before if ESDC is to meet its goal of timely responses to Canadians who ask for access to government information or their own personal data.
ATIP Ops will also continue to support the Department’s Access to Information Act implementation readiness activities and help identify solutions to comply with the proposed proactive disclosure requirements. The Division will continue to pursue business process improvements in collaboration with Branches and Regions. ATIP Ops will also continue to use access to information trend analysis and will seek to expand Open Information publishing possibilities as well as prepare an access to information workforce that can meet future demands.
In terms of personal information management priorities, ESDC will continue to support current privacy legislative and policy reforms, implement changes related to the Department’s privacy governance review and actively support service transformation activities during the new fiscal year.
Annex A: Delegation Orders
Delegation order - Employment and Social Development Canada
The Minister of Employment and Social Development, pursuant to section 11 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or function of the head of the institution, as specified in the attached schedules.
- Access to Information Act
- Privacy Act
Original signed June 22, 2017 by the Honourable Jean-Yves Duclos, Minister of Employment and Social Development
Access to Information Act and Regulations: Delegation of Authority, Department of Employment and Social Development
| Description | Section | Delegated Authority |
|---|---|---|
| Responsibility of government institutions | 4(2.1) |
|
| Notice where access requested | 7(a) |
|
| Giving access to record | 7(b) |
|
| Transfer of request to another government inst. | 8(1) |
|
| Extension of time limits | 9 |
|
| Payment of additional fees | 11(2) |
|
| Payment of fees for EDP record | 11(3) |
|
| Deposit | 11(4) |
|
| Notice of fee payment | 11(5) |
|
| Waiver or refund of fees | 11(6) |
|
| Language of access | 12(2)(b) |
|
| Access to alternate format | 12(3)(b) |
|
| Refuse access – Obtained in confidence | 13 |
|
| Refuse access – Federal-provincial affairs | 14 |
|
| Refuse access – International affairs and defence | 15 |
|
| Refuse access – Law enforcement and investigations | 16 |
|
| Refuse access – Public Servants Disclosure Protection Act | 16.5 |
|
| Refuse access – Safety of individuals | 17 |
|
| Refuse access – Economic interests of Canada | 18 |
|
| Refuse access – Economic interest of the Canada Post Corporation, Export Development Canada, the Public Sector Pension Investment Board and VIA Rail Canada Inc. | 18.1 |
|
| Refuse access – Personal information | 19 |
|
| Refuse access – Third party information | 20 |
|
| Refuse access – Operations of Government | 21 |
|
| Refuse access – Testing procedures, tests, audits | 22 |
|
| Refuse access – Audit working papers and draft audit reports | 22.1 |
|
| Refuse access – Solicitor-client privilege | 23 |
|
| Refuse access – Statutory prohibitions | 24 |
|
| Severability | 25 |
|
| Information to be published | 26 |
|
| Third party notification | 26 27(1) |
|
| Third party notification – Extension of time limit | 27(4) |
|
| Third party notification – Notice of decision | 28(1)(b) |
|
| Third party notification – Waive representations in writing | 28(2) |
|
| Third party notification – Disclosure of record | 28(4) |
|
| Where the Information Commissioner recommends disclosure | 29(1) |
|
| Advising Information Commissioner of third party involvement | 33 |
|
| Right to make representations | 35(2)(b) |
|
| Access to be given to complainant | 37(4) |
|
| Notice to third party (application to Federal Court) | 37(4) 43(1) |
|
| Notice to applicant (application to Federal Court by third party) | 44(2) |
|
| Special rules for hearings | 52(2)(b) |
|
| Ex parte representations (Federal Court) | 52(3) |
|
| Facilities for inspection of manuals | 71(1) |
|
| Annual report to Parliament | 72 |
|
| Description | Section | Delegated Authority |
|---|---|---|
| Transfer of request | 6(1) |
|
| Search and preparation of fees | 7(2) |
|
| Production and programming fees | 7(3) |
|
| Providing access to records | 8 |
|
| Limitations in respect of format | 8.1 |
|
Privacy Act and Regulations: Delegation of Authority, Department of Employment and Social Development
| Description | Section | Delegated Authority |
|---|---|---|
| Retention of a record of requests and disclosed records to investigative bodies under section 8(2)(e) of the Privacy Act. | 8(4) |
|
| Retention of records of uses of personal information | 9(1) |
|
| Notification of the Privacy Commissioner of any new consistent uses of personal information and ensure use is included in next statement of consistent uses set forth in the Index | 9(4) |
|
| Include personal information in personal information banks | 10 |
|
| Respond to request for access within 30 days and give written notice and, if access to be given, give access. | 14 |
|
| Extension of the 30 day time limit to respond to a privacy request. | 15 |
|
| Decision on whether to translate a response to a privacy request in one of the two official languages. | 17(2)(b) |
|
| Decision on whether to convert personal information to an alternate format | 17(3)(b) |
|
| Decision to refuse to disclose personal information contained in an exempt bank. | 18(2) |
|
| Decision to refuse access to personal information that was obtained in confidence from the government of a foreign state or institution, an international organization of states or an institution thereof, the government of a province or institution thereof, a municipal or regional government established by or pursuant to an Act of the legislature of a province or an institution of such a government, or the council, as defined in the Westbank First Nation Self-Government Agreement given effect by the Westbank First Nation Self-Government Act or the council of a participating in First Nation as defined in the First Nations Jurisdiction over Education in British Columbia Act | 19(1) |
|
| Authority to disclose personal information referred to in 19(1) if the government, organization or institution described in 19(1) consents to the disclosure or makes the information public. | 19(2) |
|
| Refuse to disclose personal information that may be injurious to the conduct of federal-provincial affairs | 20 |
|
| Refuse to disclose personal information that may be injurious to international affairs or the defence of Canada or one of its allies. | 21 |
|
| Refuse to disclose personal information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions | 22 |
|
| Refuse to disclose personal information created for the Public Servants Disclosure Protection Act. | 22.3 |
|
| Refuse to disclose personal information prepared by an investigative body for security clearance. | 23 |
|
| Refuse to disclose personal information that was collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while the individual was under sentence if the conditions in the section are met | 24 |
|
| Refuse to disclose personal information which could threaten the safety of individuals | 25 |
|
| Refuse to disclose personal information about another individual and shall refuse to disclose such information where disclosure is prohibited under section 8 | 26 |
|
| Refuse to disclose personal information that is subject to solicitor-client privilege. | 27 |
|
| Refuse to disclose personal information relating to the individual’s physical or mental health where the disclosure is contrary to the best interests of the individual | 28 |
|
| Receive notice of investigation by the Privacy Commissioner | 31 |
|
| Right to make representations to the Privacy Commissioner during an investigation | 33(2) |
|
| Receive Privacy Commissioner’s report of findings of an investigation and give notice of action taken | 35(1) |
|
| Provision of addition personal information to a complainant after receiving a 35(1)(b) notice. | 35(4) |
|
| Receive Privacy Commissioner’s report of findings of investigation of exempt bank | 36(3) |
|
| Receive report of Privacy Commissioner’s findings after compliance investigation | 37(3) |
|
| Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region. | 51(2)(b) |
|
| Request and be given right to make representations in section 51 hearings | 51(3) |
|
| Prepare annual report to Parliament | 72(1) |
|
| Description | Section | Delegated Authority |
|---|---|---|
| Allow examination of the documents (Reading Room) | 9 |
|
| Notification of Correction | 11(2) |
|
| Correction refused, notation placed on file | 11(4) |
|
| Disclosure to a medical practitioner or psychologist | 13(1) |
|
| Disclosure in the presence of a medical practitioner or psychologist | 14 |
|
Annex B: Summaries of Completed Privacy Impact Assessments
Automatic Enrolment for the Guaranteed Income Supplement
The Old Age Security/Guaranteed Income Supplement Service Improvement Strategy (OAS/GIS SIS) is a phased approach to alleviate the requirement for paper applications with the implementation of the Proactive Enrolment Initiative. ESDC developed the OAS/GIS SIS in 2012 to address demographic and program pressures facing the implementation of OAS. A PIA was completed to assess ESDC’s collection, use, retention and disposal of personal information throughout the administration of the Proactive Enrolment Initiative, which is the third phase of the project. Because of the Office of the Privacy Commissioner’s (OPC) interest in the initiative, an ongoing consultation process was established to allow the OPC to provide ESDC with its comments and recommendations during the development stage.
Canada Apprenticeship Loans Phase III: Repayment
The Canada Apprentice Loans Program provides loans to assist registered apprentices with the cost of technical training. It is administered by the Canada Student Loan Program and delivered by its service provider. The PIA focused on ESDC’s collection, use, disclosure, retention and disposition of loan recipients’ personal information. It also reviewed the privacy implications of the loan repayment process.
Call Recording and Screen Capture functionality for the 1 800 O-Canada and Customized Information Services Quality Assurance Program
The 1 800 O-Canada toll-free telephone service provides the public with general information on all Government of Canada programs, services and initiatives, and acts as a first point of contact to access quick, up-to-date government information. A new call recording and screen capture functionality to enhance the quality assurance monitoring process and program was introduced. A PIA assessed the privacy impacts and potential risks associated with the collection of personal information via screen capture/call recording as well as the handling, storage, access to, and disposal of this information throughout its lifecycle.
Direct Deposit and Address Information Sharing Initiative Iteration I, Canada Pension Plan Direct Deposit
The Tell-Us-Once – Direct Deposit and Address Information Sharing Initiative (DAISI) is a joint effort between ESDC and the Canada Revenue Agency (CRA) that allows Canadians to update their information once, and have it automatically shared between the two departments. Iteration I gives Canadians the option to share their direct deposit banking information, between the Canada Pension Plan administered by ESDC and other pension programs administered by CRA. The PIA focussed on ESDC’s collection, use, retention and disclosure of information.
eNotification Project in My Service Canada Account
A new eNotification service is a feature of My Service Canada Account – Employment Insurance (MSCA-EI) which offers clients improved messaging and notification services (Alert Me). Clients who consent to the Alert Me feature receive timely emails notifying them when changes occur to their EI claim. The PIA was focussed on ESDC’s collection, use, disclosure, retention and disposition of clients’ personal information on a voluntary consent basis.
First Nations Job Fund
The First Nations Job Fund (FNJF) provided personalized job training to Income Assistance clients who were referred from Indigenous and Northern Affairs Canada. The FNJF was delivered through the Aboriginal Skills and Employment Training Strategy network of Agreement Holders and sunset on March 31, 2017. The PIA examined the handling of personal information for the administration of the FNJF.
Memorandum of Understanding (MOU) concerning the disclosure of administrative data files from ESDC to Statistics Canada
ESDC had a Memorandum of Understanding (MOU) with Statistics Canada dating from 1989 for the disclosure of personal information for research and statistical purposes. A new and updated MOU was developed to incorporate additional program data, reflect legislative changes and current information technology, privacy, and security standards. The PIA focussed on ESDC’s compliance with privacy and security policies, as well as IT standards, for the management and disclosure of personal information under the MOU.
Old Age Security, Northwest Territories: Information Sharing Agreement between ESDC and Northwest Territories Department of Education, Culture and Employment
The Information Sharing Agreement (ISA) between ESDC and the Northwest Territories Department of Education, Culture and Employment (ECE) replaces the Letter of Agreement (LoA) for the administration of the Territories’ Income Security Programs. ESDC provides personal information to ECE for administering the Senior Citizen Supplementary Benefit, a monthly monetary benefit to help low-income seniors pay for living expenses. The PIA examined the identification and categorization of the risks presented by ESDC’s disclosure of personal information to the government of the Northwest Territories’ Income Security programs.
Old Age Security, Yukon: Exchange of Personal Information between ESDC and Yukon Department of Health and Social Services for the administration of the Yukon Senior Income Supplement
The Yukon Seniors Income Supplement (YSIS) provides an income supplement to low income seniors who are in receipt of the Old Age Security (OAS) and Guaranteed Income Supplement (GIS) from the federal government. The Yukon supplement is also provided to spouses between the ages of 60 and 64 years who receive the Allowance or Allowance for the Survivor. The purpose of the disclosure of information between ESDC and Yukon is to provide Yukon seniors with seamless access to benefits while ensuring the information is disclosed and protected in line with the territory’s Access to Information and Protection of Privacy Act and the Department of Employment and Social Development Act. The completed PIA focussed on ESDC’s disclosure of personal information to the Yukon government.
Workforce Development Agreements
The Workforce Development Agreements (WDAs) are bilateral agreements between the Government of Canada (GoC) and the provinces and territories commencing in 2017-18. The purpose of these agreements is to support the federal government’s objective to ensure that unemployed and underemployed Canadians have access to the training and assistance that they need to develop their skills and pursue opportunities for a better future. The PIA reviewed ESDC’s collection, use, retention and disposal of personal information, such as Social Insurance Numbers, for the administration of the WDAs.
Youth Employment Strategy
The Youth Employment Strategy (YES) is the Government of Canada’s commitment to help young people aged 15 to 30, particularly those facing barriers to employment, get the information and gain the skills, work experience and abilities they need to make a successful transition into the labour market. It is a horizontal initiative involving over ten federal departments and agencies and is comprised of three program streams offered by Service Canada. The PIA focussed on ESDC’s collection, use, retention and disposal of personal information for the administration of YES.
Annex C: Statistical Reports
Statistical Report on the Access to Information Act
Name of institution: Employment and Social Development Canada
Reporting period: 2017-04-01 to 2018-03-31
Part 1: Requests Under the Access to Information Act
| Details | Number of Requests |
|---|---|
| Received during reporting period | 1,942 |
| Outstanding from previous reporting period | 371 |
| Total | 2,313 |
| Closed during reporting period | 1,899 |
| Carried over to next reporting period | 414 |
| Source | Number of Requests |
|---|---|
| Media | 649 |
| Academia | 39 |
| Business (private sector) | 357 |
| Organization | 124 |
| Public | 611 |
| Decline to Identify | 162 |
| Total | 1,942 |
| Completion Time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
| 81 | 84 | 232 | 220 | 185 | 45 | 0 | 847 |
Part 2: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 34 | 274 | 148 | 54 | 8 | 3 | 0 | 521 |
| Disclosed in part | 18 | 264 | 159 | 167 | 97 | 51 | 13 | 769 |
| All exempted | 0 | 3 | 4 | 1 | 1 | 0 | 0 | 9 |
| All excluded | 0 | 0 | 0 | 12 | 1 | 0 | 0 | 13 |
| No records exist | 26 | 106 | 43 | 7 | 0 | 1 | 0 | 183 |
| Request Transferred | 58 | 2 | 1 | 0 | 0 | 0 | 0 | 61 |
| Request abandoned | 266 | 29 | 16 | 4 | 8 | 11 | 8 | 342 |
| Neither confirmed nor denied | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| Total | 403 | 678 | 371 | 245 | 115 | 66 | 21 | 1,899 |
| Section | Number of requests |
|---|---|
| 13(1)(a) | 3 |
| 13(1)(b) | 0 |
| 13(1)(c) | 10 |
| 13(1)(d) | 0 |
| 13(1)(e) | 0 |
| 14 | 75 |
| 14(a) | 3 |
| 14(b) | 2 |
| 15(1) | 13 |
| 15(1) - International affairs | 13 |
| 15(1) - Defence of Canada | 13 |
| 15(1) - Subversive activities | 0 |
| 16(1)(a)(i) | 0 |
| 16(1)(a)(ii) | 0 |
| 16(1)(a)(iii) | 0 |
| 16(1)(b) | 2 |
| 16(1)(c) | 31 |
| 16(1)(d) | 1 |
| 16(2) | 114 |
| 16(2)(a) | 0 |
| 16(2)(b) | 0 |
| 16(2)(c) | 1 |
| 16(3) | 0 |
| 16.1(1)(a) | 0 |
| 16.1(1)(b) | 0 |
| 16.1(1)(c) | 0 |
| 16.1(1)(d) | 0 |
| 16.2(1) | 0 |
| 16.3 | 0 |
| 16.4(1)(a) | 0 |
| 16.4(1)(b) | 0 |
| 16.5 | 0 |
| 17 | 6 |
| 18(a) | 0 |
| 18(b) | 3 |
| 18(c) | 0 |
| 18(d) | 9 |
| 18.1(1)(a) | 2 |
| 18.1(1)(b) | 2 |
| 18.1(1)(c) | 2 |
| 18.1(1)(d) | 2 |
| 19(1) | 385 |
| 20(1)(a) | 2 |
| 20(1)(b) | 74 |
| 20(1)(b.1) | 0 |
| 20(1)(c) | 71 |
| 20(1)(d) | 5 |
| 20.1 | 0 |
| 20.2 | 0 |
| 20.4 | 0 |
| 21(1)(a) | 161 |
| 21(1)(b) | 182 |
| 21(1)(c) | 13 |
| 21(1)(d) | 6 |
| 22 | 12 |
| 22.1(1) | 12 |
| 23 | 44 |
| 24(1) | 149 |
| 26 | 4 |
| Section | Number of requests |
|---|---|
| 68(a) | 1 |
| 68(b) | 0 |
| 68(c) | 0 |
| 68.1 | 0 |
| 68.2(a) | 0 |
| 68.2(b) | 0 |
| 69(1) | 0 |
| 69(1)(a) | 3 |
| 69(1)(b) | 0 |
| 69(1)(c) | 1 |
| 69(1)(d) | 2 |
| 69(1)(e) | 28 |
| 69(1)(f) | 1 |
| 69(1)(g) re (a) | 55 |
| 69(1)(g) re (b) | 0 |
| 69(1)(g) re (c) | 23 |
| 69(1)(g) re (d) | 9 |
| 69(1)(g) re (e) | 6 |
| 69(1)(g) re (f) | 9 |
| 69.1(1) | 0 |
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 469 | 51 | 1 |
| Disclosed in part | 615 | 153 | 1 |
| Total | 1,084 | 204 | 2 |
2.5 Complexity
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 820,766 | 820,351 | 521 |
| Disclosed in part | 142,292 | 118,473 | 769 |
| All exempted | 46 | 0 | 9 |
| All excluded | 171 | 0 | 13 |
| Request abandoned | 7,717 | 4,845 | 342 |
| Neither confirmed nor denied | 0 | 0 | 1 |
| Total | 970,992 | 943,669 | 1,655 |
| Disposition | Less than 100 pages processed |
101-500 pages processed |
501-1000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 489 | 5,650 | 19 | 3,969 | 2 | 1,260 | 10 | 34,741 | 1 | 774,731 |
| Disclosed in part | 566 | 15,425 | 165 | 32,521 | 26 | 15,423 | 11 | 9,918 | 1 | 45,186 |
| All exempted | 9 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 13 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 329 | 110 | 8 | 838 | 3 | 1,823 | 2 | 2,074 | 0 | 0 |
| Neither confirmed nor denied | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1,407 | 21,185 | 192 | 37,328 | 31 | 18,506 | 23 | 46,733 | 2 | 819,917 |
| Disposition | Consultation required | Assessment of fees | Legal advice sought | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 64 | 0 | 0 | 0 | 64 |
| Disclosed in part | 256 | 1 | 0 | 0 | 257 |
| All exempted | 3 | 0 | 0 | 0 | 3 |
| All excluded | 11 | 0 | 0 | 0 | 11 |
| Request abandoned | 17 | 0 | 0 | 0 | 17 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 351 | 1 | 0 | 0 | 352 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
- Number of requests closed past the statutory deadline = 332
- Principal reason
- Workload = 138
- External consultation = 52
- Internal consultation = 26
- Other = 116
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 57 | 19 | 76 |
| 16 to 30 days | 29 | 28 | 57 |
| 31 to 60 days | 28 | 32 | 60 |
| 61 to 120 days | 42 | 26 | 68 |
| 121 to 180 days | 16 | 15 | 31 |
| 181 to 365 days | 11 | 17 | 28 |
| More than 365 days | 4 | 8 | 12 |
| Total | 187 | 145 | 332 |
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Part 3: Extensions
| Disposition of requests where an extension was taken | 9(1)(a) Interference with operations |
9(1)(b) Consultation |
9(1)(c) Third-party notice |
|
|---|---|---|---|---|
| Section 69 | Other | |||
| All disclosed | 4 | 0 | 66 | 1 |
| Disclosed in part | 49 | 28 | 238 | 16 |
| All exempted | 0 | 0 | 1 | 1 |
| All excluded | 0 | 9 | 4 | 0 |
| No records exist | 2 | 0 | 4 | 0 |
| Request abandoned | 12 | 1 | 18 | 2 |
| Total | 67 | 38 | 331 | 20 |
| Length of extensions | 9(1)(a) Interference with operations |
9(1)(b) Consultation |
9(1)(c) Third-party notice |
|
|---|---|---|---|---|
| Section 69 | Other | |||
| 30 days or less | 38 | 0 | 79 | 1 |
| 31 to 60 days | 13 | 29 | 67 | 9 |
| 61 to 120 days | 7 | 9 | 184 | 8 |
| 121 to 180 days | 7 | 0 | 1 | 2 |
| 181 to 365 days | 2 | 0 | 0 | 0 |
| 365 days or more | 0 | 0 | 0 | 0 |
| Total | 67 | 38 | 331 | 20 |
Part 4: Fees
| Fee type | Fee collected | Fee waived or refunded | ||
|---|---|---|---|---|
| Number of requests |
Amount | Number of requests |
Amount | |
| Application | 1,422 | $7,110 | 477 | $2,385 |
| Search | 1 | $70 | 0 | $0 |
| Production | 0 | $0 | 0 | $0 |
| Programming | 0 | $0 | 0 | $0 |
| Preparation | 0 | $0 | 0 | $0 |
| Alternative format | 0 | $0 | 0 | $0 |
| Reproduction | 0 | $0 | 0 | $0 |
| Total | 14,23 | $7,180 | 477 | $2,385 |
Part 5: Consultations received from other institutions and organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 197 | 7,253 | 23 | 655 |
| Outstanding from the previous reporting period | 16 | 3,659 | 0 | 0 |
| Total | 213 | 10,912 | 23 | 655 |
| Closed during the reporting period | 189 | 10,357 | 21 | 632 |
| Pending at the end of the reporting period | 24 | 555 | 2 | 23 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 days | Total | |
| All disclosed | 20 | 69 | 34 | 7 | 0 | 0 | 0 | 130 |
| Disclose in part | 1 | 12 | 16 | 9 | 1 | 2 | 0 | 41 |
| All exempted | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 3 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
| Other | 6 | 3 | 3 | 2 | 0 | 0 | 0 | 14 |
| Total | 29 | 85 | 54 | 18 | 1 | 2 | 0 | 189 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 days | Total | |
| All disclosed | 3 | 5 | 7 | 0 | 0 | 0 | 0 | 15 |
| Disclosed in part | 0 | 1 | 3 | 0 | 0 | 0 | 0 | 4 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 1 | 0 | 0 | 1 | 0 | 0 | 0 | 2 |
| Total | 4 | 6 | 10 | 1 | 0 | 0 | 0 | 21 |
Part 6: Completion time of consultations on cabinet confidences
| Number of days | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | |
| 1 to 15 | 2 | 26 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 25 | 294 | 1 | 40 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 49 | 906 | 1 | 45 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 17 | 299 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 93 | 1,525 | 2 | 85 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of days | Less than 100 pages processed | 101‒500 pages processed | 501-1000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | Number of requests |
Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7: Complaints and investigations
- Section 32 = 40
- Section 35 = 58
- Section 37 = 27
- Total = 125
Part 8: Court action
- Section 41 = 0
- Section 42 = 0
- Section 44 = 0
- Total = 0
Part 9: Resources related to the Access to Information Act
| Expenditures | Person years dedicated to access to information activities |
|---|---|
| Salaries | $1,261,464 |
| Overtime | $858 |
| Goods and Services | $160,348 |
| Professional services contracts | $143,931 |
| Other | $16,417 |
| Total | $1,422,670 |
| Resources | Person years dedicated to access to information activities |
|---|---|
| Full-time employees | 14.74 |
| Part-time and casual employees | 0.06 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 1.20 |
| Students | 0.80 |
| Total | 16.80 |
Statistical Report on the Privacy Act
Name of institution: Employment and Social Development Canada
Reporting period: 2017-04-01 to 2018-03-31
Part 1: Requests under the Privacy Act
| Details | Number of requests |
|---|---|
| Received during reporting period | 8,852 |
| Outstanding from previous reporting period | 437 |
| Total | 9,289 |
| Closed during reporting period | 8,817 |
| Carried over to next reporting period | 472 |
Part 2: Requests closed during the reporting period
2.1 Disposition and completion time
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 295 | 500 | 13 | 5 | 0 | 1 | 3 | 817 |
| Disclosed in part | 2,332 | 4,287 | 152 | 19 | 7 | 5 | 0 | 6,802 |
| All exempted | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 3 |
| All excluded | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| No records exist | 924 | 104 | 4 | 1 | 0 | 0 | 0 | 1,033 |
| Request abandoned | 109 | 41 | 9 | 1 | 0 | 1 | 0 | 161 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 3,662 | 4,933 | 179 | 26 | 7 | 7 | 3 | 8,817 |
2.2 Exemptions
| Section | Number of requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 1 |
| 19(1)(d) | 0 |
| 19(1)(e) | 1 |
| 19(1)(f) | 1 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 1 |
| 22(1)(a)(ii) | 2 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 28 |
| 22(1)(c) | 65 |
| 22(2) | 0 |
| 22.1 | 5 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 6 |
| 26 | 5,898 |
| 27 | 81 |
| 28 | 0 |
2.3 Exclusions
| Section | Number of requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
2.4 Format of information released
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 717 | 92 | 8 |
| Disclosed in part | 5,868 | 908 | 26 |
| Total | 6,585 | 1,000 | 34 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 19,899 | 13,141 | 817 |
| Disclosed in part | 777,178 | 757,078 | 6,802 |
| All exempted | 50 | 0 | 3 |
| All excluded | 0 | 0 | 1 |
| Request abandoned | 1,309 | 1037 | 161 |
| Neither confirmed nor denied | 0 | 0 | 0 |
| Total | 798,436 | 771,256 | 7,784 |
2.5.2 Relevant pages processed and disclosed by size of requests
| Disposition | Less than 100 pages processed | 101 to 500 pages processed | 501 to 1000 pages processed | 1001 to 5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages Disclosed | Number of requests | Pages disclosed | |
| All disclosed | 769 | 9,289 | 47 | 3,844 | 0 | 0 | 1 | 8 | 0 | 0 |
| Disclosed in part | 4,374 | 187,209 | 2212 | 400,657 | 157 | 96,979 | 58 | 72,223 | 1 | 10 |
| All exempted | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | |
| All excluded | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 158 | 192 | 2 | 133 | 1 | 712 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 5,305 | 196,690 | 2,261 | 404,634 | 158 | 97,691 | 59 | 72,231 | 1 | 10 |
2.5.3 Other complexities
| Disposition | Consultation required | Legal advice sought | Interwoven information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 1 | 0 | 9 | 86 | 96 |
| Disclosed in part | 28 | 2 | 216 | 286 | 532 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 1 | 0 | 1 | 0 | 2 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 30 | 2 | 226 | 372 | 630 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
| Number of requests closed past the statutory deadline | Principal reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 89 | 62 | 4 | 2 | 21 |
2.6.2 Number of days past deadline
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 39 | 2 | 41 |
| 16 to 30 days | 9 | 1 | 10 |
| 31 to 60 days | 10 | 3 | 13 |
| 61 to 120 days | 11 | 4 | 15 |
| 121 to 180 days | 2 | 3 | 5 |
| 181 to 365 days | 2 | 0 | 2 |
| More than 365 days | 3 | 0 | 3 |
| Total | 76 | 13 | 89 |
2.7 Requests for translation
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 4 | 0 | 4 |
| Total | 4 | 0 | 4 |
Part 3: Disclosures under Subsection 8(2) and 8(5)*
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
| 0 | 0 | 0 | 0 |
* Disclosures that would otherwise be made under these sections of the Privacy Act are carried out under the authorities provided in Part 4 of the Department of Employment and Social Insurance Act. Further details on this can be found in the report under Section 9: Public Interest Disclosures.
Part 4: Requests for correction of personal information and notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 5 |
| Requests for correction accepted | 3 |
| Total | 8 |
Part 5: Extensions
5.1 Reasons for extensions and dispositions of requests
| Disposition of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation or conversion | |
|---|---|---|---|---|
| Section 70 | Other | |||
| All disclosed | 2 | 0 | 1 | 0 |
| Disclosed in part | 66 | 0 | 5 | 5 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 1 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 1 | 0 |
| Total | 69 | 0 | 7 | 0 |
5.2 Length of extensions
| Length of extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes | |
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 1 | 0 | 0 | 0 |
| 16 to 30 days | 68 | 0 | 7 | 0 |
| Total | 69 | 0 | 7 | 0 |
Part 6: Consultations received from other institutions and organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 32 | 5,169 | 3 | 186 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 32 | 5,169 | 3 | 186 |
| Closed during the reporting period | 31 | 5,143 | 3 | 186 |
| Pending at the end of the reporting period | 1 | 26 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 15 | 4 | 1 | 1 | 0 | 0 | 0 | 21 |
| Disclosed in part | 1 | 7 | 1 | 1 | 0 | 0 | 0 | 10 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 16 | 11 | 2 | 2 | 0 | 0 | 0 | 31 |
6.3 Recommendations and completion time for consultations received from other organizations
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 2 |
| Disclosed in part | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 2 | 1 | 0 | 0 | 0 | 0 | 3 |
Part 7: Completion time of consultations on cabinet confidences
7.1 Requests with legal services
| Number of days | Fewer than 100 pages processed | 101 to 500 pages processed | 501 to 1000 pages processed | 1001 to 5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
| Number of days | Fewer than 100 pages processed | 101 to 500 pages processed | 501 to 1000 pages processed | 1001 to 5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8: Complaints and investigations notices received
| Section | Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|---|
| Number | 29 | 34 | 43 | 0 | 106 |
Part 9: Privacy Impact Assessments (PIAs)
- Number of PIA(s) completed = 11
Part 10: Resources related to the Privacy Act
| Expenditures | Amount |
|---|---|
| Salaries | $5,146,216 |
| Overtime | $29,339 |
| Goods and Service | $159,612 |
| Professional services contracts | $37,451 |
| Other | $122,161 |
| Total | $5,335,167 |
10.2 Human resources
| Resources | Person years dedicated to privacy activities |
|---|---|
| Full-time employees | 31.25 |
| Part-time and casual employees | 0.00 |
| Regional staff | 42.60 |
| Consultants and agency personnel | 0.00 |
| Students | 0.39 |
| Total | 74.24 |
Page details
- Date modified: