Annual Report to Parliament on the Administration of the Privacy Act – 2021-22

Introduction

The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. It establishes the rules for the collection, use, disclosure, retention and disposal of such information. It also provides individuals with a right to be given access to, and to request a correction of, their personal information.

Shared Services Canada (SSC) is pleased to submit to Parliament its eleventh Annual Report on the Administration of the Privacy Act. This report is prepared and tabled in Parliament in accordance with section 72 of the Privacy Act. It covers the period from April 1, 2021, to March 31, 2022.

Institutional Mandate

SSC was created in 2011 to transform how the Government of Canada manages and secures its information technology (IT) infrastructure.

SSC supports the Government of Canada's digital vision to expand and improve the scope of digital service capacity, accelerate the pace of digital modernization, and strengthen the ongoing support for digital tools, systems and networks government wide.

In carrying out its mandate, SSC is supporting the Digital Operations Strategic Plan: 2018-2022 and the Government of Canada Cloud Adoption Strategy, as well as working in partnership with public- and private-sector stakeholders, implementing enterprise-wide approaches for managing IT infrastructure services, and employing effective and efficient business management processes.

Delegated Authority

The Minister of Public Services and Procurement is responsible for handling requests submitted under the Privacy Act. Pursuant to section 73(1) of the Act, the Minister has delegated full powers, duties and functions to members of the Department’s senior management, including the Director and the Deputy Directors of the Access to Information and Privacy (ATIP) Protection division, hereafter referred to as the ATIP division (refer to Annex A).

ATIP Division Structure

ATIP Division Structure image

The ATIP division is part of the Corporate Secretariat, which is overseen by the Director General, Corporate Secretary and Chief Privacy Officer, situated within the Strategy and Engagement Branch (SEB).

The division administers the Access to Information Act and the Privacy Act, led by a Director who acts as the ATIP Coordinator for the Department. Two units carry out the work under 2 Deputy Directors, each leading either the Operations Unit or the Policy and Governance Unit. While an average of 24 person-years were dedicated to the ATIP program, 7 person-years were dedicated to the administration of the Privacy Act. These person-years include full time equivalents and students.

The Operations Unit is responsible for processing requests under the Access to Information Act and the Privacy Act. This includes, but is not limited to the following:

The Policy and Governance (P&G) Unit is responsible for, but is not limited to, the following:

The ATIP division’s administration of the Acts is facilitated at the branch and the directorate level of SSC. The administration of the Act would not be possible without the large number of SSC employees across the department who identify and review information to respond to requests.

SSC was not party to any service agreements under section 73.1 of the Privacy Act and the Access to Information Act during the reporting period.

Highlights of the 2021–22 Statistical Report

The Statistical Report (Annex B) on the administration of the Privacy Act provides a summary of the personal information requests and consultations processed during the 2021–22 reporting period.

Requests Received

SSC received 56 requests submitted under the Privacy Act between April 1, 2021, and March 31, 2022. This total represents a decrease of 5% from the previous reporting period. Two requests were carried forward from 2020–21 for a total of 58 requests for the reporting period. Privacy requests received were mainly from SSC employees seeking their own personnel file.

SSC processed 47 privacy requests and carried over 11 requests to the next reporting period:

The ATIP division experienced a slight decrease in the number of pages processed at 36,805 pages for the 2021–2022 reporting period. There was also a 50% decrease in pages disclosed from the 2020–2021 reporting period.

It is important to note that SSC achieved a compliance rate of 95.7%. Although a slight decrease from the previous report’s 98.3%, SSC is above the community average. The ATIP division continues to ensure it monitors its turnaround times in processing requests on a regular basis, as well as tracks the timeliness of their completion.

The Policy and Governance Unit closed 98 Privacy Advice (PA) files during the reporting period. PA files consist of privacy advice that was provided to program areas, employees and other government departments. The advice was provided on various types of initiatives such as: the vaccination policy, surveys, disclosures and procedures. The Unit experienced a 37% decrease from the previous reporting period. The decrease in privacy advice pieces from the 2020-21 reporting period was related to being the first year of the pandemic, SSC experience a surge in advice given on new platforms and initiatives being implemented in response to the pandemic. During the 2021-22 reporting period, the P&G Unit also performed preliminary privacy risk checklist on 33 initiatives and worked on 3 Privacy Impact Assessments which are still ongoing.

Privacy Requests received and processed
Privacy requests – Text version
Privacy Requests
Fiscal Year Received Processed
2021-22 56 47
2020-21 59 60
2019-20 92 92
2018-19 113 115
2017-18 90 90

Disposition of Requests Completed

Of the 47 privacy requests completed, SSC released records in full in 5 case (11%) and the Department invoked exemptions in 9 requests (19%). Of the remaining 33 requests (70%), either no records existed or the request was abandoned. While the number of privacy requests decreased by 3 from the previous reporting period, the division observed an influx of files with higher complexity, related to vaccination mandates amongst other things, which required numerous consultations with the Department of Justice of Canada.

SSC does not have any active carried over requests from previous reporting periods for privacy files. However, there are 2 requests carried over to the next reporting period.

Extensions

Section 15 of the Privacy Act allows the statutory time limits to be extended under certain circumstances, such as when consultations are required, if translation is needed, or if the request is for a large volume of records, and processing it within the original time limit would unreasonably interfere with the operations of the Department. SSC invoked a total of 8 extensions during the 2021–2022 reporting period, which were deemed necessary to search for, or through a large volume of records and/or to respond to the higher volume of requests. In some instances, the extensions were deemed necessary for consultations such as legal services.

Completion Time

The Privacy Act sets the timelines for responding to privacy requests. It also allows for extensions in cases where responding to the request requires the review of a large volume of information or extensive consultations with other government institutions or other third parties.

SSC responded to 39 requests (83%) within 30 days or fewer, and a further 5 requests (11%) within 31 to 60 days. The Department completed 3 requests (1%) within 61 to 120 days.

Graph of completion time
Completion Time – Text version
Completion time One to 30 days Thirty-one to 60 days Sixty-one to 120 days
Percentage of requests completed 83% 11% 6%

Exemptions

The Privacy Act allows, and in some instances requires, that some personal information be exempted and not released. For example, personal information may be exempted when it relates to law enforcement investigations, another individual besides the requester, or when it is subject to solicitor client privilege.

The majority of exemptions applied by SSC related to section 26 which protects personal information. The aforementioned section was applied in 8 instances. Section 22(1)(b) (law enforcement and criminal investigations) was used in 6 instances.

Exclusions

The Privacy Act does not apply to information that is already publicly available, such as government publications and material in libraries and museums. It also excludes material such as Cabinet Confidences. The ATIP division did not apply any exclusions under the Act during the reporting period.

Consultations

During the reporting period, no consultation requests under the Privacy Act were received at SSC from other government departments.

Internal Consultations

Branches within SSC will send documents to the ATIP Division to be reviewed in the spirit of the Act. These documents are typically complex in nature and can vary from labour relations documents, audit reports, documents to be proactively disclosed, to consultations related to internal vaccinations policies. During the 2021-22 reporting period, SSC received 24 internal consultations and reviewed a total of roughly 3,250 pages.

Impact of COVID-19

The ATIP division continued working a full-time basis during the pandemic. Some of our accomplishments during the second year of the pandemic included the following:

The ATIP division was able to achieve these accomplishments while facing many challenges. Listed below are some of the major challenges faced by the Division, and what was done to overcome them:

Complaints, Audits and Investigations

SSC was not subject to any complaints under the Privacy Act during the reporting period. There are no outstanding complaints from the previous reporting period. In addition, there were no audits involving the Department conducted by the OPC. SSC received 4 notices of investigation from the OPC pursuant to section 31 of the Privacy Act.

Monitoring Compliance

The division has implemented various internal procedures to ensure that privacy requests are processed in a timely and efficient manner. For example, meetings are held between ATIP management and analysts on a regular basis to monitor workloads and progress on privacy requests. These meetings provide greater accountability and clarity for the team.

In 2021–2022, SSC did not receive any requests to correct personal information under the Privacy Act.

Disclosure of Personal Information Pursuant to Paragraphs 8(2)(e) and 8(2)(m)

Paragraph 8(2)(e) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual where such information is requested in writing by a designated investigative body for law enforcement purposes. During the reporting period, SSC made 1 disclosure of personal information under this provision.

Paragraph 8(2)(m) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual in cases where, in the opinion of the head of the institution, the public interest outweighs any invasion of privacy that could result from the disclosure or when it is clearly in the best interest of the individual to disclose. For the 2021–2022 reporting period, SSC did not disclose any personal information under this paragraph.

Training and Awareness Activities

The ATIP division is dedicated to fostering a culture of ATIP excellence across SSC. As a result, the division continues to develop and deliver training and awareness activities aimed at more openness and transparency throughout the Department.

Mandatory Training

In order to ensure that all SSC employees, regardless of their position or level, are made aware of their responsibilities related to ATIP and that they gain an in-depth understanding of the related best practices and principles, SSC launched, in collaboration with the Canada School of Public Service, the online Access to Information and Privacy Fundamentals course (I015) on July 14, 2016. While this course is optional for all federal Public Service employees through the Canada School of Public Service website, its completion has been made mandatory for all SSC employees. For this reporting period, 1069 SSC employees successfully completed the course. This represents a 13% increase from the previous reporting period where 945 SSC employees completed the course.

ATIP 101 Internal Training

In order to maintain our training and awareness practices, the ATIP division continued to adapt their training from in-person to online. The trainers successfully delivered 10 internal training and awareness sessions to approximately 269 participants, which included SSC executives, managers and employees at all levels. The number of participants who received training this reporting period increased by 8%. In the previous reporting period, 247 SSC employees participated in training.

Tasking Request Training

The ATIP Policy and Governance Unit developed a Tasking Request training in the previous reporting period which focuses on how to respond to a request by an office of primary interest. The purpose of this training is to educate all SSC employees on their roles and responsibilities related to ATIP requests. The trainers successfully delivered 4 internal training and awareness sessions to approximately 18 participants in the 2021-22 reporting period.

Privacy Training

The division delivered 12 Privacy Breach training sessions over the course of 2021–2022. A total of 146 employees attended this course.

PIA Training

In order for program areas to understand the Privacy Impact Assessment process, the ATIP Policy and Governance Unit developed a Privacy Impact Assessment (PIA) training. One PIA training session was delivered over the course of the 2021-22 reporting period. A total of 16 employees attended this course.

Biweekly Learning Sessions

The SSC ATIP Division takes innovation very seriously and a key focal point in which the Division focuses on is the personal development of its employees. The ATIP Division has established biweekly learning sessions where a variety of topics are discussed. Examples of the topics included but is not limited to: reviewing Sections 23 and 69 of the ATIA, career development and mental health.

Data Privacy Day

On January 28, 2022, SSC celebrated Data Privacy Day to raise awareness and demonstrate the importance of privacy and the protection of personal information in day-to-day activities. SSC’s ATIP division developed a pledge and communiqués, published content on social media by senior leaders and promoted Privacy training through SSC’s internal communication network. Awareness was disseminated through Twitter, LinkedIn and SSC’s internal communication channels.

Policies, Guidelines, Procedures and Initiatives

To maintain a high standard of excellence and to continually improve customer services under the Privacy Act, the Department undertook the following initiatives:

Material Privacy Breaches

A privacy breach refers to the improper or unauthorized access, collection, use, disclosure, retention or disposal of personal information. A material breach involves sensitive personal information that could reasonably be expected to cause serious injury or harm to the individual.

During the reporting period, one material privacy breach occurred and was reported to the OPC.

In this case, notification letters were sent out to the affected individuals. The ATIP Division provided recommendations and advice on mitigation measures to departmental staff in order to safeguard personal information. Both the Office of the Privacy Commissioner and Treasury Board Secretariat were notified of the breach. In addition, SSC senior officials, including the Chief Privacy Officer, were notified of the breach during various stages of the investigation.

SSC also provided support in the investigation process of a multi-departmental material privacy breach that occurred in August of 2020. The breach was reported when many GC departments that use GC Key suffered a credential stuffing attack. While no breaches occurred within SSC, the department played an important role in providing support to the departments in implementing the GC Keys infrastructure. SSC was therefor tasked by the OPC to release all records related to the GC Key breach for the purpose of the investigation in May of 2021. SSC produced nearly 28,000 pages of records which was vetted by the Policy and Governance Unit and disclosed to the OPC.

The ATIP division monitors and documents all privacy breaches reported. The division also reviews how and where in the Department they occurred in order to provide tailored privacy breach training to specific groups to promote awareness and increase prevention.

Privacy Impact Assessments

One PIA (Digital Communications and Collaboration (DCC)) was completed during the 2020-21 reporting period but officially signed at the President-level on April 30, 2021. Due to the significant importance of this PIA for the ATIP community it was included in the previous annual report. For ease of reference we are including the link for a second year: Privacy Impact Assessment Summary of the Digital Communications and Collaboration (DCC) Service - Canada.ca

Throughout the 2021-22 reporting period, SSC’s ATIP division also shared the DCC (M365) PIA to 27departments. SSC anticipates this collaboration and sharing of the DCC PIA to continue in high demand for the next reporting period. 3 PIAs were at various stages of the approval process at the end of the 2021–2022 reporting period, they will be reflected on future reports. The Policy and Governance Unit also completed 33 Privacy Risk Checklists. This checklist allows the team to determine if a PIA is required. It assesses new programs and initiatives used at SSC, as well as SSC’s partners, in the collection, use, disclosure, storage and retention period of personal information. There was a 26% decrease in Privacy Risk Checklists this reporting period compared to 2020-21. The decrease could be explained by a restructuring of the Security Management and Governance group who is in charge of assessing Enterprise wide initiatives.

Annex A – Delegation Order

Shared Services Canada

Access to Information Act and Privacy Act Delegation Order

The Minister of Public Services and Procurement, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of Shared Services Canada, under the provisions of the acts and related regulations set out in the schedule opposite each position.

This designation replaces all previous delegation orders.

Schedule
Position Access to Information Act and Regulations Privacy Act and Regulations
1. President Full authority Full authority
2. Executive Vice President Full authority Full authority
3. Assistant Deputy Minister, Strategy and Engagement Branch Full authority Full authority
4. Corporate Secretary and Chief Privacy Officer Full authority Full authority
5. Director, Access to Information and Privacy Protection Division Full authority Full authority
6. Deputy Directors, Operations and Policy and Governance, Access to Information and Privacy Protection Division Full authority Full authority

Dated, at Ottawa,
this 11th day of February, 2022

The Honourable Filomena Tassi
Minister of Public Services and Procurement and Head of Shared Services Canada

Annex B – Statistical Report

Statistical Report on the Privacy Act

Name of institution: Shared Services Canada

Reporting period: 2021-04-01 to 2022-03-31

Part 1: Requests under the Privacy Act

1.1 Number of Requests Received

Number of requests
Received during reporting period 56
Outstanding from previous reporting period 2
Outstanding from previous reporting period 2
Outstanding from more than one reporting period 0
Total 58
Closed during reporting period 47
Carried over to next reporting period 11
Carried over within legislated timeline 7
Carried over beyond legislated timeline 4

1.2 Channels of Requests

Source Number of requests
Online 52
E-mail 4
Mail 0
In person 0
Phone 0
Fax 0
Total 56

Part 2: Informal requests for information

2.1 Number of Informal Requests

Number of requests
Received during reporting period 0
Outstanding from previous reporting period 0
Outstanding from previous reporting period 0
Outstanding from more than one reporting period 0
Total 0
Closed during reporting period 0
Carried over to next reporting period 0

2.2 Channels of Informal Requests

Source Number of requests
Online 0
E-mail 0
Mail 0
In person 0
Phone 0
Fax 0
Total 0

2.3 Completion Time of Informal Requests

Completion time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
0 0 0 0 0 0 0 0

2.4 Pages Released Informally

Part 3: Requests closed during the reporting period

3.1 Disposition and Completion Time

Less than 100 pages released 101-500 pages released 501-1000 pages released 1001-5000 pages released More than 5000 pages released
Number of requests Pages released Number of requests Pages released Number of requests Pages released Number of requests Pages released Number of requests Pages released
0 0 0 0 0 0 0 0 0 0
Disposition of requests Completion time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 5 0 0 0 0 0 0 5
Disclosed in part 1 0 5 3 0 0 0 9
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 28 0 0 0 0 0 0 28
Request abandoned 5 0 0 0 0 0 0 5
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 39 0 5 3 0 0 0 47

3.2 Exemptions

Section Number of requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 0
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 6
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 8
27 2
28 0

3.3 Exclusions

Section Number of requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0

3.4 Format of information released

Paper Electronic Other formats
E-record Data Set Video Audio
0 14 0 0 0 0

3.5 Complexity

3.5.1 Relevant Pages Processed and Disclosed for Paper and e-Record Formats
Number of pages processed Number of pages disclosed Number of requests
36805 2969 19
3.5.2 Relevant Pages Processed by Request Disposition for Paper and e-Record Formats by Size of Requests
Disposition Less than 100 pages processed 101-500 pages processed 501-1000 pages processed 1001-5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 5 94 0 0 0 0 0 0 0 0
Disclosed in part 1 69 1 344 1 856 5 13,295 1 22,147
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 11 163 1 344 1 856 5 13,295 1 22,147
3.5.3 Relevant Pages Processed and Disclosed for Audio Formats
Number of minutes processed Number of minutes disclosed Number of requests
0.000 0.000 0
3.5.4 Relevant Pages Processed per Request Disposition for Audio Formats by Size of Requests
Disposition Less than 60 minutes processed 61-120 minutes processed More than 120 minutes processed
Number of requests Minutes Processed Number of requests Minutes Processed Number of requests Minutes Processed
All disclosed 0 0.000 0 0.000 0 0.000
Disclosed in part 0 0.000 0 0.000 0 0.000
All exempted 0 0.000 0 0.000 0 0.000
All excluded 0 0.000 0 0.000 0 0.000
Request abandoned 0 0.000 0 0.000 0 0.000
Neither confirmed nor denied 0 0.000 0 0.000 0 0.000
Total 0 0.000 0 0.000 0 0.000
3.5.4 Relevant Pages Processed and Disclosed for Video Formats
Number of minutes processed Number of minutes disclosed Number of requests
0.000 0.000 0
3.5.5 Relevant Pages Processed per Request Disposition for Video Formats by Size of Requests
Disposition Less than 60 minutes processed 61-120 minutes processed More than 120 minutes processed
Number of requests Minutes Processed Number of requests Minutes Processed Number of requests Minutes Processed
All disclosed 0 0.000 0 0.000 0 0.000
Disclosed in part 0 0.000 0 0.000 0 0.000
All exempted 0 0.000 0 0.000 0 0.000
All excluded 0 0.000 0 0.000 0 0.000
Request abandoned 0 0.000 0 0.000 0 0.000
Neither confirmed nor denied 0 0.000 0 0.000 0 0.000
Total 0 0.000 0 0.000 0 0.000
3.5.7 Other Complexities
Disposition Consultation required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 0 0 0
Disclosed in part 2 0 3 0 5
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 2 0 3 0 5

3.6 Closed requests

3.6.1 Number of requests closed within legislated timelines
Requests closed within legislated timelines
Number of requests closed within legislated timelines 45
Percentage (%) of requests closed within legislated timelines 95.7

3.7 Deemed refusals

3.7.1 Reasons for not meeting legislative timelines
Number of requests closed past the statutory deadline Principal reason
Interference with Operations / Workload External consultation Internal consultation Other
2 2 0 0 0
3.7.2 Requests closed beyond legislative timelines (including any extensions taken)
Number of days past deadline Number of requests past deadline where no extension was taken Number of requests past deadline where an extension was taken Total
1 to 15 days 0 0 0
16 to 30 days 0 2 2
31 to 60 days 0 0 0
61 to 120 days 0 0 0
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 0 2 2

3.8 Requests for translation

Translation requests English to French French to English Total
Accepted 0 0 0
Refused 0 0 0
Total 0 0 0

Part 4: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
1 0 0 1

Part 5: Requests for Correction of Personal Information and Notations

Disposition for correction requests received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Part 6: Extensions

6.1 Reasons for extensions and disposition of requests

Number of requests where an extension was taken 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
8 0 6 0 0 0 2 0 0

6.2 Length of extensions

Length of Extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b)Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 0 6 0 0 0 2 0 0
31 days or greater 0
Total 0 6 0 0 0 2 0 0

Part 7: Consultations received from other institutions and organizations

7.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other government of Canada institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Carried over within negotiated timelines 0 0 0 0
Carried over beyond negotiated timelines 0 0 0 0

7.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

7.3 Recommendations and completion time for consultations received from other organizations

Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Part 8: Completion time for consultations on Cabinet confidences

8.1 Requests with Legal Services

Number of Days 100 Pages or Less Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

8.2 Requests with the Privy Council Office

Number of Days 100 Pages or Less Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 9: Complaints and Investigations Notices received

Section 31 Section 33 Section 35 Court action Total
0 0 0 0 0

Part 10: Privacy Impact Assessments

10.1 Privacy Impact Assessments

Number of PIAs completed 1
Number of PIAs modified 0

10.2 Institution-Specific and Central Personal Information Banks

Personal information banks Active Created Terminated Modified
Institution-Specific 6 1 0 0
Central 0 0 0 0
Total 6 1 0 0

Part 11: Material Privacy Breaches

11.1 Material Privacy Breaches Reported

Number of material privacy breaches reported to TBS 1
Number of material privacy breaches reported to OPC 1

11.2 Non-Material Privacy Breaches

Number of non-material privacy breaches 25

Part 12: Resources related to the Privacy Act

12.1 Allocated Costs

Expenditure Amount
Salaries $570,913
Overtime $0
Goods and services $39,604
Professional services contracts $0 -
Other $39,604 -
Total $610,517

12.2 Human Resources

Resources Person-years dedicated to privacy activities
Full-time employees 6.667
Part-time and casual employees 0.438
Regional staff 0.000
Consultants and agency personnel 0.000
Students 0.208
Total 7.313

Note: Enter values to three decimal places.

Page details

Date modified: