Annual Report on the Administration of the Privacy Act 2015–2016

From Employment and Social Development Canada

Executive summary

Employment and Social Development Canada (ESDC) is responsible for a range of programs and services that support Canadians throughout their lives—from school to work, from one job to another, from unemployment to employment and from the workforce to retirement.

The mission of ESDC, which includes the Labour Program and Service Canada, is to build a stronger, more competitive Canada, support Canadians in making choices that help them live productive and rewarding lives, and improve Canadians’ quality of life. It delivers programs and services directly to Canadians at 615 points of service across Canada. ESDC serves the needs of millions of Canadians through multi-channel access points such as in-person services, on the Internet through web-based services and information, and via telephone through its network of call centres. With about 81.5 million annual visits to Service Canada’s website, Canadians are making a choice to interact with ESDC online.

The protection of personal information is a core organizational value and is fundamental to maintaining the public’s trust. The management and delivery of ESDC’s programs and services often require the collection, use and disclosure of an individual’s personal information. For some departmental programs, detailed and sometimes sensitive personal information is required to determine program eligibility or to receive benefits and services.

ESDC is subject to the privacy protection requirements set out in the Privacy Act as well as personal information protection provisions in Part 4 of the Department of Employment and Social Development Act. Part 4 of the Department of Employment and Social Development Act establishes specific and limited circumstances for ESDC’s use and disclosure of personal information that take precedence over the requirements of the Privacy Act.

In 2015–16, ESDC continued to make important progress on the implementation of its privacy management priorities. Key accomplishments include:

  • strengthened planning and reporting on privacy to support ESDC’s annual privacy and information security workplan;
  • management and coordination of Privacy Impact Assessments on new programs and activities;
  • a refresh of the Department’s Program-Led Privacy Action Plans;
  • development and update of information sharing arrangements;
  • privacy and security awareness activities for employees, including a Privacy Awareness Week and Data Privacy Day; and
  • continued online and in-person privacy training and awareness activities.

Moving forward, the Department will continue in its efforts to promote a proactive, risk-based approach to privacy management and nurture an organizational culture committed to the stewardship of information to meet the challenges of an ever-changing and evolving privacy landscape.

1: Introduction

1.1: About the Privacy Act

The Privacy Act received Royal Assent on July 1, 1983. Its purpose is to impose obligations on federal institutions subject to the Privacy Act to respect the privacy rights of individuals by limiting the collection, use and disclosure of personal information. The Privacy Act also gives individuals the right of access to their personal information and the right to request the correction of that information.

Section 72 of the Privacy Act requires the head of a federal institution to submit an annual report to Parliament on the administration of the Act following the close of each fiscal year.

1.2: About Employment and Social Development Canada

The mission of Employment and Social Development Canada (ESDC), which includes the Labour Program and Service Canada, is to build a stronger and more competitive Canada, to support Canadians in making choices that help them live productive and rewarding lives and to improve Canadians’ quality of life.

ESDC is one of the largest and most geographically distributed federal departments in the Government of Canada. Citizens and clients interact with ESDC on a daily basis through 615 points of service across Canada. In 2015–16, ESDC provided approximately $110 billion in benefit payments and supported millions of Canadians through its many programs and services:

  • 81.5 million visits to the Service Canada website;
  • 8.1 million in-person visits to Service Canada Centres;
  • 1.9 million calls answered by 1 800 O-Canada agents;
  • 4.7 million passports issued;
  • 2.78 million Employment Insurance claims, 1.3 million Canada Pension Plan and 2.6 million Old Age Security applications processed;
  • $2.74 billion withdrawn from Registered Education Savings Plans by students to help fund their post-secondary education; and
  • 94% of labour disputes settled as part of the collective bargaining process.

ESDC delivers a range of programs and services that affect Canadians throughout their lives. The Department provides seniors with basic income security, supports unemployed workers, helps students finance their post-secondary education and assists parents who are raising young children. The Labour Program is responsible for labour laws and policies in federally regulated workplaces. Service Canada helps citizens access ESDC’s programs, as well as other Government of Canada programs and services.

1.3: Our Ministers

The activities of ESDC are governed by federal legislation and reflected in the mandates of its three ministers:

  • the Honourable Jean-Yves Duclos, Minister of Employment and Social Development, styled as Minister of Families, Children and Social Development;
  • the Honourable Mary-Ann Mihychuk, Minister of Labour, styled as Minister of Employment, Workforce Development and Labour; and
  • the Honourable Carla Qualtrough, Minister of Sport and Persons with Disabilities.

The Honourable Jean-Yves Duclos is the Minister responsible for the purposes of the Department of Employment and Social Development Act.

2: Privacy management at ESDC

ESDC is broadly recognized as one of the largest holders of personal information in the Government of Canada. The management of the Department’s personal information holdings is a complex undertaking. Client personal information is located both physically and electronically across several systems, program areas, branches, offices and regions across the country. For many programs, responsibility for the protection of personal information throughout the program life cycle is distributed across branches and regions. Accordingly, ESDC has prioritized the management and protection of personal information. This includes: a legislative framework for privacy protection in its enabling legislation (Part 4); implementation of a robust Privacy Management Framework; establishment of strong governance for privacy through delegation of authorities for the Privacy Act and the Department of Employment and Social Development Act; executive committees to support effective decision making on privacy matters; and organization of the Department’s privacy function under the authority and leadership of its Corporate Secretary and Chief Privacy Officer.

2.1: Legal framework for Privacy

The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. The Privacy Act also provides individuals with a right of access to that information, subject to the exceptions set out in the legislation, as well as the right to request the correction of inaccurate information. Sections 4 to 8 of the Privacy Act, commonly referred to as the “Code of Fair Information Practices,” govern the collection, use, disclosure, retention and disposal of personal information.

Subsection 8(2) of the Privacy Act provides that personal information may be disclosed in accordance with that provision, subject to there being another Act of Parliament governing the disclosure of personal information. The disclosure of personal information by Employment and Social Development Canada is governed by one such Act of Parliament, Part 4 of the Department of Employment and Social Development Act. Part 4 provides that personal information obtained by Employment and Social Development Canada under a program or prepared from that information is privileged, and may only be made available in the specific and limited circumstances set out in that Part. Part 4 also sets out provisions governing the use of that personal information for research or statistical purposes.

2.2: Privacy Delegation Order

Section 73 of the Privacy Act empowers the head of the institution to delegate any of the powers, duties or functions assigned to him or her by this Act to employees of the institution. The Delegation Order, found in Annex A, outlines the delegations that were in effect as of June 3, 2015.

2.3: Departmental Privacy Management Framework

Given the importance of personal information protection at ESDC, the Department has adopted, and continues to implement, a risk-based and proactive approach to privacy management that promotes the concept of “privacy by design.” Privacy by design emphasizes the importance of building privacy directly into the design and architecture of new programs, systems, technologies and business processes. ESDC’s Privacy Management Framework includes the following key elements:

  • Element 1 – Governance and Accountability: Roles and responsibilities for privacy management are clearly defined to meet legal requirements, regulations, policies, standards and public expectations.
  • Element 2 – Stewardship of Personal Information: Appropriate privacy protections are implemented to manage personal information through its life cycle.
  • Element 3 – Assurance of Compliance: Formal processes and practices are established to ensure adherence to privacy specifications, policies, standards and laws.
  • Element 4 – Effective Risk Management: Structured and coordinated risk assessments are conducted to limit the probability and impact of negative events and maximize opportunities through risk identification, assessment and prioritization.
  • Element 5 – Culture, Training, and Awareness: The protection of personal information is a core organizational value and is fundamental to maintaining the public’s trust. Formal privacy training and awareness activities promote a privacy-aware organization that values the protection and stewardship of personal information.

2.4: Privacy governance

ESDC fosters governance and decision-making responsibilities for privacy through the Department’s Corporate Management Committee and the Privacy and Information Security Committee.

Corporate Management Committee

The Corporate Management Committee, a standing committee of ESDC’s Portfolio Management Board, oversees the implementation of the portfolio’s management agenda, including the operationalization of security and privacy plans and priorities.

Privacy and Information Security Committee

The Privacy and Information Security Committee is a sub-committee of the Corporate Management Committee, and is mandated to review matters related to privacy and the protection of personal information. The Committee supports horizontal coordination and prioritization of issues, plans and strategies related to the management and protection of personal information. The Privacy and Information Security Committee is co-chaired by the Chief Privacy Officer and ESDC’s Departmental Security Officer. The Privacy and Information Security Committee is supported by a Databank Review Working Group, which supports the application of privacy policy and the use of personal information for non-administrative purposes, including policy analysis, research and evaluation activities.

2.5: Organization of the privacy function

The Corporate Secretariat is the Department’s office of primary interest for the development of privacy policy, the provision of privacy advice and guidance to the portfolio, and the management of access to information and privacy operations. ESDC’s Corporate Secretary serves as the Department’s Chief Privacy Officer.

Figure 1 – Organization of the Privacy Function at ESDC
Text description follows
Text description of figure 1 – Organization of the Privacy Function at ESDC

This organizational chart displays a hierarchy beginning with the Corporate Secretary and Chief Privacy Officer of ESDC at the top. To the bottom, a dotted line leads to the Regional Operations that include Access to Information and Privacy Managers. Directly below the Chief Privacy Officer are two branches which lead respectively to the Privacy Management Division and to the Access to Information and Privacy Operations Division.

Under the first of these two branches are two further branches. One represents Privacy Compliance and Review Unit while the other represents the Policy, Planning and Coordination Unit. Under the second branch are the Request Processing Unit and the Incident Management and Legislative Disclosures Unit.

Corporate Secretary and Chief Privacy Officer

The Corporate Secretary serves as ESDC’s Chief Privacy Officer and is the Department’s functional authority on privacy matters, which includes the provision of authoritative advice and functional direction to all departmental branches and regions. In the Chief Privacy Officer role, the position is responsible for the proactive management of privacy in the Department and the establishment of privacy management frameworks, programs, review processes, and risk-based approaches to privacy management. The position is also responsible for providing advice, guidance, direction, and operational management for processing requests under the Privacy Act.

Privacy Management Division

The Privacy Management Division is the departmental focal-point for the management of privacy policy and the implementation of the Department’s Privacy Management Framework. Under the authority and direction of the Chief Privacy Officer, the Privacy Management Division supports the horizontal coordination and implementation of departmental strategic plans and priorities as they relate to the protection of privacy. The Division is responsible for privacy compliance and review services, privacy policy, strategic planning and coordination of privacy issues, and support and guidance for the development of Privacy Impact Assessments and Information Sharing Arrangements.

Access to Information and Privacy Operations Division

The Access to Information and Privacy Operations Division carries out the Department’s legislated requirements under the Access to Information Act, the Privacy Act and parts of the Department of Employment and Social Development Act. The Access to Information and Privacy Operations Division leads and advises on the processing of all requests under the Access to Information Act by managing requests for access to information in records in the control of ESDC, and is supported by program Liaison Officers and Regional Access to Information and Privacy Managers. This work involves responding to requests from the public, performing a line-by-line review of records requested under the Access to Information Act and the Privacy Act, as well as delivering training and awareness programs to employees with respect to the administration of the Acts. A great deal of the information in the control of the Department contains personal information about individuals and must be withheld under mandatory exemptions of both Acts unless specified conditions are met.

Regional operations

The Department has a network of Liaison Officers in the branches as well as Regional Access to Information and Privacy Managers who facilitate the work by providing expert Access to Information Act and Privacy Act advice and guidance directly to program areas within the regions, in consultation with Access to Information and Privacy Operations Division. Regional operations are responsible for processing the majority of the Department’s privacy requests.

3: Privacy activities and accomplishments 2015–16

In 2015–16, ESDC continued to advance a proactive, risk-based approach to privacy management and to nurture an organizational culture committed to the stewardship of information. Highlights of key ESDC privacy activities and accomplishments include:

  • the development and implementation of the annual privacy and security workplan;
  • the completion of seven Privacy Impact Assessments;
  • a comprehensive review and update of the Department’s Info Source chapter;
  • closure of the Office of the Privacy Commissioner’s investigation on the loss of a USB key;
  • the completion of select internal audits on privacy;
  • the refresh of Program-led Privacy Action Plans;
  • the standardization of Information Sharing Agreement templates and an inventory of Information Sharing Arrangements; and
  • privacy training and awareness activities.

3.1: Annual privacy and security workplan

In 2015–16, the Department developed and implemented its annual integrated privacy and security workplan to support the strategic planning and implementation of the Department’s privacy and security priorities. Overseen by the Privacy and Information Security Committee, the annual privacy and security workplan includes strategic and operational plans to achieve privacy and security management objectives. The 2015–16 priorities and workplan included effective privacy and security support to Departmental programs, enhanced horizontal linkages and privacy compliance assurance.

3.2: Completed Privacy Impact Assessments

In accordance with the Treasury Board Secretariat's Directive on Privacy Impact Assessments, ESDC is required to conduct a Privacy Impact Assessment before establishing any new or substantially modified program or activity involving the administrative use of personal information to identify the privacy impacts, risks, and associated mitigation strategies. In 2015–16, ESDC completed seven Privacy Impact Assessments. Footnote 1 Copies of approved Privacy Impact Assessments were provided to the Treasury Board of Canada Secretariat and the Office of the Privacy Commissioner. The seven completed Privacy Impact Assessments for 2015–16 were as follows:

  • Canada Apprentice Loans Phase II: Account Management
  • Compensation for Employers of Reservists Program
  • Employment Equity Programs ‎
  • Federal Workers' Compensation under the Government Employees Compensation Act ‎
  • Managed Web Services ‎
  • Hosted Social Media Account Management Service – Hootsuite
  • Interdepartmental Memorandum of Understanding on Collection Services with the Canada Revenue Agency ‎

For summaries of completed 2015–16 Privacy Impact Assessments, see Annex B.

3.3: Info source update

In 2015–16, ESDC completed a comprehensive review and update of its Info Source holdings. Info Source is a series of publications containing information about the Government of Canada's access to information and privacy programs. The primary purpose of Info Source is to assist individuals in exercising their rights under the Access to Information Act and the Privacy Act. Info Source also supports the Government's commitment to facilitate access to information regarding its activities. As part of the review, ESDC created or updated 55 Personal Information Bank descriptions and over 30 Class of Records.

3.4: Closure of the Office of the Privacy Commissioner investigation into the loss of a USB key at ESDC

On August 11, 2014, the Office of the Privacy Commissioner released its “Report of Findings” on the investigation into the loss of a USB key containing the personal information of 5,045 Canada Pension Plan Disability appellants. The report contained nine recommendations that were accepted in full by ESDC. On September 14, 2015, the Office of the Privacy Commissioner confirmed that they were satisfied with the Department’s response that all recommendations/management actions were implemented; and that no further action was required by their office. The investigation is now closed.

3.5: Audit of the Departmental Control Framework for the Management of Personal Information (Privacy)

The Internal Audit of the Departmental Control Framework for the Management of Personal Information (Privacy) was approved in August 2015. The objective of the audit was to assess the adequacy and effectiveness of the ESDC Privacy Management Framework (PMF) to safeguard the personal information of Canadians. The audit concluded that ESDC’s PMF is adequate to address most privacy-related concerns, however there were opportunities for improvement identified.

3.6: Program-Led Privacy Action Plans

ESDC has developed proactive Program-Led Privacy Action Plans for its major programs to understand and address potential privacy risks. Program efforts include risk assessments workplans, implementation, and reporting on progress. Program action plans improve compliance through clear accountabilities and have been approved by ESDC’s Corporate Management Committee which reviews their progress periodically.

3.7: Information sharing arrangements involving personal information

An information sharing arrangement (ISA) is a record of understanding between parties that outlines the terms and conditions under which personal information is shared between them. For ESDC, Part 4 of the Department of Employment and Social Development Act contains specific provisions for the sharing of information under limited and specific circumstances. In 2015–16, the Department updated its ISA template to assist in the development of agreements with other parties. In addition, ESDC established a repository of ISAs in 2015–16.

3.8: Raising Privacy Awareness

The Department continued to promote practical, easy to understand, and readily available privacy-related information and guidance to employees to reinforce proper privacy protection practices throughout 2015–16. This included an update to an internal Stewardship of Information web site available to employees, sessions on privacy-themed topics during Privacy Awareness Week from May 2 to May 6, 2015, and recognition of Data Privacy Day on January 28, 2016.

As part of its commitment to privacy awareness and training, the Department continued to provide a mandatory training module on the Stewardship of Information and Effective Workplace Behaviours. The mandatory integrated module covers six disciplines related to the stewardship of information (security, information management, information technology security, values and ethics, privacy and access to information). In 2015–16, 1,678 employees completed the Stewardship of Information and Effective Workplace Behaviours course. In addition, the Department has established an online training module entitled Privacy and Access to Information – It’s Everybody’s Business which was successfully completed by 1,742 employees in 2015–16.

4: Privacy performance reporting for 2015–16

Under the Privacy Act, Canadians can request access to their personal information held by government institutions. Within ESDC, typical privacy requests are from clients seeking to obtain a copy of their Canada Pension Plan file, their Old Age Security file, the contents of their Employment Insurance file or their Canada Student Loans file, as well as from federal employees seeking to obtain a copy of their personnel information.

As per the Treasury Board Secretariat`s Statistical Report on the Administration of the Privacy Act (Annex C), ESDC tracks data on privacy requests and other information for the purposes of reporting on requests received, timeliness of processing, disclosure of personal information and privacy breaches. The information is used to monitor trends and analyze issues to improve privacy operations. In 2015–16, ESDC received 8,353 formal requests under the Privacy Act and completed 8,240 requests. In addition, the Department received 230 public interest disclosures requests, received 26 complaints and reported 18 material privacy breaches. The key data is presented in the summary table below (Figure 2). The subsequent charts present and explain more detailed information on the Department’s privacy performance.

Figure 2 – Requests Received and Completed Under the Privacy Act
Activity 2013–14 2014–15 2015–16
Formal Requests Received Under the Privacy Act 7,286 7,998 8,353
Requests Completed During the Reporting Period 7,239 7,781 8,240
Requests Completed Within 30 Calendar Days 6,727 6,983 7,169
Requests Completed Within 31 to 60 Calendar Days 417 663 999
Requests Completed Within 61 or More Calendar Days 95 135 72
Public Interest Disclosures in the Public Interest 206 211 230
Complaints to the Privacy Commissioner 27 18 26
Material Privacy Breaches 0 3 18

4.1: Requests for information under the Privacy Act

In 2015–16, ESDC received 8,353 requests under the Privacy Act – an increase of 4.4% from 2014–15 when ESDC received 7,998 requests.

Figure 3 – Requests received and completed under the Privacy Act
Text description follows
Text description of figure 3 – Requests received and completed under the Privacy Act
Fiscal Year Formal requests received under the Privacy Act Requests completed during the reporting period
2013-14 7,286 7,239
2014-15 7,998 7,781
2015-16 8,353 8,240

4.2: Requests by calendar days taken to complete

Despite the increase in Privacy Act requests, ESDC increased processing timelines performance in 2015–16, completing 7,169 of its 8,353 requests within 30 calendar days, up from 6,983 within 30 calendar days in 2014–15.

Figure 4 – Privacy Act requests by calendar days taken to complete
Text description follows
Text description of figure 4 – Privacy Act requests by calendar days taken to complete
Fiscal Year Requests completed within 30 calendar days Requests completed within 31-60 days Requests completed in 61+ calendar days
2013-14 6,727 417 95
2014-15 6,983 663 135
2015-16 7,169 999 72

4.3: Pages reviewed

In addition to an increase of Privacy Act requests for 2015–16, the total number of pages of documents requiring review for exemptions and exclusions also increased. In 2015–16, 789,762 pages were reviewed which represented a 24.6% increase from 2014–15 when workload covered 633,787 pages.

4.4: Requests for correction of information

Individuals have a right to request correction of any erroneous personal information pertaining to them, provided that the individual can adequately substantiate the request. ESDC accepted four requests for correction of personal information in 2015–16.

4.5: Financial considerations

In 2015-16, the Department spent an estimated $4.5 million on salaries associated with administering the Privacy Act as well as $116,020 on overtime. Non-salary costs amounted to $71,730 bringing total expenditures to an estimated $4.7 million. A total of 86.36 person years were dedicated to privacy activities. This figure can be further broken down to 51.28 person years for regional staff, 31.92 person years for National Headquarters staff, 2.68 person years for part-time and casual employees, 0.03 person years for consultants and agency personnel and 0.45 person years for students.

4.6: Public interest disclosures reported to the Office of the Privacy Commissioner

As per section 2.1, “ESDC’s Legal Framework for Privacy” Part 4 of the Department of Employment and Social Development Act takes precedence over the Privacy Act as it relates to the use and disclosure of personal information. Accordingly, any disclosures in the public interest are made in accordance with subsection 37(1) of the Department of Employment and Social Development Act, which states that personal information may be disclosed “…if the Minister is of the opinion that the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or that disclosure would clearly benefit the individual to whom the information relates.”

In 2015–16, Access to Information and Privacy Operations received notification from the regions regarding 184 public interest disclosures. These normally involved individuals who were threatening to harm themselves or others. Disclosure has been delegated to regional staff in instances where there is an imminent threat to the safety and security of individuals. Access to Information and Privacy Operations received and approved an additional 46 public interest disclosures for a total of 230 public interest disclosures reported to the Office of the Privacy Commissioner.

Figure 5 – Public Interest Disclosures Reported to the Office of the Privacy Commissioner
Text description follows
Text description of figure 5 – Public Interest Disclosures Reported to the Office of the Privacy Commissioner
Fiscal Year Disclosures in the public interest
2013-14 206
2014-15 211
2015-16 230

4.7: Material Privacy breaches

A privacy breach involves improper or unauthorized collection, use, disclosure, retention or disposal of personal information. Per the Treasury Board of Canada Secretariat “Material Privacy Breaches,” “a material privacy breach has the highest risk impact and is defined as involving sensitive personal information; and could reasonably be expected to cause serious injury or harm to the individual and/or involves a large number of affected individuals.”

In 2015–16, ESDC reported 18 material privacy breaches to the Office of the Privacy Commissioner—an increase from 2014–15 when ESDC then reported three cases. Of the 18 material privacy breaches, 3 cases involved information on Social Insurance Number applications, 2 cases involved misdirected program benefit applications, 4 cases involved personal information shared incorrectly with the wrong individuals, business, or medical professionals, and 9 cases where passport information could have been compromised. Appropriate corrective measures were applied, procedures reviewed, mailing procedures were updated and training for employees implemented. The increase in the number of material privacy breaches reported between 2014–15 and 2015–16 is attributed to improved reporting and increased privacy training and awareness.

Figure 6 – Summary of 2015–16 Material Privacy Breaches
No. of Material Breaches Summary and Nature of Information Breached Communication and Notification Strategies Actions Undertaken as a Result
3
  • Social Insurance number applications at Service Canada Centres and documents pertaining to a Social Insurance investigation.
  • Personal letters were sent to affected individuals informing them of the breach.
  • A written reminder to all employees in the Service Canada Centres about the proper print procedures.
  • Full review of Mailing procedures and several enhancements implemented.
2
  • Individual program benefit applications were misdirected to a wrong location.
  • Personal letters were sent to affected individuals informing them of the breach.
  • Mail processing procedures fully reviewed with validation of files to ensure they were isolated incidents.
4
  • Personal information incorrectly shared with the wrong individuals, business, or medical professional.
  • Personal letters were sent where appropriate to individuals advising them of the breach.
  • Discussions with officers regarding proper handling procedures and safeguards where required.
  • Reminder of the importance and sensitivity of dealing with personal information.
9
  • Lost passport applications, lost passports or lost documentation associated with passport applications where personal information could have been compromised.
  • Personal letters were sent to affected individuals informing them of the breach. Footnote 2
  • Individuals were asked to re-submit their applications and the costs of new documents, pictures and postage were reimbursed.
  • As per standard procedures, passports were cancelled and new passports issued at no charge.
  • Internal correction measures including increased training and awareness of errors to reinforce correct procedures.

4.8: Complaints and investigations

In 2015–16, the Department was notified of 12 complaints received by the Office of the Privacy Commissioner. Of these cases, two related to delay, five related to denied access, two pertained to improper use and disclosure and three related to a time extension. ESDC also received findings on 14 complaints. The Office of the Privacy Commissioner ruled six were well founded, four were not well founded, one was settled in the course of the investigation and three were resolved.

In addition to the complaints associated with the processing of Privacy Act requests, in 2015-16, the Department received an additional four complaints—one for collection and three for use and disclosure. It also closed five complaints—three were well founded, one was not well founded and one was discontinued.

Figure 7 – Complaints received by the Office of the Privacy Commissioner
Text description follows
Text description of figure 7 – Complaints received by the Office of the Privacy Commissioner
Fiscal Year Complaints to Privacy Commissioner of Canada
2013-14 27
2014-15 18
2015-16 26

4.9: Privacy training activities

ESDC has a comprehensive mandatory on-line training strategy to educate, increase knowledge of, and raise awareness about, the stewardship of information and effective workplace behaviours. The Department also offers online training on privacy and access to information to foster a common understanding of the proper management of information resources, ensuring that the privacy of information is respected, and to improve timeliness and compliance results.

Since the release of the mandatory online Stewardship of Information and Effective Workplace Behaviours training program in 2013–14, 24,147 employees have successfully completed the mandatory online training course (including 1,678 employees in 2015–16). In addition, the online training module Privacy and Access to Information – It’s Everybody’s Business, successfully trained 3,098 employees (including 1,742 employees in 2015–16).

The Department has undertaken a number of activities to educate and increase knowledge of access to information and privacy, such as regular meetings with liaison officers and in-person training sessions. Since 2013–14, the Department delivered 122 in-person sessions to 3,083 employees. In 2015–16, ESDC delivered 48 in-person sessions to 1,131 employees.

Figure 8 – Online Training
Text description follows
Text description of figure 8 – Online Training
Fiscal Year Stewardship of Information and Effective Workplace Behaviours Privacy and Access to Information – It`s Everybody’s Business
2013-14 8,669 Not applicable
2014-15 13,800 1,356
2015-16 1,678 1,742
Figure 9 – In-Person Employee Training
Text description follows
Text description of figure 9 – In-Person Employee Training
Fiscal Year Training Sessions Employee Trained
2013-14 37 838
2014-15 37 1,120
2015-16 48 1,131

5: Moving forward

Moving forward, the Department will continue to mature its privacy policies and processes, conduct privacy and risk assessments, and continue to strengthen the overall approach to privacy management. It will develop policies to further strengthen the Privacy Management Framework and integrate privacy considerations into policy, program design, and service delivery continuum. The Department will also continue to focus its communication to staff to increase awareness and encourage the use of best practices in the handling of personal information within the Department’s custody and control.

Annex A: Delegation Order

Employment and Social Development Canada

The Minister of Employment and Social Development, pursuant to section 18 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or functions of the head of the institution, as specified in the attached schedules.

  • Part 4 of the Department of Employment and Social Development Act
  • Privacy Act
  • Access to Information Act

______________________________________

Original signed June 3, 2015 by Pierre Poilievre,

Minister of Employment and Social Development

Privacy Act – Delegation of Authority, Employment and Social Development Canada (ESDC)
Description Section Delegated Authority
Retention of a record of requests and disclosed records to investigative bodies under section 8(2)(e) of the Privacy Act.   8(4)
  • Deputy Minister, Employment and Social Development Canada  (ESDC)
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Managers, ATIP Processing, ATIPOPS, NHQ
  • Manager, ATIP Incident Management and Legislative Disclosures, ATIPOPS, NHQ
Retention of records of uses of personal information   9(1)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management, NHQ
Notification of the Privacy Commissioner of any new consistent uses of personal information and ensure use is included in next statement of consistent uses set forth in the Index 9(4)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management, NHQ
Include personal information in personal information banks   10(1)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management, NHQ
Respond to request for access within 30 days and give written notice and, if access to be given, give access.    14
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Managers, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant  (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Extension of the 30 day time limit to respond to a privacy request.     15
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Decision on whether to translate a response to a privacy request in one of the two official languages.   17(2)(b)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Decision on whether to convert information to an alternate format       17(3)(b)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Decision to refuse to disclose information contained in an exempt bank.      18(2)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Managers, ATIP Processing, ATIP Operations, NHQ
Decision to refuse access to information that was obtained  in confidence from the government of a foreign state or institution, an international organization of states or an institution thereof, the government of a province or institution thereof, a municipal or regional government established by or pursuant to an Act of the legislature of a province or an institution of such a government, or the council, as defined in the Westbank First Nation Self-Government Agreement given effect by the Westbank First Nation Self-Government Act. 19(1)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Authority to disclose information referred to in 19(1) if the government, organization or institution described in 19(1) consents to the disclosure or makes the information public.      19(2)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose information that may be injurious to the conduct of federal-provincial affairs   20
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIP Operations, NHQ
  • Team Leaders, NHQ
Refuse to disclose information that may be injurious to international affairs or the defence of Canada or one of its allies. 21
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIP Operations, NHQ
  • Team Leaders, NHQ
Refuse to disclose information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions      22
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose information prepared by an investigative body for security clearance.   23
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer  for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose information that was collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while the individual was under sentence if the conditions in the section are met   24
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose information which could threaten the safety of individuals    25
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
Refuse to disclose information about another individual and shall refuse to disclose such information where disclosure is prohibited under section 8   26
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders ((Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose information that is subject to solicitor-client privilege.     27
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Refuse to disclose information relating to the individual’s physical or mental health where the disclosure is contrary to the best interests of the individual     28
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP Advisors
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Receive notice of investigation by the Privacy Commissioner   31
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
Right to make representations to thePrivacy Commissioner during an investigation   33(2)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders  (Regional ATIP)
  • Regional ATIP Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Receive Privacy Commissioner’s report of findings of an investigation and give notice of action taken   35(1)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • Regional ATIP  Advisors
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Provision of addition information to a complainant after receiving a 35(1)(b) notice.   35(4)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
  • Team Leaders, NHQ
  • ATIP Analyst, NHQ
  • ATIP Program Officer, NHQ
  • Junior Analyst, NHQ
  • Service Manager (Regional ATIP)
  • Team Leaders (Regional ATIP)
  • ATIP Officers (Regional ATIP)
  • Regional Consultant (QC ATIP)
  • Senior Consultant (QC ATIP)
  • Senior Business Expertise Consultant (QC ATIP)
Receive Privacy Commissioner’s report of findings of investigation of exempt bank   36(3)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
Receive report of Privacy Commissioner’s findings after compliance investigation   37(3)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region. 51(2)(b)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
Request and be given right to make representations in section 51 hearings   51(3)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Manager, ATIP Processing, ATIPOPS, NHQ
Prepare annual report to Parliament   72(1)
  • Deputy Minister, ESDC
  • Senior Associate Deputy Minister/Chief Operating Officer for Service Canada
  • Associate Deputy Minister
  • Corporate Secretary
  • Director, ATIPOPS, NHQ
  • Director, Privacy Management

Annex B: Summaries of Completed Privacy Impact Assessments

Canada Apprentice Loans Phase II: Account management

In 2014, the Government of Canada announced the creation of Canada Apprentice Loans (CAL) to assist registered apprentices with the cost of technical training. These loans will help offset the costs to apprentices to complete the training required by their programs. A Privacy Impact Assessment for CAL Phase I was completed in 2014–2015. The Privacy Impact Assessment for CAL Phase II, completed in 2015–16, addresses the management and protection of personal information in the program’s account management process, including the electronic validation of a borrower’s on-going registration in an apprenticeship program through a data exchange with the apprentice’s respective provincial or territorial government.

Compensation for Employers of Reservists Program

The Compensation for Employers of Reservists Program offsets costs incurred by employers of active reservists such as hiring and training replacement workers, paying increased overtime, or purchasing equipment. It also provides compensation in the form of a grant to eligible employers of reservists and eligible self-employed reservists who are selected to serve on a designated Canadian Armed Forces operation. As this is a new governmental program, a Privacy Impact Assessment was undertaken to examine the privacy impacts of the establishment of new federal financial assistance to compensate civilian employers, build bridges with businesses and other stakeholders, and ensure that reservists continue to be fully integrated and readily available for military duty. ESDC, whose sharing of program responsibilities with the Department of National Defence is outlined in a Memorandum of Understanding, is responsible for the program’s administration, including application intake and validation, and issuing compensation to eligible applicants.

Employment Equity Programs

The Employment Equity Program comprises the Legislated Employment Equity Program (LEEP) and the Federal Contractors Program (FCP). Both programs promote equitable representation in the workplace for women, Aboriginal peoples, persons with disabilities and members of visible minorities. As a result of legislative changes to the Employment Equity Act, new ways to manage the FCP were required, including the expansion of the web-based Workplace Equity Information Management System (WEIMS) which allows employers to submit aggregate workforce data and to manage employee-level personal information to support workforce analysis. Under the Employment Equity Act, the Minister of Employment, Workforce Development and Labour (Minister of Labour) is required to share LEEP employer reports with the Canadian Human Rights Commission. A Privacy Impact Assessment was conducted to analyze the privacy impacts associated with the change in the management and collection of personal information for Employment Equity Programs, new and current modules in WEIMS, and other systems used to collect Employment Equity data.

Federal Workers' Compensation under the Government Employees Compensation Act

The Government Employees Compensation Act (GECA) is administered by the Federal Workers’ Compensation Service, Labour Program, ESDC, and provides the authority for worker’s’ compensation benefits and wage replacement to federal departments, agencies, and Crown Corporations for workplace injuries and occupational illnesses. To administer Federal Workers' Compensation under the GECA, the Labour Program receives, reviews and forwards claims from injured employees of those federal departments, agencies, and Crown Corporations to the appropriate provincial workers compensation board, which adjudicates claims on behalf of the Labour Program and provides workers’ compensation benefits for workplace injuries and illnesses. Once claims are adjudicated, the boards then charge the Labour Program for these services and the Labour Program recovers these costs from the employers from which the claims occurred.

The GECA program is undergoing modernization of the current, primarily paper-based, injury reporting process and renegotiating agreements with the provincial workers’ compensation boards. As such, a Privacy Impact Assessment was conducted to identify the privacy risks related to the flow of information for the processes and systems that are required with respect to the reporting and adjudication of injury claims.

Managed Web Services

Managed Web Services supports the Web Renewal Initiative which is focused on streamlining Canada’s federal web presence into a single Canada.ca web address with a common architecture and a consistent look and feel across all pages. Canada.ca is managed and maintained by Employment and Social Development Canada as the Principal Publisher for the Government of Canada. ESDC is responsible for the daily operation of the Managed Web Service and acts as the primary contact for the third-party web service provider as well as federal institutions for the operation of the Canada.ca site. A Privacy Impact Assessment was conducted to analyze the potential privacy risks associated with the amalgamation of the Government of Canada’s departmental websites into Canada.ca.

Hosted Social Media Account Management Service – Hootsuite

Government of Canada institutions have been rapidly increasing their presence on third-party social media platforms such as Facebook, Twitter, and LinkedIn. To standardize account management processes for official social media accounts, the Government of Canada procured, through Public Works and Government Services Canada, a third-party Hosted Social Media Account Management Service solution, known as Hootsuite, to update, publish and manage content on social media platforms for official social media accounts. ESDC, in its new role as Principal Publisher, administers Hootsuite to standardize account management processes for institutional official social media accounts. A Privacy Impact Assessment was conducted to analyze the use and administration of Hootsuite by the Department, and ensure data collection, retention and disposition are consistent with authorities.

Interdepartmental Memorandum of Understanding on Collection Services with the Canada Revenue Agency

A revised interdepartmental Memorandum of Understanding between the Canada Revenue Agency and ESDC came into force in November 2015, which designates respective roles and responsibilities along with the legal framework under which the Canada Revenue Agency is authorized to collect specific debts on behalf of ESDC, including the authority to recover overpayments for various ESDC programs. Given that the replacement of previous MOUs with a new umbrella MOU constitutes a significant modification to the previous instruments governing collection services, a Privacy Impact Assessment was conducted on the exchange and use of personal information outlined in the new agreement.

Annex C: Statistical Report on the Privacy Act

Statistical Report on the Privacy Act

Name of institution: Employment and Social Development Canada

Reporting period: 2015-04-01 to 2016-03-31

Part 1: Requests under the Privacy Act

Number of Requests
Received during reporting period 8353
Outstanding from previous reporting period 531
Total 8884
Closed during reporting period 8240
Carried over to next reporting period 644

Part 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time
Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 252 542 76 3 0 0 0 873
Disclosed in part 926 4307 886 59 6 1 0 6185
All exempted 3 7 0 0 0 0 0 10
All excluded 0 0 0 0 0 0 0 0
No records exist 683 241 22 2 1 0 0 949
Request abandoned 144 64 15 0 0 0 0 223
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 2008 5161 999 64 7 1 0 8240
2.2 Exemptions
Section Number of Requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 2
19(1)(f) 2
20 0
21 0
22(1)(a)(i) 1
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 18
22(1)(c) 0
22(2) 0
22.1 5
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 2
26 5664
27 88
28 4
2.3 Exclusions
Section Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 838 35 0
Disclosed in part 5,846 339 0
Total 6,684 374 0
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of Requests Number of Pages Processed Number of Pages Disclosed Number of Requests
All disclosed 18431 15,857 873
Disclosed in part 769,959 723,889 6,185
All exempted 318 0 10
All excluded 0 0 0
Request abandoned 1,054 836 223
Neither confirmed nor denied 0 0 0
Total 789,762 740,582 7,291
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 831 10,013 42 5,844 0 0 0 0 0 0
Disclosed in part 3,912 177,072 2,059 371,313 160 100,284 52 70,626 2 4,594
All exempted 9 0 1 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 221 541 2 295 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 4,973 187,626 2,104 377,452 160 100,284 52 70,626 2 4,594
2.5.3 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 6 0 0 152 158
Disclosed in part 72 0 794 250 1,116
All exempted 0 0 1 1 2
All excluded 0 0 0 0 0
Request abandoned 0 0 2 2 4
Neither confirmed nor denied 0 0 0 0 0
Total 78 0 797 405 1,280
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed Past the Statutory Deadline Principal Reason
Workload External Consultation Internal Consultation Other
207 194 0 1 12
2.6.2 Number of days past deadline
Number of Days Past Deadline Number of Requests Past Deadline Where No Extension Was Taken Number of Requests Past Deadline Where An Extension Was Taken Total
1 to 15 days 136 13 149
16 to 30 days 20 14 34
31 to 60 days 4 5 9
61 to 120 days 7 5 12
121  to 180 days 1 0 1
181 to 365 days 0 1 1
More than 365 days 0 1 1
Total 168 39 207
2.7 Requests for translation
Translation Requests Accepted Refused Total
English to French 4 0 4
French to English 3 1 4
Total 7 1 8

Part 3: Disclosures Under Subsection 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Part 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 4
Total 4

Part 5: Extensions

5.1 Reasons for extensions and dispositions of requests
Disposition of Requests Where an Extension Was Taken 15(a)(i) Interference With Operations 15(a)(ii) Consultation 15(b) Translation or Conversion
Section 70 Other
All disclosed 15 0 1 0
Disclosed in part 300 0 5 10
All exempted 0 0 0 0
All excluded 0 0 0 0
No records exist 6 0 0 0
Request abandoned 9 0 0 0
Total 330 0 6 10
5.2 Length of extensions
Length of Extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation purposes
Section 70 Other
1 to 15 days 6 0 0 0
16 to 30 days 324 0 6 10
Total 330 0 6 10

Part 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 22 2,232 3 408
Outstanding from the previous reporting period 1 483 0 0
Total 23 2,715 3 408
Closed during the reporting period 21 1,515 2 408
Pending at the end of the reporting period 2 1,200 1 0
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121  to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 7 8 1 0 0 0 0 16
Disclosed in part 3 0 1 0 1 0 0 5
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 10 8 2 0 1 0 0 21
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121  to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 2 0 0 0 0 0 0 2
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 2 0 0 0 0 0 0 2

Part 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services
Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of Days Fewer Than 100 Pages Processed 101‒500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
12 0 14 0 26

Part 9: Privacy Impact Assessments (PIAs)

Number of PIA(s) completed = 7

Part 10: Resources Related to the Privacy Act

10.1 Costs
Expenditures Amount
Salaries $4,494,642
Overtime $116,020
Goods and Services 71,730
• Professional services contracts $8,210  
• Other $63,401
Total $4,682,392
10.2 Human Resources
Resources Person Years Dedicated to Privacy Activities
Full-time employees 31.92
Part-time and casual employees 2.68
Regional staff 51.28
Consultants and agency personnel 0.03
Students 0.45
Total 86.36
Report a problem or mistake on this page
Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, contact us.

Date modified: