Annual Report on the administration of the Access to Information Act and the Privacy Act for the 2018 to 2019

From: Employment and Social Development Canada

On this page

Alternate formats

  • Request other formats online or call 1-800-O-Canada (1-800-622-6232). If you use a teletypewriter (TTY), call 1-800-926-9105. Large print, braille, audio cassette, audio CD, e-text diskette, e-text CD and DAISY are available on demand.

Executive summary

The mission of Employment and Social Development Canada (ESDC) including the Labour Program and Service Canada, is to build a stronger and more inclusive Canada to support Canadians to live productive and rewarding lives and to improve Canadians’ quality of life. Many of the federal government’s largest and most well known programs and services are provided by the Department in fulfillment of its broad mandate.

As a result, ESDC is a major user of personal information and other data in order to deliver key programs and services to Canadians as well as to deliver programs and services on behalf of other federal institutions. Moreover, ESDC operates within one of the most complex privacy regimes in government, within which it carries out the vast scale and scope of the Department’s collection, use, retention and disclosure activities. The protection of Canadians’ privacy rights and the safeguarding of personal information is a key priority for the Department.

As a federal institution, ESDC is subject to the Access to Information Act and the Privacy Act. Both Acts require the Department to submit an annual report to Parliament on their administration at the conclusion of every fiscal year. This consolidated report describes ESDC’s major strategic and operational highlights for both access to information and privacy during the reporting period.

Modernization and transformation were dominant themes again during the 2018 to 2019 fiscal year. The fiscal year was characterized by legislative and policy reform processes for both access to information and privacy. Change is underway in ESDC as well — the Department launched its Service Transformation Plan with the goal of leaping forward in the way programs and services are delivered in order to meet the needs of Canadians.

To complement this work, the Department moved to strengthen the management of privacy in ESDC by:

  • supporting Privacy Act reform activities and undertaking extensive consultations within the Department to identify opportunities to improve programs and services for Canadians; and
  • completed a review of ESDC’s privacy governance architecture to ensure that the Department is ready to respond proactively to advances in technology, the use of data, and the evolving nature of the risks to personal information.

The Department of Employment and Social Development Act was amended to broaden the Department’s mandate to include service delivery to the public with a view to improving services to Canadians. These changes provide ESDC with the authority to deliver services to the public for partners, including other federal institutions and jurisdictions, which also incorporated additional rules on the management of personal information.

With respect to access to information, activities focussed on departmental readiness to implement new proactive disclosure provisions stemming from Bill C-58 – An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts – and the evolving complexity of day-to-day access to information requests and processing functions. Initiatives to advance access to information included:

  • engaging the Department to raise awareness about Bill C-58 to ensure that ESDC is prepared to comply;
  • creating an adaptable organizational structure that can adjust to future administrative, operational and legislative needs; and
  • modernizing and standardizing access to information procedures across the Department towards improving analysis, reporting and proactive practices for searches and processing.

ESDC continues to experience some of the largest volumes of access to information and privacy requests among federal institutions.

The Department’s initiatives to modernize and strengthen its business processes resulted in an 87% compliance rate for Access to Information Act requests, representing an improvement of 4 percentage points (83%) from the 2017 to 2018 fiscal year.

In the Treasury Board Secretariat’s 2017 to 2018 ranking of Government of Canada institutions, the Department ranked 7th with respect to the number of access to information requests received. During this fiscal year, ESDC received 1,409 requests under the Access to Information Act, a 27% decrease from the previous fiscal year when the Department received 1,942 requests. This decrease can be explained in part by new business processes, which convert, with the consent of the client, erroneously submitted Access to Information Act requests into more accurate Privacy Act access requests.

As for the Privacy Act, access requests, the Department ranked 3rd in the Treasury Board Secretariat’s 2017 to 2018 ranking of Government of Canada institutions. During the 2018 to 2019 fiscal year, ESDC received 12,678 requests under the Privacy Act, a 43% increase from the previous fiscal year, when the Department received 8,852 requests. As previously noted, this increase is largely attributable to the Department’s efforts to convert Access to Information Act requests into more accurate Privacy Act access requests in addition to its efforts of changing informal requests into formal requests. This year again, the Department achieved a 99% compliance rate.

ESDC anticipates that targeted Privacy Act and Access to Information Act requests will increase in future years, in part due to proactive disclosure requirements for access to information of Bill C-58, as proactively publishing material facilitates public engagement and participation, which in turn could lead to more requests.

As in previous years, ensuring that ESDC’s access to information and privacy request processes are efficient and effective will be important in order to continue to respond to requests in a timely manner.

As this report demonstrates, ESDC is fully committed to making government more transparent and open by seeking an enhanced understanding of ESDC’s Access to Information and Privacy operations of Canadians.

1. Introduction

Presentation of the Report

Section 72 in both the Access to Information Act and the Privacy Act requires the head of a federal institution to submit an annual report to Parliament on the administration of each Act following the end of every fiscal year. Employment and Social Development Canada (ESDC) is pleased to present its consolidated annual report on the administration of the Access to Information Act and the Privacy Act for the 2018 to 2019 fiscal year to Parliament.

For the second year, the Department has developed a single report for its Access to Information Act and Privacy Act activities, which would otherwise be reflected in separate submissions. The consolidated format of this report provides a more comprehensive representation of the activities and accomplishments of ESDC.

About Employment and Social Development Canada

ESDC, which includes the Labour Program, and Service Canada, provides many federal programs and services. Because of the broad scope of its mandate, it is amongst the largest and most decentralized federal institutions, with 25,245 employees across the country. Each day, ESDC interacts with thousands of Canadians by delivering services and programs that play important roles in their lives. Canadians expect high-quality, easy-to-access, and secure services that are responsive to their needs, whether they are interacting online, through call centres, or in person.

ESDC’s programs and services affect Canadians throughout the course of their lives. For example, the Department assists parents who are raising young children, helps students finance their post-secondary education, and provides income support to unemployed and pension income to seniors. ESDC delivers many of the Government of Canada’s flagship programs, such as the Canada Student Loans Program, Employment Insurance, Old Age Security, and the Canada Pension Plan. Overall, the Department is responsible for delivering over $120 billion in benefits directly to individuals and organizations, which represent almost 5.5% of Canada’s Gross Domestic Product.

The Labour Program contributes to social and economic well-being by fostering safe, healthy, fair and inclusive work environments, and cooperative workplace relations in workplaces falling under federal jurisdiction. The Labour Program also supplies labour relations mediation services, enforces minimum working conditions, promotes decent work and fosters respect for international labour standards.

The Department’s service delivery arm, Service Canada, provides Canadians with a single point of access to ESDC programs and benefits, as well as to other Government of Canada programs and services. It operates a network of 590 in-person points of service across the country comprising of 318 Service Canada Centres, 247 scheduled outreach sites and 31 stand-alone Passport offices. In addition to in-person services, Service Canada also serves the needs of Canadians online at Canada.ca, through the My Service Canada Account, and by telephone through “1-800 O-Canada” and its network of call centres.

About the Access to Information Act and the Privacy Act

The Access to Information Act provides Canadian citizens, permanent residents, and any individual or corporation present in Canada a right to access records of government institutions that are subject to the ActFootnote 1. This right is subject to limited and specific exemptions and exclusions, and in accordance with the principle that government information should be available to the public.

The Privacy Act protects the privacy of Canadian citizens, permanent residents and individuals present in Canada with respect to personal information about themselves held by a government institution that is subject to the Act, and provides them with a right of access to that informationFootnote 2. The Privacy Act sets out provisions for the collection, use, retention and disclosure of personal information by government institutions.

Personal information provisions in the Department of Employment and Social Development Act

In addition to the Privacy Act, the management of personal information by ESDC is governed by further statutory obligations set out in the Department’s enabling Act. The Department of Employment and Social Development Act sets out the rules that apply to personal information that is controlled by ESDC through its programs. These provisions set out the conditions for:

  • disclosing personal information;
  • making available information contained in the Social Insurance Register;
  • using personal information for internal policy analysis, research and evaluation purposes; and
  • disclosing personal information for research or statistical analysis.

The Department of Employment and Social Development Act also provides an offence provision for the inappropriate use and disclosure of personal information under the control of ESDC.

When the Department delivers services to the public on behalf of other federal institutions and jurisdictions, or when delivering select services for the Government of Canada, the partner’s privacy regime (normally the Privacy Act for federal partners) applies and not the personal information provisions contained in the Department of Employment and Social Development Act.

2. Organizational structure

Corporate Secretary and Chief Privacy Officer

The Corporate Secretariat is the Employment and Social Development Canada (ESDC) branch responsible for the management of access to information and privacy operations, the development of privacy policy, and the provision of privacy advice and guidance in ESDC. The Corporate Secretariat’s Access to Information and Privacy functions are organized into 2 divisions: the Access to Information and Privacy Operations Division and the Privacy Management Division.

The Branch is headed by the Corporate Secretary, who reports to the Associate Deputy Minister, and is also the Department’s Chief Privacy Officer. The Chief Privacy Officer is the Department’s functional authority on all privacy matters, which includes the provision of authoritative advice and functional direction to all ESDC branches and regions. The establishment of comprehensive privacy management policies, frameworks, programs, privacy review processes, and risk-assessment approaches concerning the management of personal information is also the responsibility of the Chief Privacy Officer. The Directors of the Privacy Management Division and the Access to Information and Privacy Operations Division report to the Corporate Secretary and provide support in the administration of the Privacy Act and the Access to Information Act within ESDC.

Figure 1: Organization of the Access to Information and Privacy functions in ESDC
description follows
Text description of Figure 1

This organizational chart displays a hierarchy beginning with the Corporate Secretary and Chief Privacy Officer of ESDC at the top. Directly below the Corporate Secretary and Chief Privacy Officer are two levels: The Privacy Management Division and the Access to Information and Privacy Operations Division.

Directly below the Privacy Management Division are two units: The Policy and Risk Management and the Privacy Compliance and Advisory Services. Below these are two different units.

Directly below the Access to Information and Privacy Operations Division are also three units: the Operations Unit, the Incident Management and Legislative Disclosures Unit and the Strategic Issues Management Team. From this level, a dotted line leads to the bottom to the Regional Access to Information and Privacy Managers.

Access to Information and Privacy Operations Division

The Access to Information and Privacy Operations Division (ATIP Ops) carries out the Department’s legislated requirements under the Access to Information Act and the Privacy Act. It leads and advises on the processing of all ESDC requests under the Access to Information Act, performs line-by-line reviews of records requested under the Access to Information Act and the Privacy Act, and delivers training and awareness sessions to departmental employees on the administration of the Acts. The Director of ATIP Ops is ESDC’s designated ATIP Coordinator. Approximately 19 ATIP Ops employees were dedicated to processing access to information requests during the 2018 to 2019 fiscal year.

The day-to-day administration of the Access to Information Act is a collaborative endeavor between ATIP Ops and the Department’s network of Branches and regional Liaison Officers who support this work by undertaking searches, collecting records and making recommendations. The Liaison Officers play an intermediary role between ATIP analysts and subject matter experts located across ESDC. The regions also play an important role by processing the majority of privacy requests received at ESDC. Finally, the Division also provides departmental leadership on implementation of C-58 – An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts, which received Royal Assent on June 21, 2019.

In addition to processing requests under the Access to Information Act, ATIP Ops also contributed to other departmental-wide activities for which ATIP Ops advice and expertise was sought. For instance, ATIP Ops staff frequently reviews departmental material for proactive disclosure (for example, contracts, position reclassification, travel and hospitality expenses), informal requests (for example, audits and administrative investigations) and Open Government publications (for example, datasets) to identify sensitivities such as personal information and cabinet confidences. While these activities are not accounted for within this report’s statistical information, such activities are an important and growing part of strengthening transparency and accountability.

Privacy Management Division

The Privacy Management Division (PMD) is the departmental focal point for the management of ESDC’s privacy program. PMD supports the horizontal coordination and implementation of departmental privacy policies and initiatives. It also manages the Department’s privacy risk management functions; including, the privacy impact assessment process, provides guidance for the development of information sharing agreements involving personal information and delivers privacy compliance advice for the administration of ESDC’s programs and services. PMD is responsible for responding to legal instruments, public interest disclosures and privacy complaints not related to the processing of Privacy Act access requests, as well as overseeing the departmental response for security incidents involving personal information. In addition, PMD provides strategic and analytical privacy advice to ESDC’s senior leaders. The Department’s privacy awareness campaigns and personal information management training is also led by the Division. As of March 31, 2019, PMD had a complement of 28 full-time employees.

3. The Privacy Management Framework and privacy governance in ESDC

Privacy Management Framework

Given the importance of safeguarding personal information, the Department implements a risk-based and proactive approach to privacy management that promotes the integration of privacy into program design and project planning. This approach emphasizes the importance of building privacy directly into the architecture of programs, systems, technologies and business processes. Employment and Social Development Canada’s (ESDC) Privacy Management Framework consists of five key elements, as described in Figure 2.

Figure 2: Element definitions of ESDC’s Privacy Management framework

Governance and accountability: Roles and responsibilities for privacy management are clearly defined to meet legal requirements, regulations, policies, standards and public expectations.

Stewardship of personal information: Appropriate privacy protections are implemented to manage personal information through its life cycle.

Assurance of compliance: Formal processes and practices are established to ensure adherence to privacy specifications, policies, standards and laws.

Effective risk management: Structured and coordinated risk assessments are conducted to limit the probability and impact of negative events and maximize opportunities through risk identification, assessment and prioritization.

Culture, training and awareness: The protection of personal information is a core organizational value and is fundamental to maintaining the public’s trust. Formal privacy training and awareness activities promote a privacy-aware organization that values the protection and stewardship of personal information.

Departmental policy on privacy management

The Departmental Policy on Privacy Management sustains a robust privacy regime for the protection and judicious use of personal information within ESDC. The policy defines the roles and responsibilities for privacy, further stating that all employees are responsible for safeguarding and protecting personal information under their custody and control. The Departmental Policy on Privacy Management also specifies functional privacy or personal information management responsibilities and accountabilities for senior management, including the Chief Privacy Officer, the Departmental Security Officer, and the Departmental IT Security Coordinator.

The expected results from the application of the Departmental Policy on Privacy Management include the sound management and safeguarding of personal information within the Department, robust practices for the identification, assessment and management of risks to personal information, and the establishment of clear accountabilities, governance structures and mechanisms to protect and manage personal information in ESDC.

Privacy governance at ESDC

ESDC uses a committee structure to support privacy governance, risk oversight, and decision-making. The Department’s primary governance committee for privacy and the safeguarding of personal information is the director general-level Data and Privacy Committee. Co-chaired by the Chief Privacy Officer and the Chief Data Officer, the Data and Privacy Committee has the mandate to oversee the stewardship and management of data and the protection of personal information across the Department. The Committee supports the integration of data management, privacy and IT security; provides oversight of ESDC’s risk management processes with respect to personal information; and promotes a culture that recognizes that the protection of privacy is a core organizational value and is fundamental to maintaining the public’s trust.

The Data and Privacy Committee reports to the Assistant Deputy Minister-level Corporate Management Committee, which is responsible for overseeing the Department’s management agenda, including the operationalization of the ESDC’s security measures. Chaired by the Associate Deputy Minister, the Corporate Management Committee is composed of Branch and Regional heads as well as the Department’s senior leaders of key functional activities.

4. Delegations

Section 73 of both the Access to Information Act and the Privacy Act empower the head of an institution to delegate any of the powers, duties or functions assigned to him or her by these Acts to employees of that institution. Delegation Orders set out the powers, duties and functions for the administration for each Act that has been delegated by the head of the institution and to whom that delegation has been assigned.

The Minister of Employment and Social Development is the Minister responsible for the purposes of the Access to Information Act, the Privacy Act, and the Department’s enabling legislation — the Department of Employment and Social Development Act. The approved Delegation Orders are reproduced in Annex A.

5. Initiatives and procedures

Access to Information activities and initiatives

During the 2018 to 2019 fiscal year, the Access to Information and Privacy Operations (ATIP Ops) underwent a review of its operations to determine whether there were performance gaps and opportunities for improvement. As a result of the review, a reorganization to meet both evolving internal and external changes was implemented.

As part of the reorganization, a new intake unit to act as Employment and Social Development Canada’s (ESDC) main entry point for all access to information and privacy requests was created. This new team oversees all incoming requests before they are assigned to an analyst. Additionally, the division invested in its training strategy and developmental process to facilitate recruitment and retention of its employees.

The reorganization consolidated and integrated many of the current aspects of review, collaboration, training and quality assurance into a new, team-based approach. These improvements have permitted ATIP Ops to considerably reduce its backlog, address complaints and improve responsiveness.

ESDC also advanced and collaborated on a number of initiatives over the reporting period. Two of these initiatives are described below.

Bill C-58 – An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts: Implementation readiness

Bill C-58 amendments proposed several changes to the daily administration of the Act (Part I), as well as additional legal obligations for the proactive publication of information or materials (Part II) related to the Senate, the House of Commons, parliamentary entities, ministers’ offices, government institutions and institutions that support superior courts. These changes were designed to facilitate public engagement and participation, which, in turn, will promote greater transparency and government accountability.

ATIP Ops created an intradepartmental working group in fall 2017 to ensure ESDC’s readiness to comply with the legislative amendments. During the 2018 to 2019 fiscal year, the working group continued to revisit and adjust departmental business processes; identified volumetrics and peak publishing periods; and shared best practices for compliance with these new requirements. The working group also developed an internal communications plan, re-designed templates, and launched a single-window resource portal that provides ESDC employees with information and tools to support the Department’s proactive publication activities. ATIP Ops continued to engage ESDC Branches and regions to raise awareness, and collaborated with government of Canada partners and provide strategic support to the Treasury Board Secretariat by sharing issues and best practices.

Feasibility study on the ATIP community development project

During the 2018 to 2019 fiscal year, ESDC collaborated with the Canada Revenue Agency, Immigration, Refugees and Citizenship Canada, Transport Canada and Treasury Board of Canada Secretariat, to develop a feasibility study related to the creation of a dedicated team to support ATIP groups across government, and the advancement of the discipline. The result of the Feasibility Study was presented to the Assistant Deputy Ministers’ Access to Information and Privacy Committee in fall 2018. As this work advances, ESDC will seek to support this important initiative, given the benefits of having a dedicated team to facilitate greater support for horizontal collaboration, recruitment and community building.

Privacy activities and initiatives

During the 2018 to 2019 fiscal year, ESDC continued to advance a proactive, risk-based approach to privacy management and to support the development of a culture of stewardship within the Department for the personal information under its control. ESDC undertook several strategic activities designed to support the Department’s service delivery transformation and innovation activities as well as to meet the challenges of the evolving privacy environment that is being driven by rapid technological change.

Privacy Act Modernization

ESDC has been working closely with officials from the Department of Justice on its Privacy Act modernization initiative. This law reform process presents a unique opportunity for ESDC to share issues and exchange ideas on potential solutions. As part of these activities during the 2018 to 2019 fiscal year, ESDC completed an internal consultation that specifically focused on the Act’s influence on the design and delivery of its programs and services. The findings and recommendations were subsequently shared with the Department of Justice. Of note, the exercise indicated that privacy awareness has grown within the Department in recent years and that a strong privacy ethos — of the need to meet the obligations to respect privacy and safeguarding personal information — is a core value for ESDC’s employees.

Department of Employment and Social Development Act amendments

On June 21, 2018, the Department of Employment and Social Development Act was amended to broaden the Department’s mandate to include service delivery to the public with a view to improving services to Canadians. These changes provide the Department with the authorities to support the Government in improving the way services are available and accessed by Canadians and include, among other provisions, the legislative authority to deliver services to the public for partners including other federal institutions and jurisdictions on a cost-recovery basis and deliver select services for the Government of Canada. The amendments provide that, in these service delivery relationships, the personal information provisions set out in Part 4 of the Department of Employment and Social Development Act do not apply to partners when the information is shared with them. The partner’s privacy regime (normally the Privacy Act for federal partners) will govern their use of the information. As a service delivery partner, ESDC is restricted in using personal information for administering the partner’s program, for research and statistical purposes and for disclosure in the public interest. As such, the information cannot be used or disclosed for administering ESDC’s own programs.

Privacy governance review

A privacy governance review was completed during the 2018 to 2019 fiscal year. ESDC launched the examination of its privacy governance architecture and mechanisms to ensure that the Department would be able to respond to the evolving nature of, and risks to, the use of personal information resulting from the advances in technology and the increased use of data. The Department also wanted to ensure that its privacy governance mechanisms were positioned to support its transformation and innovation initiatives.

The review confirmed a shift in focus from only a privacy and security perspective to one that would complement the management of personal information with the implementation of ESDC’s Data Strategy. It also resulted in the establishment of the Data and Privacy Committee to oversee the stewardship and management of data and the protection of personal information across the Department. In addition to changes to the committee structure, the review recommended the creation of a new framework for ESDC’s privacy approval processes and strengthened risk assessments and oversight.

With these changes, the Department intends to realize the goal of managing data to maximize its value to Canadians while ensuring that their personal information is protected. It is supporting an organizational culture where privacy rights are proactively respected when data is leveraged for service delivery, analysis and decision-making. This means:

  • promoting and sustaining an integrated approach to privacy, IT security and data management;
  • overseeing the development and implementation of risk control frameworks for the management of personal information that are modernized and coordinated; and
  • providing strategic advice that includes the early identification and analysis of privacy trends and emerging risks.

Privacy management service vision and roadmap

During the 2018 to 2019 fiscal year, ESDC introduced a new service vision for its privacy management function along with a multi-year roadmap for its implementation. Developed in response to the rapidly changing privacy environment and in support of the Department’s transformation and innovation initiatives, the vision articulates the creation of a privacy management regime that safeguards personal information and sustains robust privacy risk management processes while helping the Department achieve its mandate and objectives. Privacy management controls and risk management process will become more rigorous. At the same time, privacy analysis and advice will become more pragmatic and nuanced by taking into account the nature and scale of potential risks and threat and the level of organizational risk tolerance.

As part of the implementation of the Roadmap, the Privacy Management Division (PMD) has introduced a new suite of diagnostic and analytical tools to prepare privacy assessments that are tailored to the project or activity that is being supported. Additional initiatives are focused on supporting the Data Strategy such as developing privacy requirements for data matching, automated processes and artificial intelligence activities.

Organizational changes took place during the 2018 to 2019 fiscal year to create a single privacy policy centre within the Department, resulting in the integration of privacy analysis across functions. The Incident Management and Legislative Disclosures team, once part of ATIP Operations Division, is now operating within PMD. The privacy review of policy analysis, research and evaluation projects involving personal information, previously conducted by ESDC’s Evaluation Directorate, is also now being led by PMD. ESDC anticipates that these adjustments will result in better privacy advice and service to internal clients as well as strengthened privacy risk identification, assessment and monitoring through the consolidation of these functions within PMD.

Privacy Impact Assessments

In accordance with the Treasury Board’s Directive on Privacy Impact Assessments, ESDC is required to conduct a privacy impact assessment before establishing any new or substantially modified program or activity involving the administrative use of personal information. Among a privacy impact assessment’s purposes, the identification and assessment of risks to privacy and the articulation of a risk mitigation plan are the most important.

During the 2018 to 2019 fiscal year, ESDC completed five privacy impact assessments. Copies of these approved privacy impact assessment reports were provided to the Treasury Board Secretariat, and to the Office of the Privacy Commissioner. Summaries of these assessments can be found in Annex B. This information has been posted on the Privacy impact assessments. In addition, summaries of completed privacy impact assessments from the previous 2 fiscal years were posted on the ESDC website in winter 2018.

Provision of privacy advice and guidance

In addition to privacy impact assessments, the Privacy Management Division (PMD) provided privacy advice and undertook privacy compliance reviews for departmental programs and initiatives. The Division responded to 365 requests for privacy policy advice and compliance reviews on various products and material such as consent forms, privacy notice statements, contracts, statements of work, forms, and surveys and questionnaires. The Division also provided privacy policy advice for several Treasury Board submissions and Memoranda to Cabinet.

Information Sharing Agreements involving personal information

An information sharing agreement (ISA) is a written arrangement between parties that outlines the terms and conditions under which personal information is shared between them. Part 4 of the Department of Employment and Social Development Act sets out the provisions for the sharing of personal information under limited and specific circumstances. During the 2017 to 2018 fiscal year, the Privacy Management Division (PMD) provided advice and guidance to program areas on 66 ISAs.

Privacy breaches

During the 2018 to 2019 fiscal year, the Privacy Management Division (PMD) developed a Privacy Breach rating tool to enhance the consistency around the rating of material privacy breaches. This tool aligns with the Treasury Board definitions of breach and material breach and provides analysts with a more objective score with which to rate the impact of privacy breaches.

6. Performance reporting

The following section provides key statistics and information on Employment and Social Development Canada‘s (ESDC) accomplishments in the previous 3 fiscal years and how the Department contributed to the Government’s agenda in terms of Access to Information and Privacy. Figures 3 through 5 display a 4-year comparison to highlight performance trends as well as Access to Information Act and the Privacy Act integration. Detailed Statistical Reports for both Acts are found in Annex C.

Requests and consultations: Total volume

During the 2018 to 2019 fiscal year, ESDC experienced a sizeable increase (29.8%) in combined access to information, privacy and consultation requests, going from 11,049 requests in the 2017 to 2018 fiscal year to 14,347 in the 2018 to 2019 reporting period.

Figure 3: Access to Information Act (ATIA), Privacy Act Access Requests and consultations: Total volume received
description follows
Text description for Figure 3
Year Received
2015-2016 10,113
2016-2017 10,814
2017-2018 11,049
2018-2019 14,347

During the 2018 to 2019 fiscal year, although access to information requests decreased slightly, Privacy Act access requests increased and have done so since the 2015 to 2016 reporting period.

Figure 4: Summary of requests under the Access to Information Act
Activity 2015 to 2016 2016 to 2017 2017 to 2018 2018 to 2019
Formal requests received under the Access to Information Act 1,572 2,268 1,942 1,409
Requests completed during the reporting period 1,439 2,276 1,899 1,509Footnote 3
Number of pages processed 257,249 438,368* 970,992* 118,818
Number of requests completed within legislated timeframes (including extensions) 1,178 1,748 1,567 1,305
Number of requests completed beyond legislated timeframes 261 528 332 204
Proportion of requests that were responded to within legislated timeframes 82% 77% 83% 87%
Complaints to the Information Commissioner 42 23 40 35

* Table note: Includes exceptionally large requests containing a very high number of fully released pages

Figure 5: Summary of requests under the Privacy Act
Activity 2015 to 2016 2016 to 2017 2017 to 2018 2018 to 2019
Formal requests received under the Privacy Act 8,353 8,353 8,852 12,678
Requests completed during the reporting period 8,240 8,510 8,817 12,260
Number of requests completed within legislated timeframes (including extensions) 8,033 8,439 8,728 12,137
Number of requests completed beyond legislated timeframes 207 71 89 123
Proportion of requests that were responded to within legislated timeframes 98% 99% 99% 99%
Public interest disclosures 230 300 329 261
Material privacy breachesFootnote 4 18 141 128 74
Complaints to the Privacy Commissioner 12Footnote 5 22 29 9

The Privacy Commissioner is an Officer of Parliament who receives and independently investigates complaints from requesters who believe that government institutions have not respected their rights under the Act. The Commissioner reports findings and may make recommendations. As demonstrated in Figure 5, 9 complaints were made to the Privacy Commissioner during the 2018 to 2019 fiscal year, a decrease from last year when 29 complaints were made.

Total requests received and completed

To efficiently reduce backlog, ATIP Operations (ATIP Ops) designed a strategy that included the redistribution of dedicated resources to manage older voluminous files and complaints. This backlog strategy has allowed the Department to complete 100 files over the volume received during the 2018 to 2019 fiscal year (1,409 requests received and – please refer to figure 6).

Access to Information Act

During the 2018 to 2019 fiscal year, ESDC received 1,409 requests under the Access to Information Act, a 27% decrease from the previous fiscal year when the Department received 1,942 requests. This is the second time in recent years that ESDC has observed a decrease in the number of requests received. This decrease can be explained, in part, by new business processes, which convert, with the consent of the client, erroneously submitted Access to Information Act requests into more accurate Privacy Act access requests.

Figure 6: Requests received and completed, Access to Information Act
description follows
Text description for Figure 6
Year Received Completed
2015-2016 1,572 1,439
2016-2017 2,268 2,276
2017-2018 1,942 1,899
2018-2019 1,409 1,509

Privacy Act

Historically, ESDC would informally process various “simple” privacy requests in instances when requesters did not specify the Privacy Act as part of their requests. This practice was intended to reduce the administrative burden for both ESDC and the requestor. While the approach was effective, it unintentionally limited the requestor’s rights to complain to the Office of the Privacy Commissioner. To address this issue, ESDC initiated a new approach where informal requests are increasingly being treated as formal. Largely due to this new approach, ESDC received during the 2018 to 2019 fiscal year, 12,678 requests under the Privacy Act, a 43% increase from the previous fiscal year, when the Department received 8,852 requests.

Figure 7: Access requests received and completed, Privacy Act
description follows
Text description for Figure 7
Year Received Completed
2015-2016 8,353 8,240
2016-2017 8,353 8,510
2017-2018 8,852 8,817
2018-2019 12,678 12,260

Requests by calendar days taken to complete

Access to Information Act

During the 2018 to 2019 fiscal year, ESDC processed 57.4% (866) of all requests (1,509) completed under the Access to Information Act within the first 30 days of receipt, similar to last year when ESDC processed 56.9% (1,081) of all requests (1,899) under the Act within 30 days.

Figure 8: Access to Information Act requests by calendar days taken to complete
description follows
Text description of Figure 8
Year 30 Calendar Days 31-60 Calendar Days 61 or more Calendar  Days
2015 to 2016 787 (55%) 352 (24%) 300 (21%)
2016 to 2017 1,200 (53%) 516 (23%) 560 (24%)
2017 to 2018 1,081 (57%) 371 (19%) 447 (24%)
2018 to 2019 866 (57%) 232 (16%) 411 (27%)

Privacy Act

During the 2018 to 2019 fiscal year, ESDC processed 96% (11,832) of all requests (12,260) completed under the Privacy Act within the first 30 days of receipt, similar to last year when ESDC processed 97% (8,595) of all requests (8,817) under the Act within the first 30 days of receipt. It should be noted that the Department received 3,443 more requests than last fiscal year.

Figure 9: Privacy Act Access requests by calendar days taken to complete
description follows
Text description of Figure 9
Year 30 Calendar Days 31-60 Calendar Days 61 or more Calendar  Days
2015 to 2016 7,169 (87%) 999 (12%) 72 (1%)
2016 to 2017 8,234 (97%) 252 (3%) 24 (0%)
2017 to 2018 8,595 (97%) 179 (2%) 43 (1%)
2018 to 2019 11,832 (96%) 370 (3%) 58 (1%)

Timeframes

Access to Information Act

During the 2018 to 2019 fiscal year, the Department met legislated timelines for 1,305 requests under the Access to Information Act, the majority of which were completed within legislated timeframes with a compliance rate of 87%. This represents an increase of 4 percentage points compared to the Department’s 2017 to 2018 compliance rate (83%).

Institutions may apply for an extension beyond the original 30-day statutory timeframe in cases where meeting the statutory date is not feasible due to the volume of pages to be processed; where consultation is required that could not reasonably be conducted within the initial 30 days or; where notice is given to a third party. During the 2018 to 2019 fiscal year, ESDC requested 508 extensions.

ESDC was unable to meet legislated timelines for 204 requests during the fiscal year, an improvement from the previous year where 332 requests did not meet the legislative timelines.

Figure 10: Number of requests processed within and beyond legislated timeframes, Access to Information Act
description follows
Text description of Figure 10
Year Within Beyond
2015 to 2016 82% 18%
2016 to 2017 77% 23%
2017 to 2018 83% 17%
2018 to 2019 87% 13%

Privacy Act

During the 2018 to 2019 fiscal year, ESDC met legislated timelines for 12,137 requests, which represents a 99% compliance rate, which was similar to the previous fiscal year. ESDC was unable to meet legislated timelines for 123 requests during the fiscal year, which represents a non-compliance rate of 1%.

Institutions may apply for an extension beyond the original 30-day statutory timeframe in cases where meeting the statutory date is not feasible due to the volume of pages to be processed; where consultation is required that could not reasonably be conducted within the initial 30 days or; for translation purposes or to convert a record to another format. During the 2018 to 2019 fiscal year, ESDC requested 128 extensions. This represents an increase from last fiscal year, when ESDC requested 76 extensions.

Figure 11: Number of requests processed within and beyond legislated timeframes, Privacy Act
description follows
Text description of Figure 11
Year Within Beyond
2015 to 2016 98% 2%
2016 to 2017 99% 1%
2017 to 2018 99% 1%
2018 to 2019 99% 1%

Timeframe Monitoring

Access to Information Act

Except in certain circumstances, which allow for extensions, the Access to Information Act contains a statutory timeline of 30 calendar days (about 20 working days) to provide responses to requests. Given the legislated timeframes and ESDC’s commitment to respecting both the letter and spirit of the Access to Information Act, the Department established a process and defined responsibilities as outlined in figure 12.

ESDC’s Timeframe Monitoring – Goal-based Strategies to respect ESDC’s Process and commitments

Figure 12: Roles and Responsibilities and description

  • Retrieval of Relevant Records and Formulation of Recommendations: Once a request is received, it is tasked to the relevant Branches and/or regions, the Offices of Primary Interest (OPI). The OPIs have 8 working days to retrieve all responsive records and present them, along with any recommendations, to ATIP Ops.
  • Line-by-line Review of the Responsive Records: ATIP Ops has 8 working days to complete a thorough line-by-line review of the records and to invoke any applicable exemptions and/or exclusions.
  • Advance Release Notice: Key stakeholders receive a notification that the release package has been posted electronically on a secure internal web site at least 4 working days prior to the scheduled release date. This mechanism allows all implicated parties to provide final comments prior to release.

In support of timeframe monitoring, ATIP Operations provides a weekly report to senior management and ministerial level. Additionally, a quarterly report capturing key ATIP processing performance indicators is also shared with senior management; including, all Deputy Ministers, and the Assistant Deputy Ministers. These improvements position Branches and regions to be more proactive in the monitoring of tasked access to information requests.

Privacy Act

ESDC’s regional offices manage the majority of the privacy request workload and prepare weekly reports concerning new requests, workload and status for the tracking of on-time performance for privacy requests. Regional offices also produce performance reports on a monthly, quarterly and yearly basis.

Pages Processed and Disclosed

Access to Information Act

During the 2018 to 2019 fiscal year, the Department experienced an 87.8% year-over-year decreaseFootnote 6 in terms of total number of pages of documents processed and disclosed for requests under the Access to Information Act (please refer to Figure 13). This decrease can be explained, in part, by ESDC receiving during the 2017 to 2018 reporting period a single dataset request containing 774,731 pages.

Figure 13: Number of pages processed and number of pages disclosed, Access to Information Act
description follows
Text description of Figure 13
Year Processed Disclosed
2015 to 2016 257,249 216,929
2016 to 2017 438,368 410,089
2017 to 2018 970,992 943,669
2018 to 2019 118,818 94,115

Privacy Act

The total number of pages processed and disclosed for privacy requests increased during the 2018 to 2019 fiscal year. During this reporting period, 979,247 pages were processed for exemptions and exclusions, which represents an increase of 23% from the previous fiscal year when 796,436 pages were processed. A total of 934,672 pages were disclosed, which is an increase from the previous year when 771,256 pages were disclosed.

Figure 14: Number of pages processed and disclosed, Privacy Act
description follows
Text description of Figure 14
Year Processed Disclosed
2015 to 2016 789,762 740,582
2016 to 2017 818,954 769,173
2017 to 2018 798,436 771,256
2018 to 2019 979,247 934,672

Sources of requests under the Access to Information Act

During the 2018 to 2019 fiscal year, the most common source of requests under the Access to Information Act was from media (429), followed by the general public (350) and business/private sector (332). This trend continued from the previous fiscal year where media was the main source of requesters. Lists of briefing notes and briefing note documentation have been the most common type of departmental material requested.

Figure 15: Sources - Number of requests and percentage of total requests
Source 2015-2016 2016-2017 2017-2018 2018-2019
Media 257 (16%) 670 (30%) 649 (33%) 429 (30%)
Academia 19 (1%) 22 (1%) 39 (2%) 26 (2%)
Business/Private Sector 395 (25%) 438 (19%) 357 (18%) 332 (24%)
Organization 105 (7%) 113 (5%) 124 (6%) 140 (10%)
Public 492 (31%) 580 (26%) 611 (31%) 350 (25%)
Decline to Identify 304 (19%) 445 (20%) 162 (8%) 132 (9%)

Exemptions and Exclusions

ESDC is one of the largest holders of personal information in the Government of Canada, which affects the frequency in which exemptions and exclusions are applied under the Access to Information and Privacy Acts.

Access to Information Act

Exemptions

The Access to Information Act allows, and in some instances requires, that information relating to the internal decision-making processes of government, national security, law enforcement or trade secrets be exempted and not released.

The following table (Figure 16) outlines the most frequently invoked exemptions during the past 4 fiscal years. Due to the nature of ESDC’s mandate, most of the information under the Department’s control contains personal information about individuals and must be withheld under the mandatory exemptions set out in section 19 (Personal information) unless certain conditions are met. Although section 21 (Advice) was not the most frequently applied exemption for the 2018 to 2019 fiscal year, it continued to represent an important percentage of the total and was applied in 304 instances.

Figure 16: Number of requests and percentage of total exemptions*
Section 2015-2016 2016-2017 2017-2018 2018-2019
s. 19 - Personal information 405 (29%) 501 (23%) 385 (27%) 306 (25%)
s. 16 - Law enforcement and investigations 193 (14%) 269 (13%) 149 (10%) 160 (13%)
s. 20 - Third party information 170 (12%) 229 (11%) 152 (11%) 164 (13%)
s. 21 - Advice and recommendations 247 (18%) 658 (31%) 362 (25%) 304 (25%)
s. 24 - Statutory prohibitions against disclosure 170 (12%) 186 (9%) 149 (10%) 84 (7%)

*Figures are rounded for readability purposes

Exclusions

The Access to Information Act does not apply to information that is already publicly available, such as government publications (section 68), and confidences of the Queen’s Privy Council for Canada (section 69), which require consultation with the Department of Justice. During the 2018 to 2019 fiscal year, ESDC excluded records based on section 69 for 108 requests.

Privacy Act

Exemptions

The Privacy Act recognizes that individuals value their privacy and the protection of their personal information, and that this protection is an essential element in maintaining public trust in government. Although the Privacy Act provides individuals with an enforceable right of access to their personal information, there are instances, where certain limited and specific exemptions can be applied.

Due to the nature of ESDC’s mandate and its personal information holdings, the exemption under the Privacy Act that was applied most frequently is section 26, which protects personal information about another individual as defined by section 3 of the Privacy Act. This exemption occurred in 8,082 instances of completed requests during the 2018 to 2019 fiscal year. This represents an increase of 2,184 instances when compared to last fiscal year.

Figure 17: Number of requests and percentage of total exemptions
Section 2015-2016 2016-2017 2017-2018 2018-2019
s. 22 - Law enforcement and investigation 24 (0.4%) 47 (0.8%) 101 (1.7%) 61 (0.7%)
s. 26 – Information about another individual 5,664 (97.9%) 5,977 (97.7%) 5,898 (96.7%) 8,082 (98.1%)
s. 27 – Solicitor-client privilege 88 (1.5%) 91 (1.5%) 81 (1.3%) 72 (0.9%)

Exclusions

The Privacy Act allows for the exclusion of certain types of information such as records that are already available to the public (section 69) and confidences of the Queen’s Privy Council for Canada (section 70). During the 2018 to 2019 fiscal year, ESDC did not exclude any records for requests under the Privacy Act.

Consultations received from other government of Canada institutions and other organizations

Access to Information Act

During the 2018 to 2019 fiscal year, ESDC received 222 external consultation requests, which originated from other Government of Canada institutions and other organizations, that required a review of an additional 15,299 pages. This represents a slight increase from the previous 2 fiscal years when ESDC received 220 requests for external consultations and reviewed an additional 11,567 pages.

The Department closed 223 requestsFootnote 7 for consultations of which 141 (63%) were completed within 30 days. Nearly 3 quarters of those completed (163) resulted in a recommendation to disclose the records in their entirety and 44 (20%) recommended to disclose in part.

Privacy Act

ESDC received 38 external consultation requests during the 2018 to 2019 fiscal year, which originated from Government of Canada institutions and other organizations, requiring an additional review of 1,549 pages. This represents a decrease from the previous fiscal year when ESDC reviewed 5,355 pages.

The Department closed 36 requests for consultations, all of which were completed within 30 days. Of the 36 requests for consultation, 5 (14%) resulted in a recommendation to disclose the records entirely and 31 (86%) recommended that the consulting institution or organization disclose the information in part.

Figure 18: Consultations received from other Government of Canada institutions and other organizations - Access to Information Act
Types of consultation 2015-2016 2016-2017 2017-2018 2018-2019
Consultations requests received under the Access to Information Act 163 185 220 222
Additional pages reviewed under the Access to Information Act 5,357 7,301 7,908 15,564
Access to Information Act Requests for Consultations closed 170 171 210 223
Access to Information Act Requests for Consultations closed within 30 days 115 116 124 141
Privacy Act
Types of consultation 2015-2016 2016-2017 2017-2018 2018-2019
Consultations requests received under the Privacy Act 25 8 35 38
Additional pages reviewed under the Privacy Act 2,640 132 5,355 1,578
Privacy Act Requests for Consultations closed 23 8 34 36
Privacy Act Requests for Consultations closed within 30 days 20 7 29 36

Requests for the correction of personal information under the Privacy Act

Under the Privacy Act, individuals have a right to request the correction of erroneous personal information pertaining to them that is retained by a government institution, provided that the individual can adequately substantiate the request. ESDC accepted one request for correction of personal information during the 2018 to 2019 fiscal year.

Reporting on Access to Information fees for the purposes of the Service Fees Act

In 2017, the Government of Canada introduced the Service Fees Act, which replaced the User Fees Act. All government Departments and Agencies that charge fees for services are subject to this legislation, including ESDC.

The Service Fees Act requires a responsible authority to report annually to Parliament on the fees collected by the institution. Consistent with Treasury Board policy, fees charged pursuant to the Access to Information Act are to be reported in the Access to Information Annual Report. Consequently, ESDC is reporting these fees in this consolidated report.

With respect to fees collected under the Access to Information Act, the information is reported in accordance with the requirements of section 20 of the Service Fees Act.

General fees information

Figure 19 provides information on fees for processing requests filed under the Access to Information Act, including:

  • Fee-setting authority
    • Access to Information Act
  • Fee Amount
    • $5
  • Service standard
    • Response provided within 30 days following receipt of request; the response time may be extended pursuant to section 9 of the Access to Information Act. Notice of extension is to be sent within 30 days after receipt of the request.
  • Performance results
    • Total requests received: 1,409
    • Total requests completed: 1,509Footnote 8
    • Requests responded to within 30 days: 1,305
    • Requests completed within prescribed time limits of extensions: 508
    • Requests responded to after deadline: 204
    • Statutory deadline met 87% of the time
  • Other information
    • In accordance with the Interim Directive on the Administration of the Access to Information Act, issued on May 5, 2016, ESDC waives all fees prescribed by the Act and Regulations, other than the $5 application fee set out in paragraph 7(1)(a) of the Regulations.

Figure 20: Financial information (dollars)

  • 2017 to 2018 Revenue:
    • $ 7,180.00
  • 2018 to 2019 Revenue:
    • $ 5,360.00*
  • 2018 to 2019 Total cost of operating the programFootnote 9:
    • $1,521,865.00
  • 2018 to 2019 RemissionsFootnote 10:
    • $ 1,455.00

*Based on total requests received during the 2018 to 2019 fiscal year minus remissions

7. Complaints, investigations and court actions

Access to Information Act

During the 2018 to 2019 reporting period, the Department was notified by the Office of the Information Commissioner (OIC) of 35 access complaints, which represents 2.5% of all Access to Information requests received (1,409). The Department received findings on 25 complaints. There were no court actions during the reporting period. Please refer to Figure 21 for more information.

Employment and Social Development Canada (ESDC) received 2 complaints pursuant to subsection 35(2) of the Access to Information Act (ATIA). These complaints related to the Department’s use of subsection 10(2) of the ATIA, which allows an institution to neither, confirm nor deny the existence of a record in response to an access request. As of March 31, 2019, a decision from the Office of the Information Commissioner was still pending; the findings of these investigations will therefore be reported during the 2019 to 2020 fiscal year.

Privacy Act

During the 2018 to 2019 reporting period, the Department was formally notified by the Office of the Privacy Commissioner of 9 privacy complaints. Compared to the hundreds of millions of transactions conducted by ESDC over the span of a year, the number of complaints is statistically small. Of the investigation results received during the 2018 to 2019 fiscal year, 8 were determined to be well-founded; however, the Office of the Privacy Commissioner did not make any recommendations. There were no court actions during the reporting period.

Figure 21: Complaints, investigations and court actions, 2018 to 2019
Item Access to Information Act Privacy Act
Complaints
Complaints received 35 9

Denied access

11 6

Unreasonable time extension

5 0

Processing delays

11 2

Improperly applied exemptions

8 0

Collection

NA 1

Use and disclosure / Retention and disposal

NA 0
Investigations
Findings received 25 21

Well-founded

13 8

Not well-founded

3 10

Complaints resolved during investigation

4 1

Discontinued

5 2
Court Actions
Number of court actions 0 0

Note: The total number of notifications of complaints received and the total number of investigations with findings received will not necessarily be the same in a given fiscal year. Investigations could relate to complaints that were received by the Office of the Privacy Commissioner in a fiscal year prior to the 2018 to 2019 reporting period.

8. Internal audits

Access to Information-related audits

Audit of the Access to Information process

In 2016, Employment and Social Development Canada (ESDC) undertook an internal audit on the administration of access to information. While the audit concluded ESDC’s access to information function complies with the Access to Information Act (ATIA), opportunities were identified to (i) improve oversight, (ii) address timeliness of responses and skills shortages, (iii) enhance data integrity, and (iv) address training gaps and modernization efforts as a means to increase compliance and respond to access to information requests in a more efficient manner.

Over the past 2 and a half years, ATIP Operations (ATIP Ops) has actively followed up on the first 3 audit recommendations, actively engaging ESDC senior management, increasing ATIP capacity, and taking steps to ensure complete and accurate performance reporting. During fiscal year 2018 to 2019, the focus was on pursuing training gaps and modernization efforts to further increase compliance and efficient ATI request processing.

ATIA training was provided to 27 departmental Liaison Officers (LOs) and a number of observers. ATIP junior analysts also received training as part of a professional development program. During the 2018 to 2019 fiscal year, several ATIA awareness-training sessions were also given to ESDC staff (Refer to Chapter 11). The sessions were also leveraged to inform participants of Bill C-58 – An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts’ proactive disclosure requirements.

Throughout the fiscal year, ATIP Ops worked closely with the College@ESDC to explore options for providing widely available training and learning material that supports ESDC employees in applying the ATIA (for example, recognizing cabinet confidences), supporting the new proactive disclosure requirements with an emphasis on protecting and safeguarding the release of sensitive information.

Going forward, ATIP Ops will work with its departmental partners, to finalize a learning proposal and will pursue short, medium and long-term (for example, e-learning) solutions in support of access to information and proactive publication activities. As a strategy, ATIP Ops will seek opportunities to leverage existing departmental initiatives and training to increase employee awareness of ATIP.

As a result of these undertakings, all internal audit recommendations have been addressed and are now considered complete.

Privacy-related Audits

Through its audit plan, ESDC continued to address the management of risks to privacy and the safeguarding of personal information with targeted examinations. During the 2018 to 2019 fiscal year, the Privacy Management Division (PMD) was involved in the following audit:

Audit of the Management and Implementation of Select Privacy Impact Assessments

This audit identified the requirement to improve privacy impact assessment controls to achieve the thorough identification and consistent assessment of risks to personal information via the assessment process. It also noted that the Department needed to follow-up on the mitigation activities established in the individual assessments. The audit provided 3 recommendations:

  • the Department should assign to the Chief Privacy Officer the responsibility and accountability to complete sound privacy analyses, thorough identification and consistent assessment of privacy risks found in the Department’s privacy impact assessments;
  • the Chief Privacy Officer should include privacy risks identified in IT security assessments in privacy impact assessments and monitor that they are mitigated with activities commensurate with the risk identified; and
  • the Chief Privacy Officer should be responsible for following-up on mitigation activities to verify if they are implemented as documented in the privacy impact assessments.

The Chief Privacy Officer accepted the recommendations and developed a management action plan. The Privacy Management Division (PMD) is working with the Internal Audit Services Branch to implement the audit recommendations. It is anticipated that full implementation will be achieved during the 2019 to 2020 fiscal year.

9. Public interest disclosures

In accordance with section 8(2) of the Privacy Act, Part 4 of the Department of Employment and Social Development Act takes precedence over the Privacy Act concerning the use and disclosure of personal information. Employment and Social Development Canada’s (ESDC) disclosures in the public interest are not made under section 8(2)(m) of the Privacy Act, but under section 37(1) of the Department of Employment and Social Development Act. This section states that personal information may be disclosed “…if the Minister is of the opinion that the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or that disclosure would clearly benefit the individual to whom the information relates.” As with public interest disclosures under the Privacy Act, public interest disclosures made under the Department of Employment and Social Development Act are also reported to the Office of the Privacy Commissioner (OPC).

During the 2018 to 2019 fiscal year, the Department approved the disclosure of personal information in the public interest in 261 instances. The Department processed 228 public interest disclosures in the regions, which involved individuals who were threatening to harm themselves or others. In instances where there is an imminent threat to the safety and security of individuals, regional employees have the delegated authority to make the disclosures. Given the urgency of these situations, the OPC is informed after the disclosure is made.

Privacy Management Division (PMD) approved the disclosure of personal information in an additional 33 cases. Of the 33 cases, the OPC was informed prior to the disclosure in 24 instances (verbally with a follow up letter, or by letter only), and by letter after the disclosure in 9 occasions.

Figure 22: Reason for disclosure
Reason for disclosure Number of disclosures
Regional disclosures 228
NHQ disclosures

Homicide investigation

3

Locate an individual/next of kin

7

Fraud/suspected elder abuse

5

Violence/threat of violence/bomb threat/vandalism

1

Missing person

13

Suicide threat/self-harm/wellness check

2

Other

2
Subtotal 33
Total 261

10. Material privacy breaches

A privacy breach refers to the improper or unauthorized collection, use, disclosure, retention or disposal of personal information. According to the Treasury Board Secretariat, “a material privacy breach has the highest risk impact and is defined as involving sensitive personal information; and could reasonably be expected to cause serious injury or harm to the individual and/or involves a large number of affected individuals”.

Because of the scope and breadth of Employment and Social Development Canada’s (ESDC) mandate, the Department has one of the largest personal information holdings in the Government of Canada. For some ESDC programs, detailed and often sensitive personal information is needed to determine program eligibility or to receive benefits and services. Personal information is handled by a large number of employees to deliver services across the country by using ESDC’s numerous IT systems and databases. Moreover, the personal information held by the Department is sought by, and disclosed to, a large number of partners and stakeholders for many purposes, including the delivery of their programs, the determination of the eligibility for federal and provincial programs and benefits, the authentication of individuals, identity management, research and statistics, integrity operations, performance management, and legal proceedings. In short, the magnitude and complexity of ESDC’s personal information management responsibilities are considerable, and are characterized by millions of transactions that involve personal information every year.

During the 2018 to 2019 fiscal year, there were 74 material breaches representing a 42% decrease compared to 128 breaches in the 2017 to 2018 fiscal year (please refer to Figure 23). These breaches were the result of operational processes such as information lost in transit in the postal system. Compared to the hundreds of millions of transactions conducted by ESDC over the span of a year, the incident rate is, statistically, very small.

Over the last 3 years, additional time and resources have been invested to foster a privacy-aware organization through formal privacy training and awareness activities. The Department continues to explore ways to reduce the number of breaches. For example, during the 2018 to 2019 fiscal year, the Canada Student Loans Program implemented an “e-delivery” model for its Master Student Financial Assistance Agreement that resulted in enhanced self-service capabilities for full-time students. In the first phase of enhancements, identity verification, as well as document signing and submission became possible to perform online. This eliminated the need to send paper documentation by mail, thereby, significantly reducing the risk of misdirected and lost documents and was consequently the largest influence on the reduction of material privacy breaches during the 2018 to 2019 fiscal year.

Figure 23: Material Breaches
No. of Material Breaches Summary and nature of information breached Communication and notification strategies Actions undertaken in response
54 Documents containing personal information of clients were lost or stolen. When possible, affected individuals were contacted by letter and/or phone to inform them of the breach.
  • Individuals were asked to re-submit their applications and in some cases the cost of new documents, pictures and postage were reimbursed.
  • As per standard procedures, passports were cancelled and new passports issued at no charge.
  • Internal corrective measures were taken, including reminding employees of the importance of protecting personal information and the procedures for mailing.
  • Thorough searches were conducted to locate the unaccounted for documents.
20 Personal information (some included supporting documents) incorrectly shared with the wrong individuals, third parties. Personal letters were sent to affected individuals informing them of the breach.
  • Discussions with officers regarding proper handling procedures and safeguards when required.
  • Reminded of the importance and sensitivity of dealing with personal information.
  • Reminded of the security requirements when sending/carrying personal information.
  • Changes/modifications of procedures.
Total Number of Material Breaches: 74

11. Training and awareness activities

Privacy and Access to Information training

Employment and Social Development Canada (ESDC) has a comprehensive and mandatory online training strategy to increase knowledge of, and raise awareness about the stewardship of information, which includes the management and safeguarding of personal information. As part of the Department’s commitment to maintain the security of its systems and to protect the personal information of its clients and colleagues, all ESDC employees are required to maintain valid certification in Stewardship of Information and Workplace Behaviours (SIWB). Launched in 2014, and updated in 2016, SIWB addresses access to information, information management, security, and values and ethics in addition to the management of personal information.

SIWB certification is valid for 2 years and must be maintained by all departmental employees. In total, 2,391 employees (which include students, casuals, terms and indeterminate staff) successfully completed the course by the end of the 2018 to 2019 fiscal year. Of the 21,568 employees registered in ESDC’s online training system, 19,084 or 88.5%, retained a valid certification at the end of the fiscal year and represents a 4% increase over the 2017 to 2018 reporting period. ESDC will follow-up with the remaining employees on acquiring their certification.

In addition, the online training module, Privacy and Access to Information – It’s Everybody’s Business, has trained 12,265 employees since the 2014 to 2015 fiscal year, including 3,152 employees during the reporting period.

In addition to online training and certification, ESDC undertook a number of in-person and WebEx training sessions and activities. Since the 2014 to 2015 fiscal year, the Department delivered 214 in-person sessions to 6,148 employees. During the 2018 to 2019 fiscal year, ESDC delivered 29 in-person sessions to 817 employees.

Figure 24: Online Access to Information and Privacy training sessions: Employees trained by fiscal year
description follows
Text description of Figure 24
Year Stewardship of Information and Effective Workplace Behaviours Privacy and Access to Information – It’s Everybody’s Business
2015 to 2016 1,678 1,742
2016 to 2017 2,251 2,364
2017 to 2018 20,613 3,651
2018 to 2019 2,391 3,152
Figure 25: In-person Access to Information and Privacy training sessions: Employees trained by fiscal year for ATI and Privacy
description follows
Text description of Figure 25
Year Training Sessions Employees Trained
2015 to 2016 48 1,131
2016 to 2017 59 963
2017 to 2018 35 1,467
2018 to 2019 29 817

Access to Information awareness

As previously noted, training was a priority focus for ATIP Operations (ATIP Ops) during the 2018 to 2019 fiscal year. In terms of training to non-ATIP officials, 15 training sessions were held in the National Capital Region, consisting of 199 participants, while another 3 sessions were held in the regions with 45 participants. ATIP Ops is working to improve its capacity to offer training sessions with the intention of increasing the number of sessions held during the 2019 to 2020 fiscal year. ATIP Ops also engaged with individual Branches and regions within ESDC (for example, providing presentations to senior executives) to raise awareness on the requirements of Bill C-58 – An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts and its implications for the Department’s proactive disclosure and Access to Information activities.

Privacy awareness

Throughout the 2018 to 2019 reporting period, the Department continued to promote practical, easy to understand, and readily available privacy-related information and guidance to employees to reinforce the application of appropriate privacy and personal information safeguarding practices. This included organizing various privacy-themed information events such as Privacy Awareness Week during May 2018, a Data Privacy Day in January 2019, and a series of specialized knowledge talks. During Privacy Awareness Week, information kiosks were set up and staffed, and hundreds of information pamphlets and brochures, which were developed by the Department, and by the Office of the Privacy Commissioner, were distributed to ESDC staff.

12. Moving forward

With respect to the management of the access to information function, Employment and Social Development Canada (ESDC) recognizes the value of its previous year investments; in particular, those made in the area of capacity building, including: recruitment and skills development. During the 2019 to 2020 fiscal year, the Department will continue to pursue training strategies to increase knowledge of Access to Information Act requirements across the Department as well as pursue opportunities to leverage technology, systems and tools to continue improving access to information processing timelines. The Access to Information and Privacy Operations Division (ATIP Ops) will also continue to work with ESDC Branches and regions to raise awareness and ensure compliance with the requirements of Bill C-58 – An Act to amend the Access to Information Act and the Privacy Act and to make consequential amendments to other Acts.

In terms of personal information management priorities, during the 2019 to 2020 fiscal year, ESDC will continue to support current privacy legislative and policy reform activities, implement changes resulting from the Department’s privacy governance review, work towards realizing the Privacy Management Service Vision and actively support service transformation activities.

Annex A: Delegation orders

Access to Information Act and regulations: Delegation of Authority Department of Employment and Social Development

The Minister of Employment and Social Development, pursuant to section 11 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or function of the head of the institution, as specified in the attached schedules.

  • Access to Information Act
  • Privacy Act

Original signed June 22, 2017 by the Honourable Jean-Yves Duclos, Minister of Employment and Social Development

Access to Information Act
Description Section Delegated Authority
Responsibility of government institutions 4(2.1)
  • Deputy Minister, Employment and Social Development Canada (ESDC)
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, Access to Information and Privacy (ATIP) Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
  • ATIP Analyst, Request Processing Unit, ATIP Operations
  • Public Rights Advisor, Request Processing Unit, ATIP Operations
  • ATIP Program Officer, Request Processing Unit, ATIP Operations
  • Junior Analyst, Request Processing Unit, ATIP Operations
Notice where access requested 7(a)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Giving access to record 7(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Transfer of request to another government inst. 8(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Extension of time limits 9
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Payment of additional fees 11(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Payment of fees for EDP record 11(3)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Deposit 11(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Notice of fee payment 11(5)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Waiver or refund of fees 11(6)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Language of access 12(2)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Access to alternate format 12(3)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Refuse access – Obtained in confidence 13
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Federal-provincial affairs 14
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – International affairs and defence 15
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Law enforcement and investigations 16
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Public Servants Disclosure Protection Act 16.5
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Safety of individuals 17
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Economic interests of Canada 18
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Economic interest of the Canada Post Corporation, Export Development Canada, the Public Sector Pension Investment Board and VIA Rail Canada Inc. 18.1
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Personal information 19
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Third party information 20
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Operations of Government 21
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Testing procedures, tests, audits 22
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Audit working papers and draft audit reports 22.1
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Solicitor-client privilege 23
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Refuse access – Statutory prohibitions 24
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Severability 25
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Information to be published 26
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Third party notification 27(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Third party notification – Extension of time limit 27(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Third party notification – Notice of decision 28(1)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Third party notification – Waive representations in writing 28(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Third party notification – Disclosure of record 28(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Where the Information Commissioner recommends disclosure 29(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Advising Information Commissioner of third party involvement 33
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Right to make representations 35(2)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Access to be given to complainant 37(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Notice to third party (application to Federal Court) 43(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Notice to applicant (application to Federal Court by third party) 44(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Special rules for hearings 52(2)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Ex parte representations (Federal Court) 52(3)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Facilities for inspection of manuals 71(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Annual report to Parliament 72
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
Access to Information regulations
Description Section Delegated Authority
Transfer of request 6(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
  • Team Leader, Request Processing Unit, ATIP Operations
Search and preparation of fees 7(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Production and programming fees 7(3)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Providing access to records 8
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations
Limitations in respect of format 8.1
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary
  • Director, ATIP Operations
  • Manager, Request Processing Unit, ATIP Operations

Privacy Act and regulations: Delegation of Authority, Department of Employment and Social Development

The Minister of Employment and Social Development, pursuant to section 11 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or function of the head of the institution, as specified in the attached schedules.

  • Access to Information Act
  • Privacy Act

Original signed June 22, 2017 by the Honourable Jean-Yves Duclos, Minister of Employment and Social Development

Privacy Act
Description Section Delegated Authority
Retention of a record of requests and disclosed records to investigative bodies under section 8(2)(e) of the Privacy Act. 8(4)
  • Deputy Minister, Employment and Social Development Canada (ESDC)
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Manager, ATIP Incident Management & Legislative Disclosures, ATIPOPS, NHQ
Retention of records of uses of personal information 9(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, Privacy Management
Notification of the Privacy Commissioner of any new consistent uses of personal information and ensure use is included in next statement of consistent uses set forth in the Index 9(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, Privacy Management, NHQ
Include personal information in personal information banks 10
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, Privacy Management, NHQ
Respond to request for access within 30 days and give written notice and, if access to be given, give access. 14
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Extension of the 30 day time limit to respond to a privacy request. 15
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Decision on whether to translate a response to a privacy request in one of the two official languages. 17(2)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Decision on whether to convert personal information to an alternate format 17(3)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Decision to refuse to disclose personal information contained in an exempt bank. 18(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIP Operations, NHQ
Decision to refuse access to personal information that was obtained in confidence from the government of a foreign state or institution, an international organization of states or an institution thereof, the government of a province or institution thereof, a municipal or regional government established by or pursuant to an Act of the legislature of a province or an institution of such a government, or the council, as defined in the Westbank First Nation Self-Government Agreement given effect by the Westbank First Nation Self-Government Act or the council of a participating in First Nation as defined in the First Nations Jurisdiction over Education in British Columbia Act 19(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Authority to disclose personal information referred to in 19(1) if the government, organization or institution described in 19(1) consents to the disclosure or makes the information public. 19(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose personal information that may be injurious to the conduct of federal-provincial affairs 20
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIP Operations, NHQ
  • Team Leaders, NHQ
Refuse to disclose personal information that may be injurious to international affairs or the defence of Canada or one of its allies. 21
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister and Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIP Operations, NHQ
  • Team Leaders, NHQ
Refuse to disclose personal information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions 22
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose personal information created for the Public Servants Disclosure Protection Act. 22.3
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
Refuse to disclose personal information prepared by an investigative body for security clearance. 23
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose personal information that was collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while the individual was under sentence if the conditions in the section are met 24
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose personal information which could threaten the safety of individuals 25
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
Refuse to disclose personal information about another individual and shall refuse to disclose such information where disclosure is prohibited under section 8 26
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS. NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose personal information that is subject to solicitor-client privilege. 27
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose personal information relating to the individual’s physical or mental health where the disclosure is contrary to the best interests of the individual 28
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Receive notice of investigation by the Privacy Commissioner 31
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
Right to make representations to the Privacy Commissioner during an investigation 33(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management, NHQ
  • Manager ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Receive Privacy Commissioner’s report of findings of an investigation and give notice of action taken 35(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Provision of addition personal information to a complainant after receiving a 35(1)(b) notice. 35(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Receive Privacy Commissioner’s report of findings of investigation of exempt bank 36(3)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Director, Privacy Management, NHQ
Receive report of Privacy Commissioner’s findings after compliance investigation 37(3)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Director, Privacy Management, NHQ
Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region. 51(2)(b)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
Request and be given right to make representations in section 51 hearings 51(3)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
Prepare annual report to Parliament 72(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management
Privacy Act Regulations
Description Section Delegated Authority
Allow examination of the documents (Reading Room) 9
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS. NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisor
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Notification of Correction 11(2)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS. NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisor
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Correction refused, notation placed on file 11(4)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS. NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisor
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Disclosure to a medical practitioner or psychologist 13(1)
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS. NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisor
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Disclosure in the presence of a medical practitioner or psychologist 14
  • Deputy Minister, ESDC
  • Deputy Minister, Labour
  • Senior Associate Deputy Minister of ESDC and Chief Operating Officer for Service Canada
  • Associate Deputy Minister, ESDC
  • Corporate Secretary and Chief Privacy Officer
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS. NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisor
  • Business Expertise Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)

Annex B: Summaries of Completed Privacy Impact Assessments

ESDC completed 5 Privacy Impact Assessments (PIAs) over the course of this past fiscal year, the summaries of which are found in the subsequent paragraphs. This information has also been posted on the Department’s web site at the following address: https://www.canada.ca/en/employment-social-development/corporate/transparency/access-information/reports/pia.html.

Service Canada’s Role in Temporary Foreign Worker Program (TFWP) and International Mobility Program (IMP) Investigations

The Temporary Foreign Worker Program assists employers in filling their acute labour shortages on a temporary and limited basis when qualified Canadians and permanent residents are not available. ESDC, Immigration Refugees and Citizenship Canada (IRCC), and the Canada Border Services Agency, jointly manage the TFWP. The Program aims to improve the Government of Canada's capacity to conduct integrity investigations to detect misuse and reduce the potential of abuse of foreign workers. This PIA was completed to address the transition to a new IT system, which represented a substantial modification to program operations and changed the way personal information was processed. The PIA focused on the required amendments to the current information sharing agreement between ESDC and IRCC, and the changes to the interface of the new case management system.

Education Savings Referral Service

The Government of Canada encourages Canadians to use Registered Education Savings Plan (RESP) to save for a child’s post-secondary education. The Education Savings Referral Service (ESRS) will enable Ontario’s parents of newborn children to provide consent to be contacted by an RESP promoter to learn about, and perhaps start, the process to open an RESP and request the education saving incentives. This PIA was completed since the Referral Service represents a new collection, use and disclosure of personal information. The ESRS is intended to ease access to the savings incentives. This PIA focused on the exchange of personal information with the province of Ontario and on the collection, use, and disclosure of personal information.

Death Abroad Data Exchange Initiative

The Death Abroad Data Exchange (DADE) initiative facilitates ESDC’s timely suspension and termination of the Canada Pension Plan and Old Age Security benefit payments to beneficiaries who lived outside of Canada upon their death. This initiative, in conjunction with the Netherlands, addresses the issue of overpayments, which can be difficult to recover from the deceased beneficiaries’ estate or appointed representative. This PIA was completed to identify the privacy risks, as personal information will be used for an administrative purpose. This PIA focused on the legal authorities to conduct the information sharing agreement (ISA) between the Department and The Netherlands, the method of exchange of personal information, data matches and the date flow and processes associated with the implementation of the DADE initiative. The assessment is intended to be used as a basis for future ISAs concluded with different partners under the DADE initiative and will be amended or updated as new ISAs are negotiated.

The Exchange of Information between ESDC and British Columbia’s Ministry of Social Development and Poverty Reduction

The Exchange of Information between ESDC and British Columbia’s Ministry of Social Development and Poverty Reduction allows the exchange of personal information between British Columbia and ESDC that will result in improving the administration of the provincial Social Assistance and Supplement Programs such as the Income and Disability Assistance Programs and the Bus Pass Program. This PIA was completed as personal information from ESDC will be used by British Columbia as part of the decision-making process that will directly affect individuals. This PIA focused on the exchange of Canada Pension Plan (CPP)/Old Age Security (OAS) information to determine eligibility and entitlement to the British Columbia provincial programs. The PIA also examined the information technology systems required for the data match and the information exchange process.

Information Sharing Agreement between ESDC and Department of Justice

The information sharing agreement between ESDC and the Department of Justice allows the latter to receive specific personal information from 2 additional ESDC databases. The personal information is shared to assist in locating certain persons who are in default of family support orders or who are in violation of custody or access rights. This PIA was completed for this information exchange given that it represents a substantial modification to an existing activity where personal information is used or intended to be used for an administrative purpose. This PIA focused on the privacy risks associated with the sharing of information on matches to certain databases with the Department of Justice for the purposes of administering The Family Orders and Agreements Enforcement Assistance Act.

Annex C: Statistical reports

Statistical report on the Access to Information Act

Name of institution: Employment and Social Development Canada

Reporting period: 2018-04-01 to 2019-03-31

Part 1: Requests under the Access to Information Act

1.1 Number of requests
Type Number of Requests
Received during reporting period 1,409
Outstanding from previous reporting period 414
Total 1,823
Closed during reporting period 1,509
Carried over to next reporting period 314
1.2 Sources of Requests
Source Number of Requests
Media 429
Academia 26
Business (private sector) 332
Organization 140
Public 350
Decline to Identify 132
Total 1,409
1.3 Informal requests
Completion time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
131 114 421 115 6 4 3 794

Part 2: Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 51 246 106 48 14 8 1 474
Disclosed in part 26 182 92 119 94 60 34 607
All exempted 0 2 2 4 3 0 0 11
All excluded 0 1 1 1 2 1 0 6
No records exist 70 73 24 1 0 1 0 169
Request Transferred 12 2 0 0 0 1 0 15
Request abandoned 179 21 7 2 2 7 8 226
Neither confirmed nor denied 1 0 0 0 0 0 0 1
Total 339 527 232 175 115 78 43 1,509
2.2 Exemptions
Section Number of requests
13(1)(a) 3
13(1)(b) 2
13(1)(c) 7
13(1)(d) 1
13(1)(e) 0
14 46
14(a) 0
14(b) 0
15(1) 22
15(1) - International affairs 22
15(1) - Defence of Canada 23
15(1) - Subversive activities 0
16(1)(a)(i) 0
16(1)(a)(ii) 0
16(1)(a)(iii) 0
16(1)(b) 4
16(1)(c) 19
16(1)(d) 1
16(2) 114
16(2)(a) 0
16(2)(b) 0
16(2)(c) 8
16(3) 0
16.1(1)(a) 0
16.1(1)(b) 0
16.1(1)(c) 0
16.1(1)(d) 0
16.2(1) 0
16.3 0
16.4(1)(a) 0
16.4(1)(b) 0
16.5 0
17 3
18(a) 2
18(b) 7
18(c) 0
18(d) 1
18.1(1)(a) 0
18.1(1)(b) 0
18.1(1)(c) 0
18.1(1)(d) 0
19(1) 306
20.1 0
20.2 0
20(1)(a) 0
20(1)(b) 90
20(1)(b.1) 0
20(1)(c) 68
20(1)(d) 6
20.4 0
21(1)(a) 138
21(1)(b) 150
21(1)(c) 14
21(1)(d) 2
22 5
22.1(1) 5
23 46
24(1) 84
26 5
2.3 Exclusions
Section Number of requests
68(a) 0
68(b) 0
68(c) 0
68.1 0
68.2(a) 0
68.2(b) 0
69(1) 0
69(1)(a) 0
69(1)(b) 0
69(1)(c) 0
69(1)(d) 3
69(1)(e) 2
69(1)(f) 0
69(1)(g) re (a) 53
69(1)(g) re (b) 0
69(1)(g) re (c) 22
69(1)(g) re (d) 11
69(1)(g) re (e) 1
69(1)(g) re (f) 16
69.1(1) 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 440 34 0
Disclosed in part 397 208 2
Total 837 242 2

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages processed Number of pages disclosed Number of requests
All disclosed 17,631 16,922 474
Disclosed in part 95,186 73,234 607
All exempted 352 0 11
All excluded 533 0 6
Request abandoned 5,116 3,959 226
Neither confirmed nor denied 0 0 1
Total 118,818 94,115 1,325
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 450 5,467 19 3,147 2 1,232 3 7,076 0 0
Disclosed in part 450 12,314 110 22,566 28 15,605 18 22,531 1 218
All exempted 10 0 1 0 0 0 0 0 0 0
All excluded 5 0 1 0 0 0 0 0 0 0
Request abandoned 222 128 2 376 1 698 1 2,757 0 0
Neither confirmed nor denied 1 0 0 0 0 0 0 0 0 0
Total 1,138 17,909 133 26,089 31 17,535 22 32,364 1 218
2.5.3 Other complexities
Disposition Consultation required Assessment of fees Legal advice sought Other Total
All disclosed 68 0 1 0 69
Disclosed in part 220 0 1 0 221
All exempted 4 0 0 0 4
All excluded 4 0 0 0 4
Request abandoned 9 0 0 0 9
Neither confirmed nor denied 0 0 0 0 0
Total 305 0 2 0 307

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline

  • Number of requests closed past the statutory deadline = 204
  • Principal reason
    • Workload = 91
    • External consultation = 38
    • Internal consultation = 4
    • Other = 71
2.6.2 Number of days past deadline
Number of days past deadline Number of requests past deadline where no extension was taken Number of requests past deadline where an extension was taken Total
1 to 15 days 24 14 38
16 to 30 days 7 17 24
31 to 60 days 5 20 25
61 to 120 days 5 27 32
121 to 180 days 14 12 26
181 to 365 days 9 24 33
More than 365 days 3 23 26
Total 67 137 204
2.7 Requests for translation
Translation requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3: Extensions

3.1 Reasons for extensions and disposition of requests
Disposition of requests where an extension was taken 9(1)(a)
Interference with operations
9(1)(b)
Consultation
9(1)(c)
Third-party notice
Section 69 Other
All disclosed 10 0 84 1
Disclosed in part 90 4 238 5
All exempted 0 0 9 30
All excluded 1 1 4 0
No records exist 0 0 1 0
Request abandoned 13 0 15 0
Total 114 5 351 3
3.2 Length of extensions
Length of extensions 9(1)(a)
Interference with operations
9(1)(b)
Consultation
9(1)(c)
Third-party notice
Section 69 Other
30 days or less 65 0 54 0
31 to 60 days 25 0 45 32
61 to 120 days 16 5 234 5
121 to 180 days 6 0 18 1
181 to 365 days 2 0 0 0
365 days or more 0 0 0 0
Total 114 5 351 38

Part 4: Fees

Fee type Fee collected Fee waived or refunded
Number of
requests
Amount Number of
requests
Amount
Application 1,072 $5,360 337 $1,685
Search 0 $0 0 $0
Production 0 $0 0 $0
Programming 0 $0 0 $0
Preparation 0 $0 0 $0
Alternative format 0 $0 0 $0
Reproduction 0 $0 0 $0
Total 1,072 $5,360 337 $1,685

Part 5: Consultations received from other institutions and organizations

5.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 216 15,548 6 16
Outstanding from the previous reporting period 24 555 2 23
Total 240 16,103 8 39
Closed during the reporting period 219 15,277 4 22
Pending at the end of the reporting period 21 826 4 17
5.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of days required to complete consultation requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More than 365 days Total
All disclosed 52 64 31 11 1 0 0 159
Disclose in part 1 10 19 11 2 1 0 44
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 1 0 0 0 0 1
Other 8 3 4 2 0 0 0 15
Total 61 77 55 22 3 1 0 219
5.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More than 365 days Total
All disclosed 0 3 1 0 0 0 0 4
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 3 1 0 0 0 0 4

Part 6: Completion time of consultations on cabinet confidences

6.1 Requests with Legal Services
Number of days Less than 100 pages processed 101-500 pages processed 501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of
requests
Pages disclosed Number of
requests
Pages disclosed Number of
requests
Pages disclosed Number of
requests
Pages disclosed Number of
requests
Pages disclosed
1 to 15 1 22 0 0 0 0 0 0 0 0
16 to 30 1 24 1 140 0 0 0 0 0 0
31 to 60 26 574 1 0 0 0 0 0 0 0
61 to 120 25 787 1 327 0 0 0 0 0 0
121 to 180 7 182 1 171 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 60 1,589 4 638 0 0 0 0 0 0
6.2 Requests with Privy Council Office
Number of days Less than 100 pages processed 101‒500 pages processed 501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of
requests
Pages disclosed Number of
requests
Pages disclosed Number of
requests
Pages disclosed Number of
requests
Pages disclosed Number of
requests
Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 1 0 0 0 0 0 0 0 0 0
31 to 60 3 73 1 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 4 73 1 0 0 0 0 0 0 0

Part 7: Complaints and investigations notices received

  • Section 32 = 35
  • Section 35 = 59
  • Section 37 = 25
  • Total = 119

Part 8: Court action

  • Section 41 = 0
  • Section 42 = 0
  • Section 44 = 0
  • Total = 0

Part 9: Resources related to the Access to Information Act

9.1 Costs
Expenditures Person years dedicated to access to information activities
Salaries $1,393,730
Overtime $0
Goods and Services $128,135
Professional services contracts $123,764
Other $4,371
Total $1,521,865
9.2 Human resources
Resources Person years dedicated to Access to Information activities
Full-time employees 17.68
Part-time and casual employees 0.48
Regional staff 0.00
Consultants and agency personnel 1.04
Students 0.28
Total 19.48

New reporting requirement

Access to Information Act
Section Number of requests
16.31 Investigation under the Elections Act 0
16.6 National Security and Intelligence Committee 0
23.1 Patent or Trademark privilege 0

Statistical Report on the Privacy Act

Name of institution: Employment and Social Development Canada

Reporting period: 2018-04-01 to 2019-03-31

Part 1: Requests under the Privacy Act

Type Number of requests
Received during reporting period 12,678
Outstanding from previous reporting period 409
Total 13,087
Closed during reporting period 12,260
Carried over to next reporting period 827

Part 2: Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion time
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 261 585 20 5 0 1 0 872
Disclosed in part 3,581 5,551 337 39 5 4 0 9,517
All exempted 3 4 1 0 0 0 0 8
All excluded 3 2 0 0 0 0 0 5
No records exist 1,429 212 5 3 0 0 0 1,649
Request abandoned 152 49 7 0 0 0 0 1
Neither confirmed nor denied 0 0 0 0 1 0 0 1
Total 5,429 6,403 370 47 6 5 0 12,260
2.2 Exemptions
Section Number of requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 8
19(1)(f) 8
20 0
21 0
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 57
22(1)(c) 0
22(2) 0
22.1 3
22.2 0
22.3 1
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 1
26 8,082
27 72
28 4
2.3 Exclusions
Section Number of requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 719 147 6
Disclosed in part 7,751 1,751 15
Total 8,470 1,898 21
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages processed Number of pages disclosed Number of requests
All disclosed 18,388 16,273 872
Disclosed in part 959,204 917,163 9,517
All exempted 66 0 8
All excluded 0 0 5
Request abandoned 1,589 1,236 208
Neither confirmed nor denied 0 0 1
Total 979,247 934,672 10,611
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100 pages processed 101 to 500 pages processed 501 to 1000 pages processed 1001 to 5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages Disclosed Number of requests Pages disclosed
All disclosed 831 10,043 40 6,180 1 50 0 0 0 0
Disclosed in part 6,506 236,236 2,807 512,453 153 91,226 50 69,801 1 7,447
All exempted 8 0 0 0 0 0 0 0 0 0
All excluded 5 0 0 0 0 0 0 0 0 0
Request abandoned 204 637 4 599 0 0 0 0 0 0
Neither confirmed nor denied 1 0 0 0 0 0 0 0 0 0
Total 7,555 246,916 2,851 519,232 154 91,276 50 69,801 1 7,447
2.5.3 Other complexities
Disposition Consultation required Legal advice sought Interwoven information Other Total
All disclosed 1 0 5 0 6
Disclosed in part 56 0 463 0 519
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 6 0 1 0 7
Neither confirmed nor denied 1 0 0 0 1
Total 64 0 469 0 533
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of requests closed past the statutory deadline Principal reason
Workload External consultation Internal consultation Other
123 106 0 2 15
2.6.2 Number of days past deadline
Number of days past deadline Number of requests past deadline where no extension was taken Number of requests past deadline where an extension was taken Total
1 to 15 days 63 26 89
16 to 30 days 7 4 11
31 to 60 days 6 2 8
61 to 120 days 4 6 10
121  to 180 days 2 0 2
181 to 365 days 0 3 3
More than 365 days 0 0 0
Total 82 41 123
2.7 Requests for translation
Translation requests Accepted Refused Total
English to French 0 0 0
French to English 3 1 4
Total 3 1 4

Part 3: Disclosures under Subsection 8(2) and 8(5)*

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

* Disclosures that would otherwise be made under these sections of the Privacy Act are carried out under the authorities provided in Part 4 of the Department of Employment and Social Insurance ActFootnote 11. Further details on this can be found in the report under Section 9: Public Interest Disclosures

Part 4: Requests for correction of personal information and notations

Disposition for correction requests received Number
Notations attached 4
Requests for correction accepted 1
Total 5

Part 5: Extensions

5.1 Reasons for extensions and dispositions of requests
Disposition of requests where an extension was taken 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation or conversion
Section 70 Other
All disclosed 2 0 0 0
Disclosed in part 109 0 7 2
All exempted 0 0 0 0
All excluded 0 0 0 0
No records exist 1 0 1 0
Request abandoned 6 0 0 0
Total 118 0 8 2
5.2 Length of extensions
Length of extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation purposes
Section 70 Other
1 to 15 days 1 0 0 0
16 to 30 days 117 0 8 2
Total 118 0 8 2

Part 6: Consultations received from other institutions and organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 26 1,097 12 452
Outstanding from the previous reporting period 1 26 0 0
Total 27 1,123 12 452
Closed during the reporting period 26 1,093 10 186
Pending at the end of the reporting period 1 30 2 266
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 3 2 0 0 0 0 0 5
Disclosed in part 16 4 0 0 0 0 0 20
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 1 0 0 0 0 0 0 1
Total 20 6 0 0 0 0 0 26
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 6 4 1 0 0 0 0 10
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 6 4 0 0 0 0 0 10

Part 7: Completion time of consultations on cabinet confidences

7.1 Requests with legal services
Number of days Fewer than 100 pages processed 101 to 500 pages processed 501 to 1000 pages processed 1001 to 5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of days Fewer than 100 pages processed 101 to 500 pages processed 501 to 1000 pages processed 1001 to 5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8: Complaints and investigations notices received

Section Section 31 Section 33 Section 35 Court action Total
Number 9 23 21 0 53

Part 9: Privacy Impact Assessments (PIAs)

  • Number of PIA(s) completed = 5

Part 10: Resources related to the Privacy Act

10.1 Costs
Expenditures Amount
Salaries $5,693,185
Overtime $0
Goods and Service $160,187
Professional services contracts $44,069
Other $116,118
Total $5,853,372
10.2 Human resources
Resources Person years dedicated to privacy activities
Full-time employees 34.80
Part-time and casual employees 0.41
Regional staff 45.46
Consultants and agency personnel 0.36
Students 0.28
Total 81.31

New reporting requirement

Privacy Act
Section Number of requests
22.4 National Security and Intelligence Committee 0
27.1 Patent or Trademark privilege 0
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: