Annual Report on the Administration of the Access to Information Act and the Privacy Act - Employment and Social Development Canada 2019 to 2020
On this page
- Acronyms
- Introduction
- 2. Organizational structure
- 3. The Privacy Management framework and Privacy Governance in ESDC
- 4. Delegations
- 5. Policies, guidelines, procedures and initiatives
- 6. Performance reporting
- 7. Complaints, investigations and court actions
- 8. Internal audits
- 9. Public interest disclosures
- 10. Material privacy breaches
- 11. Training and awareness activities
- Annex A: Delegation orders
- Annex B: Summaries of Completed Privacy Impact Assessments
- Annex C: Statistical Reports
Alternate formats
Large print, braille, MP3 (audio), e-text and DAISY formats are available on demand by ordering online or calling 1 800 O-Canada (1-800-622-6232). If you use a teletypewriter (TTY), call 1-800-926-9105.
Acronyms
- CERB
- Canada Emergency Response Benefit
- DESDA
- The Department of Employment and Social Development Act
- ESDC
- Employment and Social Development Canada’s
- ATIP Operations
- Privacy Operations Division
- ATIP Operations
- Access to Information and Privacy Operations Division
- PMD
- Privacy Management Division
- PIA
- privacy impact assessments
- ATIA
- Access to Information Act
- OPI
- Offices of Primary Interest
- OIC
- Office of the Information Commissioner
- OPC
- Office of the Privacy Commissioner
- TBS
- Treasury Board Secretariat
- SIWB
- Stewardship of Information and Workplace Behaviours
- IRCC
- Immigration, Refugees and Citizenship Canada
- GAC
- Global Affairs Canada
Introduction
Presentation of the Report
Section 94 of the Access to Information Act and Section 72 of the Privacy Act requires the head of a federal institution to submit an annual report to Parliament on the administration of each Act following the end of every fiscal year. Employment and Social Development Canada (ESDC) is pleased to present to Parliament its integrated annual report on the administration of the Access to Information Act and the Privacy Act for the 2019 to 2020 fiscal year.
The Service Fees Act requires a responsible authority to report annually to Parliament on the fees collected by the institution. With respect to fees collected under the Access to Information Act, the information is reported in accordance with the requirements of section 20 of the Service Fees Act, in section 6 of this report.
About Employment and Social Development Canada
ESDC, which includes the Labour Program and Service Canada, delivers many federal programs and services. Given the broad scope of its mandate, it is amongst the largest and most decentralized federal institutions.
ESDC’s programs and services play an important role in the lives of Canadians. For example, the Department provides income support to the unemployed and pension income to seniors. In addition, during the final month of the 2019 to 2020 year, ESDC was at the forefront of Canada’s efforts to mitigate the social and economic impacts of the COVID-19 pandemic. This included, during March 2020 the launch of work to develop the Canada Emergency Response Benefit (CERB) and targeted support for students and seniors amongst others.
The Labour Program contributes to social and economic well-being by fostering safe, healthy, fair and inclusive work environments, and cooperative workplace relations in workplaces falling under federal jurisdiction. The Labour Program also supplies labour relations mediation services, enforces minimum working conditions, promotes decent work and fosters respect for international labour standards. As with other parts of the Department, the Labour program responded with agility and flexibility to the pandemic.
The Department’s service delivery arm, Service Canada, provides Canadians with a single point of access to ESDC programs and benefits, as well as to other Government of Canada programs and services. The Department’s service delivery arm, Service Canada, provides Canadians with a single point of access to ESDC programs and benefits, as well as to other Government of Canada programs and services. Although the COVID-19 pandemic had a direct impact on Service Canada’s ability to provide in-person services toward the end of March 2020, online and phone services continued to provide service to Canadians.
About the Access to Information Act and the Privacy Act
The Access to Information Act provides Canadian citizens, permanent residents, and any individual or corporation present in Canada a right to access records of government institutions that are subject to the ActFootnote 1. This right is subject to limited and specific exemptions and exclusions, and in accordance with the principle that government information should be available to the public. The Government of Canada brought forth new legislative requirements under the Act in 2019 mandating departments to, among other things, proactively publish frequently requested information in an effort to further increase transparency and openness.
The Privacy Act protects the privacy of Canadian citizens, permanent residents and individuals present in Canada with respect to their personal information held by a federal government institution that is subject to the Act, and provides them with a right of access to that informationFootnote 2. The Privacy Act sets out provisions for the collection, use, retention and disclosure of personal information by government institutions.
Personal information provisions in the Department of Employment and Social Development Act
In addition to the Privacy Act, the management of personal information by ESDC is governed by statutory obligations set out in the Department’s enabling Act. The Department of Employment and Social Development Act (DESDA) sets out the rules that apply to personal information controlled by ESDC. These provisions set out the conditions for:
- disclosing personal information, including public interest disclosures;
- making available information contained in the Social Insurance Register;
- using personal information for internal policy analysis, research and evaluation purposes; and
- disclosing personal information for research or statistical analysis.
Where the Department delivers services to the public on behalf of other federal institutions and jurisdictions or when delivering select services for the Government of Canada, the partner’s privacy regime (normally the Privacy Act for federal partners) would apply instead.
2. Organizational structure
Corporate Secretary and Chief Privacy Officer
Employment and Social Development Canada’s (ESDC) Corporate Secretariat Branch is responsible for the Department’s access to information program, issuing and managing privacy management policy, the provision of privacy advice and guidance, and privacy operations in the National Capital Region. These functions are carried out by ESDC’s Access to Information and Privacy Operations Division (ATIP Operations), and the Privacy Management Division (PMD).
The Branch is led by the Corporate Secretary who is ESDC’s designated Chief Privacy Officer, the Department’s functional authority on all privacy matters and the implementation of the privacy management framework. The Chief Privacy Officer’s responsibilities include providing strategic privacy advice and recommendations, maintaining ESDC’s privacy management program, and monitoring compliance to the relevant statutory obligations, policies and standards for privacy.
Access to Information and Privacy Operations Division
The Access to Information and Privacy Operations Division (ATIP Operations) is the departmental focal point for the management and processing of ESDC access to information and privacy requests. It leads and advises on the processing of all ESDC requests under the Access to Information Act, performs line-by-line reviews of records requested under the Access to Information Act and the Privacy Act, and delivers training and awareness sessions to departmental employees on the administration of the Acts. Approximately 22 ATIP Operations employees were dedicated to processing requests during the 2019 to 2020 fiscal year.
The day-to-day administration of the Access to Information Act is a collaborative endeavour between ATIP Operations and the Department’s network of branch Liaison Officers. The regions also play an important role in processing the majority of privacy requests received by the Department. Finally, the Division continues to provide departmental leadership on the 2019 amendments to the the Access to Information Act and the Privacy Act,hereafter referred to as the 2019 ATIA amendments.
In addition to processing requests under the Access to Information Act, ATIP Operations is also responsible for proactively publishing briefing note titles each month. In addition, ATIP Operations reviews (to identify sensitivities such as personal information) all departmental material identified for proactive disclosure or Open Government publishing. Although not accounted for within this report’s statistical information, this review function is an important and growing part of the Division’s workload.
Privacy Management Division
Privacy Management Division (PMD) is the departmental focal point for privacy advice. The Division leads the horizontal implementation of departmental privacy policies and initiatives, conducts risk analysis including privacy impact assessments (PIA), and delivers privacy compliance support for ESDC’s programs and services. PMD also administers legal requests for documents, deals with public interest disclosures and plays a key role in the management and prevention of privacy breaches via privacy training and awareness activities. As of March 31, 2020, PMD had a complement of 31 full-time employees.
COVID-19 operational impact
With the onset of the COVID-19 pandemic at the end of the 2019/2020 fiscal year, the Department redirected all available resources to deliver critical services and departmental employees were called upon to work around the clock to provide essential supports to Canadians. A consequence of this emergency response was its impact on the department’s ability to process ATIP requests in a timely fashion, ultimately affecting ESDC’s ability to respond to requests within the timelines mandated by the Access to Information Act and the Privacy Act. Requesters were advised of possible delays by email and through the ESDC website. ATIP staff began working remotely in March and the Department continued to process ATIP requests to the greatest extent possible. For example, working on the backlog or following up on requests where records, recommendations and approvals had already been received.
COVID-19 had a similar impact on PMD during this time frame resulting in the delay of several PIAs that were poised for end of year approvals.
3. The Privacy Management framework and Privacy Governance in ESDC
Departmental policy on Privacy Management
The Departmental Policy on Privacy Management sustains a robust privacy regime for the protection and judicious use of personal information by Employment and Social Development Canada (ESDC). In addition to codifying the requirements and standards for the management and protection of personal information and articulating clear and universal privacy principles, the policy sets out the Department’s Privacy Management Framework, outlined below, designates the Chief Privacy Officer function, defines roles and responsibilities for personal information, and establishes the Department’s privacy governance mechanisms.
Privacy Management framework
ESDC’s privacy management framework sets out the manner in which the Department organizes itself through structures, policies, systems and procedures to identify privacy responsibilities, coordinate privacy work, manage privacy risks and ensure compliance with privacy legislation. It also promotes a proactive approach for the management of privacy by fostering its integration into the program, system, and business process design. The privacy management framework consists of five elements:
- Governance and Accountability: Roles and responsibilities for privacy are clearly defined;
- Stewardship of Personal Information: Appropriate privacy protections are implemented to properly manage personal information throughout its life cycle;
- Assurance of Compliance: Formal processes and practices are in place to ensure adherence to privacy specifications, policies, standards and laws;
- Effective Risk Management: Structured and coordinated risk identification and assessments that are conducted to limit the probability and impact of negative events; and
- Culture, Training and Awareness: Privacy training and awareness activities that sustain a privacy-aware organization that values the protection and stewardship of personal information.
Privacy Governance at ESDC
The Department’s primary governance body for privacy is the director general-level Data and Privacy Committee. It is Co-chaired by the Chief Privacy Officer and the Chief Data Officer. The Data and Privacy Committee oversees the stewardship and management of data and the protection of personal information across the Department. The Committee supports the integration of data management, privacy, and security. It also monitors ESDC’s personal information risk management processes. The Data and Privacy Committee reports to the Assistant Deputy Minister-level Corporate Management Committee.
4. Delegations
Section 73 of both the Access to Information Act and the Privacy Act empower the head of an institution to delegate any of the powers, duties or functions assigned to him or her by these Acts to employees of that institution.
The Minister of Employment, Workforce Development and Disability Inclusion is the Minister responsible for the purposes of the Access to Information Act, the Privacy Act, and the Department’s enabling legislation—the Department of Employment and Social Development Act.
To support the effective and efficient administration of the Access to Information Act, certain delegation authorities were extended to ATIP Operations team leads in March 2020.
The approved Delegation Orders are reproduced in Annex A.
5. Policies, guidelines, procedures and initiatives
Access to Information activities and initiatives
Throughout the 2019 to 2020 reporting period, ESDC sought to implement the 2019 ATIA amendments:
- ATIP Operations continued to lead a departmental Working Group that raised awareness about proactive publication, and developed new business processes, tools, and departmental training as part of ESDC’s readiness strategy to the 2019 ATIA amendments. Up until the announcement of the public health emergency in March 2020, the Department was consistently meeting its proactive publication legislative deadlines each month.
- ATIP Operations developed an operational guide to ensure ATIP analysts had clear and sound guidelines for effective administration of the new section 6.1 of the Act, which provides that institutions may seek the Information Commissioner’s written approval to decline to act on an access request if the request is considered frivolous or vexatious. The guide ensures consistent decision-making by ESDC and supports the department’s commitment to provide reasonable access to departmental records.
ESDC launched its ATIP modernization initiative during the reporting year and began exploring options for creating a paperless office (e-post, digital signatures, etc.). This work was given increased priority following the announcement of the global pandemic.
Privacy activities and initiatives
During the 2019 to 2020 fiscal year, ESDC continued to advance a proactive, risk-based approach to privacy management. The Department undertook several personal information management initiatives in support of its program and service delivery activities and adapting to the needs of the changing privacy environment.
ESDC reached the mid-point of implementing its Three-year Privacy Management Road Map that is designed to sustain a rigorous privacy regime during a period of change and transformation. Over the course of the reporting period, the Department:
- designated the Privacy Management Division as ESDC’s privacy center of expertise and privacy policy authority, which means ESDC now has a single window to access privacy analysis and advice;
- continued to improve its privacy analysis and risk assessment tools that can be tailored to the scope and a scale of an initiative and its initial estimated level of risk;
- tested streamlined governance processes for privacy impact assessments for lower-risk initiatives;
- established the systematic monitoring of PIA action plans; and
- began providing privacy advice and support for the implementation of the new service delivery provisions in the Department of Employment and Social Development Act.
Specialized privacy advisory services were provided for:
- Justice Canada-led Privacy Act modernization activities, including conducting broad consultations within the ESDC and sharing the analysis and results;
- advanced data processing, automated decision-making and artificial intelligence policies, processes and activities; and
- the addition of the Transportation Safety Board to the Department of Employment and Social Development Regulations.
At the end of the 2019 to 2020 fiscal year, the response to COVID-19 emergency included:
- the provision of privacy advice and analysis for key initiatives of Canada’s COVID-19 Economic Response Plan;
- supporting the accelerated transformation of ESDC’s service delivery channels; and
- transforming PMD into a fully functioning telework team that provided timely privacy advice and analysis to a wide range of departmental and interdepartmental clients and stakeholders.
ESDC completed nine privacy impact assessments, copies of which were provided to the Treasury Board Secretariat, and to the Office of the Privacy Commissioner. Information on these assessments can be found in Annex B and on ESDC’s privacy impact assessments website.
6. Performance reporting
The following section provides key statistics and analysis on Employment and Social Development Canada’s (ESDC) accomplishments in the previous four fiscal years and how the Department contributed to the Government’s agenda in terms of Access to Information and Privacy. Figures 3 through 5 display a four-year comparison to highlight Access to Information Act and the Privacy Act performance trends. Detailed Statistical Reports for both Acts are found in Annex C.
Requests and consultations: total volume
During the 2019 to 2020 fiscal year, ESDC experienced a sizable increase (21%) in combined access to information and privacy requests from 14,347 requests in the 2018 to 2019 fiscal year to 16,801 in the 2019 to 2020 reporting period. During the 2019 to 2020 fiscal year, access to information requests were stable while Privacy Act access requests continued to increase, as they have consistently since the 2015 to 2016 reporting period. Consultations requests also increased year over year.
Text description for Figure 1: Access to Information Act (ATIA), Privacy Act Requests and Consultations:
Total Volume Received
| Year | Received |
|---|---|
| 2016-2017 | 10,814 |
| 2017-2018 | 11,049 |
| 2018-2019 | 14,347 |
| 2019-2020 | 17,159 |
Text description for Figure 2: Access to Information Act (ATIA), Privacy Act consultation requests –total volume received
| Year | Received |
|---|---|
| 2016-2017 | 193 |
| 2017-2018 | 255 |
| 2018-2019 | 260 |
| 2019-2020 | 358 |
| Activity | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| Formal requests received under the Access to Information Act | 2,268 | 1,942 | 1,409 | 1,396 |
| Requests completed during the reporting periodFootnote 3 | 2,276 | 1,899 | 1,509 | 1,302 |
| Number of pages processed | 438,368* | 970,992* | 118,818 | 133,982 |
| Number of requests completed within legislated timeframes (including extensions) | 1,748 | 1,567 | 1,305 | 1,094 |
| Number of requests completed beyond legislated timeframes | 528 | 332 | 204 | 208 |
| Proportion of requests that were responded to within legislated timeframes | 77% | 83% | 87% | 84% |
| Complaints to the Information Commissioner | 23 | 40 | 35 | 52 |
* Table note: Includes exceptionally large requests containing a very high number of fully released pages
| Activity | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| Formal requests received under the Privacy Act | 8,353 | 8,852 | 12,678 | 15,405 |
| Requests completed during the reporting period | 8,510 | 8,817 | 12,260 | 15,004 |
| Number of requests completed within legislated timeframes (including extensions) | 8,439 | 8,728 | 12,137 | 14,949 |
| Number of requests completed beyond legislated timeframes | 71 | 89 | 123 | 55 |
| Proportion of requests that were responded to within legislated timeframes | 99% | 99% | 99% | 99% |
| Public interest disclosures | 300 | 329 | 261 | 419 |
| Material privacy breachesFootnote 4 | 141 | 128 | 74 | 210 |
| Complaints to the Privacy Commissioner | 22 | 29 | 9 | 16 |
The Commissioner report’s findings and may make recommendations. As demonstrated in Figure 5, sixteen complaints were made to the Privacy Commissioner during the 2019 to 2020 fiscal year, an increase from the previous year when nine complaints were received although lower than the average for the preceding four years. The number of material privacy breaches increased during the reporting period from 74 in 2018 to 2019 to 210 in 2019 to 2020. The increase, which is evaluated in depth in section 10 of this report, is largely attributable to increased numbers of passports lost in the mail, and a new project to better detect unauthorized views of client information by ESDC employees in 2019.
Total requests received and completed
Access to Information Act
During the 2019 to 2020 fiscal year, ESDC received 1,396 requests under the Access to Information Act, a 1% decrease from the previous fiscal year when the Department received 1,409 requests. This is the third time in recent years that ESDC has observed a decrease in the number of requests received. This decrease can be explained, in part, by new business processes which convert, with the consent of the client, erroneously submitted Access to Information Act requests into more accurate Privacy Act access requests.
There was a reduction in the number of requests closed during the reporting period from 1509 in 2018 to 2019 to 1302 in 2019 to 2020. This reduction is largely due to the initial impact of the COVID-19 pandemic, which resulted in the delay of ATI activities in the final month of the fiscal year.
Text description for Figure 5: Number of Access to Information Act requests received and completed
| Year | Received | Completed |
|---|---|---|
| 2016-2017 | 2,268 | 2,276 |
| 2017-2018 | 1,942 | 1,899 |
| 2018-2019 | 1,409 | 1,509 |
| 2019-2020 | 1,396 | 1,302 |
Privacy Act
During the 2019 to 2020 fiscal year, ESDC received 15,405 formal requests under the Privacy Act, an 18% increase from the previous fiscal year when the Department received 12,678 requests. This is the third consecutive yearly increase in the number of requests received and reflects the increasing importance Canadians attach to information covered by the Privacy Act as well as new business processes, which convert, with the consent of clients, erroneously submitted Access to Information Act requests into more accurate Privacy Act access requests.
There was a similar increase in the number of requests closed during the reporting period from 12,260 in 2018 to 2019 to 15,004 in 2019 to 2020. This increase represents a continuing achievement for ESDC and a compliance rate of over 99%. (this figure includes 96% of requests closed within 30 days and a further 3% closed within 60 days after an extension was sought).
Text description for Figure 6: Number of Privacy Act requests received and completed
| Year | Received | Completed |
|---|---|---|
| 2016-2017 | 8,353 | 8,510 |
| 2017-2018 | 8,852 | 8,817 |
| 2018-2019 | 12,678 | 12,260 |
| 2019-2020 | 15,405 | 15,004 |
Requests by calendar days taken to Complete
Access to Information Act
During the 2019 to 2020 fiscal year, ESDC processed 52% (673) of all requests (1,302) completed under the Access to Information Act within the first 30 days of receipt, slightly down from last year when ESDC processed 57% (866) of all requests (1,509) under the Act within 30 days.``
Text description for Figure 7: Number of Access to Information Act requests by calendar days taken to complete
| Year | 30 Calendar Days | 31-60 Calendar Days | 61 or more Calendar Days |
|---|---|---|---|
| 2016-2017 | 1,200 (53%) | 516 (23%) | 560 (24%) |
| 2017-2018 | 1,081 (57%) | 371 (19%) | 447 (24%) |
| 2018-2019 | 866 (57%) | 232 (16%) | 411 (27%) |
| 2019-2020 | 673 (57%) | 240 (16%) | 389 (27%) |
Privacy Act
During the 2019 to 2020 fiscal year, ESDC processed 96% (14,613) of all requests (15,004) completed under the Privacy Act within the first 30 days of receipt. This represents a small decrease from last year when ESDC processed 97% (11,832) of all requests (12,260) under the Act within the first 30 days of receipt. Of note, the Department received 2,744 more requests than in the previous fiscal year.
Text description for Figure 8: Number of Privacy Act requests by calendar days taken to complete
| Year | 30 Calendar Days | 31-60 Calendar Days | 61 or more Calendar Days |
|---|---|---|---|
| 2016-2017 | 8,234 (97%) | 252 (2%) | 24 (1%) |
| 2017-2018 | 8,595 (97%) | 179 (2%) | 43 (1%) |
| 2018-2019 | 11,832 (96%) | 370 (3%) | 58 (1%) |
| 2019-2020 | 14,613 (96%) | 358 (3%) | 33 (1%) |
Timeframes
Access to Information Act
During the 2019 to 2020 fiscal year, the Department met legislated timelines for 1,094 requests under the Access to Information Act, with a compliance rate of 84%. This represents a decrease of 3 percentage points compared to the Department’s 2017 to 2018 compliance rate (87%). As noted earlier in the document, the impact of COVID-19 at the end of the reporting period, as well as the allocation of additional resources in support of proactive publication efforts, affected the Department’s capacity to meet legislated timelines under the Access to Information Act during the year.
Institutions may apply for an extension beyond the original 30-day statutory timeframe in cases where meeting the statutory date is not feasible due to the volume of pages to be processed; where consultation is required that could not reasonably be conducted within the initial 30 days; or where notice is given to a third party. During the 2019 to 2020 fiscal year, ESDC requested 484 extensions.
ESDC was unable to meet legislated timelines for 208 requests during the fiscal year, almost exactly the same as the number for the previous year (204).
Text description for Figure 9: Number of requests processed within and beyond legislated timeframes, Access to Information Act
| Year | Within | Beyond |
|---|---|---|
| 2016-2017 | 77% | 23% |
| 2017-2018 | 83% | 17% |
| 2018-2019 | 87% | 13% |
| 2019-2020 | 84% | 16% |
Privacy Act
During the 2019 to 2020 fiscal year, ESDC met legislated timelines for 14,949 requests, which represents a 99% compliance rate and similar to the previous two fiscal years. ESDC was unable to meet legislated timelines for 55 requests during the fiscal year, which represents a non-compliance rate of less than half of one percent.
Institutions may apply for an extension beyond the original 30-day statutory timeframe in cases where meeting the statutory date is not feasible due to the volume of pages to be processed; where consultation is required that could not reasonably be conducted within the initial 30 days; or for translation purposes or to convert a record to another format. During the 2019 to 2020 fiscal year, ESDC requested 260 extensions. This represents an increase from the last fiscal year, when ESDC requested 128 extensions.
Text description for Figure 10: Number of requests processed within and beyond legislated timeframes, Privacy Act
| Year | Within | Beyond |
|---|---|---|
| 2016-2017 | 99% | 1% |
| 2017-2018 | 99% | 1% |
| 2018-2019 | 99% | 1% |
| 2019-2020 | 99% | 1% |
Timeframe monitoring
Access to Information Act
Except in certain circumstances, which allow for extensions, the Access to Information Act contains a statutory timeline of 30 calendar days (about 20 working days) to provide responses to requests. Given the legislated timeframes and ESDC’s commitment to respecting both the letter and spirit of the Access to Information Act, the Department continues to follow an established process and defined responsibilities as outlined in Figure 11.
Roles and responsibilities
Description:
Retrieval of Relevant Records and Formulation of Recommendations:
- Once a request is received, it is tasked to the relevant Branches and/or regions, the Offices of Primary Interest (OPI). The OPIs have eight working days to retrieve all responsive records and present them, along with any recommendations, to ATIP Operations.
Line-by-line Review of the Responsive Records
- ATIP Operations has eight working days to complete a thorough line-by-line review of the records and to invoke any applicable exemptions and/or exclusions.
Advance Release Notice
- Key stakeholders receive a notification that the release package has been posted electronically on a secure internal website at least four working days prior to the scheduled release date. This mechanism allows all implicated parties to provide final comments prior to release.
In support of timeframe monitoring, ATIP Operations provides a weekly report to senior management and the ministerial level. Additionally, a quarterly report capturing key ATIP processing performance indicators is also shared with senior management; including, all Deputy Ministers, and the Assistant Deputy Ministers. These reports continue to position Branches and regions to monitor access to information requests.
Privacy Act
ESDC’s regional offices manage the majority of the privacy request workload and prepare weekly reports concerning new requests, workload and status for the tracking of on-time performance for privacy requests. Regional offices also produce performance reports on a monthly, quarterly and yearly basis.
Pages processed and disclosed
Access to Information Act
During the 2019 to 2020 fiscal year, the Department experienced a 13% year-over-year increase in terms of total number of pages of documents processed and disclosed for requests under the Access to Information Act (please refer to Figure 12).
Text description for Figure 12: Number of pages processed and number of pages disclosed, Access to Information Act
| Year | Processed | Disclosed |
|---|---|---|
| 2016-2017 | 438,368 | 410,089 |
| 2017-2018 | 970,992 | 943,669 |
| 2018-2019 | 118,818 | 94,115 |
| 2019-2020 | 133,982 | 91,228 |
Privacy Act
The total number of pages processed and disclosed for privacy requests increased during the 2019 to 2020 fiscal year. During this reporting period, 1,259,755 pages were processed for exemptions and exclusions, which represents an increase of 29% from the previous fiscal year when 979,247 pages were processed. A total of 1,208,351 pages were disclosed, which is an increase from the previous year when 934,672 pages were disclosed.
Text description for Figure 14: Number of pages processed and number of pages disclosed, Privacy Act
| Year | Processed | Disclosed |
|---|---|---|
| 2016-2017 | 818,954 | 769,173 |
| 2017-2018 | 798,436 | 771,256 |
| 2018-2019 | 979,247 | 934,672 |
| 2019-2020 | 1,259,755 | 1,208,351 |
Source of requests under the Access to Information Act
During the 2019 to 2020 fiscal year, the most common source of requests under the Access to Information Act was from media (584), followed by the general public (374) and business/private sector (315). This trend continued from the previous fiscal years, where media was the main source of requesters. Lists of briefing notes and briefing note documentation have been the most common type of departmental material requested.
| Source | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| Media | 670 (30%) | 649 (33%) | 429 (30%) | 584 (42%) |
| Academia | 22 (1%) | 39 (2%) | 26 (2%) | 28 (2%) |
| Business/Private Sector | 438 (19%) | 357 (18%) | 332 (24%) | 315 (22%) |
| Organization | 113 (5%) | 124 (6%) | 140 (10%) | 50 (4%) |
| Public | 580 (26%) | 611 (31%) | 350 (25%) | 374 (27%) |
| Decline to Identify | 445 (20%) | 162 (8%) | 132 (9%) | 45 (3%) |
Exemptions and exclusions
ESDC is one of the largest holders of personal information in the Government of Canada, which affects the frequency in which exemptions and exclusions are applied under the Access to Information and Privacy Acts.
Access to Information Act
Exemptions
The Access to Information Act allows, and in some instances requires, that information relating to the internal decision-making processes of government, national security, law enforcement or trade secrets be exempted and not released.
The following table (Figure 15) outlines the most frequently invoked exemptions during the past four fiscal years. Due to the nature of ESDC’s mandate, most of the information under the Department’s control contains personal information about individuals and must be withheld under the mandatory exemptions set out in section 19 (Personal Information) unless certain conditions are met. Section 21 (Advice) was the most frequently applied exemption for the 2019 to 2020 fiscal year, and it continues to represent an important percentage of the total being applied in 300 instances.
| Section | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| s. 19 - Personal information | 501 (23%) | 385 (27%) | 306 (25%) | 249 (23%) |
| s. 16 - Law enforcement and investigations | 269 (13%) | 149 (10%) | 160 (13%) | 127 (12%) |
| s. 20 - Third party information | 229 (11%) | 152 (11%) | 164 (13%) | 180 (17%) |
| s. 21 - Advice and recommendations | 658 (31%) | 362 (25%) | 304 (25%) | 300 (28%) |
| s. 24 - Statutory prohibitions against disclosure | 186 (9%) | 149 (10%) | 84 (7%) | 75 (7%) |
* Figures are rounded for readability purposes
Exclusions
The Access to Information Act does not apply to information that is already publicly available, such as government publications (section 68), and confidences of the Queen’s Privy Council for Canada (section 69), which require consultation with the Department of Justice. During the 2019 to 2020 fiscal year, ESDC excluded records based on section 69 for 102 requests.
Privacy Act
Exemptions
The Privacy Act recognizes that individuals value their privacy and the protection of their personal information, and that this protection is an essential element in maintaining public trust in government. Although the Privacy Act provides individuals with an enforceable right of access to their personal information, there are instances, where certain limited and specific exemptions can be applied.
Due to the nature of ESDC’s mandate and its personal information holdings, the exemption under the Privacy Act that was applied most frequently is section 26, which protects personal information about another individual as defined by section 3 of the Privacy Act. This exemption occurred in 9,812 instances of completed requests during the 2019 to 2020 fiscal year. This represents an increase of 1,730 instances when compared to last fiscal year.
| Section | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| s. 22 - Law enforcement and investigation | 47 (0.8%) |
101 (1.7%) |
61 (0.7%) |
56 (0.6% |
| s. 26 – Information about another individual | 5,977 (97.7%) | 5,898 (96.7%) | 8,082 (98.1%) | 9,812 (98.7%) |
| s. 27 – Solicitor-client privilege | 91(1.5%) | 81 (1.3%) | 72 (0.9%) | 63 (0.6%) |
Exclusions
The Privacy Act allows for the exclusion of certain types of information such as records that are already available to the public (section 69) and confidences of the Queen’s Privy Council for Canada (section 70). During the 2019 to 2020 fiscal year, ESDC did not exclude any records for requests under the Privacy Act.
Consultations received from other Government of Canada institutions and other organizations
Access to Information Act
During the 2019 to 2020 fiscal year, ESDC received 309 external consultation requests, which originated from other Government of Canada institutions and organizations that required a review of an additional 10,823 pages. This represents an increase in the number of consultation requests compared to the previous fiscal year (222) but is a significant reduction in the number of pages reviewed in the 2018 to 2019 fiscal year 15,299.
The Department closed 291 requestsFootnote 5 for consultations of which 170 (58%) were completed within 30 days. Three quarters of those completed (219) resulted in a recommendation to disclose the records in their entirety and 57 (20%) recommended to disclose in part.
| Types of consultation | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| Consultations requests received under the Access to Information Act | 185 | 220 | 222 | 309 |
| Additional pages reviewed under the Access to Information Act | 7,301 | 7,908 | 15,564 | 10,823 |
| Access to Information Act Requests for Consultations Closed | 171 | 210 | 223 | 291 |
| Access to Information Act Requests for Consultations Closed within 30 days | 116 | 124 | 141 | 170 |
Privacy Act
ESDC received 20 external consultation requests during the 2019 to 2020 fiscal year, which originated from Government of Canada institutions and other organizations, requiring a review of 3,137 additional pages. This represents an increase from the previous fiscal year when ESDC reviewed 1,549 pages.
The Department closed 21 requests for consultations of which 18 (86%) were completed within 30 days. Of the total number of requests for consultation, 14 (67%) resulted in a recommendation to disclose the records entirely and 3 (14%) recommended the consulting institution or organization disclose the information in part.
| Types of consultation | 2016 to 2017 | 2017 to 2018 | 2018 to 2019 | 2019 to 2020 |
|---|---|---|---|---|
| Consultations requests received under the Privacy Act | 8 | 35 | 38 | 20 |
| Additional pages reviewed under the Privacy Act | 132 | 5,355 | 1,578 | 3,137 |
| Privacy Act Requests for Consultations Closed | 8 | 34 | 36 | 21 |
| Privacy Act Requests for Consultations Closed within 30 days | 7 | 29 | 36 | 18 |
Requests for the correction of personal information under the Privacy Act
Under the Privacy Act, individuals have a right to request the correction of erroneous personal information pertaining to them that is retained by a government institution, provided that the individual can adequately substantiate the request. ESDC accepted one request for correction of personal information during the 2018 to 2019 fiscal year.
Reporting on Access to Information fees for the purposes of the Service Fees Act
In 2017, the Government of Canada introduced the Service Fees Act,which replaced the User Fees Act. All government departments and agencies that charge fees for services are subject to this legislation, including ESDC.
The Service Fees Act requires a responsible authority to report annually to Parliament on the fees collected by the institution. Consistent with Treasury Board policy, fees charged pursuant to the Access to Information Act are to be reported in the Access to Information Annual Report. Consequently, ESDC is reporting these fees in this consolidated report.
With respect to fees collected under the Access to Information Act, the information is reported in accordance with the requirements of section 20 of the Service Fees Act.
General fees information
Fees for processing requests filed under the Access to Information Act
Fee-setting authority: Access to Information Act
- Fee Amount
- $5
- Service standard
- Response provided within 30 days following receipt of a request; the response time may be extended pursuant to section 9 of the Access to Information Act. Notice of extension is to be sent within 30 days after receipt of the request.
- Performance results
- Total requests received: 1,396
- Total requests completed: 1,302 6
- Requests responded to within 30 days: 1,094
- Requests completed within prescribed time limits of extensions: 484
- Requests responded to after deadline: 208
- Statutory deadline met 84% of the time
- Other information
- In accordance with the Interim Directive on the Administration of the Access to Information Act, issued on May 5, 2016, and the changes to the Access to Information Act that came into force on June 21, 2019, ESDC waives all fees prescribed by the Act and Regulations, other than the $5 application fee set out in paragraph 7(1)(a) of the Regulations.
Figure 20 is a summary of the financial information for all Access to Information Act fees under the Department’s authority.
| 2018 to 2019 Revenue | 2019 to 2020 Revenue | 2019 to 2020 Total Cost of Operating the ProgramFootnote 6 | 2019 to 2020 RemissionsFootnote 7 |
|---|---|---|---|
| $ 5,360.00* | $ 4,400.00 | $1,823,908 | $ 2,110.00 |
*Based on total requests received during the 2018 to 2019 fiscal year minus remissions
7. Complaints, investigations and court actions
Access to Information Act
Individuals are entitled under the Access to Information Act to file a complaint related to their request for a record with the Office of the Information Commissioner (OIC).
During the 2019 to 2020 reporting period, the Department was notified by the OIC of 52 access complaints and carried over 21 complaints from the previous fiscal year. The OIC closed 56 complaints and found 12 to be well founded. There were no court actions during the reporting period. Please refer to Figure 21 for more information about the complaints.
Privacy Act
Requesters who are not satisfied with how their privacy request was processed are entitled to file a complaint with the Office of the Privacy Commissioner (OPC).
During the 2019 to 2020 reporting period, the Department was notified by the OPC of 16 privacy complaints and carried over 7 complaints from the previous fiscal year. The OPC closed 26 complaints of which 10 were determined to be well founded. There were no court actions during the reporting period. Please refer to Figure 21 for more details about the complaints.
| Details | Access to Information Act | Privacy Act |
|---|---|---|
| Complaints | N/A | N/A |
| Total complaints received | 52 | 16 |
| Denied access | 12 | 6 |
| Unreasonable time extension | 4 | 0 |
| Processing delays | 27 | 3 |
| Improperly applied exemptions | 9 | 0 |
| Collection | N/A | 0 |
| Use and disclosure / Retention and disposal | N/A | 7 |
| Investigations | N/A | N/A |
| Total findings received | 56 | 26 |
| Well-founded | 12 | 10 |
| Not well-founded | 14 | 6 |
| Complaints resolved during investigation | 1 | 0 |
| Discontinued | 29 | 10 |
| Court Actions | N/A | N/A |
| Number of court actions | 0 | 0 |
Note: The total number of notifications of complaints received and the total number of investigations with findings received will not necessarily be the same in a given fiscal year. Investigations could relate to complaints that were received by the Office of the Privacy Commissioner in a fiscal year prior the 2019 to 2020 reporting period.
8. Internal audits
Access to information-related audits
Audit of the Access to information process
A 2016 to 2017 internal audit of the Access to Information process concluded that Employment and Social Development Canada’s (ESDC) access to information function complies with the Access to Information Act (ATIA). It also identified opportunities to improve oversight, address timeliness of responses and skills shortages, enhance data integrity, and address training gaps to increase compliance and respond to requests in a more efficient manner.
ATIP Operations completed and closed the management action plan for this audit and continues to actively engage ESDC senior management, increase access to information capacity (e.g., delegating additional authorities and duties to ATIP Operations staff), take steps to ensure complete and accurate performance reporting, update e-learning solutions, (such as ESDC’s “Access and Privacy is Everybody’s Business” online training) and explore modernization initiatives to create a “paperless” office.
Privacy-related audits
In 2018 to 2019, the audit of the management and implementation of select privacy impact assessments (PIA) identified the requirement to improve privacy impact assessment controls in order to achieve the thorough identification and consistent assessment of risks to personal information in the PIA process. It also noted that the Department needed to regularly follow-up on the mitigation activities identified in PIAs. As anticipated in last year’s annual report, ESDC completed and closed the management action plan for this audit in 2019 to 2020.
9. Public interest disclosures
Disclosures in the public interest are made by Employment and Social Development Canada’s (ESDC) under section 37(1) of the Department of Employment and Social Development Act (DESDA) instead of under section 8(2) (m) of the Privacy Act. Disclosures made under this provision are reported to the Office of the Privacy Commissioner (OPC).
During the 2019 to 2020 fiscal year, the Department disclosed personal information in the public interest in 419 instances. ESDC processed 392 public interest disclosures in the regions, which mostly involved incidents involving individuals who threatened to harm themselves or others. In instances where there is an imminent threat to the safety and security of individuals, employees have the delegated authority to make the disclosures. Given the urgency of these situations, the OPC is informed after the disclosure is made.
The Privacy Management Division (PMD) approved the disclosure of personal information in an additional 27 cases. The OPC was informed with a letter prior to the disclosure in 21 instances, and by letter after the disclosure in 6 occasions.
| Reason for disclosure | Number of disclosures |
|---|---|
| Regional disclosures | 392 |
| NHQ disclosures: Locate an individual/next of kin | N/A |
| NHQ disclosures: Fraud/suspected elder abuse | 7 |
| NHQ disclosures: Assault | 6 |
| NHQ disclosures: Missing person | 1 |
| NHQ disclosures: Other | 8 |
| NHQ disclosures: Subtotal | 5 |
| Subtotal | 27 |
| TOTAL | 419 |
10. Material privacy breaches
A privacy breach is defined by the Treasury Board Secretariat (TBS) guidance as the “improper unauthorized collection, use, disclosure, retention or disposal of personal information” and material privacy breach is defined as one “that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual and/or to a significant number of individuals.”
During the 2019 to 2020 fiscal year, the Department reported 210 material breaches, a significant increase on the previous year, to the Office of the Privacy Commissioner (OPC) and to TBS (please refer to Figure 23). These breaches were mostly the result of operational errors resulting in personal information lost in transit in the postal system or sent to the wrong person. Compared to the millions of transactions processed by ESDC each year, the incident rate is, statistically, very small.
The vast majority of these incidents (170 cases of the 210 cases) involved lost or misdirected passports of which Canada Post Corporation took responsibility for 143 breaches. Of note, in previous fiscal years, lost passports were not automatically considered a material privacy breach and would only be included in the total number when the loss also included supporting documents, such as a birth certificate. Following discussions with Immigration, Refugees and Citizenship Canada and Global Affairs Canada, and in consultation with the Office of the Privacy Commissioner, it was agreed that any lost passport should be considered a material breach due to the sensitivity of the document itself. This change in reporting methodology was almost entirely responsible for the increase in material privacy breaches reported by the Department. In addition, the unauthorized access by ESDC employees of personal information stored in departmental systems accounted for 19 incidents. These cases were identified as a result of the Department’s newly implemented Audit Log Monitoring initiative to detect the unauthorized accesses of personal information in ESDC’s electronic data holdings by ESDC employees. It is expected that additional incidents of this type will continue to be detected during the 2020 to 2021 fiscal year as this project expands in scope.
The Department continues to explore ways to reduce privacy breaches. Through ESDC’s privacy training and awareness activities, employees are informed and trained in the handling of personal information, including appropriate use and safeguarding protocols.
| No. of Material Breaches | Summary and nature of Information breached | Communication and notification | Actions undertaken in response |
|---|---|---|---|
| 5 | Documents containing personal information of clients were lost or stolen. | When possible, personal letters were sent to affected individuals informing them of the breach. |
|
| 16 | Personal information incorrectly shared with third party individuals, via telephone, e-mail, or mail. | When possible, personal letters were sent to affected individuals informing them of the breach. |
|
| 19 | Employees who made unauthorized accesses in Departmental systems to client information (mostly discovered as part of internal audits conducted on the Departmental systems). | When possible, personal letters were sent to affected individuals informing them of the breach. |
|
| 143 | Passports lost, stolen, or misdirected, where Canada Post Corporation was responsible for the breach. | When possible, personal letters were sent to affected individuals informing them of the breach. |
|
| 27 | Passports lost, stolen, or misdirected, as a result of an internal error. | When possible, personal letters were sent to affected individuals informing them of the breach. |
|
| Total Number of Material Breaches: 210 | |||
11. Training and awareness activities
Privacy and Access to information training
ESDC has a comprehensive and mandatory training program to increase knowledge and awareness of the stewardship of information. All employees are required to maintain valid certification in the Stewardship of Information and Workplace Behaviours (SIWB), which addresses privacy, the handling of personal information, access to information, information management, security and values and ethics. Delivered online, SIWB certification is valid for two years. At the end of the 2019 to 2020 fiscal year, 25,961 individuals, representing 82% of the total workforce, held a valid SIWB certification. The SIWB training was updated during the reporting period to align with the 2019 ATIA amendments.
In addition to online training and certification, ESDC undertook a number of in-person and online privacy training sessions and activities. ESDC delivered 13 in-person sessions to 313 employees during the 2019 to 2020 fiscal year. Further to this, departmental governance structures were utilized to engage senior management at the Assistant Deputy Minister level and above on privacy and access to information and to maintain the high profile and importance of these issues within the organization.
Access to information awareness
In terms of training to non-ATIP employees, ESDC delivered 10 in-person ATIP training sessions throughout the reporting period to 211 participants. The Department also continued to take advantage of opportunities (e.g., during ATIP training) to raise awareness with respect to the requirements of the 2019 amendments to ATIP and its implications for the Department’s proactive disclosure and access to information activities. Although ESDC was not able to increase the number of ATIP training sessions in the 2019 to 2020 fiscal year as anticipated, employees were encouraged to pursue departmental ATIP training online.
Privacy awareness
Throughout the reporting period, the Department continued to provide practical, easy-to-understand, and readily available privacy information and guidance to employees to reinforce the application of appropriate personal information handling and safeguarding practices. These activities included organizing various privacy-themed information events such as Privacy Awareness Week during May 2019, a “Data Privacy Day” in January 2020, and a series of specialized knowledge talks.
Annex A: Delegation orders
Access to Information Act and regulations: Delegation of Authority Department of Employment and Social Development
The Minister of Employment and Social Development, pursuant to section 11 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or function of the head of the institution, as specified in the attached schedules.
- Access to Information Act
- Privacy Act
Original signed March 12, 2020 by the Honourable Carla Qualtrough, Minister of Employment and Social Development
| Description | Section | Delegated Authority |
|---|---|---|
| Responsibility of government institutions | 4(2.1) |
|
| Reasons for declining to act on request | 6.1(1) |
|
| Notice – suspension | 6.1(1.3) |
|
| Notice – end of suspension | 6.1(1.4) |
|
| Notice (written notice for declining to act on a request) | 6.1(2) |
|
| Notice where access requested / Giving access to record | 7 |
|
| Transfer of request to another government institution | 8(1) |
|
| Extension of time limits | 9 |
|
| Notice where access refused | 10 |
|
| Application fee waiver | 11(2) |
|
| Language of access |
12(2) |
|
| Access to alternate format
|
12(3) |
|
| Refuse access – Obtained in confidence
|
13 |
|
| Refuse access – Federal-provincial affairs | 14 |
|
| Refuse access – International affairs and defence |
15 |
|
| Refuse access – Law enforcement and investigations | 16 |
|
| Refuse access – Public Servants Disclosure Protection Act | 16.5 |
|
| Refuse access – Safety of individuals | 17 |
|
| Refuse access – Economic interests of Canada | 18 |
|
| Refuse access – Economic interest of the Canada Post Corporation, Export Development Canada, the Public Sector Pension Investment Board and VIA Rail Canada Inc. | 18.1 |
|
| Refuse access – Personal information | 19 |
|
| Refuse access – Third party information | 20 |
|
| Refuse access – Operations of Government | 21 |
|
| Refuse access – Testing procedures, tests, audits | 22 |
|
| Refuse access – Audit working papers and draft audit reports | 22.1 |
|
| Refuse access – Solicitor-client privilege | 23 |
|
| Refuse access – Statutory prohibitions | 24 |
|
| Severability | 25 |
|
| Information to be published | 26 |
|
| Third party notification | 27(1) |
|
| Third party notification – Extension of time limit | 27(4) |
|
| Third party notification – Notice of decision | 28(1) |
|
| Third party notification – Waive representations in writing | 28(2) |
|
| Third party notification – Disclosure of record | 28(4) |
|
| Advising Information Commissioner of third party involvement | 33 |
|
| Right to make representations | 35(2) |
|
| Access given to complainant | 37(4) |
|
| Review by Federal Court – government institution | 41(2) |
|
| Review by Federal Court – government institution-Respondents | 41(5) |
|
| Notice to third party (application to Federal Court) | 43(1) |
|
| Service or notice | 43(2) |
|
| Notice to person who requested record | 44(2) |
|
| Special rules for hearings | 52(2) |
|
| Ex parte representations (Federal Court) | 52(3) |
|
| Description | Section | Delegated Authority |
|---|---|---|
| Transfer of request | 6(1) |
|
| Search and preparation of fees | 7(2) |
|
| Production and programming | 7(3) |
|
| Providing access to records | 8 |
|
| Limitations in respect of format | 8.1 |
|
Privacy Act and regulations: Delegation of Authority, Department of Employment and Social Development
The Minister of Employment and Social Development, pursuant to section 11 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or function of the head of the institution, as specified in the attached schedules.
- Access to Information Act
- Privacy Act
Original signed March 12, 2020 by the Honourable Carla Qualtrough, Minister of Employment and Social Development
| Description | Section | Delegated Authority |
|---|---|---|
| Retention of a record of requests and disclosed records to investigative bodies under section 8(2)(e) of the Privacy Act | 8(4) |
|
| Retention of records of uses of personal information | 9(1) |
|
| Notification of the Privacy Commissioner of any new consistent uses of personal information and ensure use is included in next statement of consistent uses set forth in the Index | 9(4) |
|
| Include personal information in personal information banks | 10 |
|
| Respond to request for access within 30 days and give written notice and, if access to be given, give access | 14 |
|
| Extension of the 30 day time limit to respond to a privacy request | 15 |
|
| Decision on whether to translate a response to a privacy request in one of the two official languages | 17(2)(b) |
|
| Decision on whether to convert personal information to an alternate format | 17(3)(b) |
|
| Decision to refuse to disclose personal information contained in an exempt bank | 18(2) |
|
| Decision to refuse access to personal information that was obtained in confidence from the government of a foreign state or institution, an international organization of states or an institution thereof, the government of a province or institution thereof, a municipal or regional government established by or pursuant to an Act of the legislature of a province or an institution of such a government, or the council, as defined in the Westbank First Nation Self-Government Agreement given effect by the Westbank First Nation Self-Government Act or the council of a participating in First Nation as defined in the First Nations Jurisdiction over Education in British Columbia Act | 19(1) |
|
| Authority to disclose personal information referred to in 19(1) if the government, organization or institution described in 19(1) consents to the disclosure or makes the information public | 19(2) |
|
| Refuse to disclose personal information that may be injurious to the conduct of federal-provincial affairs | 20 |
|
| Refuse to disclose personal information that may be injurious to international affairs or the defence of Canada or one of its allies | 21 |
|
| Refuse to disclose personal information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions | 22 |
|
| Refuse to disclose personal information created for the Public Servants Disclosure Protection Act | 22.3 |
|
| Refuse to disclose personal information prepared by an investigative body for security clearance | 23 |
|
| Refuse to disclose personal information that was collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while the individual was under sentence if the conditions in the section are met | 24 |
|
| Refuse to disclose personal information which could threaten the safety of individuals | 25 |
|
| Refuse to disclose personal information about another individual and shall refuse to disclose such information where disclosure is prohibited under section 8 | 26 |
|
| Refuse to disclose personal information that is subject to solicitor-client privilege. | 27 |
|
| Refuse to disclose personal information relating to the individual’s physical or mental health where the disclosure is contrary to the best interests of the individual | 28 |
|
| Receive notice of investigation by the Privacy Commissioner | 31 |
|
| Right to make representations to the Privacy Commissioner during an investigation | 33(2) |
|
| Receive Privacy Commissioner’s report of findings of an investigation and give notice of action taken | 35(1) |
|
| Provision of addition personal information to a complainant after receiving a 35(1)(b) notice. | 35(4) |
|
| Receive Privacy Commissioner’s report of findings of investigation of exempt bank | 36(3) |
|
| Receive report of Privacy Commissioner’s findings after compliance investigation | 37(3) |
|
| Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region. | 51(2)(b) |
|
| Request and be given right to make representations in section 51 hearings | 51(3) |
|
| Prepare annual report to Parliament | 72(1) |
|
| Description | Section | Delegated Authority |
|---|---|---|
| Allow examination of the documents (Reading Room) | 9 |
|
| Notification of Correction | 11(2) |
|
| Correction refused, notation placed on file | 11(4) |
|
| Disclosure to a medical practitioner or psychologist | 13(1) |
|
| Disclosure in the presence of a medical practitioner or psychologist | 14 |
|
Annex B: Summaries of Completed Privacy Impact Assessments
ESDC completed nine privacy impact assessments (PIAs) over the course of the past fiscal year. Information on these PIAs are found below and on ESDC’s privacy impact assessments web site.
Biometrics Expansion Project: Service Canada In-Canada Biometrics Collection Services for the Department of Immigration, Refugees and Citizenship Canada
The Department of Immigration, Refugees and Citizenship Canada (IRCC) began collecting biometric information (digital photograph and fingerprints) from select nationals in 2013 under the Temporary Resident Biometrics Project. Following the success of that initiative, the Biometrics Expansion Project was launched to add the biometric collection requirement for all temporary resident visa, work or study permit, and temporary resident permit applicants, excluding United States nationals, and for all permanent resident applicants. One of the core mandates of the Biometrics Expansion Project is the delivery of the In-Canada Biometrics Collection Service that is provided by Service Canada on behalf of IRCC. The PIA examined privacy impacts resulting from the ESDC component of the In-Canada Biometrics Collection Services, specifically the collection of biometric information by Service Canada and its disclosure to IRCC.
Canada Pension Plan Disability Medical Adjudication Quality Assurance Program (Phase 1)
The Canada Pension Plan Disability (CPP-D) program provides partial income to eligible CPP contributors who are under age 65 with a severe and prolonged disability. Medical Adjudicators assess CPP-D applications to determine their eligibility. The CPP-D Medical Adjudication Quality Assurance (MA QA) program was developed to ensure that a robust quality assurance framework for medical adjudication decisions is being followed. The first phase of this initiative consists of a review of a random sample of CPP-D applications that were assessed by Medical Adjudicators to provide information on the quality of evidence and analysis in the medical adjudication process. Phase 1 also included the creation of a new database containing personal information that allows ESDC to determine the quality and consistency of the medical adjudication process and decisions. This PIA was completed to assess the privacy implications of the first phase of the CPP-D MA QA program.
Canada’s Volunteer Awards Program
Each year, Canada’s Volunteer Awards (CVA) recognizes the significant contributions of individual volunteers, groups of volunteers, not-for-profit organizations, and socially responsible businesses across Canada in helping communities. The CVA’s annual Call for Nominations requires the collection of personal information from a number of stakeholders —specifically the nominators, nominees, authors of letters of support, Regional Reviewers, and National Advisory Committee members— for the nomination and selection of award recipients. A new nomination system was developed for the CVA that required a PIA to assess the privacy impacts of ESDC’s collection and use of personal information during the nomination and award selection processes.
Departmental Accounts Receivable System Replacement Project
The Canada Revenue Agency (CRA) has the responsibility to collect debts owed to the Crown for several ESDC statutory programs. To carry out this work, officials from both institutions use ESDC’s Departmental Accounts Receivable System, which is being replaced by the Public Sector Collections and Disbursements (PSCD) system, a SAP-based module. This PIA assessed the privacy impacts related to the management and protection of personal information related to new business processes associated with the PSCD module.
Disclosure of Old Age Security Act to the province of Newfoundland and Labrador
ESDC discloses the personal information to the Government of Newfoundland and Labrador from individuals residing in the province who are eligible for the Old Age Security (OAS) and Guaranteed Income Supplement (GIS) programs in order to determine eligibility for the province’s 65 Plus Plan. The 65 Plus Plan provides access to prescription medication at a reduced cost. This PIA assessed the privacy impacts and risks stemming from a new information sharing agreement between the two governments, which replaced a 40-year-old Letter of Agreement, as well as the related processes and information technologies.
Job Bank
Job Bank is delivered by ESDC on behalf of the Canada Employment Insurance Commission as part of the National Employment Service. It is a free online national service that provides job seekers with the ability to search for available job opportunities and for employers to find qualified candidates. In December 2014, a PIA examined Job Bank 2.0 updates, specifically new registration and authentication processes to create user accounts. This PIA also reviewed the privacy impacts of Job Bank services that were introduced since 2015, as well as some new features that will be developed as part of the Job Bank 3.0 project, including Job Match, Resume Builder and Resume Sharing, Job Alerts, and Job Bank for Employers.
Exchange of personal information between Employment and Social Development Canada, Nova Scotia Department of Community Services and Service Nova Scotia
ESDC and the Nova Scotia Department of Community Services consolidated several Information Sharing Agreements in order for the latter to administer the province’s Income Assistance and Disability Support Program. In addition, an Information Sharing Agreement was negotiated between ESDC and Service Nova Scotia to allow for the administration of the province’s Property Tax Rebate for Seniors and the Heating Assistance Rebate Program. A PIA was completed to assess the privacy implications related to the exchange and use of personal information from the Canada Pension Plan, the Old Age Security program, and the Guaranteed Income Supplement benefit for the administration of these Nova Scotia programs.
MyAlberta Digital Identity Pilot
The MyAlberta Digital Identity (MADI) Pilot was introduced to give Alberta residents the opportunity to streamline their access to their My Service Canada Account (MSCA) by means of a Province-approved identity-bound credential, the Trusted Digital Identity. A PIA was completed to assess the privacy implications related to the handling of personal information during the registration and authentication processes a user has to undertake prior to accessing MSCA using MADI.
Receipt of Entry-Exit Data from the Canada Border Services Agency by the Employment Insurance Program
Within ESDC, Service Canada’s Integrity Services Branch is responsible for investigating fraud and abuse of the Employment Insurance (EI) Program using information from the Canada Border Services Agency (CBSA) to validate that EI claimants have properly self-reported any absences from Canada. Historically, customs declaration cards have been used by the CBSA, and data from those cards were provided to ESDC to identify EI claimants who may have left Canada while receiving EI benefits. The CBSA has now introduced an electronic Entry-Exit system, which will collect exit information from airlines and the United States Customs and Border Protection, while also collecting entry information when a traveller returns to Canada. A PIA was completed to identify and assess the privacy implications associated with the collection of entry-exit data from this new electronic system for the administration and enforcement of ESDC’s EI and Old Age Security Program.
In addition, ESDC has piloted a new assessment format, of which two were completed during the fiscal year, for lower risk activities that involve the administrative use of personal information. This “PIA light” approach is aimed at streamlining the approach while maintaining all the risk considerations of a PIA via an assessment against the 10 privacy principles.
Annex C: Statistical Reports
Statistical Report on the Access to Information Act
Name of institution: Employment and Social Development Canada
Reporting period: 2019-04-01 to 2020-03-31
Section 1: Requests under the Access to Information Act
| Detail | Number of Requests |
|---|---|
| Received during reporting period | 1396 |
| Outstanding from previous reporting period | 315 |
| Total | 1711 |
| Closed during reporting period | 1302 |
| Carried over to next reporting period | 409 |
| Source | Number of Requests |
|---|---|
| Media | 584 |
| Academia | 28 |
| Business (private sector) | 315 |
| Organization | 50 |
| Public | 374 |
| Decline to Identify | 45 |
| Total | 1396 |
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
|---|---|---|---|---|---|---|---|
| 181 | 334 | 52 | 15 | 0 | 0 | 0 | 582 |
Section 2: Decline to act on vexatious, made in bad faith or abuse of right requests
| Details | Number of Requests |
|---|---|
| Outstanding from previous reporting period | 0 |
| Sent during reporting period | 0 |
| Total | 0 |
| Approved by the Information Commissioner during reporting period | 0 |
| Declined by the Information Commissioner during reporting period | 0 |
| Carried over to next reporting period | 0 |
Section 3: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 25 | 176 | 103 | 52 | 10 | 2 | 2 | 370 |
| Disclosed in part | 7 | 124 | 115 | 136 | 72 | 28 | 39 | 521 |
| All exempted | 4 | 6 | 1 | 1 | 1 | 3 | 2 | 18 |
| All excluded | 0 | 0 | 0 | 4 | 3 | 1 | 0 | 8 |
| No records exist | 59 | 66 | 16 | 5 | 0 | 1 | 0 | 147 |
| Request transferred | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| Request abandoned | 190 | 15 | 5 | 10 | 3 | 2 | 12 | 237 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Decline to act with the approval of the Information Commissioner | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 286 | 387 | 240 | 208 | 89 | 37 | 55 | 1302 |
| Section | Number of Requests |
|---|---|
| 13(1)(a) | 5 |
| 13(1)(b) | 0 |
| 13(1)(c) | 7 |
| 13(1)(d) | 0 |
| 13(1)(e) | 0 |
| 14 | 36 |
| 14(a) | 3 |
| 14(b) | 1 |
| 15(1) | 11 |
| 15(1) - I.A.* | 11 |
| 15(1) - Def.* | 11 |
| 15(1) - S.A.* | 0 |
| 16(1)(a)(i) | 1 |
| 16(1)(a)(ii) | 0 |
| 16(1)(a)(iii) | 0 |
| 16(1)(b) | 7 |
| 16(1)(c) | 17 |
| 16(1)(d) | 0 |
| 16(2) | 95 |
| 16(2)(a) | 0 |
| 16(2)(b) | 0 |
| 16(2)(c) | 7 |
| 16(3) | 0 |
| 16.1(1)(a) | 0 |
| 16.1(1)(b) | 0 |
| 16.1(1)(c) | 0 |
| 16.1(1)(d) | 0 |
| 16.2(1) | 0 |
| 16.3 | 0 |
| 16.31 | 0 |
| 16.4(1)(a) | 0 |
| 16.4(1)(b) | 0 |
| 16.5 | 16.5 |
| 16.6 | 16.6 |
| 17 | 17 |
| 18(a) | 0 |
| 18(b) | 4 |
| 18(c) | 0 |
| 18(d) | 0 |
| 18.1(1)(a) | 0 |
| 18.1(1)(b) | 0 |
| 18.1(1)(c) | 0 |
| 18.1(1)(d) | 0 |
| 19(1) | 249 |
| 20(1)(a) | 2 |
| 20(1)(b) | 103 |
| 20(1)(b.1) | 1 |
| 20(1)(c) | 65 |
| 20(1)(d) | 9 |
| 20.1 | 0 |
| 20.2 | 0 |
| 20.4 | 0 |
| 21(1)(a) | 138 |
| 21(1)(b) | 154 |
| 21(1)(c) | 6 |
| 21(1)(d) | 2 |
| 22 | 3 |
| 22.1(1) | 3 |
| 23 | 31 |
| 23.1 | 0 |
| 24(1) | 75 |
| 26 | 5 |
* I.A.: International Affairs Def.: Defence of Canada S.A.: Subversive Activities
| Section | Number of Requests |
|---|---|
| 68(a) | 0 |
| 68(b) | 0 |
| 68(c) | 0 |
| 68.1 | 0 |
| 68.2(a) | 0 |
| 68.2(b) | 0 |
| 69(1) | 1 |
| 69(1)(a) | 2 |
| 69(1)(b) | 1 |
| 69(1)(c) | 2 |
| 69(1)(d) | 3 |
| 69(1)(e) | 4 |
| 69(1)(f) | 2 |
| 69(1)(g) re (a) | 41 |
| 69(1)(g) re (b) | 0 |
| 69(1)(g) re (c) | 22 |
| 69(1)(g) re (d) | 2 |
| 69(1)(g) re (e) | 4 |
| 69(1)(g) re (f) | 18 |
| 69.1(1) | 0 |
| Paper | Electronic | Other |
|---|---|---|
| 552 | 338 | 1 |
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 133982 | 91228 | 1154 |
| Disposition | Less Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| All disclosed | 349 | 4119 | 13 | 2443 | 7 | 4526 | 1 | 418 | 0 | 0 |
| Disclosed in part | 385 | 9317 | 98 | 18308 | 19 | 10042 | 16 | 20805 | 3 | 18650 |
| All exempted | 10 | 0 | 4 | 0 | 1 | 0 | 3 | 0 | 0 | 0 |
| All excluded | 6 | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 230 | 364 | 5 | 171 | 0 | 0 | 2 | 2065 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 980 | 13800 | 122 | 20922 | 27 | 14568 | 22 | 23288 | 3 | 18650 |
| Disposition | Consultation Required | Assessment of Fees | Legal Advice Sought | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 69 | 0 | 0 | 0 | 69 |
| Disclosed in part | 194 | 0 | 4 | 0 | 198 |
| All exempted | 5 | 0 | 0 | 0 | 5 |
| All excluded | 7 | 0 | 0 | 0 | 7 |
| Request abandoned | 9 | 0 | 1 | 0 | 10 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 284 | 0 | 5 | 0 | 289 |
| Details | Requests closed within legislated timelines |
|---|---|
| Number of requests closed within legislated timelines | 1094 |
| Percentage of requests closed within legislated timelines (%) | 84 |
| Number of Requests Closed Past the Legislated Timelines | Principal Reason | |||
|---|---|---|---|---|
| Interference with Operations / Workload | External Consultation | Internal Consultation | Other | |
| 208 | 138 | 24 | 8 | 38 |
| Number of Days Past Legislated Timelines | Number of Requests Past Legislated Timeline Where No Extension Was Taken | Number of Requests Past Legislated Timeline Where an Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 34 | 8 | 42 |
| 16 to 30 days | 15 | 16 | 31 |
| 31 to 60 days | 12 | 21 | 33 |
| 61 to 120 days | 8 | 20 | 28 |
| 121 to 180 days | 2 | 9 | 11 |
| 181 to 365 days | 5 | 23 | 28 |
| More than 365 days | 9 | 26 | 35 |
| Total | 85 | 123 | 208 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Extensions
| Disposition of Requests Where an Extension Was Taken | 9(1)(a) Interference With Operations |
9(1)(b) Consultation | 9(1)(c) Third-Party Notice |
|
|---|---|---|---|---|
| Section 69 | Other | |||
| All disclosed | 26 | 0 | 64 | 10 |
| Disclosed in part | 83 | 4 | 211 | 32 |
| All exempted | 7 | 0 | 4 | 1 |
| All excluded | 0 | 0 | 8 | 0 |
| No records exist | 1 | 0 | 2 | 0 |
| Request abandoned | 9 | 0 | 20 | 2 |
| Total | 126 | 4 | 309 | 45 |
| Length of Extensions | 9(1)(a) Interference With Operations |
9(1)(b) Consultation | 9(1)(c) Third-Party Notice |
|
|---|---|---|---|---|
| Section 69 | Other | |||
| 30 days or less | 79 | 0 | 46 | 0 |
| 31 to 60 days | 22 | 1 | 64 | 43 |
| 61 to 120 days | 20 | 3 | 185 | 2 |
| 121 to 180 days | 2 | 0 | 13 | 0 |
| 181 to 365 days | 2 | 0 | 1 | 0 |
| 365 days or more | 1 | 0 | 0 | 0 |
| Total | 126 | 4 | 309 | 45 |
Section 5: Fees
| Fee Type | Fee Collected | Fee Waived or Refunded | ||
|---|---|---|---|---|
| Number of Requests |
Amount | Number of Requests |
Amount | |
| Application | 880 | $4,400 | 422 | $2,110 |
| Other fees | 0 | $0 | 0 | $0 |
| Total | 880 | $4,400 | 422 | $2,110 |
Section 6: Consultations Received From Other Institutions and Organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during reporting period | 298 | 10534 | 11 | 289 |
| Outstanding from the previous reporting period | 22 | 1612 | 4 | 17 |
| Total | 320 | 12146 | 15 | 306 |
| Closed during the reporting period | 277 | 9452 | 14 | 188 |
| Carried over to next reporting period | 43 | 2694 | 1 | 11 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| Disclose entirely | 64 | 76 | 56 | 10 | 3 | 0 | 0 | 209 |
| Disclose in part | 0 | 13 | 22 | 18 | 1 | 1 | 0 | 55 |
| Exempt entirely | 0 | 0 | 2 | 0 | 0 | 0 | 0 | 2 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 7 | 3 | 1 | 0 | 0 | 0 | 0 | 11 |
| Total | 71 | 92 | 81 | 28 | 4 | 1 | 0 | 277 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| Disclose entirely | 0 | 7 | 2 | 1 | 0 | 0 | 0 | 10 |
| Disclose in part | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 2 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 2 |
| Total | 0 | 7 | 4 | 3 | 0 | 0 | 0 | 14 |
Section 7: Completion Time of Consultations on Cabinet Confidences
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | |
| 1 to 15 | 12 | 310 | 1 | 74 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 11 | 230 | 3 | 106 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 34 | 531 | 2 | 155 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 58 | 1071 | 6 | 335 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of Days | Fewer Than 100 Pages Processed | 101‒500 Pages Processed | 501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | |
| 1 to 15 | 1 | 0 | 1 | 2 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 2 | 5 | 1 | 38 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 1 | 70 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 4 | 75 | 2 | 40 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and investigations
| Section 32 Notice of intention to investigate | Subsection 30(5) Ceased to investigate | Section 35 Formal representations | Section 37 Reports of finding received | Section 37 Reports of finding containing recommendations issued by the Information Commissioner | Section 37 Reports of finding containing orders issued by the Information Commissioner |
|---|---|---|---|---|---|
| 52 | 8 | 73 | 55 | 1 | 1 |
Section 9: Court Action
| Section 41 (before June 21, 2019) | Section 42 | Section 44 |
|---|---|---|
| 0 | 0 | 0 |
| Section 41 (after June 21, 2019) | ||||
|---|---|---|---|---|
| Complainant (1) | Institution (2) | Third Party (3) | Privacy Commissioner (4) | Total |
| 0 | 0 | 0 | 0 | 0 |
Section 10: Resources Related to the Access to Information Act
| Expenditures | Amount |
|---|---|
| Salaries | $1,527,833 |
| Overtime | $948 |
| Goods and Services, total | $295,127 |
| Professional services contracts | $238,582 |
| Other | $56,545 |
| Total | $1,823,908 |
| Resources | Person Years Dedicated to Access to Information Activities |
|---|---|
| Full-time employees | 20.24 |
| Part-time and casual employees | 0.00 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 1.92 |
| Students | 0.00 |
| Total | 22.16 |
New reporting requirement
| Section | Number of requests |
|---|---|
| 16.31 Investigation under the Elections Act | 0 |
| 16.6 National Security and Intelligence Committee | 0 |
| 23.1 Patent or Trademark privilege | 0 |
Statistical Report on the Privacy Act
Name of institution: Employment and Social Development Canada
Reporting period: 2019-04-01 to 2020-03-31
Section 1: Requests Under the Privacy Act
| Details | Number of Requests |
|---|---|
| Received during reporting period | 15405 |
| Outstanding from previous reporting period | 826 |
| Total | 16231 |
| Closed during reporting period | 15004 |
| Carried over to next reporting period | 1227 |
Section 2: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 275 | 689 | 21 | 1 | 0 | 0 | 0 | 986 |
| Disclosed in part | 4332 | 7013 | 326 | 15 | 4 | 6 | 3 | 11699 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 1589 | 526 | 7 | 2 | 0 | 0 | 0 | 2124 |
| Request abandoned | 145 | 44 | 4 | 0 | 1 | 0 | 1 | 195 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 6341 | 8272 | 358 | 18 | 5 | 6 | 4 | 15004 |
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 1 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 1 |
| 22(1)(b) | 54 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 1 |
| 22.4 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 7 |
| 26 | 9812 |
| 27 | 61 |
| 27.1 | 2 |
| 28 | 0 |
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 1 |
| 69(1)(b) | 0 |
| 69.1 | 1 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
| Paper | Electronic | Other |
|---|---|---|
| 10267 | 2416 | 2 |
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 1259755 | 1208351 | 12880 |
| Disposition | Less Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| All disclosed | 918 | 14783 | 67 | 9419 | 0 | 0 | 1 | 11 | 0 | 0 |
| Disclosed in part | 8014 | 286507 | 3432 | 679688 | 191 | 114767 | 57 | 74533 | 5 | 27513 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 192 | 416 | 3 | 714 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 9124 | 301706 | 3502 | 689821 | 191 | 114767 | 58 | 74544 | 5 | 27513 |
| Disposition | Consultation Required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 14 | 0 | 424 | 1 | 439 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 14 | 0 | 424 | 1 | 439 |
| Details | Requests closed within legislated timelines |
|---|---|
| Number of requests closed within legislated timelines | 14949 |
| Percentage of requests closed within legislated timelines (%) | 99.6 |
| Number of Requests Closed Past the Legislated Timelines | Principal Reason | |||
|---|---|---|---|---|
| Interference with Operations / Workload | External Consultation | Internal Consultation | Other | |
| 55 | 40 | 1 | 0 | 14 |
| Number of Days Past Legislated Timelines | Number of Requests Past Legislated Timeline Where No Extension Was Taken | Number of Requests Past Legislated Timelines Where an Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 21 | 2 | 23 |
| 16 to 30 days | 7 | 2 | 9 |
| 31 to 60 days | 4 | 3 | 7 |
| 61 to 120 days | 2 | 4 | 6 |
| 121 to 180 days | 0 | 3 | 3 |
| 181 to 365 days | 0 | 4 | 4 |
| More than 365 days | 1 | 2 | 3 |
| Total | 35 | 20 | 55 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 2 | 0 | 2 |
| Total | 2 | 0 | 2 |
Section 3: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
NB: The Department of Employment and Social Development Act takes precedence over Privacy Act s.8(2)
Section 4: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 2 |
| Requests for correction accepted | 4 |
| Total | 6 |
Section 5: Extensions
| Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 260 | 7 | 41 | 189 | 11 | 0 | 0 | 8 | 4 |
| Length of Extensions | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 0 |
| 16 to 30 days | 7 | 41 | 189 | 11 | 0 | 0 | 7 | 4 |
| 31 days or greater | N/A | N/A | N/A | N/A | N/A | N/A | N/A | 0 |
| Total | 7 | 41 | 189 | 11 | 0 | 0 | 8 | 4 |
Section 6: Consultations Received From Other Institutions and Organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during the reporting period | 20 | 3137 | 0 | 0 |
| Outstanding from the previous reporting period | 1 | 30 | 2 | 266 |
| Total | 21 | 3167 | 2 | 266 |
| Closed during the reporting period | 19 | 2407 | 2 | 266 |
| Carried over to the next reporting period | 2 | 760 | 0 | 0 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 5 | 4 | 2 | 1 | 0 | 0 | 0 | 12 |
| Disclosed in part | 2 | 1 | 0 | 0 | 0 | 0 | 0 | 3 |
| All exempted | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 3 |
| Total | 11 | 5 | 2 | 1 | 0 | 0 | 0 | 19 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 2 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 1 | 0 | 0 | 0 | 0 | 0 | 2 |
Section 7: Completion Time of Consultations on Cabinet Confidences
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed |
1001-5000 Pages Processed |
More than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of Days | Fewer Than 100 Pages Processed | 101‒500 Pages Processed | 501-1000 Pages Processed |
1001-5000 Pages Processed |
More than 5000 Pages Processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | Number of Requests |
Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 13 | 23 | 21 | 0 | 57 |
Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)
| Number of PIA(s) completed | 9 |
|---|
| Personal Information Banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| 57 | 0 | 0 | 3 |
Section 10: Material Privacy Breaches
| Number of material privacy breaches reported to TBS | 210 |
|---|---|
| Number of material privacy breaches reported to OPC | 210 |
Section 11: Resources Related to the Privacy Act
| Expenditures | Amount |
|---|---|
| Salaries | $5,592,253 |
| Overtime | $57,025 |
| Goods and Services | $102,888 |
| Professional services contracts | $34,596 |
| Other | $68,292 |
| Total | $5,752,166 |
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 36.60 |
| Part-time and casual employees | 0.00 |
| Regional staff | 40.63 |
| Consultants and agency personnel | 0.29 |
| Students | 0.00 |
| Total | 77.52 |
New reporting requirement
| Section | Number of requests |
|---|---|
| 22.4 National Security and Intelligence Committee | 0 |
| 27.1 Patent or Trademark privilege | 0 |
Page details
- Date modified: