Annual Report to Parliament on the Administration of the Privacy Act – 2024-25
Table of contents
Permission to Reproduce
Except as otherwise specifically noted, the information in this publication may be reproduced, in part or in whole and by any means, without charge or further permission from Shared Services Canada, provided that due diligence is exercised to ensure the accuracy of the information reproduced is maintained; that the complete title of the publication is produced; that Shared Services Canada is identified as the source institution; and that the reproduction is not represented as an official version of the information reproduced, nor as having been made in affiliation with, or with the endorsement of the Government of Canada.
Commercial reproduction and distribution are prohibited except with written permission from Shared Services Canada. For more information, please contact Shared Services Canada at publication-publication@ssc-spc.gc.ca.
© His Majesty the King in Right of Canada, as represented by the Minister responsible for Shared Services Canada, 2025.
Annual Report to Parliament on the Administration of the Privacy Act – 2024-25 (Shared Services Canada)
Publié aussi en français sous le titre :
Rapport annuel au Parlement sur l’application de la Loi sur la protection des renseignements personnels – 2024-2025 (Services partagés Canada)
Introduction
The Privacy Act (PA) protects the privacy of individuals with respect to their personal information held by government institutions. It establishes the rules for the collection, use, disclosure, retention and disposal of such information. It also provides individuals with a right to be given access to and request a correction of their personal information.
Shared Services Canada (SSC) is pleased to submit to Parliament its 2024-2025 Annual Report on the Administration of the Privacy Act. This report is prepared and tabled in Parliament in accordance with section 72 of the PA. It covers the period from April 1, 2024, to March 31, 2025.
SSC does not have any non-operational ("paper") subsidiaries during this reporting period.
Institutional Mandate
SSC was created in 2011 as the common digital service provider for the Government of Canada (GC). Its mandate is to consolidate, modernize and secure the information technology (IT) infrastructure that supports departments and agencies – enabling service delivery to Canadians, and implementing GC priorities at home and abroad. Moving from an outdated and decentralized approach to GC IT to an SSC enterprise approach has created value through economies of scale and resulted in secure, reliable and cost-effective service delivery for Canadians.
SSC provides essential IT services to departments and agencies, including email, networks, data centres, and end-user support (like hardware and software digital services).
SSC is wherever the GC is, spanning nearly 4,000 locations across Canada and around the world. SSC has dedicated teams who work around the clock – 24 hours a day, 7 days a week, 365 days a year. While SSC does support traditional office work, it also enables partner departments in frontline service delivery, national security, and defence operations. SSC services support GC call centre agents, scientists, park rangers, food inspectors, lighthouse keepers, border guards, and Canadians in uniform. SSC proudly supports over 200,000 federal employees and over 145 federal organizations.
Delegated Authority
During 2024-2025, responsibility for the Access to Information Act (ATIA) and the PA was initially held by the Minister of Public Services and Procurement. This responsibility transitioned to the President of SSC on December 6, 2024.
This shift follows legal recommendations and stems from a government-wide review led by the Centre for Information and Privacy Law (CIPL). The updated Delegation Order reflects the President’s formal role as the institutional head under both Acts.
Organizational Structure
The ATIP Division is part of the Corporate Secretariat, which is overseen by the Director General, Corporate Secretariat and Chief Privacy Officer, situated within the Strategy and Engagement Branch.
SSC was not a party to any service agreements under section 73.1 of the PA during this reporting period.
The Division oversees the administration of the ATIA and the PA, led by a Director serving as the department’s ATIP coordinator. The Division’s work is performed through three units, each headed by Deputy Directors: the Operations Unit, the Special Projects Unit, and the Policy and Governance Unit. An average of 7.3 person years was dedicated to the PA program with 4.3 person years in the National Capital Region, and 3 person years located in the regions. These person years include full-time equivalents, casual employees and students.
The Operations Unit is responsible for processing requests under both acts. Its duties include, but are not limited to, the following tasks:
- Performing line-by-line reviews of records requested and conducting external consultations as required to balance the public’s right of access and the government’s need to safeguard certain information in limited and specific cases
- Liaising with requesters, subject-matter experts within SSC, and other parties
- Making recommendations on records that are disclosed proactively by the Department
- Providing briefings to senior management as required on matters relating to requests and institutional performance
- Acting as the main point of contact with the Office of the Information Commissioner (OIC) and the Office of the Privacy Commissioner (OPC) with respect to the resolution of complaints related to requests under both acts
- Building and maintaining effective working relationships with requesters, the department, the ATIP community, and the OIC and OPC
The Special Projects Unit oversees the creation and implementation of advanced technological solutions aimed at improving the ATIP process. Its responsibilities include, but are not limited to, the following:
- Engaging in strategic planning and execution of projects
- Exploring and harnessing new technologies and methodologies to create efficiencies in the ATIP process through better information management and automation
- Briefing senior management on the deployment, progress and impact of new technologies within the ATIP Division to ensure informed decision-making
- Supporting, monitoring performance, and maintaining a comprehensive knowledge base for all technologies used in the ATIP Division
- Sharing the innovations introduced at SSC that have streamlined ATIP processes with other departments and agencies
- Participating in interdepartmental working groups, including co-chairing the ATIPXpress Community of Practice
The Policy and Governance Unit role is to provide strategic counsel and guidance on access to information and the protection of personal information to senior management. The scope of their responsibilities includes, but is not limited to, the following areas:
- Providing privacy direction on day-to-day program activities
- Supporting program officials with privacy evaluations, which includes Privacy Checklists, Privacy Impact Assessments, Privacy Protocol and assessments of privacy implications in technology solutions
- Participating in the procurement process by ensuring privacy is reflected in contract instruments, involving the collection or use of personal information
- Acting as the main point of contact with the OIC and OPC with respect to various audits, reviews, systemic investigations and privacy breaches
- Managing different levels of privacy breaches by conducting regular privacy training sessions, and promptly addressing any breaches to ensure the protection of sensitive information
- Supporting client departments through enterprise privacy activities including advice, assessment and contracting. All enterprise privacy-related activities within SSC are carefully reviewed and approved by the ATIP Division prior to implementation, ensuring compliance with relevant laws and regulations
- Developing ATIP policy instruments, templates and tools
- Drafting personal information-sharing arrangements
- Publishing an updated version of SSC’s Info Source chapter
- Writing SSC’s annual reports on the administration of the ATIA and the PA
- Preparing and delivering training and awareness sessions throughout the Department
The Division's execution of the acts benefits from the collaboration with subject matter experts across the Department, as employees are vital in quickly gathering records that need to be reviewed.
Performance 2024-2025
The Statistical Report (Annex B) on the administration of the PA provides a summary of the personal information requests and consultations processed during 2024-2025.
Requests Received
In 2024-2025, SSC received 52 requests under the PA, which represents a 51.5% decrease from the previous year, and carried over 2 requests from 2023-2024. SSC successfully closed a total of 45 requests and carried over 9 requests to the 2025-2026 period. These figures highlight SSC’s efficiency in processing and addressing these requests within the given period.
In the previous reporting period, the ATIP Division implemented more rigorous tracking of misdirected correspondence and investigated the underlying cause of this issue. The ATIP Division reached out to requesters who mistakenly sent their requests to SSC to identify where they were obtaining their information and took steps to correct the information at the source. This approach reduced misdirected requests from 62 to 25 this fiscal year.
In 2024-2025, the ATIP Division processed a total of 9,773 pages, representing a 72.5% decrease from the previous year. SSC achieved a 98% compliance rate, which exceeds the community average. Notably, one file was late due to a technical error in the newly implemented ATIPXpress case management system that prevented the exportation of the documents.
The ATIP Division continues to monitor its turnaround times in processing requests on a regular basis, and tracks the timeliness of their completion.
Privacy requests received and processed
Privacy requests - Text version
| Fiscal Year | Received | Processed |
|---|---|---|
| 2024-2025 | 52 | 45 |
| 2023-2024 | 101 | 103 |
| 2022-2023 | 65 | 72 |
| 2021-2022 | 56 | 47 |
Internal Consultations
In addition to processing formal requests under the ATIA from the public, branches within SSC forward documents to the ATIP Division for review in accordance with the principles of the ATIA and the PA. SSC completed 76 internal consultations and reviewed a total of 51,397 pages. This represents an increase of 95% for completed requests and a substantial increase of 860% in pages reviewed. Furthermore, handling a request for documentation from the OPC accounted for 70% of the page volume.
Completion Time
Section 15 of the PA allows the statutory time limits to be extended under certain circumstances, such as when consultations are required, if translation is needed or if the request is for a large volume of records and processing it within the original time limit would unreasonably interfere with the operations of the Department. In 2024-2025, SSC used a total of 7 extensions. These extensions were invoked to provide sufficient processing time due to a high volume of records.
Of the 45 privacy requests completed, SSC released records in full in 2 cases (4%). The Division noticed requests of increased complexity, such as grievance and labour relations cases that required detailed analysis. Furthermore, in the increasingly digital environment, a request can generate thousands of pages of records due to the large numbers of emails and other electronic documents. For example, 10% of requests with records involved a large volume of pages and one request required the processing of 397 minutes of audio. The Department invoked exemptions in 14 requests (31%). Of the remaining 6 requests (13%), either no records existed, or the request was abandoned.
SSC responded to:
- 38 requests (84%) within 30 days
- 5 requests (11%) within 31 to 60 days
- 2 requestsFootnote 1 (5%) within 61 to 120 days
Completion time
Completion time - Text version
| Completion time | Within 30 days | 31 to 60 days | 61 to 120 days |
|---|---|---|---|
| Percentage of requests completed | 84% | 11% | 5% |
Exemptions
The PA defines situations in which personal information is not subject to disclosure, and instances where its release is expressly forbidden. For instance, exemptions may apply to law enforcement investigations, information concerning individuals other than the requester, or information subject to solicitor-client privilege.
The majority of exemptions invoked by SSC related to:
- Section 26, safeguarding personal information: applied in 12 instances
- Paragraph 22(1)(b), refers to law enforcement and criminal investigations: applied in 1 instance
- Section 27, covering information under to solicitor-client privilege or professional secrecy: applied in 1 instance
Exclusions
The PA does not apply to information that is already publicly available, such as government publications and material in libraries and museums. It also excludes material such as Cabinet Confidences. The Division did not apply any exclusions during the reporting period.
Consultations
In 2024-2025, a total of two consultation requests under the PA were received from other departments. One request was completed within 15 days, while the other request was completed within 32 days.
Challenges
The Division was able to effectively provide services to Canadians despite facing numerous challenges. Listed below are some of the obstacles faced by the Division, and how they were overcome:
- The Division has encountered challenges with the rollout and use of the new ATIP processing software, ATIPXpress, marketed as an advanced software designed to enhance the ATIP process using artificial intelligence technologies. It has presented significant challenges due to gaps in key functions that increase processing times and require substantial resources for troubleshooting, ultimately affecting other projects. The Division is working with the vendor to address these issues
- Due to new technologies with far-reaching privacy implications, increasingly complex privacy evaluations required the reassignment of resources to assess the privacy implications of these emerging technologies and initiatives
- The update of the directive on privacy practices did not encompass the necessity to evaluate the privacy risks associated with technology procured and used by the GC. As a result, the Enterprise and ATIP team undertook the initiative to develop a tool designed to address this gap in privacy assessments
Complaints
SSC did not receive any notices of investigation from the OPC pursuant to section 31 of the PA, nor did SSC receive any reports from the OPC under section 35 of the PA during the reporting period.
Monitoring Compliance
The Division implemented various internal procedures to ensure that privacy requests are processed in a timely and efficient manner. The team monitors workloads and progress on privacy requests.
In 2024-2025, SSC did not receive any requests to correct personal information under the PA.
Public Interest Disclosure
Paragraph 8(2)(m) of the PA allows the head of the institution to disclose personal information without the consent of the affected individual in cases where, in the opinion of the head of the institution, the public interest outweighs any invasion of privacy that could result from the disclosure or when it is clearly in the best interest of the individual to disclose. In 2024-2025, SSC made no disclosure of personal information under this specific paragraph.
Training and Awareness
The Division is dedicated to fostering a culture of ATIP excellence across SSC. The Division develops and delivers training and awareness activities aimed at increasing openness and transparency throughout the Department. Furthermore, ATIP employees participate in many training sessions and conferences to broaden the knowledge of the entire Division. SSC is also registered with the Access to Information and Privacy Communities Development Office (APCDO), which offers ATIP-related training activities, and employees are regularly encouraged to attend their sessions.
Mandatory Training
In order to ensure that all SSC employees, regardless of their position or level, are made aware of their responsibilities related to ATIP and that they gain an in-depth understanding of the related best practices and principles, in 2016 SSC launched the online Access to Information and Privacy Fundamentals course (COR502) in collaboration with the Canada School of Public Service. While this course is optional for all federal public service employees through the Canada School of Public Service website, its completion is mandatory for all SSC employees.
ATIP Internal Training
During the reporting period, the Division delivered 2 ATIP 101 training sessions with a total of 56 participants, 1 tasking request training session with 40 participants, and 1 privacy breach training session with 21 participants.
The ATIP 101 training saw a decrease in participation, which could potentially be tied to some branches' reliance on pre-recorded sessions to onboard new employees. The Division promotes training in several ways internally and delivers it when participants sign up for specific sessions. The Division endeavours to find ways to increase participation as training is an important contributor to the continued success of ATIP management at SSC.
Mentoring
The Division fosters an environment of continuous learning and development. Experienced employees gain mentoring and leadership skills by guiding and supporting their colleagues new to the ATIP field. New employees benefit from the knowledge, experiencing a smoother transition into their roles and improving the office’s overall teamwork. As a result, SSC contributes to employees career growth, improves retention, and develops expertise that benefits the greater ATIP community.
Right to Know Week
Right to Know Week took place from September 23 to September 27, 2024, and has been celebrated for the past 20 years around the world. It is intended to raise awareness of an individual’s right to access government information, to promote freedom of information as an essential feature of democracy and good governance. The Division has engaged internal and external stakeholders by publishing articles in SSC's internal newsletter, promoting ATIP training through internal communication channels, and sharing corporate messages on SSC's social media accounts.
Data Privacy Day
On January 28, 2025, SSC celebrated Data Privacy Day to raise awareness and demonstrate the importance of privacy and the protection of personal information in day-to-day activities. The Division published content on SSC social media accounts and promoted privacy training through SSC’s internal communication network.
Policies, Guidelines and Procedures
To enhance policy alignment with the Treasury Board Secretariat (TBS) and eliminate duplication of information and ensure accuracy, the ATIP Division implemented several measures to update its policy suite. This included rescinding, amending and consolidating the information, ultimately merging 15 instruments into 3. With the approval of the updated policy suite through SSC governance, employees can now access the new policies through MySSC+, the departmental intranet site.
Initiatives and Projects to Improve Privacy
Next Generation ATIP Software
On April 1, 2024, the Division opened the new fiscal year in ATIPXpress, which is one of the two software options available via the Next Gen ATIP Software government-wide contract vehicle. The Division has now completed a full year in ATIPXpress; however, there are ongoing challenges with the software transition.
At implementation, the system presented gaps in key functions, such as inaccurate pagination, inability to process complaints, lack of French compatibility, and the inability to export and track consultations. While some issues have been resolved over the course of the year, there remain many outstanding concerns. Notably, there is a significant reduction in speed of reviews linked to the rigidity of the document management component and a lack of coherent consultation management. Furthermore, it was impossible to generate an accurate and complete statistical report using the system, requiring SSC to calculate the statistics manually, and, ultimately, SSC was unable to complete the complexity section of the report due to lack of reliable data.
The Division is one of the chairs of the Community of Practise for ATIPXpress and continues to invest significant time and resources to working with the ATIP Community and the vendor to better align the software to SSC and GC requirements.
The Division also tested the other Next Gen ATIP Software (“AMANDA”) as part of a combined project with SSC’s GC Application Platform as a Service (GCaPaaS). GCaPaaS is a modern platform for hosting common GC business applications delivered in the cloud using utility-based ordering and cloud service provider commodity IT Services. This service enables operations, security, and risk management to be delivered in a centralized and enterprise approach through the standardization and consolidation of infrastructure and associated operational processes.
Other Technologies
The Division tests different technologies towards reducing the administrative effort involved in running the ATIP Program. SSC is pleased to report that it is leveraging SSC’s CANChat to reduce both the cost and effort of publishing the completed ATI Summaries. CANChat is a generative AI tool created by SSC's AI Program (AIP) to enhance employee productivity by using large language models (LLMs) for unclassified work. Through the use of a specific prompt, an employee can summarize and translate the completed requests in moments. Previously, this task required analysts to spend time summarizing the request text and costs were incurred for translation.
The Division is working to automate tasking processes and response sheets. The process automation will provide better visibility by documenting the path and status of the record retrieval, ensure required information is provided at the outset to reduce delays, and secure the correct approval. This new process will improve the retrieval experience for both the Division and subject matter experts.
The Division explored a Generative AI proof of concept for detecting information commonly redacted under section 20 of the ATIA and highlighting it. This was developed as an assistive tool for analysis and early results were promising but it has not progressed beyond the proof of concept due to a lack of available resources.
Lastly, the Division is a SharePoint early adopter and is transitioning off GCdocs. Notably, the Policy and Governance team has offboarded from ATIPXpress and will be working in a purpose-built Case Management solution based in SharePoint. The new system will facilitate easier workload visibility and statistical tracking as well as providing a “one place” solution for better information management.
Client Focused
In January 2025, the Division performed a client survey of requesters with ATI requests that had been closed in the 2024 calendar year. The survey targeted two main avenues of inquiry: client service and future proactive publication opportunities. The feedback received will inform projects in the upcoming year. A survey will be performed annually going forward.
Overall, requesters are happy with the Division’s service and successfully obtain the information sought, however, they critique timeliness of responses and the user-friendliness of the ATIP Online Portal. Requesters confirmed that they appreciate receiving acknowledgement letters and reacted positively to the creation of a request submission support service. The Division will be piloting a request submission support service for SSC requesters. The service intends to provide individuals with direct access to experienced analysts to help craft their requests prior to submission.
Regarding proactive disclosure, requesters would appreciate SSC making its organizational structure, responsibilities, and major project descriptions publicly available. The main types of documents of interest were briefing notes and contracts.
Notably, the Division has been working with the procurement team on identifying additional contracting material for proactive disclosure.
Summary of Key Issues and Actions Taken on Complaints
The Division continues to work diligently to resolve complaints. As soon as a request is received, the Division works with requesters to fully understand the request to reduce the processing time and ensure the relevancy of the records provided. In addition, the Department has taken diverse actions to limit the number of complaints. For example, the Division regularly reviews its procedures to improve performance and reduce the response time to improve services to Canadians.
ATIP analysts receive ongoing training on the complaints process and the handling of complaints received from the OPC. The Division has established a streamlined process for handling complaints where the Deputy Director, Operations Unit, is responsible for providing representations to the OPC. The Director and Deputy Director, Operations Unit, continue to work closely with the OPC in resolving complaints.
Privacy Advice
The Division responded to 83 requests for privacy advice. These files consist of privacy advice that was provided to program areas, employees, management, and other departments on a range of initiatives, such as surveys, privacy questions, hybrid work, disclosures and procedural matters. The advent of new technologies has led to a heightened demand for the Privacy Unit’s expertise, resulting in a 17% rise in solicitations compared to last year.
Material Privacy Breaches
A privacy breach refers to the improper or unauthorized access, collection, use, disclosure, retention or disposal of personal information. A material breach involves sensitive personal information that could reasonably be expected to cause serious injury or harm to the individual. In 2024-2025, 2 material breaches were reported to the OPC and TBS.
The Division monitors and documents all privacy breaches reported by promptly intervening to mitigate their effects and ensure adequate containment. The early intervention helps to minimize the impact of the privacy breaches. The Division also reviews how and where in the Department they occurred to provide tailored privacy breach training to specific groups to promote awareness and increase prevention.
Privacy Impact Assessments
Three Privacy Impact Assessments (PIA) were completed or modified during this fiscal year.
SSC completed a PIA for the enterprise Workplace Communication Service (WCS) which is designed to replace legacy telephone services by providing Internet Protocol telephony (IPT) services. The end state for WCS is a secure, fully managed enterprise-level solution that delivers IPT and desktop communication services through bandwidth engineered for sharing, “no-fail” data centres, and standardized service management processes and procedures.
SSC completed a PIA for the enterprise service offering for GC Contact Centres. Enterprise Contact Centre Service – Rogers (ECCS-R) provides SSC customer departments with technology to allow clients and stakeholders to access GC information and services. ECCS-R is a vendor supported solution, requiring Rogers to collect and store personal information on behalf of the GC. While administrative decisions specific to the technology are limited, personal information captured in call detail records (such as telephone numbers) may be used to reconcile billing and invoicing. The completion of an enterprise PIA ensured that privacy obligations for the solution were considered at the design phase.
The Enterprise Mobile Device Management Evolution (EMDM) solution is a mobile device management system for mobile computing devices for SSC and GC partners. This is a Software as a Service (SaaS) application that sits between an organization's on-premise infrastructure and a cloud service provider infrastructure. It enables access to email, contacts, enterprise applications, and partner internal resources. This PIA addendum focuses on the personal information under the control of SSC, which is limited to log in credentials used to authenticate EMDM administrators.
SSC’s PIA summaries can be found at Publications – Access to Information and Privacy - Canada.ca
Several PIAs are in different phases of development or approval and will be accounted for in subsequent annual reports.
In the past year, SSC developed a new, standardized template (Technical Assessment of Privacy Implications) designed to assess privacy implications associated with the introduction of new technology solutions across the GC. This innovative template, created with an enterprise-wide lens, ensures that emerging technologies are evaluated comprehensively for potential privacy risks before implementation. Designed to augment PIAs for program activities, the template is integrated into the broader security assessment process, fostering a harmonized approach to safeguarding both privacy and security. This proactive measure enhances the ability to assess and uphold privacy standards while facilitating the responsible adoption of innovative technologies across government organizations.
SSC continued its collaboration with other departments by sharing the ECCS-R PIA. The Division was completing Privacy Risk Checklist (PRC) reports to identify instances where additional privacy assessments were necessary until the internal guidance was superseded by the TBS standardized checklist. Both are used to identify and evaluate privacy risks of new programs and activities that affect the collection, use, disclosure, storage and retention of personal information. In 2024-2025, 41 PRCs/checklists were completed and 18 were carried over to the next fiscal year.
There was a 78% increase in PRCs/checklists compared to the previous year. This remarkable growth is attributed to the Division's proactive efforts to address the shortage of specialized skills. To manage the increased workload effectively and maintain high-quality output, the Division hired additional resources with the necessary knowledge and transferred resources from other units.
Annex A — Delegation Order
Shared Services Canada Access to Information Act and Privacy Act Delegation Order
The President of Shared Services Canada, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the President as the head of Shared Services Canada, under the provisions of the acts and related regulations set out in the schedule opposite each position.
This document replaces and cancels all previous delegation orders.
| Position | Access to Information Act and Regulations | Privacy Act and Regulations |
|---|---|---|
| Executive Vice President | Full authority | Full authority |
| Assistant Deputy Minister, Strategy and Engagement Branch | Full authority | Full authority |
| Corporate Secretary and Chief Privacy Officer | Full authority | Full authority |
| Director, Access to Information and Privacy Protection Division | Full authority | Full authority |
| Deputy Directors, Operations and Policy & Governance, Access to Information and Privacy Protection Division | Full authority | Full authority |
Dated, at Ottawa this ____ day of ____, 2024.
President of Shared Services Canada
Annex B — Statistical Report
Statistical Report on the Privacy Act
Name of institution: Shared Services Canada
Reporting period: 2024-04-01 to 2025-03-31
Section 1: Requests under the Privacy Act
1.1 Number of Requests Received
| Number of Requests | |
|---|---|
| Received during reporting period | 52 |
|
Outstanding from previous reporting periods
|
2 |
| Total | 54 |
| Number of Requests | |
|---|---|
| Closed during reporting period | 45 |
|
Carried over to the next reporting period
|
9 |
| Total | 54 |
1.2 Channels of Requests
| Source | Number of Requests |
|---|---|
| Online | 39 |
| 5 | |
| 8 | |
| In Person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 52 |
Section 2: Informal Requests
2.1 Number of Informal Requests
| Number of Requests | |
|---|---|
| Received during reporting period | 0 |
|
Outstanding from previous reporting periods
|
0 |
| Total | 0 |
| Number of Requests | |
|---|---|
| Closed during reporting period | 0 |
| Carried over to the next reporting period | 0 |
| Total | 0 |
2.2 Channels of Informal Requests
| Source | Number of Requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
2.3 Completion Time of Informal Requests
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total |
|---|---|---|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.4 Pages Released Informally
| Number of requests | Pages released | |
|---|---|---|
| Fewer than 100 Pages Released | 0 | 0 |
| 100-500 Pages Released | 0 | 0 |
| 501-1,000 Pages Released | 0 | 0 |
| 1,001-5,000 Pages Released | 0 | 0 |
| More than 5,000 Pages Released | 0 | 0 |
Section 3: Requests Closed during the Reporting Period
3.1 Disposition and Completion Time
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 1 | 1 | 0 | 0 | 0 | 0 | 2 |
| Disclosed in part | 2 | 5 | 4 | 2 | 0 | 0 | 0 | 13 |
| All exempted | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 23 | 2 | 0 | 0 | 0 | 0 | 0 | 25 |
| Request abandoned | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 4 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 29 | 9 | 5 | 2 | 0 | 0 | 0 | 45 |
3.2 Exemptions
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 1 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 22.4 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 12 |
| 27 | 1 |
| 27.1 | 0 |
| 28 | 0 |
3.3 Exclusions
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
3.4 Format of Information Released
| Paper | Electronic | Other | |||
|---|---|---|---|---|---|
| E-record | Data set | Video | Audio | ||
| 0 | 15 | 0 | 0 | 0 | 0 |
3.5 Complexity
3.5.1 Relevant Pages Processed and Disclosed for Paper and E-record Formats
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 9,773 | 3,368 | 20 |
3.5.2 Relevant Pages Processed by Request Disposition for Paper and E-record Formats by size of Requests
| Disposition | Fewer than 100 Pages Released | 100-500 Pages Released | 501-1,000 Pages Released | 1,001-5,000 Pages Released | More than 5,000 Pages Released | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | |
| All disclosed | 0 | 0 | 2 | 452 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 5 | 359 | 6 | 1,788 | 0 | 0 | 2 | 7,028 | 0 | 0 |
| All exempted | 0 | 0 | 1 | 146 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 9 | 359 | 9 | 2,386 | 0 | 0 | 2 | 7,028 | 0 | 0 |
3.5.3 Relevant Minutes Processed and Disclosed for Audio Formats
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 397 | 37 | 1 |
3.5.4 Relevant Minutes Processed per Request Disposition for Audio Formats by Size of Requests
| Disposition | Fewer than 60 Minutes Processed | 60-120 Minutes Processed | More than 120 Minutes Processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 1 | 397 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 1 | 397 |
3.5.5 Relevant Minutes Processed and Disclosed for Video Formats
| Number of Minutes Processed | Number of Minutes Disclosed | Number of Requests |
|---|---|---|
| 0 | 0 | 0 |
3.5.6 Relevant Minutes Processed per Request Disposition for Video Formats by Size of Requests
| Disposition | Fewer than 60 Minutes Processed | 60-120 Minutes Processed | More than 120 Minutes Processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 |
3.5.7 Other Complexities
| Disposition | Consultations Required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 1 | 1 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 1 | 1 |
3.6 Closed Requests
3.6.1 Number of Requests Closed within Legislated Timeline
| Number of Requests Closed within Legislated Timelines | 44 |
|---|---|
| Percentage of Requests Closed within Legislated Timelines | 97.77777778 |
3.7 Deemed Refusals
3.7.1 Reasons for Not Meeting Legislated Timelines
| Number of Requests Closed Past the Legislated Timelines | Principal Reason | |||
|---|---|---|---|---|
| Interference with operations/workload | External consultation | Internal consultation | Other | |
| 1 | 0 | 0 | 0 | 1 |
3.7.2 Requests Closed Beyond Legislated Timelines (Including Any Extensions Taken)
| Number of days Past Legislated Timelines | Number of Requests Past Legislated Timeline Where No Extension Was Taken | Number of Requests Past Legislated Timeline Where an Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 1 | 1 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 1 | 1 |
3.8 Requests for Translation
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosure under Subsection 8(2) and Subsection 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Section 5: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 6: Extensions
6.1 Reasons for Extensions
| Number of Extensions Taken | 15(a)(i) Interference with Operations | 15(a)(ii) Consultation | 15(b) Translation Purposes or Conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence (section 70) | External | Internal | ||
| 7 | 0 | 7 | 0 | 0 | 0 | 0 | 0 | 0 |
6.2 Length of Extensions
| Length of Extensions | 15(a)(i) Interference with Operations | 15(a)(ii) Consultation | 15(b) Translation Purposes or Conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volumes of requests | Documents are difficult to obtain | Cabinet confidence section (section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 7 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | N/A | N/A | N/A | N/A | N/A | N/A | N/A | N/A |
| Total | 0 | 7 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Consultations Received from Other Institutions and Organizations
7.1 Consultations Received from Other Government of Canada Institutions and Other Organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during the reporting period | 2 | 9 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 2 | 9 | 0 | 0 |
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Closed during the reporting period | 2 | 9 | 0 | 0 |
| Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
| Total | 2 | 9 | 0 | 0 |
7.2 Recommendations and Completion Time for Consultations Received from Other Government of Canada Institutions
| Recommendation | 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total |
|---|---|---|---|---|---|---|---|---|
| Disclose entirely | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 2 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institutions | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 0 | 1 | 0 | 0 | 0 | 0 | 2 |
7.3 Recommendations and Completion Time for Consultations Received from Organizations Outside the Government of Canada
| Recommendation | 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total |
|---|---|---|---|---|---|---|---|---|
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institutions | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion Time of Consultations on Cabinet Confidence
8.1 Requests with Legal Services
| Number of days | Fewer than 100 Pages Processed | 100-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More than 5,000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8.2 Requests with Privy Council Office
| Number of days | Fewer than 100 Pages Processed | 100-500 Pages Processed | 501-1,000 Pages Processed | 1,001-5,000 Pages Processed | More than 5,000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigation Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 |
Section 10: Privacy Impact Assessments and Personal Information Banks
10.1 Privacy Impact Assessments
| Number of PIAs Completed | 2 |
|---|---|
| Number of PIAs Modified | 1 |
10.2 Institution-Specific and Central Personal Information Banks
| Personal Information Banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution specific | 0 | 0 | 0 | 0 |
| Central | 8 | 1 | 0 | 0 |
| Total | 8 | 1 | 0 | 0 |
Section 11: Privacy Breaches
11.1 Material Privacy Breaches Reported
| Number of Material Privacy Breaches Reported to TBS | 2 |
|---|---|
| Number of Material Privacy Breaches Reported to OPC | 2 |
11.2 Non-Material Privacy Breaches
| Number of Non-Material Privacy Breaches | 19 |
|---|
Section 12: Resources Related to the Privacy Act
12.1 Allocated Costs
| Expenditures | Amount |
|---|---|
| Salaries | $759,101 |
| Overtime | $0 |
|
Goods and services
|
$19,000 |
| Total | $778,101 |
12.2 Human Resources
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 3.690 |
| Part-time and casual employees | 0.600 |
| Regional staff | 3.000 |
| Consultants and other agency personnel | 0 |
| Students | 0 |
| Total | 7.290 |