2023-2024 Annual Report on the Privacy Act

PDF version: Privacy Act, Annual Report 2023-2024 (PDF, 848 KB)

Table of Contents


Introduction

Immigration, Refugees and Citizenship Canada (IRCC) is pleased to present to Parliament its annual report on the administration of the Privacy Act (PA).

The purpose of the PA is to protect the personal information of individuals under the responsibility and control of federal institutions, and to provide individuals with a right of access to that information.

This report is tabled in Parliament in accordance with section 72 of the PA. It outlines how IRCC administered its obligations under the PA during the reporting period beginning on April 1, 2023, and ending on March 31, 2024. IRCC does not have any non-operational (“paper”) subsidiaries during this reporting period.

IRCC was created to facilitate the entry of temporary residents, manage the selection, settlement integration of newcomers, grant citizenship and issue passports to eligible citizens. IRCC’s mandate comes from the Department of Citizenship and Immigration Act. The Minister of IRCC is responsible for the Citizenship Act of 1977 and shares responsibility with the Minister of Public Safety for the Immigration and Refugee Protection Act (IRPA). Effective July 2, 2013, the primary responsibility for Passport Canada and the administration of the Canadian Passport Order and the Order Respecting the Issuance of Diplomatic and Special Passports moved from the Department of Foreign Affairs and International Trade to IRCC.

This report comprises of three sections:

  1. Overview of IRCC’s Access to Information and Privacy (ATIP) program, including organizational structure and delegation order
  2. Outline of IRCC’s overall performance on the administration of the PA
  3. Description of IRCC’s initiatives to promote training and awareness, improve its policies related to privacy, and to ensure monitoring and compliance of its obligations under the PA.

I. Overview of IRCC’s ATIP program

The IRCC ATIP program continues to be one of the most solicited ATIP programs in the Government of Canada. During the reporting period, IRCC received 252,627 ATIP requests including 69,720 requests under the PA. Most requests received under the PA pertain to clients’ immigration applications.

This reporting year, the IRCC ATIP program implemented new strategies to address the large volume of incoming requests that resulted in marked increases in compliance. Considerable progress was achieved in processing and responding to requests within the legislated timelines and resolving old and new complaints filed by or on behalf of requesters. In parallel, the ATIP program continued to advance previous initiatives aimed at improving client experience and using technological improvements to enhance service delivery and increase processing efficiencies.

This year also marked IRCC’s adoption of a new organizational structure that seeks to replace the previous functional framework with a dynamic and client-focused integrated business approach. As part of this notable change, new sectors and branches were created, and some existing programs and areas of responsibilities were moved under different lines of business. During the implementation phase, the ATIP program closely monitored its tasking sheets to ensure that all information pertaining to ATIP liaison officers and coordinators was updated and all appropriate changes were accurately reflected in the ATIP case management software. Throughout the process, the IRCC ATIP program maintained contact with the Offices of Primary Interest (OPIs), upheld mandatory training for ATIP liaison officers, and continued to fulfill ongoing requests with minimal disruption.

Organizational structure

The ATIP program is structured around its main lines of business. As shown in Figure 1, the program is administered by three divisions: the ATIP Operations Division, the Innovation and Support Division and the Privacy Program Management Division. The Director of the ATIP Operations Division also holds the title of ATIP Coordinator.

The three divisions report directly to the Director General Access and Privacy Management branch (APMB) and Chief Privacy Officer within the Corporate Services and Chief Human Resources Officer Sector.

Figure 1: Structure of the ATIP Program
Text version: Structure of the ATIP Program

Access and Privacy Management Branch

ATIP Operations Division
  • 147 employees
Responsibilities
  • ATIP requests for client records
  • ATIP requests for corporate records
  • Informal access to information requests
  • Complaints from the Information Commissioner and Privacy Commissioner
  • Disclosures under 8(2)(d, e, f) of the Privacy Act
  • Robotic process automation
  • ATI Corporate Reporting
Innovation and Support Division
  • 10 employees
Responsibilities
  • ATIP processing efficiencies and technologies
  • Departmental ATIP Training
Privacy Program Management Division
  • 24 employees
Responsibilities
  • Privacy policy, advice and guidance
  • Privacy awareness
  • Management of privacy breaches and complaints
  • Disclosures under 8(2)(m) of the Privacy Act
  • Privacy corporate reporting
Proactive Disclosure Unit, Corporate Secretariat, DM Office
  • 2 employees
Responsibilities
  • Proactive publication of ministerial briefing products pursuant to ATIA, Part II, s. 74 and 88

At the end of the reporting period, the ATIP program comprised of 181 full-time employees. In addition to the employees who are responsible for applying the ATIP legislation, there are 268 ATIP liaison officers throughout the Department who support the ATIP program by gathering records and providing recommendations. While these officers are essential to the administration of the program, they are funded by other program areas.

Privacy at IRCC

The Privacy Program Management Division (PPMD) is responsible for communicating the roles and responsibilities of all employees with respect to the administration of the PA, for helping to ensure compliance with Treasury Board Secretariat privacy policies and directives, and for managing the lifecycle of privacy breaches. At the end of this reporting period, the division is comprised of three teams:

  1. The Privacy Policy and Planning Unit develops, implements, and maintains privacy policies, guidance, and tools to assist employees in managing personal information. This unit develops privacy training, coordinates departmental responses to public consultations, reviews departmental policy papers and provides program areas with high-level privacy advice.
  2. The Privacy Guidance and Assessments Unit manages the privacy impact assessment process by reviewing departmental privacy impact assessments, assessing privacy risks, and recommending mitigation strategies. This unit also provides senior management with privacy advice, guidance, and recommendations on privacy issues. In addition, they manage all public interest disclosures for the department.
  3. The Incident Management Unit manages the life cycle of all privacy breaches. They assess the risk of harm to the affected individual(s) and to the department as a result of a privacy breach. This unit also provides guidance and direction to program areas on containment, notification, and prevention of breaches. Furthermore, they report material breaches to the Office of the Privacy Commissioner (OPC) and Treasury Board Secretariat and respond to official complaints submitted by the OPC.

The Director General of the Access and Privacy Management Branch fulfills the role of Chief Privacy Officer (CPO). The CPO provides executive-level strategic leadership and direction on privacy at IRCC, including the provision of policy and/or operational advice and recommendations to senior management on complex privacy issues, the promotion of privacy awareness throughout the Department, and reporting to senior management on the state of privacy.

While PPMD is responsible for overseeing the privacy guidance program at IRCC, the ATIP Operations Division is responsible for processing requests for personal information, as well as disclosures under paragraphs 8(2)(d), (e) and (f) of the PA.

During the reporting period, IRCC had no service agreements under section 73.1 of the PA.

Delegation order

The Minister of IRCC is responsible for administering requests made to the Department under the ATIA and the PA. In accordance with section 95(1) of the ATIA and section 73 of the PA, the Minister delegates authority to departmental senior management, including the ATIP Coordinator to carry out the Minister’s powers, duties, or functions under the Acts in relation to ATIP requests.

For more information, refer to Annex A: Copy of the signed delegation order in effect March 31 2024, and Annex B: Copy of the Delegation of Authority under the Privacy Act and the Privacy Regulations in effect March 31, 2024.

II. Performance

This reporting year, IRCC received 69,720 requests under the PA, which represents a substantial increase of 188% from the previous year where 24,164 request were received. The Department could be experiencing the first effects of the Privacy Act Extension Order, No. 3, which came into force on July 13, 2022, as public awareness of the Order increases. The Order extends the right of access to personal information under subsection 12(1) of the PA to all individuals outside Canada. This enables foreign nationals, the majority of IRCC’s clients, to request personal information themselves instead of requiring a Canadian representative to make the request on their behalf.

The IRCC ATIP program completed 67,168 requests and processed 1,466,740 pages under the PA during the reporting period.

Compliance rate and completion times

In response to increasing demands for its services, the IRCC ATIP program realigned its structure and implemented new strategies for processing requests. In addition, the program continued to leverage technological improvements, as well as train and retain human resources in a highly competitive environment. This approach resulted in marked increases in compliance.

The compliance rate (percentage of all requests responded to within legislated timelines) for PA requests was 82%. This rate represents a significant increase from the 20.14% obtained in 2022-2023. As illustrated in Table 1, over 75% of IRCC’s PA requests were processed and completed within 30 days.

Table 1: Completion Times for Closed Privacy Requests
Completion time Number of requests closed Percentage of requests closed
1 to 15 Days 7,031 10.5%
16 to 30 Days 44,029 65.6%
31 to 60 Days 8,490 12.6%
61 to 120 Days 1,201 1.8%
121 to 180 Days 891 1.3%
181 to 365 Days 2,601 3.9%
More than 365 Days 2,925 4.3%
Total 67,168 100%

Active requests from previous reporting periods

As shown in Table 2, IRCC had 16,520 open requests from previous reporting periods. This table also illustrates the impact of the coming into force of the Privacy Act Extension Order, with 11,471 outstanding requests having been received in the last two years (78%).

Table 2: Active Requests from Previous Reporting Periods
Fiscal year open privacy requests were received Open requests that are within legislated timelines as of March 31, 2024 Open requests that are beyond legislated timelines as of March 31, 2024 Total
2023-2024 8,029 3,201 11,230
2022-2023 0 5,193 5,193
2021-2022 0 96 96
2020-2021 0 1 1
2019-2020 0 0 0
Earlier years 0 0 0
Total 8,029 8,491 16,520

Active complaints from previous reporting periods

Although the number of requests under the PA significantly increased, the number of active complaints from previous reporting periods remained stable. As Table 3 demonstrates, at the end of the reporting period, IRCC carried 47 active PA complaints.

Table 3: Active Complaints from Previous Reporting Periods
Fiscal Year Open Complaints Were Received Number of Open Complaints
2023-2024 22
2022-2023 24
2021-2022 1
2020-2021 0
Total 47

Reasons for extensions

Section 15 of the PA permits the statutory time limits to be extended if consultations are necessary, translation is required, or the request involves a large volume of records that cannot be processed within the original time limit without unreasonably interfering with the operations of the Department.

When necessary, IRCC conducts internal consultations to ensure the proper exercise of discretion, particularly for (but not limited to) requests that may involve litigation, investigations, or security concerns. The details of extensions claimed by IRCC in accordance with section 15 are as follows:

Consultations received from other government departments and institutions

Other government departments (OGDs) and organizations consulted IRCC 53 times under the PA. Table 4 provides the number of days IRCC took to complete OGD consultations. Overall, the IRCC ATIP program responded to 45 consultation requests (84.9%) within 30 days.

Table 4: Completion Times for OGD Consultations
Completion times Consultations
1 to 15 Days 30
16 to 30 Days 15
31 to 60 Days 7
61 to 120 Days 1
121 to 180 Days 0
181 to 365 Days 0
More than 365 Days 0
Total 53

Disposition of completed requests

As shown in Table 5, IRCC released records in their entirety for 34% of all completed personal information requests. The Department claimed one or more exemptions on 55% of completed requests. The remaining requests were abandoned, had no existing records, or the existence of records could neither be confirmed nor denied as doing so could reveal information that is protected under the PA.

Table 5: Disposition of Completed Requests
Disposition Requests Percentage
All disclosed 22,662 34%
Disclosed in part 37,145 55%
All exempted 3 0%
All excluded 0 0%
No records exist 381 1%
Request abandoned 4,119 6%
Neither confirmed nor denied 2,858 4%
Total 67,168 100%

The following exemptions were most frequently used by IRCC:

III. Initiatives to promote awareness, training and policies in relation to the Privacy Act

IRCC continues to prioritize learning as a valuable tool for retaining and renewing its workforce and ensuring that the organization can fulfill its mandate while adapting to change. The specialized Training Project and ATIP Support Team within the Access and Privacy Management Branch (APMB) fosters a culture of continuous learning by offering a wide variety of training opportunities to both ATIP and non-ATIP officials.

Training and awareness

The ATIP training and awareness curriculum covers various aspects of the access to information and privacy regimes with an emphasis on security and best practices for handling sensitive information. Specific courses and modules focus on responsibilities for safeguarding and managing information, as well as collecting and using personal information.

ATIP course catalogue and sessions given

As shown in Table 6, the ATIP program delivered 133 training sessions to 4,705 employees (including 4,615 non-ATIP employees) via a combination of formal and informal, self-directed and instructor-led sessions. There was an increase in demand for customized trainings tailored for specific units, divisions and areas of responsibility this reporting year.

Table 6: Formal and Informal ATIP Training Sessions and Participants at IRCC
Course name Platform Access or privacy training Number of sessions Number of participants

Protecting and Giving Access to Information at IRCC (CC5540) Mandatory for all new employees

Online Both Self-paced 2,521
Total N/A
Formal training ATIP Privacy Breach (CC4540) In person/ virtual Privacy 16 234
ATIP Training for Middle Managers and Executives (CC4440) Both 8 101
Protect, Secure, and Manage Information (CC4416) Privacy 21 514
Understanding and Managing ATIP Requests (CC4340) Access 17 301
ATIP 101 (CC4425) Both 14 236
Appropriate Access to and Use of Personal Information (CC4426) Privacy 0 0
Privacy 101 (CC4427) Privacy 5 148
Exemptions and Exclusions 101 (CC4429) Access 7 174
Information Sharing (CC4430) Privacy 0 0
Government of Canada Secret Infrastructure (CC4417) Other 2 44
Total: 90 1,752
Informal training One-on-One ATIP Liaison Training/CRCI Administrative Process In person/ virtual Access 18 72
How to fill-out the Response To ATIP Request Form (RAR) Access 0 0
Exemptions and Exclusions 102 Access 1 8
Refresher on “How to provide records to ATIP” Access 3 12
Customized Training (other) Both 21 340
Total: 43 432
Total Formal and Informal: 133 2,184
Total participants trained: 4,705

In addition, PPMD regularly publishes articles on its IRCC internal webpage to keep all employees informed of the Department of the Treasury Board Secretariat’s Privacy Implementation Notices, as well as privacy activities for Data Privacy Day.

This year, PPMD also worked jointly with IRCC’s Learning Academy, a Team responsible for course coordination and registration, data entry and training record keeping, to create a self-paced online training module that will ensure that current and new employees comply with Appendix B of the Directive on Personal Information Requests and Correction of Personal Information.

Security and privacy awareness

The IRCC Protect, Secure, and Manage Information (CC4416) course is comprised of three modules from IT Security, Information Management and ATIP that intertwine and complement each other. This training was dispensed jointly by the ATIP program and Information Management and Security experts at IRCC. It highlights various aspects of the risk and responsibilities in managing information of business value, as well as client and government information.

Additionally, all ATIP staff requiring access to classified information while performing their duties were mandated to complete the Government of Canada Secret Infrastructure course (CC4417) developed by the IT Operations Branch prior to being granted access to the secure network. The Training Projects and ATIP Support Team coordinated and facilitated the successful delivery of this training to ATIP employees.

Policies, guidelines, procedures, and initiatives

During the reporting period, PPMD developed new procedures and created new tools to assist the Department in its efforts to protect personal information, promote privacy awareness and support the privacy policy.

Privacy Work Plan

In the Fall 2023, PPMD conducted an annual department-wide consultative exercise with all IRCC director generals to update its inventory of planned activities that may require review. This consultation led to the creation of a privacy work plan that includes all upcoming departmental initiatives involving personal information for the next three years.

The goal of the privacy work plan is to organize upcoming initiatives based on several criteria: Digital Platform Modernization onboarding, implementation date, and funding, in order to group multiple privacy impact assessments (PIAs) into program-level PIAs. The work plan aims to prioritize these initiatives in a way that facilitates and monitors the departmental need for privacy assessments. The plan allows PPMD to improve the level of support provided to program areas by planning and coordinating resources to maintain the delivery of services while fulfilling the requirements of the privacy assessment process.

Risk Register

PPMD created a risk register of privacy risks and corresponding mitigation strategies that are identified through privacy impact assessments. This risk register will enable the division to monitor compliance and promote program accountability. Once established, its contents will be used for follow-up discussions with program decision-makers on the implementation of identified strategies, residual risks and changes to the operating environment.

Dedicated mailbox

To assist IRCC employees and encourage knowledge acquisition, PPMD created a general mailbox specifically dedicated for employee enquiries. This new inbox is meant to provide a channel to request and obtain assistance from the division. Specifically, it is meant to provide guidance to program areas and facilitate the interpretation of IRCC’s privacy policies, Treasury Board Secretariat’s Privacy Policy Suite, and interpretations of the PA. It provides a direct contact to the division and allows for more timely and effective responses to privacy needs across the Department.

Annual Review of the IRCC Privacy Policy Suite

The Privacy Policy Suite is a collection of mandatory policy instruments based on the Treasury Board Secretariat’s (TBS) privacy policy suite. The IRCC policy suite includes a Privacy Framework and Privacy Policy alongside various tools, guidelines, procedures and checklists.

This reporting year, PPMD developed standard operating procedures for the annual review of the IRCC Privacy Policy Suite. The first official annual review is scheduled for fiscal year 2024-2025.

Initiatives and projects to improve privacy

In addition to the privacy policy, guidelines and tools described above, IRCC is furthering its initiatives to modernize the delivery of services within the ATIP program, including the expansion of Robotic Process Automation (RPA), migration to the mandated ATIP Online Request Service (i.e., Treasury Board Secretariat’s online platform for the public to file ATIP requests with the Government of Canada) and replacement of the ATIP case management software.

Robotic Process Automation (RPA)

The RPA performs low-complexity/high-volume tasks such as data entry, file and folder operations, and other non-decision-making processes, allowing IRCC to reallocate resources to focus on decision-based work, while also improving data integrity, timeliness, and endto- end business processes with minimal disruption in the operations processing.

TBS ATIP Online Request Service (ATIP Online)

The Treasury Board Secretariat’s ATIP Online Request Service (ATIP Online) was launched in 2018 to streamline the procedure of submitting ATIP requests to, and obtaining responses from, the federal government. Onboarding to ATIP Online significantly enhances efficiency and accessibility in handling ATIP requests within the federal government.

This reporting year, IRCC ATIP has worked collaboratively with TBS Office of the Chief Information Officer to begin transitioning ATIP requests for corporate records to ATIP Online by April 2, 2024.

To ensure operational efficiency, efforts are underway to reduce ATIP request volumes prior to completing the onboarding of requests for client records to the TBS platform. Until the migration is complete, requesters will continue to submit ATIP requests to IRCC via the IRCC ATIP online request portal.

Replacement of the ATIP case management software

IRCC is diligently advancing the replacement of its current ATIP case management software. Following a thorough assessment of the ATIP Division’s unique business needs and requirements, the Department has opted for the adoption of a TBS-approved modern platform with several upgrades and features.

The new software will interface directly with ATIP Online and it features advanced functionalities that will significantly increase efficiency by reducing the time necessary to complete the review and release of records. Along with improvements in request processing, the new software supports built-in artificial intelligence that can be trained to automate repetitive tasks and has modern business analytics capabilities to enable IRCC to create various reports more effectively. These improvements will mean faster, real-time decisions in response to emerging ATIP trends, faster workflow adjustment, and the development of more in-depth performance management tools.

IRCC ATIP is also collaborating strategically with Shared Services Canada’s Digital Enablement Group to ensure the seamless deployment of the software within a cloud-based environment. This collaboration is part of the Government of Canada’s Application Platform as a Service initiative that aims to deliver common Government of Canada applications using a “Cloud Smart” approach. The Department aims to procure, test, and deploy the new software by late fall 2025.

Summary of key issues and actions taken on complaints

This reporting year, the IRCC ATIP program took concrete measures aimed at ensuring a better synergy between the request processing and complaint processing teams, which improved tracking and client service.

To ensure a more streamlined and consistent approach, the complaint process for client records and corporate records was merged to improve efficiency within the ATIP program. The new Complaints Team performed a comparative analysis and reconciliation of complaint files opened in IRCC’s systems with complaints registered and deemed active by the Office of the Information Commissioner (OIC). Thereafter, working collaboratively with the OIC, the Complaints Team put in place a Complaints Triage and Early Resolution process where each complaint, regardless of the age of the file, was reviewed and all cases identified as having the potential to be resolved in a reasonably short period of time were processed. Delay complaints represent the vast majority of complaints IRCC receives.

In addition, the ATIP case management software was updated to better track complaint correspondence, file status, follow-ups and discussions held with Offices of Primary Interests and external stakeholders.

The IRCC ATIP program also allocated resources to create a dedicated Client Service Team in an effort to keep the lines of communication with requesters open, identify issues or needs that could be proactively addressed, and possibly limit future ATIP complaints being lodged against IRCC. Although the team does not yet have an official service standard in place, the vast majority of inquiries were responded to within 48 hours, and the ATIP phone line voice messages were retrieved on a daily basis.

Despite an increase of 188% in new requests under the PA, IRCC received 106 notices of new complaints this reporting year of which 60 were related to processing delays. By comparison, IRCC received 289 complaints in the previous period. At the end of the reporting period, 47 complaints remained outstanding: 22 complaints from 2023-2024, 24 from 2022-2023, and 1 from 2021-2022 or earlier.

Together, all the measures and initiatives described above contributed to the reduction in the number of complaints in inventory.

Material privacy breaches

The Policy on Privacy Protection defines a privacy breach as “the improper or unauthorized collection, use, disclosure, retention or disposition of personal information.” A material privacy breach is a privacy breach that could reasonably be expected to create a real risk of significant harm to an individual. Significant harm includes bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on the credit record and damage to or loss of property.

In 2023-2024, IRCC notified the Office of the Privacy Commissioner and the Treasury Board Secretariat of seven material privacy breaches. Of the seven material privacy breaches, the majority of the incidents had a minor impact and affected a limited number of individuals.

PPMD monitors all privacy breaches closely and has established notifications and remedial measures to address each situation. The Division also:

A summary of the seven material breaches can be found below. Senior officials were notified of all material breaches to facilitate communication within the Department, raise awareness of issues and to bolster departmental response to serious privacy breaches.

Privacy Impact Assessments (PIAs)

To fulfil its mandate and effectively deliver its programs and services, IRCC collects, uses and discloses personal information. In accordance with the Directive on Privacy Impact Assessment, the Department undertakes PIAs to ensure compliance with the PA and to identify privacy risks present in new or existing departmental programs, initiatives or projects that involve personal information.

Summary of PIAs completed 2023-2024

Descriptions of PIAs completed during the 2023-2024 fiscal year are found below and full summaries can be found here: Privacy Impact Assessment Summaries.

Rural Northern Immigration Pilot (RNIP)

This privacy impact assessment assesses the Rural Northern Immigration Pilot (RNIP), established in 2019 to offer a pathway to permanent residency for skilled foreign workers who wish to live and work in one of 11 Canadian communities. Foreign nationals must obtain a recommendation from an Economic Development Organization (EDO) within their chosen community to participate in the RNIP. The EDO may then provide a recommendation and information on the foreign nationals to IRCC, who remains the final decision-making authority on the application for permanent residency. Risks were identified and mitigation recommendations were provided.

Council of Newcomers

This privacy impact assessment assesses the Council of Newcomers that will bring together recent immigrants to share their views, ideas and lived experiences related to Canada’s immigration system directly with senior IRCC officials through both in-person and virtual meetings. Personal information may be collected both formally and informally through the application process, council activities and administrative processes, such as travel and accommodation. Risks were identified and mitigation recommendations were provided.

Canada – Ukraine Transitional Assistance Initiative (CUTAI)

This privacy impact assessment assesses the business processes of IRCC in their part to deliver the Canada-Ukraine Transitional Assistance Initiative (CUTAI). The CUTAI provided a one-time (non-taxable) payment for eligible Ukrainians and their family members arriving under the Canada-Ukraine Authorization for Emergency Travel (CUAET) measures to ensure their basic needs were met upon arrival in Canada. Minimal personal information from CUTAI applications submitted to Service Canada were matched against IRCC’s CUAET data to confirm eligibility for the financial assistance. Risks were identified and mitigation recommendations were provided.

Temporary Asylum Accommodations for COVID-19 Quarantine

This privacy impact assessment assesses IRCC’s agreement to provide temporary accommodations to unvaccinated asymptomatic asylum claimants without a suitable quarantine plan in support of the Government of Canada’s coordinated response to the COVID-19 pandemic. Personal information of asylum claimants was collected to establish quarantine requirements and facilitate temporary accommodations. Risks were identified and mitigation recommendations were provided.

International Student Program – Letter of Acceptance (LOA) Verification Tool

This privacy impact assessment is an addendum to the 2014 PIA on the International Student Program (ISP). It focuses on the transition from case-by-case to systematic sharing of personal information with post-secondary Designated Learning Institutions (DLIs) via online channels. The information exchange is used in support of the administrative decision to accept applications for processing, or to not accept applications for processing if there is no confirmation from the DLI that the LOA is authentic. Risks were identified and mitigation recommendations were provided.

Public interest disclosures

Paragraph 8(2)(m) of the Privacy Act provides that personal information may be disclosed for any purpose where, in the opinion of the head of an institution, (i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or (ii) disclosure would clearly benefit the individual to whom the information relates.

As shown in Table 7, IRCC authorized disclosure of personal information in 36 instances under paragraph 8(2)(m) of the Privacy Act during the reporting period.

Table 7: Summary of Public Interest Disclosures under 8(2)(m) of the Privacy Act
Nature of disclosure Disclosures authorized where at least one individual’s personal information was disclosed Individuals affected OPC notification in accordance with subsection 8(5)
Disclosure of contact information to the Public Health Agency of Canada of individuals who were Tuberculosis cases or had been in close proximity to a person with Tuberculosis 28 347 The OPC was notified before the disclosure in all cases.
Disclosure of contact information to Provincial and Territorial health authorities of individuals or sponsors of individuals who had been in close proximity to a person with Poliovirus 4 682 The OPC was notified before the disclosure in all cases.
Disclosure of contact information to municipal law enforcement services to notify next of kin of deceased individuals 1 3 The OPC was notified before the disclosure.
Disclosure of an individual’s ineligibility to become a temporary resident to the public regarding the application of Negative Discretion by the Minister of IRCC 1 1 The OPC was notified before the disclosure.
Disclosure of individuals’ contact and address information to a child protection agency regarding a case of alleged child abuse 1 2 The OPC was notified after the disclosure because of the urgent nature of the disclosure.
Disclosure of individuals’ application decision to the public regarding a case of correcting the public record 1 1 The OPC was notified before the disclosure.
Total 36 1,036

Monitoring compliance

The ATIP program makes use of frequent and comprehensive reporting tools to monitor compliance and maintain accountability, as well as to identify process improvements.

Time taken to process requests for personal information

IRCC monitors the time taken to process personal information requests by retrieving statistics from the ATIP case management software on a daily, weekly, biweekly, and quarterly basis. These statistics provide information on ATIP request volumes received and processed, compliance rates, backlog volumes, and feed into various reports intended for various levels of officials: daily updates are shared with managers, weekly reports with directors and the APMB Director General & Chief Privacy Officer and biweekly reports with the Deputy Ministers. The ATIP program also produced a quarterly report shared with all Assistant Deputy Ministers this reporting year.

As shown in Table 8, the ATIP program created monthly reports on sectors’ compliance for providing responsive records to the ATIP Divisions, for privacy breaches and public disclosures pursuant to paragraph 8(2)(m) of the PA (none of these reports disclose personal information). Report Audience Frequency

Table 8: Other Reporting
Report Audience Frequency
Response to ATIP Taskings Report (Sector Compliance) Assistant Deputy Ministers Monthly
Privacy Breach Report Deputy Ministers Monthly
IRCC disclosures in the public interest—Privacy Act 8(2)(m) Deputy Ministers Monthly

Although the primary goal of the ATIP program’s statistical reporting is to monitor compliance, IRCC ATIP also relies on these statistics to monitor workflows, address current challenges, and identify trends in ATIP requests.

Inter-institutional consultations

Team leaders and managers within the ATIP program regularly monitor extensions taken, responses to internal tasking reports, and complaints that do, in turn, identify areas in need of improvement, including consultations, to ensure the proper exercise of discretion.

Frequently requested types of Information

The vast majority of IRCC’s ATIP requests are for client immigration records. IRCC is currently developing initiatives to improve clients’ access to their own information through means other than the ATIP program. See the Policies, guidelines, procedures and initiatives section above.

The following initiatives aim to anticipate stakeholder needs by providing access, via online platforms and tools, to information IRCC clients most often request through the ATIP system such as application status updates and officers’ notes. Providing direct access to useful and efficient platforms is expected to reduce ATIP volumes and workloads and decrease processing times:

Proactive Release of Officer Decision Notes (ODN)

The ODN project which is part of the IRCC’s Operational Transparency initiative proactively provides officer decision notes to some refused applicants in the Temporary Resident Visa e-application caseload and give clients additional information regarding the reason(s) for their refusal, including a breakdown of the officer’s rationale when finalizing the application.

The first validation exercise that targeted Temporary Resident Visas (TRVs) with the Centralized Network’s Case Processing Centre in Ottawa showed a 57% reduction of ATIP requests received for files that had an ODN released to the client. A second validation exercise for Study Permits was launched this reporting year with support of the Global Network, and IRCC is currently analyzing the impact on ATIP requests.

As of March 31, 2024, IRCC is preparing to transition the ODN project to a steady state, starting with TRVs. Soon after, the project will continue to expand in phases to other lines of businesses to achieve the goals of the Operational Transparency initiative. The ODNs will initially be made available to clients digitally in the new Online Account that will be launched later this year as part of IRCC’s Digital Platform Modernization (DPM) Program and subsequently be available as part of the refusal response package sent to clients.

Client Correspondence Project

The Client Correspondence Project will review IRCC client-facing communications identified as problematic by clients.

The Client Correspondence Unit (CCU) was created as part of this project to draft clearer, more concise written correspondence that will better meet client needs. To date, four key pieces of client correspondence have been revised: Procedural Fairness, Request for Supplementary Information, Temporary Resident Refusal Letter and Study Permit Refusal Letter. The latest revisions based on usability testing with clients and officers were made to the Study Permit Refusal Letter and several Study Permit Refusal Grounds in collaboration with key stakeholders. The revised Letter will be launched later this year.

The CCU, as part of its future work objectives, plans to analyze end-to-end client communications throughout the client journey. The project will focus next on the revision of the Work Permit (WP) Refusal Letter along with the refusal grounds.

Client Experience Platform

This project, which is also part of IRCC’s DPM Program focuses on implementing a modernized Client Experience Platform (CXP) that will support the delivery of seamless digital services across various channels and devices. It aims to equip support staff with a comprehensive client view, ensuring consistent and efficient assistance through all communication channels (omni-channel approach).

The primary goal is to enhance the overall client experience, emphasizing speed and efficiency. The new CXP will provide clients with a single online window to access IRCC services, with a suite of tools to facilitate the client’s journey to be informed, to apply for programs and services, to receive real-time status of applications, to communicate with IRCC and provide feedback on their experience.

IRCC anticipates a decrease in ATIP requests due to improved client support and IRCC’s enhanced accessibility, reducing pressure on the ATIP regime and streamlining client interactions. As of the end of the reporting period, IRCC continues to advance the procurement process for the new CXP.

Privacy protections in contracts, agreements, and arrangements

IRCC’s Departmental Directive on Information Sharing Applicable to the use of ISAs (Information Sharing Arrangements) requires summaries of ISAs to be made available to the public, as per section 4.2.26 and 4.2.27 of the Directive on Privacy Practice. ISA drafters are also required to consult the TBS Guidance on Preparing Information Sharing Arrangements Involving Personal Information and to refer to its accompanying templates which include sample provisions that ensure privacy protection information is reflected in the ISAs.

This reporting year, PPMD advised various partners within IRCC of TBS requirements for contracts, information sharing agreements and information sharing arrangements as published in the Directive on Privacy Practices. PPMD will be working on engagement with relevant program officials during the coming year to ensure our collective processes align and satisfy those requirements. The division also intends to assess if tools need to be developed to assist program officials to better facilitate compliance with ISA’s and contract requirements.

Moving forward

During the reporting period, the IRCC continued to provide more focused attention to its lines of business within the ATIP program through three dedicated divisions. This year, the focus was creating a work plan to help better identify and organize all initiatives that require PIAs, creating standard processes and tools to improve compliance and monitoring, and increasing the level of assistance in privacy matters provided to branches.

Moving forward, IRCC will continue improving services to provide clients with better access to their own immigration information through other means than the ATIP program and advance the migration to the TBS ATIP Online Request Service as well as the procurement of the ATIP case management software.

PPMD will conduct its first annual review of the IRCC Privacy Suite and will advance compliance monitoring activities with the use of the newly created risk register. The IRCC privacy division will also engage with IRCC officials to assess the need to develop new and effective tools to increase its guidance and branch services.

IRCC recognizes the right to access to one’s personal information to promote openness and transparency. The Department is committed to continuing its efforts to improve how it upholds its responsibilities under the PA.

Annex A: Copy of the signed delegation order in effect March 31, 2024

Annex B: Copy of the Delegation of Authority under the Privacy Act and the Privacy Regulations in effect March 31, 2024

Annex C: Statistical Report on the Administration of the Privacy Act

Annex D: Supplemental Statistical Report on the Access to Information Act and the Privacy Act

Annex A: Copy of the signed delegation order in effect March 31, 2024

Text version: Signed Delegation

Official Document

Department of Immigration, Refugees and Citizenship of Canada

Delegation of Authority

Access to Information Act and Privacy Act

I, Minister of Immigration, Refugees and Citizenship, pursuant to section 95 of the Access to Information Act and section 73 of the Privacy Act, hereby authorize the officer and employee of Immigration, Refugees and Citizenship whose position or classification is set out in the attached Schedule to carry out those of my power, duties or functions under the Acts that are set in the Schedule in relation to that officer and employee.

Dated at Ottawa

This 30 day of August 2019

Ahmed Hussen, P.C., M.P.
Minister of Immigration, Refugees and Citizenship

Annex B: Copy of the Delegation of Authority under the Privacy Act and the Privacy Regulations in effect March 31, 2024

Delegation of Authority under the Privacy Act and the Privacy Regulations

The delegation includes acting appointments and assignments to these positions made pursuant to the Public Service Employment Act and regulations.

Full delegation
Position Delegation
Deputy Minister / Associate Deputy Minister Full Authority
Assistant Deputy Minister, Corporate Management Sector Full Authority
Director General, ATIP & Accountability Branch

Full Authority, except the following sections of the Privacy Act:

  • 8(2)(m) – disclosure of personal information in the public interest or to the benefit of the individual
Director, ATIP Division

Full Authority, except the following sections of the Privacy Act:

  • 8(2)(j) - disclosure of personal information for research and statistics
  • 8(2)(m) – disclosure of personal information in the public interest or to the benefit of the individual
Assistant Director, ATIP CRCI

Full Authority, except the following sections of the Privacy Act:

  • 8(2)(j) - disclosure of personal information for research and statistics
  • 8(2)(m) – disclosure of personal information in the public interest or to the benefit of the individual
  • 8(4) – record of disclosures for investigations
  • 8(5) - notify Privacy Commissioner of 8(2)(m)
  • 9(4) – record of consistent uses
  • 9(5) – notify Privacy Commissioner of consistent uses
  • 10 – Personal Information Banks
  • 22.3 – Refusal of access under the Public Servants Disclosure Protection Act
  • 36(3)(b) - Response to review of exempt banks
  • 37(3) - Response to review of compliance
  • 72 – Prepare annual report to Parliament
Assistant Director, ATIP OPS Same as Assistant Director for ATIP CRCI, except the position does have 8(4) – record of consistent uses
Partial delegation
Position Delegation
Assistant Deputy Minister / Associate Assistant Deputy Minister, Strategic and Program Policy Sector Only 8(2)(j) of the Privacy Act– disclosure of personal information for research and statistics
Director General, Research and Evaluation Branch Only 8(2)(j) of the Privacy Act– disclosure of personal information for research and statistics
Privacy Act
Descriptions Section ATIP / PM-05 OPS ATIP / PM-05 CRCI ATIP / PM-04 OPS ATIP / PM-04 CRCI ATIP / PM-03 OPS ATIP / PM-03 CRCI
Disclosure for research and statistics 8(2)(j) No No No No No No
Disclosure in public interest clearly outweighs any invasion of privacy 8(2)(m)(i) No No No No No No
Disclosure in public interest, benefit of individual 8(2)(m)(ii) No No No No No No
Record of disclosure for investigations 8(4) Yes No No No No No
Notify Privacy Commissioner of 8(2)(m) 8(5) No No No No No No
Record of consistent uses 9(1) No No No No No No
Notify Privacy Commissioner of consistent uses 9(4) No No No No No No
Personal information in banks 10 No No No No No No
Notice where access requested 14 Yes Yes Yes Yes Yes Yes
Extension of time limits 15 Yes Yes Yes No Yes No
Decision regarding translation 17(2)(b) No No No No No No
Conversion to alternate format 17(3)(b) No No No No No No
Refuse access: exempt bank 18(2) Yes Yes No No No No
Refuse access: confidential information 19(1) Yes No Yes No No No
Disclose confidential information 19(2) Yes No Yes No No No
Refuse access: federal-provincial affairs 20 No No No No No No
Refuse access: international affairs, defence, subversive activities 21 Yes No Yes No No No
Refuse access: law enforcement and investigation 22 Yes No Yes No Yes No
Refuse access: Public Servants Disclosure Protection Act 22.3 No No No No No No
Refuse access: security clearance 23 Yes No Yes No Yes No
Refuse access: person under sentence 24 Yes No No No No No
Refuse access: safety of individuals 25 Yes Yes Yes No Yes No
Refuse access: another person’s information 26 Yes Yes Yes Yes Yes Yes
Refuse access: solicitor-client privilege 27 Yes No Yes No No No
Refuse access: patent or trademark privilege 27.1 No No No No No No
Refuse access: medical record 28 Yes No Yes No No No
Receive notice of investigation 31 Yes Yes No Yes No No
Representation to Privacy Commissioner 33(2) Yes Yes No Yes No No
Response to findings and recommendations of the Privacy Commissioner within a specified time 35(1) Yes Yes No Yes No No
Access given to complainant 35(4) Yes No No No No No
Response to review of exempt banks 36(3)(b) No No No No No No
Response to review of compliance 37(3) No No No No No No
Request of court hearing in the National Capital Region 51(2)(b) No No No No No No
Ex parte representation to court 51(3) No No No No No No
Annual Report to Parliament 72 No No No No No No
Privacy Regulations
Descriptions Section ATIP / PM-05 OPS ATIP / PM-05 CRCI ATIP / PM-04 OPS ATIP / PM-04 CRCI ATIP / PM-03 OPS ATIP / PM-03 CRCI
Examination of records 9 Yes Yes Yes Yes Yes Yes
Correction of personal information 11(2) Yes Yes No No No No
Notification of refusal to correct personal information 11(4) Yes Yes No No No No
Disclosure: medical information 13(1) No No No No No No
Disclosure: medical information – examine in person, in the presence of a duly qualified medical practitioner 14 No No No No No No

Legend:

ATIP / PM-05 OPS
Senior ATIP Administrator, ATIP Operations (OPS)
ATIP / PM-05 CRCI
Senior ATIP Administrators, Corporate Records, Complaints and Informals (CRCI)
ATIP / PM-04 OPS
ATIP Administrators, ATIP Operations (OPS)
ATIP / PM-04 CRCI
ATIP Administrators, Corporate Records, Complaints and Informals (CRCI)
ATIP / PM-03 OPS
ATIP Officers, ATIP Operations (OPS)
ATIP / PM-03 CRCI
ATIP Officers, Corporate Records, Complaints and Informals (CRCI)

Annex C: Statistical Report on the Administration of the Privacy Act

Statistical Report on the Privacy Act

Name of institute: Immigration, Refugees and Citizenship Canada
Reporting period: 2023-04-01 to 2024-03-31

Section 1: Requests under the Privacy Act

1.1 Number of requests received

Number of Requests
Received during reporting period 69,720
Outstanding from previous reporting periods 13,964

Outstanding from previous reporting periods

12,271 N/A

Outstanding from more than one reporting period

1,693 N/A
Total 83,684Table Footnote *
Closed during reporting period 67,168
Carried over to next reporting period 16,520

Carried over within legislated timeline

8,029

Carried over beyond legislated timeline

8,491

1.2 Channels of requests

Channel Number of Requests
Online 68,500
E-mail 788
Mail 432
In person 0
Phone 0
Fax 0
Total 69,720

Section 2: Informal requests

2.1 Number of informal requests

Number of Requests
Received during reporting period 0
Outstanding from previous reporting periods 0

Outstanding from previous reporting periods

0 N/A

Outstanding from more than one reporting period

0 N/A
Total 0
Closed during reporting period 0
Carried over to next reporting period 0

2.2 Channels of informal requests

Channel Number of Requests
Online 0
E-mail 0
Mail 0
In person 0
Phone 0
Fax 0
Total 0

2.3 Completion time of informal requests

Completion Time (Days)
1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365 Total
0 0 0 0 0 0 0 0

2.4 Pages released informally

Number of Requests Pages Released
Less than 100 pages released 0 0
100 to 500 pages released 0 0
501 to 1,000 pages released 0 0
1,001 to 5,000 pages released 0 0
More than 5,000 pages released 0 0

Section 3: Requests Closed During the Reporting Period

3.1 Disposition and completion time

Disposition of Requests Completion Time (Days)
1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365 Total
All disclosed 1,452 16,955 2,601 308 239 906 201 22,662
Disclosed in part 2,497 25,836 5,281 553 410 1,201 1,367 37,145
All exempted 0 1 1 1 0 0 0 3
All excluded 0 0 0 0 0 0 0 0
No records exist 131 131 42 23 11 28 15 381
Request abandoned 2,006 589 109 130 110 151 1,024 4,119
Neither confirmed nor denied 945 517 456 186 121 315 318 2,858
Total 7,031 44,029 8,490 1,201 891 2,601 2,925 67,168

3.2 Exemptions

Section 18 exemptions
Section 18 Number of Requests
18(2) 0
Section 19 exemptions
Section 19 Number of Requests
19(1)(a) 1,594
19(1)(b) 1
19(1)(c) 10
19(1)(d) 2
19(1)(e) 0
19(1)(f) 0
Section 20 exemptions
Section 20 Number of Requests
20 0
Section 21 exemptions
Section 21 Number of Requests
21 15,243
Section 22 exemptions
Section 22 Number of Requests
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 8,571
22(1)(c) 6
22(2) 0
22.1 0
22.2 0
22.3 0
22.4 0
Section 23 exemptions
Section 23 Number of Requests
23(a) 0
23(b) 0
Section 24 exemptions
Section 24 Number of Requests
24(a) 0
24(b) 0
Section 25 exemptions
Section 25 Number of Requests
25 197
Section 26 exemptions
Section 26 Number of Requests
26 25,117
Section 27 exemptions
Section 27 Number of Requests
27 4
27.1 0
Section 28 exemptions
Section 28 Number of Requests
28 0

3.3 Exclusions

Section 69 exclusions
Section 69 Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
Section 70 exclusions
Section 70 Number of Requests
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0

3.4 Format of information released

Format Number of Requests
Paper 0
Electronic

E-record

59,807

Data set

0

Video

0

Audio

0
Other 0

3.5 Complexity

3.5.1 Relevant pages processed and disclosed for paper, e-record, and dataset formats
Number of pages processed 1,466,740
Number of pages disclosed 1,253,301
Number of requests 66,787
3.5.2 Relevant pages processed per request disposition for paper and e-record formats by size of requests
Disposition of Requests Pages Processed
Less than 100 101 to 500 501 to 1,000 1,001 to 5,000 More than 5,000
No. of requests Pages processed No. of requests Pages processed No. of requests Pages processed No. of requests Pages processed No. of requests Pages processed
All disclosed 22,549 301,582 110 18,382 1 720 2 5,727 0 0
Disclosed in part 35,599 773,448 1,438 248,726 74 51,233 34 55,117 0 0
All exempted 3 17 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 4,111 9,085 7 1,012 0 0 1 1,691 0 0
Neither confirmed nor denied 2,858 0 0 0 0 0 0 0 0 0
Total 65,120 1,084,132 1,555 268,120 75 51,953 37 62,535 0 0
3.5.3 Relevant minutes processed and disclosed for audio formats
Number of minutes processed 0
Number of minutes disclosed 0
Number of requests 0
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Disposition Minutes Processed
Less than 60 60 to 120 More than 120
Number of Requests Minutes Processed Number of Requests Minutes Processed Number of Requests Minutes Processed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Total 0 0 0 0 0 0
3.5.5 Relevant minutes processed and disclosed for video formats
Number of minutes processed 0
Number of minutes disclosed 0
Number of requests 0
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Disposition Minutes Processed
Less than 60 60 to 120 More than 120
Number of Requests Minutes Processed Number of Requests Minutes Processed Number of Requests Minutes Processed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Total 0 0 0 0 0 0
3.5.7 Other complexities
Disposition of Requests Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 5 0 0 0 5
Disclosed in part 17 0 25,117 0 25,134
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 9 0 0 0 9
Neither confirmed nor denied 0 0 0 0 0
Total 31 0 25,117 0 25,148

3.6 Closed requests

3.6.1 Requests closed within legislated timelines
Number of Requests Percentage of Requests
Closed within legislated timelines 55,157 82.118

3.7 Deemed refusals

3.7.1 Reasons for not meeting legislated timelines
Number of Requests
Requests closed past the legislated timelines 12,011
Principal reason

Interference with operations/workload

12,011

External consultation

0

Internal consultation

0

Other

0
3.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Total
No Extension Taken Extension Taken
1 to 15 3,976 51 4,027
16 to 30 460 8 468
31 to 60 588 10 598
61 to 120 909 20 929
121 to 180 891 18 909
181 to 365 2,452 21 2,473
More than 365 2,360 247 2,607
Total 11,636 375 12,011

3.8 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 4: Disclosures under Subsections 8(2) and 8(5)

Number
Paragraph 8(2)(e) 2018
Paragraph 8(2)(m) 36
Subsection 8(5) 36
Total 2,090

Section 5: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 6: Extensions

6.1 Reasons for extensions

Number
Number of Extensions Taken 3,607
15(a)(i) Interference with operations

Further review required to determine exemptions

0

Large volume of pages

0

Large volume of requests

194

Documents are difficult to obtain

0
15(a)(ii) Consultation

Cabinet Confidence Section (Section 70)

122

External

3

Internal

3,288
15(b) Translation purposes or conversion 0

6.2 Length of extensions

Length of Extensions (days) Pages Disclosed 15(b) Translation Purposes or Conversion
15(a)(i) Interference with Operations 15(a)(ii) Consultation
Further Review Required to Determine Exemptions Large Number of Pages Large Volume of Requests Documents are Difficult to Obtain Cabinet Confidence s.70 External Internal
1 to 15 0 0 0 0 0 0 0 0
16 to 30 0 0 194 0 122 3 3,288 0
31 or greater N/A N/A N/A N/A N/A N/A N/A 0
Total 0 0 194 0 122 3 3,288 0

Section 7: Consultations Received from Other Institutions and Organizations

7.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 51 1,310 0 0
Outstanding from the previous reporting period 2 56 0 0
Total 53 1,366 0 0
Closed during the reporting period 53 1,366 0 0
Carried over within negotiated timelines 0 0 0 0
Carried over beyond negotiated timelines 0 0 0 0

7.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendations Completion Time (Days) Total
1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365
Disclosed entirely 4 5 3 0 0 0 0 12
Disclosed in part 26 10 4 1 0 0 0 41
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 30 15 7 1 0 0 0 53

7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada

Recommendations Completion Time (Days) Total
1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365
Disclosed entirely 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 8: Completion Time of Consultations on Cabinet Confidences

8.1 Requests with Legal Services

Number of Days Pages Processed
Less than 100 100 to 500 501 to 1,000 1,001 to 5,000 More than 5,000
No. of Requests Pages Disclosed No. of Requests Pages Disclosed No. of Requests Pages Disclosed No. of Requests Pages Disclosed No. of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

8.2 Requests with Privy Council Office

Number of Days Pages Processed
Less than 100 100 to 500 501 to 1,000 1,001 to 5,000 More than 5,000
No. of Requests Pages Disclosed No. of Requests Pages Disclosed No. of Requests Pages Disclosed No. of Requests Pages Disclosed No. of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 9: Complaints and Investigations Notices Received

Number
Section 31 90
Section 33 11
Section 35 5
Court Action 0
Total 106

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)

10.1 Privacy Impact Assessments

Number of PIAs Completed Number of PIAs Modified
Privacy Impact Assessments 5 1

10.2 Institution-specific and Central Personal Information Banks

Personal Information Banks Active Created Terminated Modified
Institution-specific 18 0 0 5
Central 0 0 0 0
Total 18 0 0 5

Section 11: Privacy Breaches

11.1 Material privacy breaches

Number of Breaches
Material privacy breaches reported to TBS 7
Material privacy breaches reported to OPC 7

11.2 Non-material privacy breaches

Number of Breaches
Non-Material Privacy Breaches 6,536

Section 12: Resources Related to the Privacy Act

12.1 Allocated costs

Expenditures Amount
Salaries $2,114,612
Overtime $45,993
Goods and Services $43,041

Professional services contracts

$1,150 N/A

Other

$41,891 N/A
Total $2,203,646

12.2 Human resources

Resources Person Years Dedicated to Privacy Activities
Full-time employees 16.933
Part-time and casual employees 6.321
Regional staff 0.000
Consultants and agency personnel 0.000
Students 0.000
Total 23.840

Annex D: Supplemental Statistical Report on the Access to Information Act and the Privacy Act

Supplemental Statistical Report on the Access to Information Act and the Privacy Act

Name of institute: Immigration, Refugees and Citizenship Canada
Reporting period: 2023-04-01 to 2024-03-31

Section 1: Open Requests and Complaints under the Access to Information Act

1.1 Number of open requests that are outstanding from previous reporting periods

Fiscal Year Received Within Legislated Timelines as of March 31, 2024 Beyond Legislated Timelines as of March 31, 2024 Total
2023-2024 42 9,506 9,548
2022-2023 0 19,146 19,146
2021-2022 0 802 802
2020-2021 0 5 5
2019-2020 0 0 0
2018-2019 0 0 0
2017-2018 0 0 0
2016-2017 0 0 0
2015-2016 0 0 0
2014-2015 or earlier 0 0 0
Total 42 29,459 29,501

1.2 Number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods

Fiscal Year Open Complaints Were Received by Institution Number of Open Complaints
2023-2024 146
2022-2023 21
2021-2022 7
2020-2021 3
2019-2020 0
2018-2019 2
2017-2018 1
2016-2017 0
2015-2016 0
2014-2015 or earlier 0
Total 180

Section 2: Open Requests and Complaints under the Privacy Act

2.1 Number of open requests that are outstanding from previous reporting periods

Fiscal Year Received Within Legislated Timelines as of March 31, 2024 Beyond Legislated Timelines as of March 31, 2024 Total
2023-2024 8,029 3,201 11,230
2022-2023 0 5,193 5,193
2021-2022 0 96 96
2020-2021 0 1 1
2019-2020 0 0 0
2018-2019 0 0 0
2017-2018 0 0 0
2016-2017 0 0 0
2015-2016 0 0 0
2014-2015 or earlier 0 0 0
Total 8,029 8,491 16,520

2.2 Number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods

Fiscal Year Open Complaints Were Received by Institution Number of Open Complaints
2023-2024 22
2022-2023 24
2021-2022 1
2020-2021 0
2019-2020 0
2018-2019 0
2017-2018 0
2016-2017 0
2015-2016 0
2014-2015 or earlier 0
Total 47

Section 3: Social Insurance Number

Has your institution begun a new collection or a new consistent use of the Social Insurance Number in 2023-2024?

No

Section 4: Universal Access under the Privacy Act

How many requests were received from foreign nationalsFootnote * outside of Canada in 2023-2024?

41,565

Page details

Date modified: