2024-2025 Annual Report on the Privacy Act
On this page
- 1. Introduction
- 2. Organizational Structure
- 3. Delegation Order
- 4. Performance 2024-2025
- 5. Training and Awareness
- 6. Policies, Guidelines and Procedures
- 7. Initiatives and Projects to Improve Privacy
- 8. Summary of Key Issues and Actions Taken on Complaints
- 9. Material Privacy Breaches
- 10. Privacy Impact Assessments
- 11. Public Interest Disclosures
- 12. Monitoring Compliance
1. Introduction
The Privacy Act (PA) gives Canadians the right to access personal information held by the government and protection of that information against unauthorized use and disclosure. Ministers and heads of agencies are responsible for ensuring that their organizations comply with privacy legislation. This report is prepared and tabled in Parliament in accordance with section 72 of the PA. It presents an overview of the PA activities carried out within the Committee during the reporting period of April 1, 2024, to March 31, 2025.
The Committee is an independent administrative tribunal reporting to Parliament through the Minister of National Defence. The Committee reviews military grievances referred to it pursuant to section 29 of the National Defence Act and provides findings and recommendations to the Chief of the Defence Staff and the Canadian Armed Forces member who submitted the grievance.
The Committee did not have any non-operational (paper) subsidiaries during this reporting period.
2. Organizational Structure
The Access to Information and Privacy (ATIP) Office is part of the Strategic Planning and Communications Services division. The division is made up of four employees, two of which dedicate an average 5% of their time to fulfill the Committee’s obligations under both the Access to Information Act (ATIA) and the PA.
The Committee does not have any consultants supporting its ATIP work. The Committee was not party to any service agreements under section 73.1 of the PA during the reporting period.
The ATIP Coordinator; the Director General of Corporate Services and Chief Financial Officer; and the Director General of Operations and General Counsel have delegated authority to oversee the administration of the ATIA and the PA within the Committee and to ensure compliance with the legislation.
The Committee uses the ATIP Online Request Service, designed and maintained by the Treasury Board of Canada, to process formal Personal Information requests.
3. Delegation Order
PRIVACY ACT
The Chairperson and Chief Executive Officer of the Military Grievances External Review Committee, pursuant to subsection 73(1) of the Privacy Act, delegates the persons holding the positions set out in the attached schedule, including persons designated to act in their absence, to exercise the powers, duties and functions of the Chairperson as the head of the Military Grievances External Review Committee, under the provisions of the Act and related Regulations set out in the attached schedule opposite each position.
This delegation replaces all previous designations.
Original signed by
Kelly Walsh
Chairperson and Chief Executive Officer
Ottawa, Canada
June 6, 2024
| Section | Description | Director General, Corporate Services | Director General, Operations and General Counsel | ATIP Coordinator |
|---|---|---|---|---|
| 8(2) | Generally disclose personal information on the basis of the requirements in subsection 8(2) | X | X | |
| 8(2)(e) | Disclose personal information on the written request of an investigative body | X | X | |
| 8(2)(j) | Disclose personal information for research or statistical purposes | X | X | |
| 8(2)(m) | Disclose personal information in the public interest or in the interest of the individual | X | X | |
| 8(4) | Retain copy of 8(2)(e) requests and disclosed records | X | ||
| 8(5) | Notify Privacy Commissioner in writing of disclosures under paragraph 8(2)(m) | X | X | |
| 9(1) | Retain record of use | X | ||
| 9(4) | Notify the Privacy Commissioner of consistent use of personal information and update index accordingly | X | X | X |
| 10 | Include personal information in personal information banks | X | X | X |
| 14 | Respond to request for access within 30 days; give access or give notice | X | X | |
| 15 | Extend time limit for responding to request for access | X | X | |
| 16 | Issue notice where access is refused | X | X | X |
| 17(2)(b) | Decide whether to translate requested information | X | X | |
| 17(3)(b) | Decide whether to give access in an alternative format | X | X | |
| 18(2) | May refuse to disclose information contained in exempt bank | X | X | |
| 19(1) | Shall refuse to disclose information obtained in confidence of another government | X | X | |
| 19(2) | May disclose any information referred to in 19(1) if the other government consents to the disclosure or makes the information public | X | X | |
| 20 | May refuse to disclose information if injurious to the conduct of Federal-Provincial affairs | X | X | |
| 21 | May refuse to disclose if injurious to international affairs and defence or preventing or suppressing subversive or hostile activities | X | X | |
| 22 | May refuse to disclose information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions | X | X | |
| 23 | May refuse to disclose information prepared by an investigative body for security clearances | X | X | |
| 24 | May refuse to disclose information collected by the Canadian Penitentiary Service, the National Parole Service, or the National Parole Board while individual was under sentence if conditions in section are met | X | X | |
| 25 | May refuse to disclose information which could reasonably threaten the safety of individuals | X | X | |
| 26 | May refuse to disclose information about another individual, and shall refuse to disclose such information where disclosure is prohibited under section 8 | X | X | |
| 27 | May refuse to disclose information subject to solicitor-client privilege | X | X | X |
| 28 | May refuse to disclose information relating to the individual's physical or mental health where disclosure contrary to the best interest of the individual | X | X | |
| 31 | Receive notice of investigation by the Privacy Commissioner | X | X | |
| 33(2) | Right to make representations to Privacy Commissioner in the course of investigation | X | X | |
| 35(1) | Receive Privacy Commissioner's report of findings and recommendations and give notice of action taken | X | X | |
| 35(4) | Give complainant access to information after 35(1)(b) | X | X | |
| 36(3) | Receive Privacy Commissioner's report on findings and recommendations concerning the review of exempt information banks and, if appropriate, give notice to the Commissioner | X | X | |
| 37(3) | Receive report of Privacy Commissioner's findings after compliance investigation | X | X | |
| 51(2)(b) | Request that Section 51 hearing be held in the National Capital Region | X | X | |
| 51(3) | Request and be given right to make representations ex parte in Section 51 hearings | X | X | |
| 69 | Deny information that is excluded in the Act | X | X | X |
| 72(1) | Prepare Annual Report to Parliament | X | ||
| 73(1) | The head of a government institution may, by order, delegate any of their powers, duties or functions under this Act to one or more officers or employees of that institution. | X | X | |
| 73.2 | The personal information that the head of a government institution provides to the head of another government institution for the purpose of the other institution providing the services referred to in subsection 73.1(1) is not under the control of that other institution. | X | X | |
| 77 | Responsibilities conferred on the head of the institution by the Regulations made under section 77 which are not included in the above | X | X | X |
4. Performance 2024-2025
During the reporting period of April 1, 2024, to March 31, 2025, the Committee completed two out of three (or 66.67%) of requests within the legislated timelines. Of the three privacy requests, two were completed within 1-30 days, and one was completed within 31 to 60 days. The number of requests received under the PA from this period is lower than the two previous reporting period (eight requests in 2023-2024). No requests were carried forward from 2023-2024 and there were no active requests as of the last day of the reporting period for 2024-2025. Of the three privacy requests received, one resulted in “Disclosed in part” and two resulted in “No records found”. The single privacy request that required an extension was due to the high volume of documents requiring review and redactions (719 pages).
During 2024-2025, the Committee did not receive any consultation requests pertaining to PA requests.
5. Training and Awareness
The two ATIP Office employees continued to attend Treasury Board Secretariat info-blitz sessions during the reporting period. One-on-one training and guidance were provided to employees to assist as needed to help them determine what information required severing and for what reason. Additionally, four Committee employees took ATIP related courses offered by the Canada School of Public Service. However, no awareness activities were provided within the organization during the reporting period.
6. Policies, Guidelines and Procedures
During the reporting period, the Committee made improvements to its new manual tracking system for annual reporting purposes and updated its internal ATIP process manual. It did not implement any new institution-specific policies, guidelines, procedures, or initiatives related to privacy.
7. Initiatives and Projects to Improve Privacy
During fiscal 2024-2025, the Committee received the results and recommendations of a Privacy Impact Assessment (PIA) conducted in 2024-25. The Committee will be reviewing the recommendations and implementing any necessary changes in 2025-26.
When the institution reviews frequently requested types of information, it does assess the feasibility of making that information available by other means, such as our website. In this case, the Director General of Corporate Services and Chief Financial Officer will consult the Deputy Head, as needed, to get their input and approval for making that information available.
8. Summary of Key Issues and Actions Taken on Complaints
No complaints were received or conducted during the reporting period.
9. Material Privacy Breaches
During this reporting period, the Committee did not incur any material privacy breaches. Therefore, no material privacy breaches were reported to the Office of the Privacy Commissioner and Treasury Board Secretariat, as required.
10. Privacy Impact Assessments
During the previous reporting period, the Committee engaged a consultant to conduct a PIA across the entire organization. While the assessment was conducted and the results and recommendations were delivered in 2024-25, the report is still being reviewed internally, therefore finalization of the report and actions to improve privacy will take place in fiscal year 2025-26. The new PIA is not yet posted to the Committee’s website, however, our Info Source webpage can be found here: Info Source – Sources of Federal Government and Employee Information - Canada.ca.
11. Public Interest Disclosures
Paragraph 8(2)(m) of the PA allows the disclosure of personal information when the public interest clearly outweighs any invasion of privacy that could result from the disclosure or when the disclosure would benefit the individual to whom the information relates. There were no disclosures pursuant to paragraph 8(2)(m) for the 2024-2025 period.
12. Monitoring Compliance
Monitoring the time required to process requests under both Acts (ATIA and PA) is done with the help of an internal excel spreadsheet that keeps track of all requests and deadlines. The ATIP Office reports delays on its activities to the Director General of Corporate Services and Chief Financial Officer. The Committee does limit inter-institutional consultation to only when required for the proper exercise of discretion, which is decided by the ATIP Coordinator. Lastly, the Committee ensures appropriate privacy protections are included in contracts, agreements and arrangements by ensuring these documents are reviewed by the Director of Finance, Procurement and Administration and Deputy Chief Financial Officer, and as needed, the Director General of Corporate Services and Chief Financial Officer.