2023-2024 Annual Report on the Privacy Act
PDF version: Privacy Act, Annual Report 2023-2024 (PDF, 848 KB)
Table of Contents
- Introduction
- I. Overview of IRCC’s ATIP Program
- II. Performance
- III. Initiatives to promote awareness, training and policies in relation to the Privacy
Act
- Training and awareness
- Policies, guidelines, procedures, and initiatives
- Initiatives and projects to improve privacy
- Summary of key issues and actions taken on complaints
- Material privacy breaches
- Privacy Impact Assessments (PIAs)
- Summary of PIAs completed in 2023-2024
- Public interest disclosures
- Monitoring compliance
- Privacy protections in contracts, agreements and arrangements
- Moving forward
- Annex A: Copy of the signed delegation order in effect March 31, 2024
- Annex B: Copy of the delegation of authority under the Privacy Act and the Privacy Regulations in effect March 31, 2024
- Annex C: Statistical Report on the Administration of the Privacy Act
- Annex D: Supplemental Statistical Report on the Access to Information Act and the Privacy Act
Introduction
Immigration, Refugees and Citizenship Canada (IRCC) is pleased to present to Parliament its annual report on the administration of the Privacy Act (PA).
The purpose of the PA is to protect the personal information of individuals under the responsibility and control of federal institutions, and to provide individuals with a right of access to that information.
This report is tabled in Parliament in accordance with section 72 of the PA. It outlines how IRCC administered its obligations under the PA during the reporting period beginning on April 1, 2023, and ending on March 31, 2024. IRCC does not have any non-operational (“paper”) subsidiaries during this reporting period.
IRCC was created to facilitate the entry of temporary residents, manage the selection, settlement integration of newcomers, grant citizenship and issue passports to eligible citizens. IRCC’s mandate comes from the Department of Citizenship and Immigration Act. The Minister of IRCC is responsible for the Citizenship Act of 1977 and shares responsibility with the Minister of Public Safety for the Immigration and Refugee Protection Act (IRPA). Effective July 2, 2013, the primary responsibility for Passport Canada and the administration of the Canadian Passport Order and the Order Respecting the Issuance of Diplomatic and Special Passports moved from the Department of Foreign Affairs and International Trade to IRCC.
This report comprises of three sections:
- Overview of IRCC’s Access to Information and Privacy (ATIP) program, including organizational structure and delegation order
- Outline of IRCC’s overall performance on the administration of the PA
- Description of IRCC’s initiatives to promote training and awareness, improve its policies related to privacy, and to ensure monitoring and compliance of its obligations under the PA.
I. Overview of IRCC’s ATIP program
The IRCC ATIP program continues to be one of the most solicited ATIP programs in the Government of Canada. During the reporting period, IRCC received 252,627 ATIP requests including 69,720 requests under the PA. Most requests received under the PA pertain to clients’ immigration applications.
This reporting year, the IRCC ATIP program implemented new strategies to address the large volume of incoming requests that resulted in marked increases in compliance. Considerable progress was achieved in processing and responding to requests within the legislated timelines and resolving old and new complaints filed by or on behalf of requesters. In parallel, the ATIP program continued to advance previous initiatives aimed at improving client experience and using technological improvements to enhance service delivery and increase processing efficiencies.
This year also marked IRCC’s adoption of a new organizational structure that seeks to replace the previous functional framework with a dynamic and client-focused integrated business approach. As part of this notable change, new sectors and branches were created, and some existing programs and areas of responsibilities were moved under different lines of business. During the implementation phase, the ATIP program closely monitored its tasking sheets to ensure that all information pertaining to ATIP liaison officers and coordinators was updated and all appropriate changes were accurately reflected in the ATIP case management software. Throughout the process, the IRCC ATIP program maintained contact with the Offices of Primary Interest (OPIs), upheld mandatory training for ATIP liaison officers, and continued to fulfill ongoing requests with minimal disruption.
Organizational structure
The ATIP program is structured around its main lines of business. As shown in Figure 1, the program is administered by three divisions: the ATIP Operations Division, the Innovation and Support Division and the Privacy Program Management Division. The Director of the ATIP Operations Division also holds the title of ATIP Coordinator.
The three divisions report directly to the Director General Access and Privacy Management branch (APMB) and Chief Privacy Officer within the Corporate Services and Chief Human Resources Officer Sector.
Text version: Structure of the ATIP Program
Access and Privacy Management Branch
ATIP Operations Division
- 147 employees
Responsibilities
- ATIP requests for client records
- ATIP requests for corporate records
- Informal access to information requests
- Complaints from the Information Commissioner and Privacy Commissioner
- Disclosures under 8(2)(d, e, f) of the Privacy Act
- Robotic process automation
- ATI Corporate Reporting
Innovation and Support Division
- 10 employees
Responsibilities
- ATIP processing efficiencies and technologies
- Departmental ATIP Training
Privacy Program Management Division
- 24 employees
Responsibilities
- Privacy policy, advice and guidance
- Privacy awareness
- Management of privacy breaches and complaints
- Disclosures under 8(2)(m) of the Privacy Act
- Privacy corporate reporting
Proactive Disclosure Unit, Corporate Secretariat, DM Office
- 2 employees
Responsibilities
- Proactive publication of ministerial briefing products pursuant to ATIA, Part II, s. 74 and 88
At the end of the reporting period, the ATIP program comprised of 181 full-time employees. In addition to the employees who are responsible for applying the ATIP legislation, there are 268 ATIP liaison officers throughout the Department who support the ATIP program by gathering records and providing recommendations. While these officers are essential to the administration of the program, they are funded by other program areas.
Privacy at IRCC
The Privacy Program Management Division (PPMD) is responsible for communicating the roles and responsibilities of all employees with respect to the administration of the PA, for helping to ensure compliance with Treasury Board Secretariat privacy policies and directives, and for managing the lifecycle of privacy breaches. At the end of this reporting period, the division is comprised of three teams:
- The Privacy Policy and Planning Unit develops, implements, and maintains privacy policies, guidance, and tools to assist employees in managing personal information. This unit develops privacy training, coordinates departmental responses to public consultations, reviews departmental policy papers and provides program areas with high-level privacy advice.
- The Privacy Guidance and Assessments Unit manages the privacy impact assessment process by reviewing departmental privacy impact assessments, assessing privacy risks, and recommending mitigation strategies. This unit also provides senior management with privacy advice, guidance, and recommendations on privacy issues. In addition, they manage all public interest disclosures for the department.
- The Incident Management Unit manages the life cycle of all privacy breaches. They assess the risk of harm to the affected individual(s) and to the department as a result of a privacy breach. This unit also provides guidance and direction to program areas on containment, notification, and prevention of breaches. Furthermore, they report material breaches to the Office of the Privacy Commissioner (OPC) and Treasury Board Secretariat and respond to official complaints submitted by the OPC.
The Director General of the Access and Privacy Management Branch fulfills the role of Chief Privacy Officer (CPO). The CPO provides executive-level strategic leadership and direction on privacy at IRCC, including the provision of policy and/or operational advice and recommendations to senior management on complex privacy issues, the promotion of privacy awareness throughout the Department, and reporting to senior management on the state of privacy.
While PPMD is responsible for overseeing the privacy guidance program at IRCC, the ATIP Operations Division is responsible for processing requests for personal information, as well as disclosures under paragraphs 8(2)(d), (e) and (f) of the PA.
During the reporting period, IRCC had no service agreements under section 73.1 of the PA.
Delegation order
The Minister of IRCC is responsible for administering requests made to the Department under the ATIA and the PA. In accordance with section 95(1) of the ATIA and section 73 of the PA, the Minister delegates authority to departmental senior management, including the ATIP Coordinator to carry out the Minister’s powers, duties, or functions under the Acts in relation to ATIP requests.
For more information, refer to Annex A: Copy of the signed delegation order in effect March 31 2024, and Annex B: Copy of the Delegation of Authority under the Privacy Act and the Privacy Regulations in effect March 31, 2024.
II. Performance
This reporting year, IRCC received 69,720 requests under the PA, which represents a substantial increase of 188% from the previous year where 24,164 request were received. The Department could be experiencing the first effects of the Privacy Act Extension Order, No. 3, which came into force on July 13, 2022, as public awareness of the Order increases. The Order extends the right of access to personal information under subsection 12(1) of the PA to all individuals outside Canada. This enables foreign nationals, the majority of IRCC’s clients, to request personal information themselves instead of requiring a Canadian representative to make the request on their behalf.
The IRCC ATIP program completed 67,168 requests and processed 1,466,740 pages under the PA during the reporting period.
Compliance rate and completion times
In response to increasing demands for its services, the IRCC ATIP program realigned its structure and implemented new strategies for processing requests. In addition, the program continued to leverage technological improvements, as well as train and retain human resources in a highly competitive environment. This approach resulted in marked increases in compliance.
The compliance rate (percentage of all requests responded to within legislated timelines) for PA requests was 82%. This rate represents a significant increase from the 20.14% obtained in 2022-2023. As illustrated in Table 1, over 75% of IRCC’s PA requests were processed and completed within 30 days.
Completion time | Number of requests closed | Percentage of requests closed |
---|---|---|
1 to 15 Days | 7,031 | 10.5% |
16 to 30 Days | 44,029 | 65.6% |
31 to 60 Days | 8,490 | 12.6% |
61 to 120 Days | 1,201 | 1.8% |
121 to 180 Days | 891 | 1.3% |
181 to 365 Days | 2,601 | 3.9% |
More than 365 Days | 2,925 | 4.3% |
Total | 67,168 | 100% |
Active requests from previous reporting periods
As shown in Table 2, IRCC had 16,520 open requests from previous reporting periods. This table also illustrates the impact of the coming into force of the Privacy Act Extension Order, with 11,471 outstanding requests having been received in the last two years (78%).
Fiscal year open privacy requests were received | Open requests that are within legislated timelines as of March 31, 2024 | Open requests that are beyond legislated timelines as of March 31, 2024 | Total |
---|---|---|---|
2023-2024 | 8,029 | 3,201 | 11,230 |
2022-2023 | 0 | 5,193 | 5,193 |
2021-2022 | 0 | 96 | 96 |
2020-2021 | 0 | 1 | 1 |
2019-2020 | 0 | 0 | 0 |
Earlier years | 0 | 0 | 0 |
Total | 8,029 | 8,491 | 16,520 |
Active complaints from previous reporting periods
Although the number of requests under the PA significantly increased, the number of active complaints from previous reporting periods remained stable. As Table 3 demonstrates, at the end of the reporting period, IRCC carried 47 active PA complaints.
Fiscal Year Open Complaints Were Received | Number of Open Complaints |
---|---|
2023-2024 | 22 |
2022-2023 | 24 |
2021-2022 | 1 |
2020-2021 | 0 |
Total | 47 |
Reasons for extensions
Section 15 of the PA permits the statutory time limits to be extended if consultations are necessary, translation is required, or the request involves a large volume of records that cannot be processed within the original time limit without unreasonably interfering with the operations of the Department.
When necessary, IRCC conducts internal consultations to ensure the proper exercise of discretion, particularly for (but not limited to) requests that may involve litigation, investigations, or security concerns. The details of extensions claimed by IRCC in accordance with section 15 are as follows:
- 15(a)(i) for interference with government operations: 194 times
- 15(a)(ii) to undertake internal consultations: 3,413 times
Consultations received from other government departments and institutions
Other government departments (OGDs) and organizations consulted IRCC 53 times under the PA. Table 4 provides the number of days IRCC took to complete OGD consultations. Overall, the IRCC ATIP program responded to 45 consultation requests (84.9%) within 30 days.
Completion times | Consultations |
---|---|
1 to 15 Days | 30 |
16 to 30 Days | 15 |
31 to 60 Days | 7 |
61 to 120 Days | 1 |
121 to 180 Days | 0 |
181 to 365 Days | 0 |
More than 365 Days | 0 |
Total | 53 |
Disposition of completed requests
As shown in Table 5, IRCC released records in their entirety for 34% of all completed personal information requests. The Department claimed one or more exemptions on 55% of completed requests. The remaining requests were abandoned, had no existing records, or the existence of records could neither be confirmed nor denied as doing so could reveal information that is protected under the PA.
Disposition | Requests | Percentage |
---|---|---|
All disclosed | 22,662 | 34% |
Disclosed in part | 37,145 | 55% |
All exempted | 3 | 0% |
All excluded | 0 | 0% |
No records exist | 381 | 1% |
Request abandoned | 4,119 | 6% |
Neither confirmed nor denied | 2,858 | 4% |
Total | 67,168 | 100% |
The following exemptions were most frequently used by IRCC:
- Section 26 – Personal Information (invoked 25,117 times)
- Section 21 – International relations (invoked 15,243 times)
- Section 22(1)(b) – Law enforcement criminal investigations (invoked 8,571 times)
III. Initiatives to promote awareness, training and policies in relation to the Privacy Act
IRCC continues to prioritize learning as a valuable tool for retaining and renewing its workforce and ensuring that the organization can fulfill its mandate while adapting to change. The specialized Training Project and ATIP Support Team within the Access and Privacy Management Branch (APMB) fosters a culture of continuous learning by offering a wide variety of training opportunities to both ATIP and non-ATIP officials.
Training and awareness
The ATIP training and awareness curriculum covers various aspects of the access to information and privacy regimes with an emphasis on security and best practices for handling sensitive information. Specific courses and modules focus on responsibilities for safeguarding and managing information, as well as collecting and using personal information.
ATIP course catalogue and sessions given
As shown in Table 6, the ATIP program delivered 133 training sessions to 4,705 employees (including 4,615 non-ATIP employees) via a combination of formal and informal, self-directed and instructor-led sessions. There was an increase in demand for customized trainings tailored for specific units, divisions and areas of responsibility this reporting year.
Course name | Platform | Access or privacy training | Number of sessions | Number of participants | |
---|---|---|---|---|---|
Protecting and Giving Access to Information at IRCC (CC5540) Mandatory for all new employees |
Online | Both | Self-paced | 2,521 | |
Total | N/A | ||||
Formal training | ATIP Privacy Breach (CC4540) | In person/ virtual | Privacy | 16 | 234 |
ATIP Training for Middle Managers and Executives (CC4440) | Both | 8 | 101 | ||
Protect, Secure, and Manage Information (CC4416) | Privacy | 21 | 514 | ||
Understanding and Managing ATIP Requests (CC4340) | Access | 17 | 301 | ||
ATIP 101 (CC4425) | Both | 14 | 236 | ||
Appropriate Access to and Use of Personal Information (CC4426) | Privacy | 0 | 0 | ||
Privacy 101 (CC4427) | Privacy | 5 | 148 | ||
Exemptions and Exclusions 101 (CC4429) | Access | 7 | 174 | ||
Information Sharing (CC4430) | Privacy | 0 | 0 | ||
Government of Canada Secret Infrastructure (CC4417) | Other | 2 | 44 | ||
Total: | 90 | 1,752 | |||
Informal training | One-on-One ATIP Liaison Training/CRCI Administrative Process | In person/ virtual | Access | 18 | 72 |
How to fill-out the Response To ATIP Request Form (RAR) | Access | 0 | 0 | ||
Exemptions and Exclusions 102 | Access | 1 | 8 | ||
Refresher on “How to provide records to ATIP” | Access | 3 | 12 | ||
Customized Training (other) | Both | 21 | 340 | ||
Total: | 43 | 432 | |||
Total Formal and Informal: | 133 | 2,184 | |||
Total participants trained: | 4,705 |
In addition, PPMD regularly publishes articles on its IRCC internal webpage to keep all employees informed of the Department of the Treasury Board Secretariat’s Privacy Implementation Notices, as well as privacy activities for Data Privacy Day.
This year, PPMD also worked jointly with IRCC’s Learning Academy, a Team responsible for course coordination and registration, data entry and training record keeping, to create a self-paced online training module that will ensure that current and new employees comply with Appendix B of the Directive on Personal Information Requests and Correction of Personal Information.
Security and privacy awareness
The IRCC Protect, Secure, and Manage Information (CC4416) course is comprised of three modules from IT Security, Information Management and ATIP that intertwine and complement each other. This training was dispensed jointly by the ATIP program and Information Management and Security experts at IRCC. It highlights various aspects of the risk and responsibilities in managing information of business value, as well as client and government information.
Additionally, all ATIP staff requiring access to classified information while performing their duties were mandated to complete the Government of Canada Secret Infrastructure course (CC4417) developed by the IT Operations Branch prior to being granted access to the secure network. The Training Projects and ATIP Support Team coordinated and facilitated the successful delivery of this training to ATIP employees.
Policies, guidelines, procedures, and initiatives
During the reporting period, PPMD developed new procedures and created new tools to assist the Department in its efforts to protect personal information, promote privacy awareness and support the privacy policy.
Privacy Work Plan
In the Fall 2023, PPMD conducted an annual department-wide consultative exercise with all IRCC director generals to update its inventory of planned activities that may require review. This consultation led to the creation of a privacy work plan that includes all upcoming departmental initiatives involving personal information for the next three years.
The goal of the privacy work plan is to organize upcoming initiatives based on several criteria: Digital Platform Modernization onboarding, implementation date, and funding, in order to group multiple privacy impact assessments (PIAs) into program-level PIAs. The work plan aims to prioritize these initiatives in a way that facilitates and monitors the departmental need for privacy assessments. The plan allows PPMD to improve the level of support provided to program areas by planning and coordinating resources to maintain the delivery of services while fulfilling the requirements of the privacy assessment process.
Risk Register
PPMD created a risk register of privacy risks and corresponding mitigation strategies that are identified through privacy impact assessments. This risk register will enable the division to monitor compliance and promote program accountability. Once established, its contents will be used for follow-up discussions with program decision-makers on the implementation of identified strategies, residual risks and changes to the operating environment.
Dedicated mailbox
To assist IRCC employees and encourage knowledge acquisition, PPMD created a general mailbox specifically dedicated for employee enquiries. This new inbox is meant to provide a channel to request and obtain assistance from the division. Specifically, it is meant to provide guidance to program areas and facilitate the interpretation of IRCC’s privacy policies, Treasury Board Secretariat’s Privacy Policy Suite, and interpretations of the PA. It provides a direct contact to the division and allows for more timely and effective responses to privacy needs across the Department.
Annual Review of the IRCC Privacy Policy Suite
The Privacy Policy Suite is a collection of mandatory policy instruments based on the Treasury Board Secretariat’s (TBS) privacy policy suite. The IRCC policy suite includes a Privacy Framework and Privacy Policy alongside various tools, guidelines, procedures and checklists.
This reporting year, PPMD developed standard operating procedures for the annual review of the IRCC Privacy Policy Suite. The first official annual review is scheduled for fiscal year 2024-2025.
Initiatives and projects to improve privacy
In addition to the privacy policy, guidelines and tools described above, IRCC is furthering its initiatives to modernize the delivery of services within the ATIP program, including the expansion of Robotic Process Automation (RPA), migration to the mandated ATIP Online Request Service (i.e., Treasury Board Secretariat’s online platform for the public to file ATIP requests with the Government of Canada) and replacement of the ATIP case management software.
Robotic Process Automation (RPA)
The RPA performs low-complexity/high-volume tasks such as data entry, file and folder operations, and other non-decision-making processes, allowing IRCC to reallocate resources to focus on decision-based work, while also improving data integrity, timeliness, and endto- end business processes with minimal disruption in the operations processing.
TBS ATIP Online Request Service (ATIP Online)
The Treasury Board Secretariat’s ATIP Online Request Service (ATIP Online) was launched in 2018 to streamline the procedure of submitting ATIP requests to, and obtaining responses from, the federal government. Onboarding to ATIP Online significantly enhances efficiency and accessibility in handling ATIP requests within the federal government.
This reporting year, IRCC ATIP has worked collaboratively with TBS Office of the Chief Information Officer to begin transitioning ATIP requests for corporate records to ATIP Online by April 2, 2024.
To ensure operational efficiency, efforts are underway to reduce ATIP request volumes prior to completing the onboarding of requests for client records to the TBS platform. Until the migration is complete, requesters will continue to submit ATIP requests to IRCC via the IRCC ATIP online request portal.
Replacement of the ATIP case management software
IRCC is diligently advancing the replacement of its current ATIP case management software. Following a thorough assessment of the ATIP Division’s unique business needs and requirements, the Department has opted for the adoption of a TBS-approved modern platform with several upgrades and features.
The new software will interface directly with ATIP Online and it features advanced functionalities that will significantly increase efficiency by reducing the time necessary to complete the review and release of records. Along with improvements in request processing, the new software supports built-in artificial intelligence that can be trained to automate repetitive tasks and has modern business analytics capabilities to enable IRCC to create various reports more effectively. These improvements will mean faster, real-time decisions in response to emerging ATIP trends, faster workflow adjustment, and the development of more in-depth performance management tools.
IRCC ATIP is also collaborating strategically with Shared Services Canada’s Digital Enablement Group to ensure the seamless deployment of the software within a cloud-based environment. This collaboration is part of the Government of Canada’s Application Platform as a Service initiative that aims to deliver common Government of Canada applications using a “Cloud Smart” approach. The Department aims to procure, test, and deploy the new software by late fall 2025.
Summary of key issues and actions taken on complaints
This reporting year, the IRCC ATIP program took concrete measures aimed at ensuring a better synergy between the request processing and complaint processing teams, which improved tracking and client service.
To ensure a more streamlined and consistent approach, the complaint process for client records and corporate records was merged to improve efficiency within the ATIP program. The new Complaints Team performed a comparative analysis and reconciliation of complaint files opened in IRCC’s systems with complaints registered and deemed active by the Office of the Information Commissioner (OIC). Thereafter, working collaboratively with the OIC, the Complaints Team put in place a Complaints Triage and Early Resolution process where each complaint, regardless of the age of the file, was reviewed and all cases identified as having the potential to be resolved in a reasonably short period of time were processed. Delay complaints represent the vast majority of complaints IRCC receives.
In addition, the ATIP case management software was updated to better track complaint correspondence, file status, follow-ups and discussions held with Offices of Primary Interests and external stakeholders.
The IRCC ATIP program also allocated resources to create a dedicated Client Service Team in an effort to keep the lines of communication with requesters open, identify issues or needs that could be proactively addressed, and possibly limit future ATIP complaints being lodged against IRCC. Although the team does not yet have an official service standard in place, the vast majority of inquiries were responded to within 48 hours, and the ATIP phone line voice messages were retrieved on a daily basis.
Despite an increase of 188% in new requests under the PA, IRCC received 106 notices of new complaints this reporting year of which 60 were related to processing delays. By comparison, IRCC received 289 complaints in the previous period. At the end of the reporting period, 47 complaints remained outstanding: 22 complaints from 2023-2024, 24 from 2022-2023, and 1 from 2021-2022 or earlier.
Together, all the measures and initiatives described above contributed to the reduction in the number of complaints in inventory.
Material privacy breaches
The Policy on Privacy Protection defines a privacy breach as “the improper or unauthorized collection, use, disclosure, retention or disposition of personal information.” A material privacy breach is a privacy breach that could reasonably be expected to create a real risk of significant harm to an individual. Significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.
In 2023-2024, IRCC notified the Office of the Privacy Commissioner and the Treasury Board Secretariat of seven material privacy breaches. Of the seven material privacy breaches, the majority of the incidents had a minor impact and affected a limited number of individuals.
PPMD monitors all privacy breaches closely and has established notifications and remedial measures to address each situation. The Division also:
- reviews how and where breaches are occurring within the Department
- addresses trends and provides tailored privacy breach training sessions to raise awareness and increase privacy breach prevention
- conducts preliminary risk assessments on all privacy breaches to determine risk and materiality level
- provides advice and guidance to departmental staff on containment and mitigation strategies to improve the protection of personal information.
A summary of the seven material breaches can be found below. Senior officials were notified of all material breaches to facilitate communication within the Department, raise awareness of issues and to bolster departmental response to serious privacy breaches.
- Four material breaches involved personal information that had gone missing or lost. Despite extensive searches, the information could not be located. The affected individuals were notified.
- Two material breaches involved a location being improperly accessed, and personal information of some IRCC clients was disclosed. The affected individuals were notified.
- One material breach involved IRCC working closely with TBS on a multi-institutional incident which involved relocation services. The affected individuals were notified.
Privacy Impact Assessments (PIAs)
To fulfil its mandate and effectively deliver its programs and services, IRCC collects, uses and discloses personal information. In accordance with the Directive on Privacy Impact Assessment, the Department undertakes PIAs to ensure compliance with the PA and to identify privacy risks present in new or existing departmental programs, initiatives or projects that involve personal information.
Summary of PIAs completed 2023-2024
Descriptions of PIAs completed during the 2023-2024 fiscal year are found below and full summaries can be found here: Privacy Impact Assessment Summaries.
Rural Northern Immigration Pilot (RNIP)
This privacy impact assessment assesses the Rural Northern Immigration Pilot (RNIP), established in 2019 to offer a pathway to permanent residency for skilled foreign workers who wish to live and work in one of 11 Canadian communities. Foreign nationals must obtain a recommendation from an Economic Development Organization (EDO) within their chosen community to participate in the RNIP. The EDO may then provide a recommendation and information on the foreign nationals to IRCC, who remains the final decision-making authority on the application for permanent residency. Risks were identified and mitigation recommendations were provided.
Council of Newcomers
This privacy impact assessment assesses the Council of Newcomers that will bring together recent immigrants to share their views, ideas and lived experiences related to Canada’s immigration system directly with senior IRCC officials through both in-person and virtual meetings. Personal information may be collected both formally and informally through the application process, council activities and administrative processes, such as travel and accommodation. Risks were identified and mitigation recommendations were provided.
Canada – Ukraine Transitional Assistance Initiative (CUTAI)
This privacy impact assessment assesses the business processes of IRCC in their part to deliver the Canada-Ukraine Transitional Assistance Initiative (CUTAI). The CUTAI provided a one-time (non-taxable) payment for eligible Ukrainians and their family members arriving under the Canada-Ukraine Authorization for Emergency Travel (CUAET) measures to ensure their basic needs were met upon arrival in Canada. Minimal personal information from CUTAI applications submitted to Service Canada were matched against IRCC’s CUAET data to confirm eligibility for the financial assistance. Risks were identified and mitigation recommendations were provided.
Temporary Asylum Accommodations for COVID-19 Quarantine
This privacy impact assessment assesses IRCC’s agreement to provide temporary accommodations to unvaccinated asymptomatic asylum claimants without a suitable quarantine plan in support of the Government of Canada’s coordinated response to the COVID-19 pandemic. Personal information of asylum claimants was collected to establish quarantine requirements and facilitate temporary accommodations. Risks were identified and mitigation recommendations were provided.
International Student Program – Letter of Acceptance (LOA) Verification Tool
This privacy impact assessment is an addendum to the 2014 PIA on the International Student Program (ISP). It focuses on the transition from case-by-case to systematic sharing of personal information with post-secondary Designated Learning Institutions (DLIs) via online channels. The information exchange is used in support of the administrative decision to accept applications for processing, or to not accept applications for processing if there is no confirmation from the DLI that the LOA is authentic. Risks were identified and mitigation recommendations were provided.
Public interest disclosures
Paragraph 8(2)(m) of the Privacy Act provides that personal information may be disclosed for any purpose where, in the opinion of the head of an institution, (i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or (ii) disclosure would clearly benefit the individual to whom the information relates.
As shown in Table 7, IRCC authorized disclosure of personal information in 36 instances under paragraph 8(2)(m) of the Privacy Act during the reporting period.
Nature of disclosure | Disclosures authorized where at least one individual’s personal information was disclosed | Individuals affected | OPC notification in accordance with subsection 8(5) |
---|---|---|---|
Disclosure of contact information to the Public Health Agency of Canada of individuals who were Tuberculosis cases or had been in close proximity to a person with Tuberculosis | 28 | 347 | The OPC was notified before the disclosure in all cases. |
Disclosure of contact information to Provincial and Territorial health authorities of individuals or sponsors of individuals who had been in close proximity to a person with Poliovirus | 4 | 682 | The OPC was notified before the disclosure in all cases. |
Disclosure of contact information to municipal law enforcement services to notify next of kin of deceased individuals | 1 | 3 | The OPC was notified before the disclosure. |
Disclosure of an individual’s ineligibility to become a temporary resident to the public regarding the application of Negative Discretion by the Minister of IRCC | 1 | 1 | The OPC was notified before the disclosure. |
Disclosure of individuals’ contact and address information to a child protection agency regarding a case of alleged child abuse | 1 | 2 | The OPC was notified after the disclosure because of the urgent nature of the disclosure. |
Disclosure of individuals’ application decision to the public regarding a case of correcting the public record | 1 | 1 | The OPC was notified before the disclosure. |
Total | 36 | 1,036 |
Monitoring compliance
The ATIP program makes use of frequent and comprehensive reporting tools to monitor compliance and maintain accountability, as well as to identify process improvements.
Time taken to process requests for personal information
IRCC monitors the time taken to process personal information requests by retrieving statistics from the ATIP case management software on a daily, weekly, biweekly, and quarterly basis. These statistics provide information on ATIP request volumes received and processed, compliance rates, backlog volumes, and feed into various reports intended for various levels of officials: daily updates are shared with managers, weekly reports with directors and the APMB Director General & Chief Privacy Officer and biweekly reports with the Deputy Ministers. The ATIP program also produced a quarterly report shared with all Assistant Deputy Ministers this reporting year.
As shown in Table 8, the ATIP program created monthly reports on sectors’ compliance for providing responsive records to the ATIP Divisions, for privacy breaches and public disclosures pursuant to paragraph 8(2)(m) of the PA (none of these reports disclose personal information). Report Audience Frequency
Report | Audience | Frequency |
---|---|---|
Response to ATIP Taskings Report (Sector Compliance) | Assistant Deputy Ministers | Monthly |
Privacy Breach Report | Deputy Ministers | Monthly |
IRCC disclosures in the public interest—Privacy Act 8(2)(m) | Deputy Ministers | Monthly |
Although the primary goal of the ATIP program’s statistical reporting is to monitor compliance, IRCC ATIP also relies on these statistics to monitor workflows, address current challenges, and identify trends in ATIP requests.
Inter-institutional consultations
Team leaders and managers within the ATIP program regularly monitor extensions taken, responses to internal tasking reports, and complaints that do, in turn, identify areas in need of improvement, including consultations, to ensure the proper exercise of discretion.
Frequently requested types of Information
The vast majority of IRCC’s ATIP requests are for client immigration records. IRCC is currently developing initiatives to improve clients’ access to their own information through means other than the ATIP program. See the Policies, guidelines, procedures and initiatives section above.
The following initiatives aim to anticipate stakeholder needs by providing access, via online platforms and tools, to information IRCC clients most often request through the ATIP system such as application status updates and officers’ notes. Providing direct access to useful and efficient platforms is expected to reduce ATIP volumes and workloads and decrease processing times:
Proactive Release of Officer Decision Notes (ODN)
The ODN project which is part of the IRCC’s Operational Transparency initiative proactively provides officer decision notes to some refused applicants in the Temporary Resident Visa e-application caseload and give clients additional information regarding the reason(s) for their refusal, including a breakdown of the officer’s rationale when finalizing the application.
The first validation exercise that targeted Temporary Resident Visas (TRVs) with the Centralized Network’s Case Processing Centre in Ottawa showed a 57% reduction of ATIP requests received for files that had an ODN released to the client. A second validation exercise for Study Permits was launched this reporting year with support of the Global Network, and IRCC is currently analyzing the impact on ATIP requests.
As of March 31, 2024, IRCC is preparing to transition the ODN project to a steady state, starting with TRVs. Soon after, the project will continue to expand in phases to other lines of businesses to achieve the goals of the Operational Transparency initiative. The ODNs will initially be made available to clients digitally in the new Online Account that will be launched later this year as part of IRCC’s Digital Platform Modernization (DPM) Program and subsequently be available as part of the refusal response package sent to clients.
Client Correspondence Project
The Client Correspondence Project will review IRCC client-facing communications identified as problematic by clients.
The Client Correspondence Unit (CCU) was created as part of this project to draft clearer, more concise written correspondence that will better meet client needs. To date, four key pieces of client correspondence have been revised: Procedural Fairness, Request for Supplementary Information, Temporary Resident Refusal Letter and Study Permit Refusal Letter. The latest revisions based on usability testing with clients and officers were made to the Study Permit Refusal Letter and several Study Permit Refusal Grounds in collaboration with key stakeholders. The revised Letter will be launched later this year.
The CCU, as part of its future work objectives, plans to analyze end-to-end client communications throughout the client journey. The project will focus next on the revision of the Work Permit (WP) Refusal Letter along with the refusal grounds.
Client Experience Platform
This project, which is also part of IRCC’s DPM Program focuses on implementing a modernized Client Experience Platform (CXP) that will support the delivery of seamless digital services across various channels and devices. It aims to equip support staff with a comprehensive client view, ensuring consistent and efficient assistance through all communication channels (omni-channel approach).
The primary goal is to enhance the overall client experience, emphasizing speed and efficiency. The new CXP will provide clients with a single online window to access IRCC services, with a suite of tools to facilitate the client’s journey to be informed, to apply for programs and services, to receive real-time status of applications, to communicate with IRCC and provide feedback on their experience.
IRCC anticipates a decrease in ATIP requests due to improved client support and IRCC’s enhanced accessibility, reducing pressure on the ATIP regime and streamlining client interactions. As of the end of the reporting period, IRCC continues to advance the procurement process for the new CXP.
Privacy protections in contracts, agreements, and arrangements
IRCC’s Departmental Directive on Information Sharing Applicable to the use of ISAs (Information Sharing Arrangements) requires summaries of ISAs to be made available to the public, as per section 4.2.26 and 4.2.27 of the Directive on Privacy Practice. ISA drafters are also required to consult the TBS Guidance on Preparing Information Sharing Arrangements Involving Personal Information and to refer to its accompanying templates which include sample provisions that ensure privacy protection information is reflected in the ISAs.
This reporting year, PPMD advised various partners within IRCC of TBS requirements for contracts, information sharing agreements and information sharing arrangements as published in the Directive on Privacy Practices. PPMD will be working on engagement with relevant program officials during the coming year to ensure our collective processes align and satisfy those requirements. The division also intends to assess if tools need to be developed to assist program officials to better facilitate compliance with ISA’s and contract requirements.
Moving forward
During the reporting period, the IRCC continued to provide more focused attention to its lines of business within the ATIP program through three dedicated divisions. This year, the focus was creating a work plan to help better identify and organize all initiatives that require PIAs, creating standard processes and tools to improve compliance and monitoring, and increasing the level of assistance in privacy matters provided to branches.
Moving forward, IRCC will continue improving services to provide clients with better access to their own immigration information through other means than the ATIP program and advance the migration to the TBS ATIP Online Request Service as well as the procurement of the ATIP case management software.
PPMD will conduct its first annual review of the IRCC Privacy Suite and will advance compliance monitoring activities with the use of the newly created risk register. The IRCC privacy division will also engage with IRCC officials to assess the need to develop new and effective tools to increase its guidance and branch services.
IRCC recognizes the right to access to one’s personal information to promote openness and transparency. The Department is committed to continuing its efforts to improve how it upholds its responsibilities under the PA.
Annex A: Copy of the signed delegation order in effect March 31, 2024
Annex C: Statistical Report on the Administration of the Privacy Act
Annex D: Supplemental Statistical Report on the Access to Information Act and the Privacy Act
Annex A: Copy of the signed delegation order in effect March 31, 2024
Text version: Signed Delegation
Official Document
Department of Immigration, Refugees and Citizenship of Canada
Delegation of Authority
Access to Information Act and Privacy Act
I, Minister of Immigration, Refugees and Citizenship, pursuant to section 95 of the Access to Information Act and section 73 of the Privacy Act, hereby authorize the officer and employee of Immigration, Refugees and Citizenship whose position or classification is set out in the attached Schedule to carry out those of my power, duties or functions under the Acts that are set in the Schedule in relation to that officer and employee.
Dated at Ottawa
This 30 day of August 2019
Ahmed Hussen, P.C., M.P.
Minister of Immigration, Refugees and Citizenship
Annex B: Copy of the Delegation of Authority under the Privacy Act and the Privacy Regulations in effect March 31, 2024
Delegation of Authority under the Privacy Act and the Privacy Regulations
The delegation includes acting appointments and assignments to these positions made pursuant to the Public Service Employment Act and regulations.
Position | Delegation |
---|---|
Deputy Minister / Associate Deputy Minister | Full Authority |
Assistant Deputy Minister, Corporate Management Sector | Full Authority |
Director General, ATIP & Accountability Branch |
Full Authority, except the following sections of the Privacy Act:
|
Director, ATIP Division |
Full Authority, except the following sections of the Privacy Act:
|
Assistant Director, ATIP CRCI |
Full Authority, except the following sections of the Privacy Act:
|
Assistant Director, ATIP OPS | Same as Assistant Director for ATIP CRCI, except the position does have 8(4) – record of consistent uses |
Position | Delegation |
---|---|
Assistant Deputy Minister / Associate Assistant Deputy Minister, Strategic and Program Policy Sector | Only 8(2)(j) of the Privacy Act– disclosure of personal information for research and statistics |
Director General, Research and Evaluation Branch | Only 8(2)(j) of the Privacy Act– disclosure of personal information for research and statistics |
Descriptions | Section | ATIP / PM-05 OPS | ATIP / PM-05 CRCI | ATIP / PM-04 OPS | ATIP / PM-04 CRCI | ATIP / PM-03 OPS | ATIP / PM-03 CRCI |
---|---|---|---|---|---|---|---|
Disclosure for research and statistics | 8(2)(j) | No | No | No | No | No | No |
Disclosure in public interest clearly outweighs any invasion of privacy | 8(2)(m)(i) | No | No | No | No | No | No |
Disclosure in public interest, benefit of individual | 8(2)(m)(ii) | No | No | No | No | No | No |
Record of disclosure for investigations | 8(4) | Yes | No | No | No | No | No |
Notify Privacy Commissioner of 8(2)(m) | 8(5) | No | No | No | No | No | No |
Record of consistent uses | 9(1) | No | No | No | No | No | No |
Notify Privacy Commissioner of consistent uses | 9(4) | No | No | No | No | No | No |
Personal information in banks | 10 | No | No | No | No | No | No |
Notice where access requested | 14 | Yes | Yes | Yes | Yes | Yes | Yes |
Extension of time limits | 15 | Yes | Yes | Yes | No | Yes | No |
Decision regarding translation | 17(2)(b) | No | No | No | No | No | No |
Conversion to alternate format | 17(3)(b) | No | No | No | No | No | No |
Refuse access: exempt bank | 18(2) | Yes | Yes | No | No | No | No |
Refuse access: confidential information | 19(1) | Yes | No | Yes | No | No | No |
Disclose confidential information | 19(2) | Yes | No | Yes | No | No | No |
Refuse access: federal-provincial affairs | 20 | No | No | No | No | No | No |
Refuse access: international affairs, defence, subversive activities | 21 | Yes | No | Yes | No | No | No |
Refuse access: law enforcement and investigation | 22 | Yes | No | Yes | No | Yes | No |
Refuse access: Public Servants Disclosure Protection Act | 22.3 | No | No | No | No | No | No |
Refuse access: security clearance | 23 | Yes | No | Yes | No | Yes | No |
Refuse access: person under sentence | 24 | Yes | No | No | No | No | No |
Refuse access: safety of individuals | 25 | Yes | Yes | Yes | No | Yes | No |
Refuse access: another person’s information | 26 | Yes | Yes | Yes | Yes | Yes | Yes |
Refuse access: solicitor-client privilege | 27 | Yes | No | Yes | No | No | No |
Refuse access: patent or trademark privilege | 27.1 | No | No | No | No | No | No |
Refuse access: medical record | 28 | Yes | No | Yes | No | No | No |
Receive notice of investigation | 31 | Yes | Yes | No | Yes | No | No |
Representation to Privacy Commissioner | 33(2) | Yes | Yes | No | Yes | No | No |
Response to findings and recommendations of the Privacy Commissioner within a specified time | 35(1) | Yes | Yes | No | Yes | No | No |
Access given to complainant | 35(4) | Yes | No | No | No | No | No |
Response to review of exempt banks | 36(3)(b) | No | No | No | No | No | No |
Response to review of compliance | 37(3) | No | No | No | No | No | No |
Request of court hearing in the National Capital Region | 51(2)(b) | No | No | No | No | No | No |
Ex parte representation to court | 51(3) | No | No | No | No | No | No |
Annual Report to Parliament | 72 | No | No | No | No | No | No |
Descriptions | Section | ATIP / PM-05 OPS | ATIP / PM-05 CRCI | ATIP / PM-04 OPS | ATIP / PM-04 CRCI | ATIP / PM-03 OPS | ATIP / PM-03 CRCI |
---|---|---|---|---|---|---|---|
Examination of records | 9 | Yes | Yes | Yes | Yes | Yes | Yes |
Correction of personal information | 11(2) | Yes | Yes | No | No | No | No |
Notification of refusal to correct personal information | 11(4) | Yes | Yes | No | No | No | No |
Disclosure: medical information | 13(1) | No | No | No | No | No | No |
Disclosure: medical information – examine in person, in the presence of a duly qualified medical practitioner | 14 | No | No | No | No | No | No |
Legend:
- ATIP / PM-05 OPS
- Senior ATIP Administrator, ATIP Operations (OPS)
- ATIP / PM-05 CRCI
- Senior ATIP Administrators, Corporate Records, Complaints and Informals (CRCI)
- ATIP / PM-04 OPS
- ATIP Administrators, ATIP Operations (OPS)
- ATIP / PM-04 CRCI
- ATIP Administrators, Corporate Records, Complaints and Informals (CRCI)
- ATIP / PM-03 OPS
- ATIP Officers, ATIP Operations (OPS)
- ATIP / PM-03 CRCI
- ATIP Officers, Corporate Records, Complaints and Informals (CRCI)
Annex C: Statistical Report on the Administration of the Privacy Act
Statistical Report on the Privacy Act
Name of institute: Immigration, Refugees and Citizenship Canada
Reporting
period: 2023-04-01 to 2024-03-31
Section 1: Requests under the Privacy Act
1.1 Number of requests received
Number of Requests | ||
---|---|---|
Received during reporting period | 69,720 | |
Outstanding from previous reporting periods | 13,964 | |
Outstanding from previous reporting periods |
12,271 | N/A |
Outstanding from more than one reporting period |
1,693 | N/A |
Total | 83,684Table Footnote * | |
Closed during reporting period | 67,168 | |
Carried over to next reporting period | 16,520 | |
Carried over within legislated timeline |
8,029 | |
Carried over beyond legislated timeline |
8,491 |
1.2 Channels of requests
Channel | Number of Requests |
---|---|
Online | 68,500 |
788 | |
432 | |
In person | 0 |
Phone | 0 |
Fax | 0 |
Total | 69,720 |
Section 2: Informal requests
2.1 Number of informal requests
Number of Requests | ||
---|---|---|
Received during reporting period | 0 | |
Outstanding from previous reporting periods | 0 | |
Outstanding from previous reporting periods |
0 | N/A |
Outstanding from more than one reporting period |
0 | N/A |
Total | 0 | |
Closed during reporting period | 0 | |
Carried over to next reporting period | 0 |
2.2 Channels of informal requests
Channel | Number of Requests |
---|---|
Online | 0 |
0 | |
0 | |
In person | 0 |
Phone | 0 |
Fax | 0 |
Total | 0 |
2.3 Completion time of informal requests
Completion Time (Days) | |||||||
---|---|---|---|---|---|---|---|
1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | Total |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.4 Pages released informally
Number of Requests | Pages Released | |
---|---|---|
Less than 100 pages released | 0 | 0 |
100 to 500 pages released | 0 | 0 |
501 to 1,000 pages released | 0 | 0 |
1,001 to 5,000 pages released | 0 | 0 |
More than 5,000 pages released | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
3.1 Disposition and completion time
Disposition of Requests | Completion Time (Days) | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | Total | |
All disclosed | 1,452 | 16,955 | 2,601 | 308 | 239 | 906 | 201 | 22,662 |
Disclosed in part | 2,497 | 25,836 | 5,281 | 553 | 410 | 1,201 | 1,367 | 37,145 |
All exempted | 0 | 1 | 1 | 1 | 0 | 0 | 0 | 3 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 131 | 131 | 42 | 23 | 11 | 28 | 15 | 381 |
Request abandoned | 2,006 | 589 | 109 | 130 | 110 | 151 | 1,024 | 4,119 |
Neither confirmed nor denied | 945 | 517 | 456 | 186 | 121 | 315 | 318 | 2,858 |
Total | 7,031 | 44,029 | 8,490 | 1,201 | 891 | 2,601 | 2,925 | 67,168 |
3.2 Exemptions
Section 18 | Number of Requests |
---|---|
18(2) | 0 |
Section 19 | Number of Requests |
---|---|
19(1)(a) | 1,594 |
19(1)(b) | 1 |
19(1)(c) | 10 |
19(1)(d) | 2 |
19(1)(e) | 0 |
19(1)(f) | 0 |
Section 20 | Number of Requests |
---|---|
20 | 0 |
Section 21 | Number of Requests |
---|---|
21 | 15,243 |
Section 22 | Number of Requests |
---|---|
22(1)(a)(i) | 0 |
22(1)(a)(ii) | 0 |
22(1)(a)(iii) | 0 |
22(1)(b) | 8,571 |
22(1)(c) | 6 |
22(2) | 0 |
22.1 | 0 |
22.2 | 0 |
22.3 | 0 |
22.4 | 0 |
Section 23 | Number of Requests |
---|---|
23(a) | 0 |
23(b) | 0 |
Section 24 | Number of Requests |
---|---|
24(a) | 0 |
24(b) | 0 |
Section 25 | Number of Requests |
---|---|
25 | 197 |
Section 26 | Number of Requests |
---|---|
26 | 25,117 |
Section 27 | Number of Requests |
---|---|
27 | 4 |
27.1 | 0 |
Section 28 | Number of Requests |
---|---|
28 | 0 |
3.3 Exclusions
Section 69 | Number of Requests |
---|---|
69(1)(a) | 0 |
69(1)(b) | 0 |
69.1 | 0 |
Section 70 | Number of Requests |
---|---|
70(1) | 0 |
70(1)(a) | 0 |
70(1)(b) | 0 |
70(1)(c) | 0 |
70(1)(d) | 0 |
70(1)(e) | 0 |
70(1)(f) | 0 |
70.1 | 0 |
3.4 Format of information released
Format | Number of Requests |
---|---|
Paper | 0 |
Electronic | |
E-record |
59,807 |
Data set |
0 |
Video |
0 |
Audio |
0 |
Other | 0 |
3.5 Complexity
Number of pages processed | 1,466,740 |
---|---|
Number of pages disclosed | 1,253,301 |
Number of requests | 66,787 |
Disposition of Requests | Pages Processed | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Less than 100 | 101 to 500 | 501 to 1,000 | 1,001 to 5,000 | More than 5,000 | ||||||
No. of requests | Pages processed | No. of requests | Pages processed | No. of requests | Pages processed | No. of requests | Pages processed | No. of requests | Pages processed | |
All disclosed | 22,549 | 301,582 | 110 | 18,382 | 1 | 720 | 2 | 5,727 | 0 | 0 |
Disclosed in part | 35,599 | 773,448 | 1,438 | 248,726 | 74 | 51,233 | 34 | 55,117 | 0 | 0 |
All exempted | 3 | 17 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 4,111 | 9,085 | 7 | 1,012 | 0 | 0 | 1 | 1,691 | 0 | 0 |
Neither confirmed nor denied | 2,858 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 65,120 | 1,084,132 | 1,555 | 268,120 | 75 | 51,953 | 37 | 62,535 | 0 | 0 |
Number of minutes processed | 0 |
---|---|
Number of minutes disclosed | 0 |
Number of requests | 0 |
Disposition | Minutes Processed | |||||
---|---|---|---|---|---|---|
Less than 60 | 60 to 120 | More than 120 | ||||
Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 |
Number of minutes processed | 0 |
---|---|
Number of minutes disclosed | 0 |
Number of requests | 0 |
Disposition | Minutes Processed | |||||
---|---|---|---|---|---|---|
Less than 60 | 60 to 120 | More than 120 | ||||
Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 |
Disposition of Requests | Consultation Required | Legal Advice Sought | Interwoven Information | Other | Total |
---|---|---|---|---|---|
All disclosed | 5 | 0 | 0 | 0 | 5 |
Disclosed in part | 17 | 0 | 25,117 | 0 | 25,134 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 9 | 0 | 0 | 0 | 9 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 31 | 0 | 25,117 | 0 | 25,148 |
3.6 Closed requests
Number of Requests | Percentage of Requests | |
---|---|---|
Closed within legislated timelines | 55,157 | 82.118 |
3.7 Deemed refusals
Number of Requests | |
---|---|
Requests closed past the legislated timelines | 12,011 |
Principal reason | |
Interference with operations/workload |
12,011 |
External consultation |
0 |
Internal consultation |
0 |
Other |
0 |
Number of Days Past Legislated Timelines | Number of Requests Past Legislated Timeline | Total | |
---|---|---|---|
No Extension Taken | Extension Taken | ||
1 to 15 | 3,976 | 51 | 4,027 |
16 to 30 | 460 | 8 | 468 |
31 to 60 | 588 | 10 | 598 |
61 to 120 | 909 | 20 | 929 |
121 to 180 | 891 | 18 | 909 |
181 to 365 | 2,452 | 21 | 2,473 |
More than 365 | 2,360 | 247 | 2,607 |
Total | 11,636 | 375 | 12,011 |
3.8 Requests for translation
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Section 4: Disclosures under Subsections 8(2) and 8(5)
Number | |
---|---|
Paragraph 8(2)(e) | 2018 |
Paragraph 8(2)(m) | 36 |
Subsection 8(5) | 36 |
Total | 2,090 |
Section 5: Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 0 |
Total | 0 |
Section 6: Extensions
6.1 Reasons for extensions
Number | |
---|---|
Number of Extensions Taken | 3,607 |
15(a)(i) Interference with operations | |
Further review required to determine exemptions |
0 |
Large volume of pages |
0 |
Large volume of requests |
194 |
Documents are difficult to obtain |
0 |
15(a)(ii) Consultation | |
Cabinet Confidence Section (Section 70) |
122 |
External |
3 |
Internal |
3,288 |
15(b) Translation purposes or conversion | 0 |
6.2 Length of extensions
Length of Extensions (days) | Pages Disclosed | 15(b) Translation Purposes or Conversion | ||||||
---|---|---|---|---|---|---|---|---|
15(a)(i) Interference with Operations | 15(a)(ii) Consultation | |||||||
Further Review Required to Determine Exemptions | Large Number of Pages | Large Volume of Requests | Documents are Difficult to Obtain | Cabinet Confidence s.70 | External | Internal | ||
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 194 | 0 | 122 | 3 | 3,288 | 0 |
31 or greater | N/A | N/A | N/A | N/A | N/A | N/A | N/A | 0 |
Total | 0 | 0 | 194 | 0 | 122 | 3 | 3,288 | 0 |
Section 7: Consultations Received from Other Institutions and Organizations
7.1 Consultations received from other Government of Canada institutions and other organizations
Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
---|---|---|---|---|
Received during the reporting period | 51 | 1,310 | 0 | 0 |
Outstanding from the previous reporting period | 2 | 56 | 0 | 0 |
Total | 53 | 1,366 | 0 | 0 |
Closed during the reporting period | 53 | 1,366 | 0 | 0 |
Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendations | Completion Time (Days) | Total | ||||||
---|---|---|---|---|---|---|---|---|
1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | ||
Disclosed entirely | 4 | 5 | 3 | 0 | 0 | 0 | 0 | 12 |
Disclosed in part | 26 | 10 | 4 | 1 | 0 | 0 | 0 | 41 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 30 | 15 | 7 | 1 | 0 | 0 | 0 | 53 |
7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada
Recommendations | Completion Time (Days) | Total | ||||||
---|---|---|---|---|---|---|---|---|
1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | ||
Disclosed entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion Time of Consultations on Cabinet Confidences
8.1 Requests with Legal Services
Number of Days | Pages Processed | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Less than 100 | 100 to 500 | 501 to 1,000 | 1,001 to 5,000 | More than 5,000 | ||||||
No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8.2 Requests with Privy Council Office
Number of Days | Pages Processed | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Less than 100 | 100 to 500 | 501 to 1,000 | 1,001 to 5,000 | More than 5,000 | ||||||
No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | No. of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
Number | |
---|---|
Section 31 | 90 |
Section 33 | 11 |
Section 35 | 5 |
Court Action | 0 |
Total | 106 |
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)
10.1 Privacy Impact Assessments
Number of PIAs Completed | Number of PIAs Modified | |
---|---|---|
Privacy Impact Assessments | 5 | 1 |
10.2 Institution-specific and Central Personal Information Banks
Personal Information Banks | Active | Created | Terminated | Modified |
---|---|---|---|---|
Institution-specific | 18 | 0 | 0 | 5 |
Central | 0 | 0 | 0 | 0 |
Total | 18 | 0 | 0 | 5 |
Section 11: Privacy Breaches
11.1 Material privacy breaches
Number of Breaches | |
---|---|
Material privacy breaches reported to TBS | 7 |
Material privacy breaches reported to OPC | 7 |
11.2 Non-material privacy breaches
Number of Breaches | |
---|---|
Non-Material Privacy Breaches | 6,536 |
Section 12: Resources Related to the Privacy Act
12.1 Allocated costs
Expenditures | Amount | |
---|---|---|
Salaries | $2,114,612 | |
Overtime | $45,993 | |
Goods and Services | $43,041 | |
Professional services contracts |
$1,150 | N/A |
Other |
$41,891 | N/A |
Total | $2,203,646 |
12.2 Human resources
Resources | Person Years Dedicated to Privacy Activities |
---|---|
Full-time employees | 16.933 |
Part-time and casual employees | 6.321 |
Regional staff | 0.000 |
Consultants and agency personnel | 0.000 |
Students | 0.000 |
Total | 23.840 |
Annex D: Supplemental Statistical Report on the Access to Information Act and the Privacy Act
Supplemental Statistical Report on the Access to Information Act and the Privacy Act
Name of institute: Immigration, Refugees and Citizenship Canada
Reporting
period: 2023-04-01 to 2024-03-31
Section 1: Open Requests and Complaints under the Access to Information Act
1.1 Number of open requests that are outstanding from previous reporting periods
Fiscal Year Received | Within Legislated Timelines as of March 31, 2024 | Beyond Legislated Timelines as of March 31, 2024 | Total |
---|---|---|---|
2023-2024 | 42 | 9,506 | 9,548 |
2022-2023 | 0 | 19,146 | 19,146 |
2021-2022 | 0 | 802 | 802 |
2020-2021 | 0 | 5 | 5 |
2019-2020 | 0 | 0 | 0 |
2018-2019 | 0 | 0 | 0 |
2017-2018 | 0 | 0 | 0 |
2016-2017 | 0 | 0 | 0 |
2015-2016 | 0 | 0 | 0 |
2014-2015 or earlier | 0 | 0 | 0 |
Total | 42 | 29,459 | 29,501 |
1.2 Number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods
Fiscal Year Open Complaints Were Received by Institution | Number of Open Complaints |
---|---|
2023-2024 | 146 |
2022-2023 | 21 |
2021-2022 | 7 |
2020-2021 | 3 |
2019-2020 | 0 |
2018-2019 | 2 |
2017-2018 | 1 |
2016-2017 | 0 |
2015-2016 | 0 |
2014-2015 or earlier | 0 |
Total | 180 |
Section 2: Open Requests and Complaints under the Privacy Act
2.1 Number of open requests that are outstanding from previous reporting periods
Fiscal Year Received | Within Legislated Timelines as of March 31, 2024 | Beyond Legislated Timelines as of March 31, 2024 | Total |
---|---|---|---|
2023-2024 | 8,029 | 3,201 | 11,230 |
2022-2023 | 0 | 5,193 | 5,193 |
2021-2022 | 0 | 96 | 96 |
2020-2021 | 0 | 1 | 1 |
2019-2020 | 0 | 0 | 0 |
2018-2019 | 0 | 0 | 0 |
2017-2018 | 0 | 0 | 0 |
2016-2017 | 0 | 0 | 0 |
2015-2016 | 0 | 0 | 0 |
2014-2015 or earlier | 0 | 0 | 0 |
Total | 8,029 | 8,491 | 16,520 |
2.2 Number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods
Fiscal Year Open Complaints Were Received by Institution | Number of Open Complaints |
---|---|
2023-2024 | 22 |
2022-2023 | 24 |
2021-2022 | 1 |
2020-2021 | 0 |
2019-2020 | 0 |
2018-2019 | 0 |
2017-2018 | 0 |
2016-2017 | 0 |
2015-2016 | 0 |
2014-2015 or earlier | 0 |
Total | 47 |
Section 3: Social Insurance Number
Has your institution begun a new collection or a new consistent use of the Social Insurance Number in 2023-2024?
Section 4: Universal Access under the Privacy Act
How many requests were received from foreign nationalsFootnote * outside of Canada in 2023-2024?
Page details
- Date modified: