Access to Information Act, Privacy Act, Annual Report 2018-2019

PDF version: Privacy Act, Access to Information Act, Annual Report 2018-2019 (PDF, 1.3 MB)

On this page

Executive summary

Annually, through its key lines of business, Immigration Refugees and Citizenship Canada (IRCC) interacts with millions of individuals, including those seeking temporary or permanent resident entry into Canada and subsequently settling into Canadian society, and those pursuing Canadian citizenship. The Department is also responsible for passport services in support of individuals seeking to obtain or renew a Canadian passport or other travel document such as a certificate of identity or a refugee travel document.

IRCC manages a considerable volume of personal information as part of delivering these programs and services, and remains committed to ensuring that the personal information held by IRCC is safeguarded, used and disclosed responsibly. During the reporting period, commencing April 1, 2018, and ending March 31, 2019, IRCC completed Privacy Impact Assessments exploring privacy risks in new departmental initiatives. In addition, the Access to Information and Privacy (ATIP) Division provided privacy policy advice on over 485 requests concerning information sharing, consent, surveys, contracts, privacy notices, and other matters.

In recent years, the Department has experienced significant increases in some of its most important lines of business as many around the world seek to enter Canada temporarily or permanently, and as increasing numbers of eligible permanent residents seek to become Canadian citizens. IRCC’s challenge is to effectively manage these requests to enter and remain in Canada, while working with stakeholders to ensure that newcomers have the best opportunities to succeed and that the Canadian economy and society reap the benefits of newcomer success.

Increases in volume in other IRCC business lines are correlated with significant increases in ATIP request volumes. In 2018-2019, IRCC received 50% of all ATIP requests submitted to federal government institutions, and has experienced unprecedented growth in the number of ATIP requests over the past several years.

IRCC is unique in that most of the requests it receives under the Access to Information Act are for the personal information of its clients. This is because the majority of its requests concern IRCC clients who are foreign nationals that rely on representatives to submit an Access to Information Act request on their behalf and with their consent to seek information about their IRCC immigration file.

To manage these volumes effectively, the ATIP Division within IRCC has two teams that process ATIP requests:

The Department is committed to ensuring that its requesters receive timely access to the records they request, and undertook a number of initiatives to improve its performance and address a backlog of requests. Despite a 26 per cent increase over the previous fiscal year, IRCC managed to close 40 per cent more requests than the previous fiscal year.

IRCC ATIP at a glance

as described below
Text version: IRCC ATIP at a glance
  • 50% of all ATIP requests in federal government institutions were submitted to IRCC in 2018/19
  • 26% increase in requests (+20K) in 2018/2019 from 2017/2018
  • 150% growth in requests (+59K) since 2013/2014

IRCC ATIP growth

as described below
Text version: IRCC ATIP growth
Year Percent annual growth ATIP request volumes Percent growth since 2013/2014
2013/2014 N/A 39,200 N/A
2014/2015 +22% 47,800 +22%
2015/2016 +19% 57,000 +45%
2016/2017 +11% 63,300 +61%
2017/2018 +23% 77,600 +98%
2018/2019 +26% 98,000 +150%

As evidenced in this report, numerous efforts have been made by IRCC to strengthen its ATIP program, including stabilizing its workforce, refining procedures and tools, improved stakeholder engagement, and community outreach. Transformation of the ATIP program will be a continued theme in 2019-2020, and IRCC will continue to support the broader ATIP community through participation in discussions concerning reforms of the Acts, ATIP community software needs, and other related Government of Canada initiatives.

Introduction

IRCC is pleased to present to Parliament its consolidated annual report on the administration of the Access to Information Act and the Privacy Act. The report describes the activities that support compliance with both Acts for the fiscal year commencing April 1, 2018, and ending March 31, 2019.

Section 94 of the Access to Information Act and section 72 of the Privacy Act require that the head of every federal government institution submit an annual report to Parliament on the administration of those Acts during the fiscal year.

As described in the executive summary, IRCC is unique in that most of its ATIP requests relate to requests for personal information, which creates a stronger relationship between the two Acts at IRCC than at other departments. The ATIP Division within the Corporate Management Sector, responsible for administering the ATIP program at IRCC, is organized such that each team supports or administers both Acts. The Department has prepared a single, integrated report that outlines IRCC’s accomplishments in carrying out its ATIP responsibilities during the 2018-2019 reporting period.

Purpose of the Acts

Access to Information Act

The purpose of the Access to Information Act is to provide a right of access to records under the control of a government institution. The Act maintains that government information should be available to the public, that necessary exceptions to the right of access should be limited and specific, and that decisions on the disclosure of government information should be reviewed independently of the government.

Privacy Act

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and to provide individuals with a right of access to that information. The Act protects an individual’s privacy by preventing others from having unlawful access to personal information. It also permits an individual specific rights regarding the collection, use and disclosure of this information.

About Immigration, Refugees and Citizenship Canada

IRCC selects and welcomes, as permanent and temporary residents, foreign nationals whose skills contribute to Canadian prosperity. It also reunites family members.

The Department maintains Canada's humanitarian tradition by welcoming refugees and other people in need of protection, thereby upholding its international obligations and reputation.

IRCC, in collaboration with its partners, conducts the screening of potential permanent and temporary residents to protect the health, safety and security of Canadians. IRCC is also responsible for the issuance and control of Canadian passports and other documents that facilitate the travel of Canadian citizens and residents.

Lastly, the Department builds a stronger Canada by helping all newcomers settle and integrate into Canadian society and the economy, and by encouraging, granting and providing proof of Canadian citizenship.

IRCC’s mandate comes from the Department of Citizenship and Immigration Act. The Minister of IRCC is responsible for the Citizenship Act of 1977 and shares responsibility with the Minister of Public Safety for the Immigration and Refugee Protection Act (IRPA). Jurisdiction over immigration is shared between the federal and the provincial and territorial governments under section 95 of the Constitution Act of 1867.

Effective July 2, 2013, primary responsibility for Passport Canada and the administration of the Canadian Passport Order and the Order Respecting the Issuance of Diplomatic and Special Passports moved from the Department of Foreign Affairs and International Trade to Immigration, Refugees, and Citizenship Canada.

Delegation order

The Minister of Immigration, Refugees and Citizenship is responsible for dealing with requests under the Access to Information Act and the Privacy Act. The Minister delegates his authority to members of departmental senior management, including the ATIP Departmental Coordinator (ATIP Director), to carry out his powers, duties, or functions under the Acts, in relation to ATIP requests. Certain authorities are delegated to particular positions in the ATIP Division at National Headquarters as shown in Annex B and Annex C of this report.

Organizational structure

The ATIP Division is part of the ATIP & Accountability Branch, which is overseen by a Director General, and is situated in the Corporate Management Sector at IRCC. The Division administers the Access to Information Act and the Privacy Act for IRCC and is led by a Director, who acts as the ATIP Coordinator for the Department. Four units carry out the Division’s work in addition to 35 Liaison Officers who are responsible for coordinating the ATIP activities of IRCC branches. Each unit has shared responsibilities for the administration of both the Access to Information Act and the Privacy Act.

Structure of the ATIP Division at IRCC

as described below
Text version: Structure of the ATIP Division at IRCC

ATIP Operations
Carries out administrative functions and processes the bulk of ATIP requests for client records
(65 Employees)

ATIP Complex and Sensitive Issues
Processes complex and sensitive ATIP requests, and manages ATIP request-related complaints
(21 Employees)

ATIP Privacy, Policy and Governance
Develops ATIP policies, provides ATIP advice, guidance and support, delivers ATIP training and promotes awareness
(10 Employees)

Technology, Transformation, and Analytics
Conducts statistical analysis and trend monitoring, and leads ATIP technology and transformation efforts
(3 Employees)

ATIP Director’s Office
(3 Employees)

Highlights of the statistical report for 2018-2019

Requests received and completed

Access to information requests received and completed

as described below
Text version: Access to information requests received and completed
Year Requests received Requests completed
2012-2013 25,010 26,020
2013-2014 29,281 27,407
2014-2015 34,066 33,524
2015-2016 41,660 40,107
2016-2017 50,728 48,733
2017-2018 64,234 59,021
2018-2019 82,387 83,895

IRCC continues to receive more Access to Information Act requests than any other federal government institution. Specifically, the Department received a total of 82,387 requests in the 2018-2019 reporting period, which represents an increase of 28 per cent from the previous year. Due to the growth of requests, the compliance rate was 71.61 per cent for the reporting period.

The majority of Access to Information Act requests received were for information relating to client records.

Privacy requests received and completed

as described below
Text version: Access to information requests received and completed
Year Requests received Requests completed
2012-2013 5,114 5,486
2013-2014 9,961 9,225
2014-2015 13,778 13,082
2015-2016 15,292 15,077
2016-2017 12,605 11,808
2017-2018 13,368 12,698
2018-2019 15,655 16,846

IRCC remains one of the most accessed federal institutions, receiving a total of 15,655 requests submitted under the Privacy Act in the 2018-2019 reporting period. This represents an increase of 17 per cent from the previous year. Given the volume of Privacy requests to process, the Department’s compliance rate was 63.04 per cent.

The majority of Privacy Act requests received were for information relating to client records.

Pages processed

Access to information and privacy pages reviewed

as described below
Text version: Access to information and privacy pages reviewed
Year Pages reviewed
2014-2015 2,227,317
2015-2016 2,923,225
2016-2017 3,579,498
2017-2018 4,548,653
2018-2019 7,255,790

As the number of requests continues to increase, the volume of pages continues to rise also. In 2018-2019, IRCC processed 7,255,790 pages.

This is a 58 per cent increase from last fiscal year, which equates to over 2 million more pages that the ATIP Division reviewed.

Access to Information Act

IRCC processed 6,058,588 pages during the 2018-2019 reporting period, an increase of 63 per cent over the previous fiscal year.

Privacy Act

IRCC processed 1,197,202 pages during the 2018-2019 reporting period, an increase of 37 per cent over the previous fiscal year.

Sources of requests under the Access to Information Act

The business sector (mainly immigration lawyers and consultants) remains the largest source of requests, accounting for 57.7 per cent of all requests. The general public accounts for 28.1 per cent, and media, organizations and academia comprise 7.5 per cent of requests. The remaining 6.7 per cent represents requesters who decline to identify themselves.

Sources of access to information requests

as described below
Text version: Sources of access to information requests
Sources Requests
Business 47,543
Public 23,143
Media, academia and organizations 6,215
Decline to identify 5,486

Informal access requests under the Access to Information Act

IRCC posts summaries of completed access to information requests pertaining to corporate records on the Open Government portal. In 2018-2019, IRCC closed 1,254 informal requests (copies of previously released requests).

Exemptions

Access to Information Act

The Department invoked some exemptions on 51,262 requests (61.1 per cent), and all information was provided in 25,194 of its requests (30 per cent). The remaining 7,413 requests (8.8 per cent) were transferred, abandoned, no record existed or the Department could neither confirm nor deny the existence of these records, as doing so could reveal information that is protected under the Act.

The majority of exemptions invoked by IRCC fell under three sections of the Act:

More than one section can be applied to a specific request.

Privacy Act

The Department invoked some exemptions on 10,154 requests (60 per cent), and all information was provided in 3,183 requests (19 per cent). The remaining 3,509 requests (21 per cent) were either transferred, abandoned or no record existed.

The majority of exemptions invoked by IRCC fell under three sections of the Act:

More than one section can be applied to a specific request.

Exclusions

Access to Information Act

The Access to Information Act does not apply to records that are already available to the public (section 68) and confidences of the Queen’s Privy Council (section 69). IRCC excluded records based on section 68 in 25 instances, and on section 69 in 37 instances.

Privacy Act

The Privacy Act does not apply to records that are already available to the public (section 69) and confidences of the Queen’s Privy Council (section 70). IRCC did not apply any exclusions under the Privacy Act during the reporting period.

Consultations

Access to Information Act

Other federal government institutions consulted IRCC for records related to IRCC in 298 cases under the Access to Information Act, and IRCC was able to respond to 68 per cent of those consultations within 30 days.

Privacy Act

Other federal government institutions consulted IRCC for records related to IRCC in 31 cases under the Privacy Act, and was able to respond to 80 per cent of those consultations within 30 days.

Extensions

Access to Information Act

Section 9 of the Access to Information Act permits the statutory time limits to be extended if consultations are necessary or if the request is for a large volume of records, and processing it within the original time limit would unreasonably interfere with the operations of the Department.

IRCC invoked a total of 2,729 extensions during the 2018-2019 reporting period. Extensions were required in 2,570 instances when IRCC consulted with other federal institutions prior to responding. Extensions were required in 121 instances to search through a large volume of records or to respond to the influx of requests, or both, which interfered with operations. The Department also invoked 38 extensions to conduct third-party notifications.

Privacy Act

Section 15 of the Privacy Act permits the statutory time limits to be extended if consultations are necessary, if translation is required or if the request is for a large volume of records and processing it within the original time limit would unreasonably interfere with the operations of the Department.

IRCC invoked a total of 199 extensions during the 2018-2019 reporting period. Of these, 168 were deemed necessary as IRCC needed to consult with other federal institutions prior to responding. Extensions were required in a further 31 instances to search for or through a large volume of records or to respond to the influx of requests, or both, which interfered with operations. The Department did not invoke any extensions for translation purposes.

Completion times

as described below
Text version: Completion times

Access to information requests

Completion Time Number of requests Percentage of requests
30 days or less 48,754 58%
31 to 60 days 24,757 30%
61 to 120 days 3,613 4%
121 days or more 6,771 8%

Privacy requests

Completion Time Number of requests Percentage of requests
30 days or less 9,306 55%
31 to 60 days 5,359 32%
61 to 120 days 368 2%
121 days or more 1,813 11%

Complaints

Both the Office of the Information Commissioner (OIC) and the Office of the Privacy Commissioner (OPC) will work with institutions to resolve complaints in the early resolution process (when possible) without opening a formal investigation. If that is not an option, or if the matter is not resolved in early resolution, the OIC and the OPC will open a formal investigation.

During the reporting period, the Department received 164 informal complaints through the early resolution process, and closed 154 complaints in early resolution.

Access to Information Act

During the 2018-2019 reporting period, the Department was notified of 544 access complaints received by the OIC. This represents 0.66 per cent of all requests completed during this period. The majority of complaints were related to processing times.

During the reporting period, ATIP processed and closed 579 complaint investigations. Of these, 95 complaints were abandoned, discontinued or deemed to be unfounded. The remaining 484 complaints were resolved to the satisfaction of the requester.

Privacy Act

During the 2018-2019 fiscal year, the Department was notified of 11 privacy complaints received by the OPC. This represents 0.07 per cent of all requests completed during this period. The majority of the OPC complaints were related to processing times.

During the reporting period, ATIP processed and closed 15 complaint investigations. Of these, 4 were deemed not well-founded, while 11 were resolved to the satisfaction of the requester.

Complaints of note

In March 2018, the Department updated its form for Consent for an Access to Information and Personal Information Request (IMM 5744). One of the primary changes was the introduction of mandatory consent of both parents for information about a minor child. Previously, only the consent of one parent of a minor child was required, but increasing concerns about illegal immigration, child abduction and abuse, and identity fraud prompted the ATIP Division to review and reconsider its consent policy for ATIP requests for information about a minor child.

The process now requires a requester to include consent from both parents of the child, or they must provide proof that there is only one custodian. This change to the consent form safeguards the disclosure of a minor’s information to a party that should not have access.

The requirement for dual signatures was introduced to ensure that the release of information contained in records does not compromise the safety of the minor and other parties that may be present. It also ensures the requester has a right of access to the information found in the records.

A complaint was received about the new consent requirement. Based on the Department’s representations, the OPC determined in the early resolution process that there was no need to complete a formal investigation.

Actions taken under both Acts

The Department has taken diverse actions aimed at reducing the number of complaints received. For instance, ATIP actively engages with the OIC at regular meetings to discuss and resolve complaints. The Division is continuing to seek ways to improve its performance in an effort to reduce response times for ATIP requests, with the end goal of decreasing complaints.

ATIP has two dedicated officers dealing with complaint resolution. IRCC works closely in conjunction with both the OIC and the OPC to ensure expectations are met and to ensure that ATIP Analysts and the Offices of Primary Interest have a clear understanding of the complaint process.

There was a 174 per cent increase in complaints this year over the previous fiscal year. Of those, 266 came from a single requester and 362 came from 5 complainants. Of these 362, 322 were resolved without formal investigation by the OIC, as the ATIP response had been sent before the requester made the complaint.

During the reporting period, the ATIP Division made a concerted effort to clear old complaints and ensure that all complaints are actioned in a timely manner. New processes were implemented to reduce response time to complaints by having a better distribution of work, holding regular meetings to discuss issues and all ongoing files, and routine statistical reports to ensure that all work has been actioned. As a result of the new processes, the ATIP Division closed 196 per cent more complaints than the previous fiscal year, and its complaint backlog is at its lowest since 2013-2014.

Complaint Volumes: 2013-2014 to 2018-2019

as described below
Text version: Complaint Volumes: 2013-2014 to 2018-2019
Year Complaints received Complaints closed
2013-2014 351 177
2014-2015 265 333
2015-2016 199 127
2016-2017 140 204
2017-2018 227 201
2018-2019 555 594

Audits

The audit of Access to Information and Privacy Management was included in the Department’s 2018‑2020 risk-based audit plan, and was completed in February 2019. The audit objective was to assess the effectiveness of the current governance and control framework to manage ATIP requests in the Department to ensure compliance with legislative, Treasury Board and departmental requirements.

The audit scope covered the governance framework, reporting and monitoring capabilities, resource management, compliance, and operating effectiveness of the ATIP management process within the Department. The audit scope did not include Privacy Act requirements related to Privacy Impact Assessments, privacy breaches, or complaints from the OPC that relate to departmental privacy practices. The audit covered the time period from April 1, 2016 to June 30, 2018.

The audit concluded that the Department has a governance and control framework in place to support the management of ATIP requests; however, opportunities for improvement were identified to strengthen the current framework to better support the management of ATIP requests so that compliance with legislative, Treasury Board and departmental requirements is ensured.

The Department will be addressing the audit recommendations through 2019-2020 and the following years.

Appeal to the Federal Court

There were no appeals to the Federal Court filed against IRCC regarding the Access to Information Act and the Privacy Act during the 2018-2019 reporting period.

Reporting on access to information fees for the purposes of the Service Fees Act

The Service Fees Act requires a responsible authority to report annually to Parliament on the fees collected by the institution.

With respect to fees collected under the Access to Information Act, the information below is reported in accordance with the requirements of section 20 of the Service Fees Act.

Reporting requirements specific to the Privacy Act

The following section contains highlights from the statistical reports that are only reported for the Privacy Act, and not the Access to Information Act. That includes privacy impacts assessments, disclosures of personal information under 8(2)(e) and 8(2)(m) of the Privacy Act, and privacy breaches.

Privacy Impact Assessments

To fulfil its mandate and effectively deliver its programs and services, IRCC collects, uses and discloses personal information. In accordance with Treasury Board of Canada Secretariat (TBS) policy, the Department undertakes Privacy Impact Assessments (PIAs) to ensure compliance with the Privacy Act and identify privacy risks present in new or existing departmental programs, initiatives or projects that collect and use personal information.

Descriptions of PIAs completed during the 2018-2019 fiscal year are found below. For each of the PIA description, we have provided the hyperlink to the related PIA summaries, except for three of the PIA summaries that are still being prepared for online publication.

Analytics

The PIA summary is currently under development and will be posted later in the fiscal year.

In 2018, IRCC launched a pilot project using computer analytics to help officers triage online Temporary Resident Visa applications from China. The pilot project’s goal is to improve client service and make processing more efficient, while continuing to protect the safety and security of Canadians. The computer analytics help officers to identify applications that are routine and straightforward for streamlined processing and to triage files that are more complex for a more thorough review. In all cases, officers must still screen for security and criminality for all applications.

The objective of the PIA Report was to assess privacy risks associated with the implementation of computer analytics in the processing of online Temporary Resident Visa applications from China.

Disclosure of citizenship data to Elections Canada for updating the National Register of Electors

The PIA summary can be found here: /content/canadasite/en/immigration-refugees-citizenship/corporate/transparency/access-information-privacy/privacy-impact-assessment/national-registers-electors-ircc-citizenship-data-transfers.html.

The Elections Canada (EC) National Register of Electors (NROE) is the continually updated database of Canadians who are qualified to vote in federal elections and referendums and is used by EC to create preliminary lists of electors (voters’ lists) at the beginning of federal elections and referendums.

Transfers of new citizen data have occurred from IRCC to EC NROE since 1997, when the NROE was created. Canadian citizenship applicants aged 18 and over can consent on IRCC’s Application for Canadian Citizenship to transfer personal information associated with citizenship status upon citizenship conferral to EC to be added to the NROE and subsequently to federal voters’ lists. In May 2017, EC and IRCC updated their Memorandum of Understanding to include additional data elements, and to address changes made to IRCC’s Citizenship Regulations in 2014 that allow IRCC to disclose information on citizenship revocations, recalls and renunciations (collectively called ‘loss citizenships’).

The objective of the multi-institutional PIA Report was to assess privacy risks associated with the disclosure of personal information from IRCC to EC concerning new citizens, and information on citizenship revocations, recalls and renunciations.

Disclosure of immigration data to Elections Canada for updating the National Register of Electors

The PIA summary is currently under development and will be posted later in the fiscal year.

The EC NROE is the permanent database of Canadians who are qualified to vote in federal elections and referendums and is used by EC to create preliminary lists of electors (voters’ lists) at the beginning of federal elections and referendums.

Citizenship status is one of the criteria associated with determining an individual’s qualification to vote in Canada. Foreign Nationals (FN) and Permanent Residents (PR) are categories of individuals who are not citizens of Canada, and therefore are not qualified to vote in Canadian federal elections and referendums.

Since 1997, EC has relied on information disclosed by IRCC as the authoritative source for new citizen data to ensure that the NROE is as complete, accurate and as up-to-date as possible. The subject of this PIA involves a new data transfer that extends this data sharing relationship by requesting that IRCC transfer to EC selected personal information associated with FNs and PRs. EC intends to use this information to ensure that information associated with individuals who are FNs or PRs do not appear as active electors in the NROE.

The objective of the multi-institutional PIA Report was to assess privacy risks associated with the disclosure of personal information from IRCC to EC concerning FNs and PRs.

Entry Exit initiative

The PIA summary can be found here: /content/canadasite/en/immigration-refugees-citizenship/corporate/transparency/access-information-privacy/privacy-impact-assessment/entry-exit-executive-summary-website.html.

Once fully implemented, the Entry/Exit initiative will allow the Canada Border Services Agency (CBSA) to collect biographic information on all travelers to and from Canada at the land border and in air mode. As a project partner, IRCC uses entry/exit information to assist with the administration of the Immigration and Refugee Protection Act, the Citizenship Act, and the Passport Order. The sharing of information between the Agency and the Department is authorized by the Customs Act and governed by a Memorandum of Understanding and four appendices.

The objective of the PIA Report was to assess privacy risks associated with IRCC’s collection and use of traveller personal information from CBSA.

Integrated Payment and Revenue Management System

The PIA summary is currently under development and will be posted later in the fiscal year.

As part of the department’s modernization agenda, a new fee management system called the Integrated Payment and Revenue Management System (IPRMS) was designed to replace existing systems involved in the handling of cost recovery fees.

IPRMS will use the Receiver General Buy Button to collect fees through the internet, the Bill Payment Service to collect payments made at a Canadian Financial Institution and the Secure File Transfer infrastructure managed by Public Services and Procurement Canada (PSPC) to ensure secure transmission of payment data between PSPC and IRCC.

The objective of the PIA Report was to assess privacy risks associated with the implementation of IPRMS at IRCC.

Interim Federal Health Program

The PIA summary can be found here: /content/canadasite/en/immigration-refugees-citizenship/corporate/transparency/access-information-privacy/privacy-impact-assessment/executive-summary-ifhp.html.

The Migration Health Branch is responsible for the administration and delivery of the Interim Federal Health Program (IFHP), which provides limited, temporary coverage of health care benefits to resettled refugees, refugee claimants and certain other groups who are not eligible for provincial or territorial health insurance and do not have private insurance. These responsibilities include establishing requirements for eligibility, developing a schedule of benefits, identifying and registering health professionals‎ affiliated with the program, and managing and monitoring the delivery of the program through a third-party claims administrator.

The objective of the PIA Report was to assess privacy risks associated with the management of personal information under the IFHP as they relate to the third party claims administrator.

Provincial Nominee Program

The PIA summary can be found here: /content/canadasite/en/immigration-refugees-citizenship/corporate/transparency/access-information-privacy/privacy-impact-assessment/2018-information-sharing-provincial-nominee-program.html.

The Provincial Nominee Program, established in 1997, has three objectives: to meet provincial and territorial labour market and economic development needs; to promote immigration to areas of Canada that are not traditional destinations for immigrants; and to encourage economic development of minority official language communities. To achieve these objectives, provinces and territories nominate for permanent residence individuals who possess the skills necessary to address specific labour market demands and who demonstrate the ability and intent to economically establish in the nominating province or territory.

In 2014, as the Department began renegotiating provincial and territorial bilateral agreements, measures were taken to expand on program integrity provisions in the Provincial Nominee bilateral agreements as a result of ongoing program integrity issues. A dedicated section on program integrity was added to the agreements which assigned responsibility for program integrity to provinces and territories in the administration of their programs. Clauses were also added to the agreements to coordinate activities between the Department and provinces and territories to improve the identification and addressing of incidents of misrepresentation and fraud, through information sharing.

This privacy impact assessment examined how the Department shares personal information with, and treats personal information received from, its provincial and territorial partners for the purpose of administering and monitoring the Provincial Nominee Program.

Application Support Centers

The PIA summary can be found here: /content/canadasite/en/immigration-refugees-citizenship/corporate/transparency/access-information-privacy/privacy-impact-assessment/application-support-centers.html.

The U.S. Service Channel Arrangement refers to the biometrics collection services offered by U.S. Application Support Centers (ASCs) under the provisions of a Memorandum of Understanding (MOU) between Immigration Refugees and Citizenship Canada (IRCC) and U.S. Citizenship and Immigration Services (USCIS). This MOU allows biometric-required applicants who have submitted an application to Canada, and who are physically present in the U.S., to provide their biometrics at ASCs.

This PIA Annex has assessed the privacy impacts related to the use of an appointment scheduling system, which will be used by IRCC applicants to make their biometrics appointment at ASCs in the U.S. and by USCIS to record, track, and display to their internal users and report to IRCC appointment information obtained from the appointment scheduling system.

Youth Advisory Group

The PIA summary can be found here: /content/canadasite/en/immigration-refugees-citizenship/corporate/transparency/access-information-privacy/privacy-impact-assessment/2018-youth-advisory-group.html.

IRCC has created a departmental Youth Advisory Group (YAG). Several IRCC branches, other federal departments, and external stakeholders were engaged extensively to inform the YAG’s design, scope, mandate, and intake process.

The YAG will serve as an ongoing forum for engagement between youth and IRCC officials, including the Minister of IRCC.

The objective of the PIA Report was to assess privacy risks associated with the management of personal information from potential members to assess applicants, facilitate their participation in YAG activities, engage with members on feedback on immigration-related topics and create communications products.

Disclosure of personal information under paragraphs 8(2)(e) and 8(2)(m)

In accordance with subsection 8(2) of the Privacy Act, under certain circumstances, a government institution may disclose personal information under its control without the consent of the individual to whom the information relates.

Paragraph 8(2)(e) provides that personal information may be disclosed to an investigative body specified in the regulations on the written request of the body for the purpose of enforcing any law of Canada or any province or carrying out a lawful investigation. The request must specify the purpose and describe the information to be disclosed.

During this reporting period, IRCC disclosed personal information under subsection 8(2) in responding to 4,233 requests from investigative bodies under paragraph 8(2)(e).

Paragraph 8(2)(m) provides that personal information may be disclosed for any purpose where, in the opinion of the head of an institution, (i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or (ii) disclosure would clearly benefit the individual to whom the information relates.

During this reporting period, IRCC disclosed personal information in 15 instances under paragraph 8(2)(m) of the Privacy Act:

Material privacy breaches

A privacy breach refers to the improper or unauthorized creation, collection, use, disclosure, retention or disposition of personal information. A material privacy breach is a privacy breach that involves sensitive personal information and could reasonably be expected to cause injury or harm to the individual.

In 2018-2019, IRCC notified the OPC and TBS of six material privacy breaches. IRCC monitors all privacy breaches closely and has established notifications and remedial measures to address each situation.

In all cases, the program areas sent apology letters to the affected individuals. The ATIP Division provided advice and guidance to departmental staff on containment and mitigation strategies to improve the protection of personal information. In addition, senior officials were notified of all material breaches to facilitate communication within the Department and raise awareness of issues that could hinder the public’s right to privacy.

The ATIP Division monitors all privacy breaches reported at IRCC. The Division also reviews how and where they are occurring within the Department. ATIP addresses trends and provides tailored privacy breach training sessions to raise awareness and increase privacy breach prevention.

Monitoring compliance

The ATIP Division has established internal procedures to help facilitate the timely and efficient processing and monitoring of ATIP requests. The Division prepares three weekly reports pertaining to ATIP requests for senior management, which are disseminated at the Assistant Deputy Minister, Deputy Minister and Ministerial levels. There is a ‘snapshot’ report that contains various statistics, including the number of requests received and processed, as well as the current compliance rate under both Acts. There is also a summary report of upcoming requests soon to be disclosed under the Access to Information Act and a compliance report for Assistant Deputy Ministers in relation to their sector’s ability to provide requested documents to ATIP in a timely manner. Finally, there is a weekly summary report of late files to be processed in priority. It is important to note that no personal information is disclosed to senior management in these reports.

In addition, senior management is provided with a status update on material breaches twice per year.

Policies, guidelines, procedures and initiatives

Access to Information Act and the Privacy Act

IRCC undertook several projects related to the improvement of its ATIP requests processes which affect the administration of requests under the Access to Information Act and Privacy Act:

Privacy Act only

IRCC undertook several projects related to the improvement of the management of personal information at IRCC in accordance with the Privacy Act:

Training and awareness

Through its training delivery and awareness activities, IRCC continues to work towards developing an institution-wide culture of respect for access to information alongside a strong commitment to increased privacy vigilance.

During the reporting period, 3,251 employees participated in ATIP Division training sessions, representing an 18 per cent increase from the previous fiscal year.

Access to information and privacy training

The ATIP Division offers three core training courses that address both access to information and privacy requirements:

  1. Understanding and Managing ATIP Requests is designed to provide a greater understanding of the roles and responsibilities of the ATIP Division, the Liaison Officers and other departmental officials in the processing of an ATIP request. A total of 79 employees attended 9 sessions.
  2. ATIP Training for Middle Managers and Executives provides an overview of key ATIP principles and practices, and a greater understanding of the roles and responsibilities of managers and employees. A total of 22 managers and executives attended 2 sessions.
  3. Protecting and Giving Access to Information at IRCC is a mandatory online course for all employees. It provides a brief overview of key ATIP principles and practices and fosters a greater understanding of the roles and responsibilities of all employees. During the year, 1,250 employees took the online training session.

The ATIP Division also provides ad hoc and tailored training sessions and workshop presentations to reinforce and increase knowledge and understanding of access to information, privacy and personal information. These sessions are independent of mandatory courses and are given by request in response to a group’s specific needs. A total of 1,116 employees were provided tailored ATIP training over 98 sessions last fiscal year.

IRCC Comprehensive New User Training

IRCC also introduced mandatory in-person training for new employees that includes security, information management and ATIP considerations. A total of 98 employees attended 10 sessions.

Privacy-only training

Privacy breach training

Privacy breach training sessions are designed to provide a greater understanding of what a privacy breach is, the roles and responsibilities of employees and awareness of emerging trends in privacy breaches.

These sessions are focused not only on how to contain a breach, but also how to evaluate it, notify internal and external stakeholders, mitigate the impact and reduce the probability of a recurrence. They provide an opportunity for program areas to ask questions pertaining to real scenarios and receive practical advice from the ATIP staff.

A total of 402 employees received privacy breach training in 2018-2019 over 24 sessions.

Tailored privacy training

Tailored privacy training sessions are designed to provide a more in-depth look at specific privacy policy issues, such as information sharing or privacy impact assessments.

A total of 284 employees received tailored privacy training over 17 sessions.

IRCC Privacy Day

On December 3, 2018, IRCC celebrated its 3rd Annual Privacy Day. This initiative is a large-scale, department-wide event created to bolster privacy awareness and to champion the protection of personal information at IRCC.

Privacy Day challenges employees to think differently about privacy and the implications it may have for the delivery of the Department’s programs and services. It underscores that privacy is a shared responsibility.

As Privacy Day is held each year, it provides a forum to spotlight key issues in privacy in an often complex and rapidly changing technological environment.

On Privacy Day, IRCC organized three seminars dealing with automated vehicles and ethics, the future of the public service and artificial intelligence, and the privacy challenges involved with technological change. The ATIP Division ran a kiosk to answer questions about the protection of privacy in daily work. The event was promoted on Today@IRCC, the Department’s internal electronic newsletter. Accepting ATIP’s invitation, various government institutions were in attendance at various seminars.

Data Privacy Day

On January 28, 2019, IRCC observed Data Privacy Day as part of its commitment to raise awareness about the importance of privacy and the protection of personal information. Data Privacy Day is an internationally recognized event. It is an excellent opportunity to empower and educate employees on how to manage and control their digital footprint as well as highlight the privacy risks associated with changes in technology. The ATIP Division, in collaboration with Information Management Services, Information Sharing and Information Technology Security, hosted a joint information kiosk to answer questions from employees and provide informative materials.

Annex A: Signed Delegation

as described below
Text version: Signed Delegation

Official Document

Department of Immigration, Refugees and Citizenship of Canada

Delegation of Authority

Access to Information Act and Privacy Act

I, Minister of Immigration, Refugees and Citizenship, pursuant to Section 73 of the Access to Information Act and of the Privacy Act, hereby authorize the officer and employee of Immigration, Refugees and Citizenship whose position or classification is set out in the attached Schedule to carry out those of my power, duties or functions under the Acts that are set in the Schedule in relation to that officer and employee.

Dated at Ottawa

This 20 day of June 2016

John McCallum, P.C., M.P.
Minister of Immigration, Refugees and Citizenship

Annex B: Delegation Order under the Access to Information Act

Official Document

Delegation of Authority under the Access to Information Act and the Access to Information Regulations

Access to Information Act - Position / TitleFootnote *
Description Section 1 - DM / DMA 2 - ADM-CS / DG-CA 3 - ATIP / DIRECTOR 4 - ATIP / ASSISTANT DIRECTORS 5 - ATIP / PM-05 OPS 6 - ATIP / PM-05 CSI 7 - ATIP / PM-04 OPS 8 - ATIP / PM-04 CSI 9 - ATIP / PM-03 OPS 10 - ATIP / PM-03 CSI
Notice where access granted 7 yes yes yes yes yes yes yes yes yes yes
Transfer of request 8(1) yes yes yes yes yes yes yes yes yes yes
Extension of time limits 9(1) yes yes yes yes yes yes yes yes yes yes
Notice of extension to Commissioner 9(2) yes yes yes yes yes yes yes yes yes yes
Notice where access refused 10(1) and (2) yes yes yes yes yes yes yes yes yes yes
Payment of additional fees 11(2) yes yes yes yes yes yes yes yes yes yes
Payment of fees for EDP record 11(3) yes yes yes yes yes yes yes yes yes yes
Deposit 11(4) yes yes yes yes yes yes yes yes yes yes
Notice of fee payment 11(5) yes yes yes yes yes yes yes yes yes yes
Waiver or refund of fees 11(6) yes yes yes yes yes yes yes yes yes yes
Translation 12(2) yes yes yes yes yes yes yes yes yes yes
Conversion to alternate format 12(3) yes yes yes yes yes yes yes yes yes yes
Information obtained in confidence 13 yes yes yes yes yes no yes no no no
Refuse access: Federal-provincial affairs 14 yes yes yes yes yes no no no no no
Refuse access: International affairs, defence 15(1) yes yes yes yes yes no yes no no no
Refuse access: Law enforcement and investigation 16(1) yes yes yes yes yes no yes no yes no
Refuse access: Security information 16(2) yes yes yes yes yes no yes no yes no
Refuse access: Policing services for provinces or municipalities 16(3) yes yes yes yes yes no yes no yes no
Refuse access: Safety of individuals 17 yes yes yes yes yes yes yes no yes no
Refuse access: Economic interests of Canada 18 yes yes yes yes yes no no no no no
Refuse access: Another person’s information 19(1) yes yes yes yes yes yes yes yes yes yes
Disclose personal information 19(2) yes yes yes yes yes yes yes yes yes yes
Refuse access: Third-party information 20(1) yes yes yes yes yes no no no no no
Disclose testing methods 20(2) and (3) yes yes yes yes yes no no no no no
Disclose third-party information 20(5) yes yes yes yes yes no no no no no
Disclose in public interest 20(6) yes yes yes yes yes no no no no no
Refuse access: Advice, etc. 21 yes yes yes yes yes no no no no no
Refuse access: Tests and audits 22 yes yes yes yes yes no no no no no
Refuse access: Solicitor-client privilege 23 yes yes yes yes yes no yes no no no
Refuse access: prohibited information 24(1) yes yes yes yes yes no no no no no
Disclose severed information 25 yes yes yes yes yes yes yes no no no
Refuse access: Information to be published 26 yes yes yes yes yes no no no no no
Notice to third parties 27(1) yes yes yes yes yes yes no no no no
Extension of time limit 27(4) yes yes yes yes yes yes no no no no
Notice of third-party disclosure 28(1) yes yes yes yes yes yes no no no no
Representation to be made in writing 28(2) yes yes yes yes yes yes no no no no
Disclosure of record 28(4) yes yes yes yes yes no no no no no
Disclosure on Commissioner’s recommendation 29(1) yes yes yes yes yes no no yes no no
Notice of intention to investigate 32 yes yes yes yes yes no no yes no no
Notice to third party 33 yes yes yes yes yes no no yes no no
Right to make representations 35(2) yes yes yes yes yes yes no yes no no
Findings and recommendations of the Information Commissioner 37(1)(b) yes yes yes yes yes no no yes no no
Access given to complainant 37(4) yes yes yes yes yes no no no no no
Notice to third party of court action 43(1) yes yes yes yes yes no no no no no
Notice to person who requested record 44(2) yes yes yes yes yes no no no no no
Special rules for hearings 52(2) yes yes yes yes no no no no no no
Ex parte representations 52(3) yes yes yes yes yes no no no no no
Exempt information may be excluded 71(2) yes yes yes yes yes no no no no no
Access to Information Regulations – Position / Title
Description Section 1 - DM / DMA 2 - ADM-CS / DG-CA 3 - ATIP / DIRECTOR 4 - ATIP / ASSISTANT DIRECTORS 5 - ATIP / PM-05 OPS 6 - ATIP / PM-05 CSI 7 - ATIP / PM-04 OPS 8 - ATIP / PM-04 CSI 9 - ATIP / PM-03 OPS 10 - ATIP / PM-03 CSI
Transfer of requests 6 yes yes yes yes yes yes yes yes yes yes
Examination of records 8 yes yes yes yes yes yes yes yes yes yes

Legend

DM / DMA
Deputy Minister / Associate Deputy Minister
ADM-CS / DG-CA
ADM, Corporate Services / Director General, Corporate Affairs
ATIP / DIRECTOR
Director, Access to Information and Privacy (EX-01)
ATIP / ASSISTANT DIRECTORS
Assistant Director, ATIP Operations (OPS) (PM-06) / Assistant Director, Complex and Sensitive Issues (CSI) (PM-06)
ATIP / PM-05 OPS
Senior ATIP Administrators, ATIP Operations (OPS)
ATIP / PM-05 CSI
Senior ATIP Administrators, ATIP Complex and Sensitive Issues (CSI)
ATIP / PM-04 OPS
ATIP Administrators, ATIP Operations (OPS)
ATIP / PM-04 CSI
ATIP Administrators, ATIP Complex and Sensitive Issues (CSI)
ATIP / PM-03 OPS
ATIP Officers, ATIP Operations (OPS)
ATIP / PM–03 CSI
ATIP Officers, ATIP Complex and Sensitive Issues (CSI)

Annex C: Delegation Order under the Privacy Act

Official Document

Delegation of Authority under the Privacy Act and the Privacy Regulations

Privacy Act – Position / TitleFootnote *
Description Section 1 - DM / DMA 2 - ADM-CS / DG-CA 3 - ADM-SPP / DG-RE 4 - ATIP / DIRECTOR 5 - ATIP / ASSISTANT DIRECTOR CSI 6 - ATIP / ASSISTANT DIRECTOR OPS /
ATIP / PM-05 OPS
7 - ATIP / PM-05 CSI 8 - ATIP / PM-04 OPS 9 - ATIP / PM-04 CSI 10 - ATIP / PM-03 OPS 11 - ATIP / PM-3 CSI
Disclosure to investigative bodies 8(2)(e) yes yes no yes no yes no yes no yes no
Disclosure for research and statistics 8(2)(j) yes yes yes no no no no no no no no
Disclosure in public interest clearly outweighs any invasion of privacy 8(2)(m)(i) yes no no no no no no no no no no
Disclosure in public interest, benefit of individual 8(2)(m)(ii) yes no no no no no no no no no no
Record of disclosure for investigations 8(4) yes yes no yes no yes no no no no no
Notify Privacy Commissioner of 8(2)(m) 8(5) yes yes no yes no no no no no no no
Record of consistent uses 9(1) yes yes no yes no no no no no no no
Notify Privacy Commissioner of consistent uses 9(4) yes yes no yes no no no no no no no
Personal information in banks 10(1) yes yes no yes no no no no no no no
Notice where access is granted 14 yes yes no yes yes yes yes yes yes yes yes
Extension of time limits 15 yes yes no yes yes yes yes yes yes yes yes
Notice where access is refused 16 yes yes no yes yes yes yes yes yes yes yes
Decision regarding translation 17(2)(b) yes yes no yes yes yes yes yes yes yes yes
Conversion to alternate format 17(3)(b) yes yes no yes yes yes yes yes yes yes yes
Refuse access: Exempt bank 18(2) yes yes no yes yes yes yes no no no no
Refuse access: Confidential information 19(1) yes yes no yes yes yes no yes no no no
Disclose confidential information 19(2) yes yes no yes yes yes no yes no no no
Refuse access: Federal-provincial affairs 20 yes yes no yes yes yes no no no no no
Refuse access: International affairs, defence 21 yes yes no yes yes yes no yes no no no
Refuse access: Law enforcement and investigation 22 yes yes no yes yes yes no yes no yes no
Refuse access: Security clearance 23 yes yes no yes yes yes no yes no yes no
Refuse access: Person under sentence 24 yes yes no yes yes yes no no no no no
Refuse access: Safety of individuals 25 yes yes no yes yes yes yes yes no yes no
Refuse access: Another person’s information 26 yes yes no yes yes yes yes yes yes yes yes
Refuse access: Solicitor-client privilege 27 yes yes no yes yes yes no yes no no no
Refuse access: Medical record 28 yes yes no yes yes yes no yes no no no
Receive notice of investigation 31 yes yes no yes yes yes no no yes no no
Representation to Privacy Commissioner 33(2) yes yes no yes yes yes yes no yes no no
Response to findings and recommendations of the Privacy Commissioner within a specified time 35(1)(b) yes yes no yes yes yes no no yes no no
Access given to complainant 35(4) yes yes no yes yes yes no no no no no
Response to review of exempt banks 36(3)(b) yes yes no yes no no no no no no no
Response to review of compliance 37(3) yes yes no yes yes yes no no no no no
Request of court hearing in the National Capital Region 51(2)(b) yes yes no yes yes no no no no no no
Ex parte representation to court 51(3) yes yes no yes yes yes no no no no no
Privacy Regulations – Position / Title
Description Section 1 - DM / DMA 2 - ADM-CS / DG-CA 3 - ADM-SPP /DG-RE 4 - ATIP / DIRECTOR 5 - ATIP / ASSISTANT DIRECTOR CSI 6 - ATIP / ASSISTANT DIRECTOR OPS /
ATIP / PM-05 OPS
7 - ATIP / PM-05 CSI 8 - ATIP / PM-04 OPS 9 - ATIP / PM-04 CSI 10 - ATIP / PM-03 OPS 11 - ATIP / PM-3 CSI
Examination of records 9 yes yes no yes yes yes yes yes yes yes yes
Correction of personal information 11(2) yes yes no yes yes yes yes no no no no
Notification of refusal to correct personal information 11(4) yes yes no yes yes yes yes no no no no
Disclosure: Medical information 13(1) yes yes no yes yes no no no no no no
Disclosure: Medical information – examine in person, in the presence of a duly qualified medical practitioner 14 yes yes no yes yes no no no no no no

Legend

DM / DMA
Deputy Minister / Associate Deputy Minister
ADM-CS / DG-CA
ADM, Corporate Services / Director General, Corporate Affairs
ADM-SPP / DG-RE
Associate ADM, Strategic and Program Policy / Director General, Research and Evaluation
ATIP / DIRECTOR
Director, Access to Information and Privacy (EX-01)
ATIP / ASSISTANT DIRECTOR CSI
Assistant Director, Complex and Sensitive Issues, CSI (PM-06)
ATIP /ASSISTANT DIRECTOR OPS
ATIP / PM-05 OPS
Assistant Director, ATIP Operations, OPS (PM-06)
Senior ATIP Administrator, ATIP Operations (OPS
ATIP / PM-05 CSI
Senior ATIP Administrators, Complex and Sensitive Issues (CSI)
ATIP / PM-04 OPS
ATIP Administrators, ATIP Operations (OPS)
ATIP / PM-04 CSI
ATIP Administrators, Complex and Sensitive Issues (CSI)
ATIP / PM-03 OPS
ATIP Officers, ATIP Operations (OPS)
ATIP / PM-03 CSI
ATIP Officers, ATIP Complex and Sensitive Issues (CSI)

Name of institution: Immigration, Refugees and Citizenship Canada

Reporting period: 2018-04-01 to 2019-03-31

Part 1: Requests Under the Access to Information Act

1.1 Number of requests

Type of Request Number of Requests
Received during reporting period 82,387
Outstanding from previous reporting period 12,506
Total 94,893
Closed during reporting period 83,895
Carried over to next reporting period 10,998

1.2 Sources of requests

Source Number of Requests
Media 395
Academia 2,060
Business (private sector) 47,543
Organization 3,760
Public 23,143
Decline to identify 5,486
Total 82,387

1.3 Informal requests

Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
423 371 318 114 18 10 0 1,254

Note: All requests previously recorded as “treated informally” will now be accounted for in this section only.

Part 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

Completion Time
Disposition of Requests 1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 594 14,863 7,786 847 207 482 415 25,194
Disclosed in part 804 26,500 16,310 2,609 679 1,974 2,360 51,236
All exempted 5 8 7 4 0 2 0 26
All excluded 8 12 2 3 0 1 0 26
No records exist 64 615 398 83 13 44 15 1,232
Request transferred 28 2 1 0 1 0 0 32
Request abandoned 4,262 987 253 66 29 104 445 6,146
Neither confirmed nor denied 0 2 0 1 0 0 0 3
Total 5,765 42,989 24,757 3,613 929 2,607 3,235 83,895

2.2 Exemptions

Section Number of Requests
13(1)(a) 3,546
13(1)(b) 47
13(1)(c) 26
13(1)(d) 7
13(1)(e) 1
14 59
14(a) 36
14(b) 7
15(1) 0
15(1) - I.A.Footnote a 1,373
15(1) - Def.Footnote b 960
15(1) - S.A.Footnote c 11,388
16(1)(a)(i) 4
16(1)(a)(ii) 1
16(1)(a)(iii) 1
16(1)(b) 320
16(1)(c) 16,043
16(1)(d) 0
16(2) 478
16(2)(a) 1
16(2)(b) 5
16(2)(c) 82
16(3) 1
16.1(1)(a) 0
16.1(1)(b) 0
16.1(1)(c) 0
16.1(1)(d) 0
16.2(1) 0
16.3 0
16.4(1)(a) 0
16.4(1)(b) 0
16.5 0
17 1,635
18(a) 8
18(b) 1
18(c) 0
18(d) 1
18.1(1)(a) 0
18.1(1)(b) 0
18.1(1)(c) 0
18.1(1)(d) 0
19(1) 38,816
20(1)(a) 3
20(1)(b) 72
20(1)(b.1) 1
20(1)(c) 22
20(1)(d) 12
20.1 0
20.2 0
20.4 0
21(1)(a) 258
21(1)(b) 318
21(1)(c) 85
21(1)(d) 76
22 118
22.1(1) 5
23 131
24(1) 3
26 0

2.3 Exclusions

Section Number of Requests
68(a) 25
68(b) 0
68(c) 0
68.1 8
68.2(a) 8
68.2(b) 0
69(1) 0
69(1)(a) 7
69(1)(b) 2
69(1)(c) 2
69(1)(d) 3
69(1)(e) 5
69(1)(f) 4
69(1)(g) re (a) 7
69(1)(g) re (b) 1
69(1)(g) re (c) 2
69(1)(g) re (d) 0
69(1)(g) re (e) 2
69(1)(g) re (f) 2
69.1(1) 0

2.4 Format of information released

Disposition Paper Electronic Other Formats
All disclosed 298 24,896 0
Disclosed in part 573 50,663 0
Total 871 75,559 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of Requests Number of Pages Processed Number of Pages Disclosed Number of Requests
All disclosed 1,605,497 1,429,286 25,194
Disclosed in part 4,417,666 3,707,675 51,236
All exempted 890 0 26
All excluded 304 0 26
Request abandoned 34,231 0 6,146
Neither confirmed nor denied 0 0 3
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 20,955 774,056 4,227 644,137 9 5,818 3 5,275 0 0
Disclosed in part 41,033 1,793,709 9,915 1,688,430 250 161,143 36 53,988 2 10,405
All exempted 25 0 0 0 1 0 0 0 0 0
All excluded 25 0 1 0 0 0 0 0 0 0
Request abandoned 5,605 0 468 0 51 0 22 0 0 0
Neither confirmed nor denied 3 0 0 0 0 0 0 0 0 0
Total 67,646 2,567,765 14,611 2,332,567 311 166,961 61 59,263 2 10,405
2.5.3 Other complexities
Disposition Consultation Required Assessment of Fees Legal Advice Sought Other Total
All disclosed 463 0 0 1 464
Disclosed in part 2,083 0 0 8 2,091
All exempted 9 0 0 0 9
All excluded 3 0 0 0 3
Request abandoned 92 0 0 0 92
Neither confirmed nor denied 1 0 0 0 1
Total 2,651 0 0 9 2,660

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed Past the Statutory Deadline Principal Reason
Workload External Consultation Internal Consultation Other
24,749 24,697 1 0 51
2.6.2 Number of days past deadline
Number of Days Past Deadline Number of Requests Past Deadline Where No Extension Was Taken Number of Requests Past Deadline Where An Extension Was Taken Total
1 to 15 days 14,433 328 14,761
16 to 30 days 1,032 61 1,093
31 to 60 days 1,311 77 1,388
61 to 120 days 1,319 136 1,455
121 to 180 days 598 117 715
181 to 365 days 2,304 414 2,718
More than 365 days 2,387 232 2,619
Total 23,384 1,365 24,749

2.7 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3: Extensions

3.1 Reasons for extensions and disposition of requests

Disposition of Requests Where an Extension Was Taken 9(1)(a)
Interference With Operations
9(1)(b)
Consultation
9(1)(c)
Third-party Notice
Section 69 Other
All disclosed 10 0 448 5
Disclosed in part 76 3 1,975 29
All exempted 1 0 6 2
All excluded 0 1 2 0
No records exist 4 0 74 0
Request abandoned 30 0 61 2
Total 121 4 2,566 38

3.2 Length of extensions

Disposition of Requests Where an Extension Was Taken 9(1)(a)
Interference With Operations
9(1)(b)
Consultation
9(1)(c)
Third-party Notice
Section 69 Other
30 days or less 36 0 136 19
31 to 60 days 56 2 2,218 7
61 to 120 days 20 2 188 11
121 to 180 days 4 0 21 0
181 to 365 days 3 0 3 1
365 days or more 2 0 0 0
Total 121 4 2,566 38

Part 4: Fees

Fee Type Fee Collected Fee Waived or Refunded
Number of Requests Amount Number of Requests Amount
Application 81,949 $409,745 343 $1,715
Search 0 $0 0 $0
Production 0 $0 0 $0
Programming 0 $0 0 $0
Preparation 0 $0 0 $0
Alternative format 0 $0 0 $0
Reproduction 0 $0 0 $0
Total 81,949 $409,745 343 $1,715

Part 5: Consultations Received From Other Institutions and Organizations

5.1 Consultations received from other Government of Canada institutions and organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during reporting period 298 19,088 7 331
Outstanding from the previous reporting period 38 4,331 0 0
Total 336 23,419 7 331
Closed during the reporting period 288 18,982 7 331
Pending at the end of the reporting period 48 4,437 0 0

5.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
Disclose entirely 65 54 27 4 0 1 0 151
Disclose in part 24 45 37 16 3 1 0 126
Exempt entirely 1 3 3 0 0 0 0 7
Exclude entirely 2 0 0 0 0 0 0 2
Consult other institution 0 0 0 0 0 0 0 0
Other 2 0 0 0 0 0 0 2
Total 94 102 67 20 3 2 0 288

5.3 Recommendations and completion time for consultations received from other organizations

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
Disclose entirely 0 2 0 1 0 0 0 3
Disclose in part 1 2 1 0 0 0 0 4
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 1 4 1 1 0 0 0 7

Part 6: Completion Time for Consultations on Cabinet Confidences

6.1 Requests with Legal Services

Number of Days Fewer Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 5 6 0 0 0 0 0 0 0 0
16 to 30 10 11 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 15 17 0 0 0 0 0 0 0 0

6.2 Requests with Privy Council Office

Number of Days Fewer Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 7: Complaints and Investigations

Section 32 Section 35 Section 37 Total
544 1 0 545

Part 8: Court Action

Section 41 Section 42 Section 44 Total
0 0 0 0

Part 9: Resources Related to the Access to Information Act

9.1 Costs

Expenditures Amount
Salaries $4,521,073
Overtime $113,547
Goods and services $213,075
Goods and services - Professional services contracts $124,665
Goods and services - Other $88,410
Total $4,847,695

9.2 Human Resources

Resources Person Years Dedicated to Access to Information Activities
Full-time employees 62.37
Part-time and casual employees 8.38
Regional staff 0.00
Consultants and agency personnel 3.33
Students 0.60
Total 74.68

Annex E: Statistical Report on the Privacy Act

Name of institution: Immigration, Refugees and Citizenship Canada

Reporting period: 2018-04-01 to 2019-03-31

Part 1: Requests Under the Privacy Act

  Number of Requests
Received during reporting period 15,655
Outstanding from previous reporting period 3,408
Total 19,063
Closed during reporting period 16,846
Carried over to next reporting period 2,217

Part 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 39 1,699 1,202 46 20 84 93 3,183
Disclosed in part 106 4,636 3,839 277 172 352 771 10,153
All exempted 0 1 0 0 0 0 0 1
All excluded 0 0 0 0 0 0 0 0
No records exist 16 164 132 7 6 17 9 351
Request abandoned 2,128 517 186 38 20 48 221 3,158
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 2,289 7,017 5,359 368 218 501 1,094 16,846

2.2 Exemptions

Section Number of Requests
18(2) 0
19(1)(a) 323
19(1)(b) 11
19(1)(c) 10
19(1)(d) 17
19(1)(e) 0
19(1)(f) 0
20 1
21 6,311
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 2,787
22(1)(c) 64
22(2) 0
22.1 0
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 148
26 7,744
27 18
28 0

2.3 Exclusions

Section Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0

2.4 Format of information released

Disposition Paper Electronic Other Formats
All disclosed 318 2,865 0
Disclosed in part 217 9,936 0
Total 535 12,801 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of Requests Number of Pages Processed Number of Pages Disclosed Number of Requests
All disclosed 137,501 118,406 3,183
Disclosed in part 926,959 780,299 10,153
All exempted 172 0 1
All excluded 0 0 0
Request abandoned 132,570 0 3,158
Neither confirmed nor denied 0 0 0
Total 1,197,202 898,705 16,495
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 2,835 65,383 343 50,350 4 2,330 1 343 0 0
Disclosed in part 7,841 328,477 2,236 389,006 63 40,229 13 22,587 0 0
All exempted 0 0 1 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 3,133 0 21 0 3 0 1 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 13,809 393,860 2,601 439,356 70 42,559 15 22,930 0 0
2.5.3 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 20 0 0 0 20
Disclosed in part 133 0 7,671 0 7,804
All exempted 0 0 3 3 6
All excluded 0 0 0 0 0
Request abandoned 13 0 70 0 83
Neither confirmed nor denied 0 0 0 0 0
Total 166 0 7,744 3 7,913

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed Past the Statutory Deadline Principal Reason
Workload External Consultation Internal Consultation Other
6,320 6,318 0 0 2
2.6.2 Number of days past deadline
Number of Days Past Deadline Number of Requests Past Deadline Where No Extension Was Taken Number of Requests Past Deadline Where An Extension Was Taken Total
1 to 15 days 3,941 30 3,971
16 to 30 days 216 7 223
31 to 60 days 222 8 230
61 to 120 days 209 17 226
121 to 180 days 130 6 136
181 to 365 days 492 31 523
More than 365 days 973 38 1,011
Total 6,183 137 6,320

2.7 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
4,233 15 15 4,263

Part 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 1
Total 1

Part 5: Extensions

5.1 Reasons for extensions and disposition of requests

Disposition of Requests Where an Extension Was Taken 15(a)(i)
Interference With Operations
15(a)(ii)
Consultation
15(b)
Translation or Conversion
Section 70 Other
All disclosed 1 0 20 0
Disclosed in part 24 0 133 0
All exempted 0 0 0 0
All excluded 0 0 0 0
No records exist 0 0 2 0
Request abandoned 6 0 13 0
Total 31 0 168 0

5.2 Length of extensions

Length of Extensions 15(a)(i)
Interference With Operations
15(a)(ii)
Consultation
15(b)
Translation Purposes
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 31 0 168 0
Total 31 0 168 0

Part 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 31 705 0 0
Outstanding from the previous reporting period 1 20 0 0
Total 32 725 0 0
Closed during the reporting period 30 685 0 0
Pending at the end of the reporting period 2 40 0 0

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 13 3 2 1 0 0 0 19
Disclosed in part 5 2 1 2 0 0 0 10
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 1 0 0 0 0 0 0 1
Total 19 5 3 3 0 0 0 30

6.3 Recommendations and completion time for consultations received from other organizations

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Part 7: Completion Time of Consultations on Cabinet confidences

7.1 Requests with Legal Services

Number of Days Fewer Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

7.2 Requests with Privy Council Office

Number of Days Fewer Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court Action Total
11 3 0 0 14

Part 9: Privacy Impact Assessments (PIAs)

Number of PIAs completed 10

Part 10: Resources Related to the Privacy Act

10.1 Costs

Expenditures Amount
Salaries $2,260,537
Overtime $56,774
Goods and services $106,538
Goods and services - Professional services contracts $62,333
Goods and services - Other $44,205
Total $2,423,849

10.2 Human Resources

Resources Person Years Dedicated to Privacy Activities
Full-time employees 31.18
Part-time and casual employees 4.19
Regional staff 0.00
Consultants and agency personnel 1.67
Students 0.30
Total 37.34

Annex F: New Exemptions Table for 2018-2019

Access to Information Act

Section Number of requests
16.31 Investigation under the Elections Act 0
16.6 National Security and Intelligence Committee 0
23.1 Patent or Trademark privilege 0

Privacy Act

Section Number of requests
22.4 National Security and Intelligence Committee 0
27.1 Patent or Trademark privilege 0

Page details

Date modified: