Annual Report on the Administration of the Privacy Act 2015–2016
From Employment and Social Development Canada
Executive summary
Employment and Social Development Canada (ESDC) is responsible for a range of programs and services that support Canadians throughout their lives—from school to work, from one job to another, from unemployment to employment and from the workforce to retirement.
The mission of ESDC, which includes the Labour Program and Service Canada, is to build a stronger, more competitive Canada, support Canadians in making choices that help them live productive and rewarding lives, and improve Canadians’ quality of life. It delivers programs and services directly to Canadians at 615 points of service across Canada. ESDC serves the needs of millions of Canadians through multi-channel access points such as in-person services, on the Internet through web-based services and information, and via telephone through its network of call centres. With about 81.5 million annual visits to Service Canada’s website, Canadians are making a choice to interact with ESDC online.
The protection of personal information is a core organizational value and is fundamental to maintaining the public’s trust. The management and delivery of ESDC’s programs and services often require the collection, use and disclosure of an individual’s personal information. For some departmental programs, detailed and sometimes sensitive personal information is required to determine program eligibility or to receive benefits and services.
ESDC is subject to the privacy protection requirements set out in the Privacy Act as well as personal information protection provisions in Part 4 of the Department of Employment and Social Development Act. Part 4 of the Department of Employment and Social Development Act establishes specific and limited circumstances for ESDC’s use and disclosure of personal information that take precedence over the requirements of the Privacy Act.
In 2015–16, ESDC continued to make important progress on the implementation of its privacy management priorities. Key accomplishments include:
- strengthened planning and reporting on privacy to support ESDC’s annual privacy and information security workplan;
- management and coordination of Privacy Impact Assessments on new programs and activities;
- a refresh of the Department’s Program-Led Privacy Action Plans;
- development and update of information sharing arrangements;
- privacy and security awareness activities for employees, including a Privacy Awareness Week and Data Privacy Day; and
- continued online and in-person privacy training and awareness activities.
Moving forward, the Department will continue in its efforts to promote a proactive, risk-based approach to privacy management and nurture an organizational culture committed to the stewardship of information to meet the challenges of an ever-changing and evolving privacy landscape.
1: Introduction
1.1: About the Privacy Act
The Privacy Act received Royal Assent on July 1, 1983. Its purpose is to impose obligations on federal institutions subject to the Privacy Act to respect the privacy rights of individuals by limiting the collection, use and disclosure of personal information. The Privacy Act also gives individuals the right of access to their personal information and the right to request the correction of that information.
Section 72 of the Privacy Act requires the head of a federal institution to submit an annual report to Parliament on the administration of the Act following the close of each fiscal year.
1.2: About Employment and Social Development Canada
The mission of Employment and Social Development Canada (ESDC), which includes the Labour Program and Service Canada, is to build a stronger and more competitive Canada, to support Canadians in making choices that help them live productive and rewarding lives and to improve Canadians’ quality of life.
ESDC is one of the largest and most geographically distributed federal departments in the Government of Canada. Citizens and clients interact with ESDC on a daily basis through 615 points of service across Canada. In 2015–16, ESDC provided approximately $110 billion in benefit payments and supported millions of Canadians through its many programs and services:
- 81.5 million visits to the Service Canada website;
- 8.1 million in-person visits to Service Canada Centres;
- 1.9 million calls answered by 1 800 O-Canada agents;
- 4.7 million passports issued;
- 2.78 million Employment Insurance claims, 1.3 million Canada Pension Plan and 2.6 million Old Age Security applications processed;
- $2.74 billion withdrawn from Registered Education Savings Plans by students to help fund their post-secondary education; and
- 94% of labour disputes settled as part of the collective bargaining process.
ESDC delivers a range of programs and services that affect Canadians throughout their lives. The Department provides seniors with basic income security, supports unemployed workers, helps students finance their post-secondary education and assists parents who are raising young children. The Labour Program is responsible for labour laws and policies in federally regulated workplaces. Service Canada helps citizens access ESDC’s programs, as well as other Government of Canada programs and services.
1.3: Our Ministers
The activities of ESDC are governed by federal legislation and reflected in the mandates of its three ministers:
- the Honourable Jean-Yves Duclos, Minister of Employment and Social Development, styled as Minister of Families, Children and Social Development;
- the Honourable Mary-Ann Mihychuk, Minister of Labour, styled as Minister of Employment, Workforce Development and Labour; and
- the Honourable Carla Qualtrough, Minister of Sport and Persons with Disabilities.
The Honourable Jean-Yves Duclos is the Minister responsible for the purposes of the Department of Employment and Social Development Act.
2: Privacy management at ESDC
ESDC is broadly recognized as one of the largest holders of personal information in the Government of Canada. The management of the Department’s personal information holdings is a complex undertaking. Client personal information is located both physically and electronically across several systems, program areas, branches, offices and regions across the country. For many programs, responsibility for the protection of personal information throughout the program life cycle is distributed across branches and regions. Accordingly, ESDC has prioritized the management and protection of personal information. This includes: a legislative framework for privacy protection in its enabling legislation (Part 4); implementation of a robust Privacy Management Framework; establishment of strong governance for privacy through delegation of authorities for the Privacy Act and the Department of Employment and Social Development Act; executive committees to support effective decision making on privacy matters; and organization of the Department’s privacy function under the authority and leadership of its Corporate Secretary and Chief Privacy Officer.
2.1: Legal framework for Privacy
The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. The Privacy Act also provides individuals with a right of access to that information, subject to the exceptions set out in the legislation, as well as the right to request the correction of inaccurate information. Sections 4 to 8 of the Privacy Act, commonly referred to as the “Code of Fair Information Practices,” govern the collection, use, disclosure, retention and disposal of personal information.
Subsection 8(2) of the Privacy Act provides that personal information may be disclosed in accordance with that provision, subject to there being another Act of Parliament governing the disclosure of personal information. The disclosure of personal information by Employment and Social Development Canada is governed by one such Act of Parliament, Part 4 of the Department of Employment and Social Development Act. Part 4 provides that personal information obtained by Employment and Social Development Canada under a program or prepared from that information is privileged, and may only be made available in the specific and limited circumstances set out in that Part. Part 4 also sets out provisions governing the use of that personal information for research or statistical purposes.
2.2: Privacy Delegation Order
Section 73 of the Privacy Act empowers the head of the institution to delegate any of the powers, duties or functions assigned to him or her by this Act to employees of the institution. The Delegation Order, found in Annex A, outlines the delegations that were in effect as of June 3, 2015.
2.3: Departmental Privacy Management Framework
Given the importance of personal information protection at ESDC, the Department has adopted, and continues to implement, a risk-based and proactive approach to privacy management that promotes the concept of “privacy by design.” Privacy by design emphasizes the importance of building privacy directly into the design and architecture of new programs, systems, technologies and business processes. ESDC’s Privacy Management Framework includes the following key elements:
- Element 1 – Governance and Accountability: Roles and responsibilities for privacy management are clearly defined to meet legal requirements, regulations, policies, standards and public expectations.
- Element 2 – Stewardship of Personal Information: Appropriate privacy protections are implemented to manage personal information through its life cycle.
- Element 3 – Assurance of Compliance: Formal processes and practices are established to ensure adherence to privacy specifications, policies, standards and laws.
- Element 4 – Effective Risk Management: Structured and coordinated risk assessments are conducted to limit the probability and impact of negative events and maximize opportunities through risk identification, assessment and prioritization.
- Element 5 – Culture, Training, and Awareness: The protection of personal information is a core organizational value and is fundamental to maintaining the public’s trust. Formal privacy training and awareness activities promote a privacy-aware organization that values the protection and stewardship of personal information.
2.4: Privacy governance
ESDC fosters governance and decision-making responsibilities for privacy through the Department’s Corporate Management Committee and the Privacy and Information Security Committee.
Corporate Management Committee
The Corporate Management Committee, a standing committee of ESDC’s Portfolio Management Board, oversees the implementation of the portfolio’s management agenda, including the operationalization of security and privacy plans and priorities.
Privacy and Information Security Committee
The Privacy and Information Security Committee is a sub-committee of the Corporate Management Committee, and is mandated to review matters related to privacy and the protection of personal information. The Committee supports horizontal coordination and prioritization of issues, plans and strategies related to the management and protection of personal information. The Privacy and Information Security Committee is co-chaired by the Chief Privacy Officer and ESDC’s Departmental Security Officer. The Privacy and Information Security Committee is supported by a Databank Review Working Group, which supports the application of privacy policy and the use of personal information for non-administrative purposes, including policy analysis, research and evaluation activities.
2.5: Organization of the privacy function
The Corporate Secretariat is the Department’s office of primary interest for the development of privacy policy, the provision of privacy advice and guidance to the portfolio, and the management of access to information and privacy operations. ESDC’s Corporate Secretary serves as the Department’s Chief Privacy Officer.
Text description of figure 1 – Organization of the Privacy Function at ESDC
This organizational chart displays a hierarchy beginning with the Corporate Secretary and Chief Privacy Officer of ESDC at the top. To the bottom, a dotted line leads to the Regional Operations that include Access to Information and Privacy Managers. Directly below the Chief Privacy Officer are two branches which lead respectively to the Privacy Management Division and to the Access to Information and Privacy Operations Division.
Under the first of these two branches are two further branches. One represents Privacy Compliance and Review Unit while the other represents the Policy, Planning and Coordination Unit. Under the second branch are the Request Processing Unit and the Incident Management and Legislative Disclosures Unit.
Corporate Secretary and Chief Privacy Officer
The Corporate Secretary serves as ESDC’s Chief Privacy Officer and is the Department’s functional authority on privacy matters, which includes the provision of authoritative advice and functional direction to all departmental branches and regions. In the Chief Privacy Officer role, the position is responsible for the proactive management of privacy in the Department and the establishment of privacy management frameworks, programs, review processes, and risk-based approaches to privacy management. The position is also responsible for providing advice, guidance, direction, and operational management for processing requests under the Privacy Act.
Privacy Management Division
The Privacy Management Division is the departmental focal-point for the management of privacy policy and the implementation of the Department’s Privacy Management Framework. Under the authority and direction of the Chief Privacy Officer, the Privacy Management Division supports the horizontal coordination and implementation of departmental strategic plans and priorities as they relate to the protection of privacy. The Division is responsible for privacy compliance and review services, privacy policy, strategic planning and coordination of privacy issues, and support and guidance for the development of Privacy Impact Assessments and Information Sharing Arrangements.
Access to Information and Privacy Operations Division
The Access to Information and Privacy Operations Division carries out the Department’s legislated requirements under the Access to Information Act, the Privacy Act and parts of the Department of Employment and Social Development Act. The Access to Information and Privacy Operations Division leads and advises on the processing of all requests under the Access to Information Act by managing requests for access to information in records in the control of ESDC, and is supported by program Liaison Officers and Regional Access to Information and Privacy Managers. This work involves responding to requests from the public, performing a line-by-line review of records requested under the Access to Information Act and the Privacy Act, as well as delivering training and awareness programs to employees with respect to the administration of the Acts. A great deal of the information in the control of the Department contains personal information about individuals and must be withheld under mandatory exemptions of both Acts unless specified conditions are met.
Regional operations
The Department has a network of Liaison Officers in the branches as well as Regional Access to Information and Privacy Managers who facilitate the work by providing expert Access to Information Act and Privacy Act advice and guidance directly to program areas within the regions, in consultation with Access to Information and Privacy Operations Division. Regional operations are responsible for processing the majority of the Department’s privacy requests.
3: Privacy activities and accomplishments 2015–16
In 2015–16, ESDC continued to advance a proactive, risk-based approach to privacy management and to nurture an organizational culture committed to the stewardship of information. Highlights of key ESDC privacy activities and accomplishments include:
- the development and implementation of the annual privacy and security workplan;
- the completion of seven Privacy Impact Assessments;
- a comprehensive review and update of the Department’s Info Source chapter;
- closure of the Office of the Privacy Commissioner’s investigation on the loss of a USB key;
- the completion of select internal audits on privacy;
- the refresh of Program-led Privacy Action Plans;
- the standardization of Information Sharing Agreement templates and an inventory of Information Sharing Arrangements; and
- privacy training and awareness activities.
3.1: Annual privacy and security workplan
In 2015–16, the Department developed and implemented its annual integrated privacy and security workplan to support the strategic planning and implementation of the Department’s privacy and security priorities. Overseen by the Privacy and Information Security Committee, the annual privacy and security workplan includes strategic and operational plans to achieve privacy and security management objectives. The 2015–16 priorities and workplan included effective privacy and security support to Departmental programs, enhanced horizontal linkages and privacy compliance assurance.
3.2: Completed Privacy Impact Assessments
In accordance with the Treasury Board Secretariat's Directive on Privacy Impact Assessments, ESDC is required to conduct a Privacy Impact Assessment before establishing any new or substantially modified program or activity involving the administrative use of personal information to identify the privacy impacts, risks, and associated mitigation strategies. In 2015–16, ESDC completed seven Privacy Impact Assessments. Footnote 1 Copies of approved Privacy Impact Assessments were provided to the Treasury Board of Canada Secretariat and the Office of the Privacy Commissioner. The seven completed Privacy Impact Assessments for 2015–16 were as follows:
- Canada Apprentice Loans Phase II: Account Management
- Compensation for Employers of Reservists Program
- Employment Equity Programs
- Federal Workers' Compensation under the Government Employees Compensation Act
- Managed Web Services
- Hosted Social Media Account Management Service – Hootsuite
- Interdepartmental Memorandum of Understanding on Collection Services with the Canada Revenue Agency
For summaries of completed 2015–16 Privacy Impact Assessments, see Annex B.
3.3: Info source update
In 2015–16, ESDC completed a comprehensive review and update of its Info Source holdings. Info Source is a series of publications containing information about the Government of Canada's access to information and privacy programs. The primary purpose of Info Source is to assist individuals in exercising their rights under the Access to Information Act and the Privacy Act. Info Source also supports the Government's commitment to facilitate access to information regarding its activities. As part of the review, ESDC created or updated 55 Personal Information Bank descriptions and over 30 Class of Records.
3.4: Closure of the Office of the Privacy Commissioner investigation into the loss of a USB key at ESDC
On August 11, 2014, the Office of the Privacy Commissioner released its “Report of Findings” on the investigation into the loss of a USB key containing the personal information of 5,045 Canada Pension Plan Disability appellants. The report contained nine recommendations that were accepted in full by ESDC. On September 14, 2015, the Office of the Privacy Commissioner confirmed that they were satisfied with the Department’s response that all recommendations/management actions were implemented; and that no further action was required by their office. The investigation is now closed.
3.5: Audit of the Departmental Control Framework for the Management of Personal Information (Privacy)
The Internal Audit of the Departmental Control Framework for the Management of Personal Information (Privacy) was approved in August 2015. The objective of the audit was to assess the adequacy and effectiveness of the ESDC Privacy Management Framework (PMF) to safeguard the personal information of Canadians. The audit concluded that ESDC’s PMF is adequate to address most privacy-related concerns, however there were opportunities for improvement identified.
3.6: Program-Led Privacy Action Plans
ESDC has developed proactive Program-Led Privacy Action Plans for its major programs to understand and address potential privacy risks. Program efforts include risk assessments workplans, implementation, and reporting on progress. Program action plans improve compliance through clear accountabilities and have been approved by ESDC’s Corporate Management Committee which reviews their progress periodically.
3.7: Information sharing arrangements involving personal information
An information sharing arrangement (ISA) is a record of understanding between parties that outlines the terms and conditions under which personal information is shared between them. For ESDC, Part 4 of the Department of Employment and Social Development Act contains specific provisions for the sharing of information under limited and specific circumstances. In 2015–16, the Department updated its ISA template to assist in the development of agreements with other parties. In addition, ESDC established a repository of ISAs in 2015–16.
3.8: Raising Privacy Awareness
The Department continued to promote practical, easy to understand, and readily available privacy-related information and guidance to employees to reinforce proper privacy protection practices throughout 2015–16. This included an update to an internal Stewardship of Information web site available to employees, sessions on privacy-themed topics during Privacy Awareness Week from May 2 to May 6, 2015, and recognition of Data Privacy Day on January 28, 2016.
As part of its commitment to privacy awareness and training, the Department continued to provide a mandatory training module on the Stewardship of Information and Effective Workplace Behaviours. The mandatory integrated module covers six disciplines related to the stewardship of information (security, information management, information technology security, values and ethics, privacy and access to information). In 2015–16, 1,678 employees completed the Stewardship of Information and Effective Workplace Behaviours course. In addition, the Department has established an online training module entitled Privacy and Access to Information – It’s Everybody’s Business which was successfully completed by 1,742 employees in 2015–16.
4: Privacy performance reporting for 2015–16
Under the Privacy Act, Canadians can request access to their personal information held by government institutions. Within ESDC, typical privacy requests are from clients seeking to obtain a copy of their Canada Pension Plan file, their Old Age Security file, the contents of their Employment Insurance file or their Canada Student Loans file, as well as from federal employees seeking to obtain a copy of their personnel information.
As per the Treasury Board Secretariat`s Statistical Report on the Administration of the Privacy Act (Annex C), ESDC tracks data on privacy requests and other information for the purposes of reporting on requests received, timeliness of processing, disclosure of personal information and privacy breaches. The information is used to monitor trends and analyze issues to improve privacy operations. In 2015–16, ESDC received 8,353 formal requests under the Privacy Act and completed 8,240 requests. In addition, the Department received 230 public interest disclosures requests, received 26 complaints and reported 18 material privacy breaches. The key data is presented in the summary table below (Figure 2). The subsequent charts present and explain more detailed information on the Department’s privacy performance.
| Activity | 2013–14 | 2014–15 | 2015–16 |
|---|---|---|---|
| Formal Requests Received Under the Privacy Act | 7,286 | 7,998 | 8,353 |
| Requests Completed During the Reporting Period | 7,239 | 7,781 | 8,240 |
| Requests Completed Within 30 Calendar Days | 6,727 | 6,983 | 7,169 |
| Requests Completed Within 31 to 60 Calendar Days | 417 | 663 | 999 |
| Requests Completed Within 61 or More Calendar Days | 95 | 135 | 72 |
| Public Interest Disclosures in the Public Interest | 206 | 211 | 230 |
| Complaints to the Privacy Commissioner | 27 | 18 | 26 |
| Material Privacy Breaches | 0 | 3 | 18 |
4.1: Requests for information under the Privacy Act
In 2015–16, ESDC received 8,353 requests under the Privacy Act – an increase of 4.4% from 2014–15 when ESDC received 7,998 requests.
Text description of figure 3 – Requests received and completed under the Privacy Act
| Fiscal Year | Formal requests received under the Privacy Act | Requests completed during the reporting period |
|---|---|---|
| 2013-14 | 7,286 | 7,239 |
| 2014-15 | 7,998 | 7,781 |
| 2015-16 | 8,353 | 8,240 |
4.2: Requests by calendar days taken to complete
Despite the increase in Privacy Act requests, ESDC increased processing timelines performance in 2015–16, completing 7,169 of its 8,353 requests within 30 calendar days, up from 6,983 within 30 calendar days in 2014–15.
Text description of figure 4 – Privacy Act requests by calendar days taken to complete
| Fiscal Year | Requests completed within 30 calendar days | Requests completed within 31-60 days | Requests completed in 61+ calendar days |
|---|---|---|---|
| 2013-14 | 6,727 | 417 | 95 |
| 2014-15 | 6,983 | 663 | 135 |
| 2015-16 | 7,169 | 999 | 72 |
4.3: Pages reviewed
In addition to an increase of Privacy Act requests for 2015–16, the total number of pages of documents requiring review for exemptions and exclusions also increased. In 2015–16, 789,762 pages were reviewed which represented a 24.6% increase from 2014–15 when workload covered 633,787 pages.
4.4: Requests for correction of information
Individuals have a right to request correction of any erroneous personal information pertaining to them, provided that the individual can adequately substantiate the request. ESDC accepted four requests for correction of personal information in 2015–16.
4.5: Financial considerations
In 2015-16, the Department spent an estimated $4.5 million on salaries associated with administering the Privacy Act as well as $116,020 on overtime. Non-salary costs amounted to $71,730 bringing total expenditures to an estimated $4.7 million. A total of 86.36 person years were dedicated to privacy activities. This figure can be further broken down to 51.28 person years for regional staff, 31.92 person years for National Headquarters staff, 2.68 person years for part-time and casual employees, 0.03 person years for consultants and agency personnel and 0.45 person years for students.
4.6: Public interest disclosures reported to the Office of the Privacy Commissioner
As per section 2.1, “ESDC’s Legal Framework for Privacy” Part 4 of the Department of Employment and Social Development Act takes precedence over the Privacy Act as it relates to the use and disclosure of personal information. Accordingly, any disclosures in the public interest are made in accordance with subsection 37(1) of the Department of Employment and Social Development Act, which states that personal information may be disclosed “…if the Minister is of the opinion that the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or that disclosure would clearly benefit the individual to whom the information relates.”
In 2015–16, Access to Information and Privacy Operations received notification from the regions regarding 184 public interest disclosures. These normally involved individuals who were threatening to harm themselves or others. Disclosure has been delegated to regional staff in instances where there is an imminent threat to the safety and security of individuals. Access to Information and Privacy Operations received and approved an additional 46 public interest disclosures for a total of 230 public interest disclosures reported to the Office of the Privacy Commissioner.
Text description of figure 5 – Public Interest Disclosures Reported to the Office of the Privacy Commissioner
| Fiscal Year | Disclosures in the public interest |
|---|---|
| 2013-14 | 206 |
| 2014-15 | 211 |
| 2015-16 | 230 |
4.7: Material Privacy breaches
A privacy breach involves improper or unauthorized collection, use, disclosure, retention or disposal of personal information. Per the Treasury Board of Canada Secretariat “Material Privacy Breaches,” “a material privacy breach has the highest risk impact and is defined as involving sensitive personal information; and could reasonably be expected to cause serious injury or harm to the individual and/or involves a large number of affected individuals.”
In 2015–16, ESDC reported 18 material privacy breaches to the Office of the Privacy Commissioner—an increase from 2014–15 when ESDC then reported three cases. Of the 18 material privacy breaches, 3 cases involved information on Social Insurance Number applications, 2 cases involved misdirected program benefit applications, 4 cases involved personal information shared incorrectly with the wrong individuals, business, or medical professionals, and 9 cases where passport information could have been compromised. Appropriate corrective measures were applied, procedures reviewed, mailing procedures were updated and training for employees implemented. The increase in the number of material privacy breaches reported between 2014–15 and 2015–16 is attributed to improved reporting and increased privacy training and awareness.
| No. of Material Breaches | Summary and Nature of Information Breached | Communication and Notification Strategies | Actions Undertaken as a Result |
|---|---|---|---|
| 3 |
|
|
|
| 2 |
|
|
|
| 4 |
|
|
|
| 9 |
|
|
|
4.8: Complaints and investigations
In 2015–16, the Department was notified of 12 complaints received by the Office of the Privacy Commissioner. Of these cases, two related to delay, five related to denied access, two pertained to improper use and disclosure and three related to a time extension. ESDC also received findings on 14 complaints. The Office of the Privacy Commissioner ruled six were well founded, four were not well founded, one was settled in the course of the investigation and three were resolved.
In addition to the complaints associated with the processing of Privacy Act requests, in 2015-16, the Department received an additional four complaints—one for collection and three for use and disclosure. It also closed five complaints—three were well founded, one was not well founded and one was discontinued.
Text description of figure 7 – Complaints received by the Office of the Privacy Commissioner
| Fiscal Year | Complaints to Privacy Commissioner of Canada |
|---|---|
| 2013-14 | 27 |
| 2014-15 | 18 |
| 2015-16 | 26 |
4.9: Privacy training activities
ESDC has a comprehensive mandatory on-line training strategy to educate, increase knowledge of, and raise awareness about, the stewardship of information and effective workplace behaviours. The Department also offers online training on privacy and access to information to foster a common understanding of the proper management of information resources, ensuring that the privacy of information is respected, and to improve timeliness and compliance results.
Since the release of the mandatory online Stewardship of Information and Effective Workplace Behaviours training program in 2013–14, 24,147 employees have successfully completed the mandatory online training course (including 1,678 employees in 2015–16). In addition, the online training module Privacy and Access to Information – It’s Everybody’s Business, successfully trained 3,098 employees (including 1,742 employees in 2015–16).
The Department has undertaken a number of activities to educate and increase knowledge of access to information and privacy, such as regular meetings with liaison officers and in-person training sessions. Since 2013–14, the Department delivered 122 in-person sessions to 3,083 employees. In 2015–16, ESDC delivered 48 in-person sessions to 1,131 employees.
Text description of figure 8 – Online Training
| Fiscal Year | Stewardship of Information and Effective Workplace Behaviours | Privacy and Access to Information – It`s Everybody’s Business |
|---|---|---|
| 2013-14 | 8,669 | Not applicable |
| 2014-15 | 13,800 | 1,356 |
| 2015-16 | 1,678 | 1,742 |
Text description of figure 9 – In-Person Employee Training
| Fiscal Year | Training Sessions | Employee Trained |
|---|---|---|
| 2013-14 | 37 | 838 |
| 2014-15 | 37 | 1,120 |
| 2015-16 | 48 | 1,131 |
5: Moving forward
Moving forward, the Department will continue to mature its privacy policies and processes, conduct privacy and risk assessments, and continue to strengthen the overall approach to privacy management. It will develop policies to further strengthen the Privacy Management Framework and integrate privacy considerations into policy, program design, and service delivery continuum. The Department will also continue to focus its communication to staff to increase awareness and encourage the use of best practices in the handling of personal information within the Department’s custody and control.
Annex A: Delegation Order
Employment and Social Development Canada
The Minister of Employment and Social Development, pursuant to section 18 of the Department of Employment and Social Development Act, hereby designates the persons, officers or employees holding the positions with Employment and Social Development set out in the schedules attached hereto, or the persons, officers or employees occupying on an acting basis those positions, to exercise the powers or perform the duties or functions of the Minister or to exercise or perform the powers, duties or functions of the head of the institution, as specified in the attached schedules.
- Part 4 of the Department of Employment and Social Development Act
- Privacy Act
- Access to Information Act
______________________________________
Original signed June 3, 2015 by Pierre Poilievre,
Minister of Employment and Social Development
| Description | Section | Delegated Authority |
|---|---|---|
| Retention of a record of requests and disclosed records to investigative bodies under section 8(2)(e) of the Privacy Act. | 8(4) |
|
| Retention of records of uses of personal information | 9(1) |
|
| Notification of the Privacy Commissioner of any new consistent uses of personal information and ensure use is included in next statement of consistent uses set forth in the Index | 9(4) |
|
| Include personal information in personal information banks | 10(1) |
|
| Respond to request for access within 30 days and give written notice and, if access to be given, give access. | 14 |
|
| Extension of the 30 day time limit to respond to a privacy request. | 15 |
|
| Decision on whether to translate a response to a privacy request in one of the two official languages. | 17(2)(b) |
|
| Decision on whether to convert information to an alternate format | 17(3)(b) |
|
| Decision to refuse to disclose information contained in an exempt bank. | 18(2) |
|
| Decision to refuse access to information that was obtained in confidence from the government of a foreign state or institution, an international organization of states or an institution thereof, the government of a province or institution thereof, a municipal or regional government established by or pursuant to an Act of the legislature of a province or an institution of such a government, or the council, as defined in the Westbank First Nation Self-Government Agreement given effect by the Westbank First Nation Self-Government Act. | 19(1) |
|
| Authority to disclose information referred to in 19(1) if the government, organization or institution described in 19(1) consents to the disclosure or makes the information public. | 19(2) |
|
| Refuse to disclose information that may be injurious to the conduct of federal-provincial affairs | 20 |
|
| Refuse to disclose information that may be injurious to international affairs or the defence of Canada or one of its allies. | 21 |
|
| Refuse to disclose information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions | 22 |
|
| Refuse to disclose information prepared by an investigative body for security clearance. | 23 |
|
| Refuse to disclose information that was collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while the individual was under sentence if the conditions in the section are met | 24 |
|
| Refuse to disclose information which could threaten the safety of individuals | 25 |
|
| Refuse to disclose information about another individual and shall refuse to disclose such information where disclosure is prohibited under section 8 | 26 |
|
| Refuse to disclose information that is subject to solicitor-client privilege. | 27 |
|
| Refuse to disclose information relating to the individual’s physical or mental health where the disclosure is contrary to the best interests of the individual | 28 |
|
| Receive notice of investigation by the Privacy Commissioner | 31 |
|
| Right to make representations to thePrivacy Commissioner during an investigation | 33(2) |
|
| Receive Privacy Commissioner’s report of findings of an investigation and give notice of action taken | 35(1) |
|
| Provision of addition information to a complainant after receiving a 35(1)(b) notice. | 35(4) |
|
| Receive Privacy Commissioner’s report of findings of investigation of exempt bank | 36(3) |
|
| Receive report of Privacy Commissioner’s findings after compliance investigation | 37(3) |
|
| Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region. | 51(2)(b) |
|
| Request and be given right to make representations in section 51 hearings | 51(3) |
|
| Prepare annual report to Parliament | 72(1) |
|
Annex B: Summaries of Completed Privacy Impact Assessments
Canada Apprentice Loans Phase II: Account management
In 2014, the Government of Canada announced the creation of Canada Apprentice Loans (CAL) to assist registered apprentices with the cost of technical training. These loans will help offset the costs to apprentices to complete the training required by their programs. A Privacy Impact Assessment for CAL Phase I was completed in 2014–2015. The Privacy Impact Assessment for CAL Phase II, completed in 2015–16, addresses the management and protection of personal information in the program’s account management process, including the electronic validation of a borrower’s on-going registration in an apprenticeship program through a data exchange with the apprentice’s respective provincial or territorial government.
Compensation for Employers of Reservists Program
The Compensation for Employers of Reservists Program offsets costs incurred by employers of active reservists such as hiring and training replacement workers, paying increased overtime, or purchasing equipment. It also provides compensation in the form of a grant to eligible employers of reservists and eligible self-employed reservists who are selected to serve on a designated Canadian Armed Forces operation. As this is a new governmental program, a Privacy Impact Assessment was undertaken to examine the privacy impacts of the establishment of new federal financial assistance to compensate civilian employers, build bridges with businesses and other stakeholders, and ensure that reservists continue to be fully integrated and readily available for military duty. ESDC, whose sharing of program responsibilities with the Department of National Defence is outlined in a Memorandum of Understanding, is responsible for the program’s administration, including application intake and validation, and issuing compensation to eligible applicants.
Employment Equity Programs
The Employment Equity Program comprises the Legislated Employment Equity Program (LEEP) and the Federal Contractors Program (FCP). Both programs promote equitable representation in the workplace for women, Aboriginal peoples, persons with disabilities and members of visible minorities. As a result of legislative changes to the Employment Equity Act, new ways to manage the FCP were required, including the expansion of the web-based Workplace Equity Information Management System (WEIMS) which allows employers to submit aggregate workforce data and to manage employee-level personal information to support workforce analysis. Under the Employment Equity Act, the Minister of Employment, Workforce Development and Labour (Minister of Labour) is required to share LEEP employer reports with the Canadian Human Rights Commission. A Privacy Impact Assessment was conducted to analyze the privacy impacts associated with the change in the management and collection of personal information for Employment Equity Programs, new and current modules in WEIMS, and other systems used to collect Employment Equity data.
Federal Workers' Compensation under the Government Employees Compensation Act
The Government Employees Compensation Act (GECA) is administered by the Federal Workers’ Compensation Service, Labour Program, ESDC, and provides the authority for worker’s’ compensation benefits and wage replacement to federal departments, agencies, and Crown Corporations for workplace injuries and occupational illnesses. To administer Federal Workers' Compensation under the GECA, the Labour Program receives, reviews and forwards claims from injured employees of those federal departments, agencies, and Crown Corporations to the appropriate provincial workers compensation board, which adjudicates claims on behalf of the Labour Program and provides workers’ compensation benefits for workplace injuries and illnesses. Once claims are adjudicated, the boards then charge the Labour Program for these services and the Labour Program recovers these costs from the employers from which the claims occurred.
The GECA program is undergoing modernization of the current, primarily paper-based, injury reporting process and renegotiating agreements with the provincial workers’ compensation boards. As such, a Privacy Impact Assessment was conducted to identify the privacy risks related to the flow of information for the processes and systems that are required with respect to the reporting and adjudication of injury claims.
Managed Web Services
Managed Web Services supports the Web Renewal Initiative which is focused on streamlining Canada’s federal web presence into a single Canada.ca web address with a common architecture and a consistent look and feel across all pages. Canada.ca is managed and maintained by Employment and Social Development Canada as the Principal Publisher for the Government of Canada. ESDC is responsible for the daily operation of the Managed Web Service and acts as the primary contact for the third-party web service provider as well as federal institutions for the operation of the Canada.ca site. A Privacy Impact Assessment was conducted to analyze the potential privacy risks associated with the amalgamation of the Government of Canada’s departmental websites into Canada.ca.
Hosted Social Media Account Management Service – Hootsuite
Government of Canada institutions have been rapidly increasing their presence on third-party social media platforms such as Facebook, Twitter, and LinkedIn. To standardize account management processes for official social media accounts, the Government of Canada procured, through Public Works and Government Services Canada, a third-party Hosted Social Media Account Management Service solution, known as Hootsuite, to update, publish and manage content on social media platforms for official social media accounts. ESDC, in its new role as Principal Publisher, administers Hootsuite to standardize account management processes for institutional official social media accounts. A Privacy Impact Assessment was conducted to analyze the use and administration of Hootsuite by the Department, and ensure data collection, retention and disposition are consistent with authorities.
Interdepartmental Memorandum of Understanding on Collection Services with the Canada Revenue Agency
A revised interdepartmental Memorandum of Understanding between the Canada Revenue Agency and ESDC came into force in November 2015, which designates respective roles and responsibilities along with the legal framework under which the Canada Revenue Agency is authorized to collect specific debts on behalf of ESDC, including the authority to recover overpayments for various ESDC programs. Given that the replacement of previous MOUs with a new umbrella MOU constitutes a significant modification to the previous instruments governing collection services, a Privacy Impact Assessment was conducted on the exchange and use of personal information outlined in the new agreement.
Annex C: Statistical Report on the Privacy Act
Statistical Report on the Privacy Act
Name of institution: Employment and Social Development Canada
Reporting period: 2015-04-01 to 2016-03-31
Part 1: Requests under the Privacy Act
| Number of Requests | |
|---|---|
| Received during reporting period | 8353 |
| Outstanding from previous reporting period | 531 |
| Total | 8884 |
| Closed during reporting period | 8240 |
| Carried over to next reporting period | 644 |
Part 2: Requests Closed During the Reporting Period
2.1 Disposition and completion time
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 252 | 542 | 76 | 3 | 0 | 0 | 0 | 873 |
| Disclosed in part | 926 | 4307 | 886 | 59 | 6 | 1 | 0 | 6185 |
| All exempted | 3 | 7 | 0 | 0 | 0 | 0 | 0 | 10 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 683 | 241 | 22 | 2 | 1 | 0 | 0 | 949 |
| Request abandoned | 144 | 64 | 15 | 0 | 0 | 0 | 0 | 223 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2008 | 5161 | 999 | 64 | 7 | 1 | 0 | 8240 |
2.2 Exemptions
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 2 |
| 19(1)(f) | 2 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 1 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 18 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 5 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 2 |
| 26 | 5664 |
| 27 | 88 |
| 28 | 4 |
2.3 Exclusions
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
2.4 Format of information released
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 838 | 35 | 0 |
| Disclosed in part | 5,846 | 339 | 0 |
| Total | 6,684 | 374 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
| Disposition of Requests | Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|---|
| All disclosed | 18431 | 15,857 | 873 |
| Disclosed in part | 769,959 | 723,889 | 6,185 |
| All exempted | 318 | 0 | 10 |
| All excluded | 0 | 0 | 0 |
| Request abandoned | 1,054 | 836 | 223 |
| Neither confirmed nor denied | 0 | 0 | 0 |
| Total | 789,762 | 740,582 | 7,291 |
2.5.2 Relevant pages processed and disclosed by size of requests
| Disposition | Less Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| All disclosed | 831 | 10,013 | 42 | 5,844 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 3,912 | 177,072 | 2,059 | 371,313 | 160 | 100,284 | 52 | 70,626 | 2 | 4,594 |
| All exempted | 9 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 221 | 541 | 2 | 295 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 4,973 | 187,626 | 2,104 | 377,452 | 160 | 100,284 | 52 | 70,626 | 2 | 4,594 |
2.5.3 Other complexities
| Disposition | Consultation Required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 6 | 0 | 0 | 152 | 158 |
| Disclosed in part | 72 | 0 | 794 | 250 | 1,116 |
| All exempted | 0 | 0 | 1 | 1 | 2 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 2 | 2 | 4 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 78 | 0 | 797 | 405 | 1,280 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
| Number of Requests Closed Past the Statutory Deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External Consultation | Internal Consultation | Other | |
| 207 | 194 | 0 | 1 | 12 |
2.6.2 Number of days past deadline
| Number of Days Past Deadline | Number of Requests Past Deadline Where No Extension Was Taken | Number of Requests Past Deadline Where An Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 136 | 13 | 149 |
| 16 to 30 days | 20 | 14 | 34 |
| 31 to 60 days | 4 | 5 | 9 |
| 61 to 120 days | 7 | 5 | 12 |
| 121 to 180 days | 1 | 0 | 1 |
| 181 to 365 days | 0 | 1 | 1 |
| More than 365 days | 0 | 1 | 1 |
| Total | 168 | 39 | 207 |
2.7 Requests for translation
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 4 | 0 | 4 |
| French to English | 3 | 1 | 4 |
| Total | 7 | 1 | 8 |
Part 3: Disclosures Under Subsection 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Part 4: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 4 |
| Total | 4 |
Part 5: Extensions
5.1 Reasons for extensions and dispositions of requests
| Disposition of Requests Where an Extension Was Taken | 15(a)(i) Interference With Operations | 15(a)(ii) Consultation | 15(b) Translation or Conversion | |
|---|---|---|---|---|
| Section 70 | Other | |||
| All disclosed | 15 | 0 | 1 | 0 |
| Disclosed in part | 300 | 0 | 5 | 10 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 6 | 0 | 0 | 0 |
| Request abandoned | 9 | 0 | 0 | 0 |
| Total | 330 | 0 | 6 | 10 |
5.2 Length of extensions
| Length of Extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes | |
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 6 | 0 | 0 | 0 |
| 16 to 30 days | 324 | 0 | 6 | 10 |
| Total | 330 | 0 | 6 | 10 |
Part 6: Consultations Received From Other Institutions and Organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during the reporting period | 22 | 2,232 | 3 | 408 |
| Outstanding from the previous reporting period | 1 | 483 | 0 | 0 |
| Total | 23 | 2,715 | 3 | 408 |
| Closed during the reporting period | 21 | 1,515 | 2 | 408 |
| Pending at the end of the reporting period | 2 | 1,200 | 1 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 7 | 8 | 1 | 0 | 0 | 0 | 0 | 16 |
| Disclosed in part | 3 | 0 | 1 | 0 | 1 | 0 | 0 | 5 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 10 | 8 | 2 | 0 | 1 | 0 | 0 | 21 |
6.3 Recommendations and completion time for consultations received from other organizations
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
Part 7: Completion Time of Consultations on Cabinet Confidences
7.1 Requests with Legal Services
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
| Number of Days | Fewer Than 100 Pages Processed | 101‒500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 12 | 0 | 14 | 0 | 26 |
Part 9: Privacy Impact Assessments (PIAs)
Number of PIA(s) completed = 7
Part 10: Resources Related to the Privacy Act
10.1 Costs
| Expenditures | Amount | |
|---|---|---|
| Salaries | $4,494,642 | |
| Overtime | $116,020 | |
| Goods and Services | 71,730 | |
| • Professional services contracts | $8,210 | |
| • Other | $63,401 | |
| Total | $4,682,392 | |
10.2 Human Resources
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 31.92 |
| Part-time and casual employees | 2.68 |
| Regional staff | 51.28 |
| Consultants and agency personnel | 0.03 |
| Students | 0.45 |
| Total | 86.36 |
Page details
- Date modified: