Annual Report to Parliament on the Administration of the Privacy Act – 2022-23
Table of contents
- Introduction
- Institutional Mandate
- Delegated Authority
- ATIP Division Structure
- Requests Received
- Disposition of Requests Completed
- Extensions
- Completion Time
- Exemptions
- Exclusions
- Consultations
- Internal Consultations
- Challenges
- Complaints, Audits and Investigations
- Monitoring Compliance
- Public Interest Disclosure
- Training and Awareness
- Mandatory Training
- ATIP 101 Internal Training
- Tasking Request Training
- Privacy Breach Training
- Privacy Impact Assessment Training
- Mentoring
- Data Privacy Day
- Policies, Guidelines, Procedures and Initiatives
- Initiatives and Projects to Improve Privacy
- Summary of Key Issues and Actions Taken on Complaints
- Material Privacy Breaches
- Privacy Impact Assessments
- Annex A—Delegation Order
- Annex B—Statistical Report
Introduction
The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions. It establishes the rules for the collection, use, disclosure, retention and disposal of such information. It also provides individuals with a right to be given access to, and to request a correction of, their personal information.
Shared Services Canada (SSC) is pleased to submit to Parliament its twelfth Annual Report on the Administration of the Privacy Act. This report is prepared and tabled in Parliament in accordance with section 72 of the Act. It covers the period from April 1, 2022, to March 31, 2023.
Institutional Mandate
SSC was created in 2011 to transform how the Government of Canada managed and secured its information technology (IT) infrastructure.
SSC supports the Government of Canada’s digital vision to expand and improve the scope of digital service capacity, accelerate the pace of digital modernization and strengthen the ongoing support for digital tools, systems and networks government-wide.
In carrying out its mandate, SSC is supporting the Digital Operations Strategic Plan and the Government of Canada Cloud Adoption Strategy. It is also working in partnership with public-and private-sector stakeholders, implementing enterprise-wide approaches for managing IT infrastructure services and employing effective and efficient business management processes.
Delegated Authority
The Minister of Public Services and Procurement is responsible for handling requests submitted under the Privacy Act. Pursuant to subsection 73(1) of the Act, the Minister has delegated full powers, duties and functions to members of the Department’s senior management, including the Director and the Deputy Directors of the Access to Information and Privacy (ATIP) Protection Division, hereafter referred to as the ATIP Division (refer to Annex A).
ATIP Division Structure
The ATIP Division is part of the Corporate Secretariat, which is overseen by the Director General, Corporate Secretary and Chief Privacy Officer, situated within the Strategy and Engagement Branch (SEB).
The Division administers the Access to Information Act (ATIA) and the Privacy Act, led by a Director who acts as the ATIP Coordinator for the Department. Two units carry out the work under two Deputy Directors, one leading the Operations Unit and the other, the Policy and Governance Unit. While an average of 23 person years were dedicated to the ATIP program, 6 person-years were dedicated to the administration of the Privacy Act. These person years include full time equivalents and students.
The Operations Unit is responsible for processing requests under both Acts. This includes, but is not limited to, the following:
- Liaising with subject-matter experts within SSC
- Performing line-by-line reviews of records requested and conducting external consultations as required to balance the public’s right of access and the government’s need to safeguard certain information in limited and specific cases
- Providing briefings to senior management as required on matters relating to requests and institutional performance
- Acting as the main point of contact with the Office of the Information Commissioner (OIC) and the Office of the Privacy Commissioner (OPC) with respect to the resolution of complaints related to requests under both Acts
The Policy and Governance Unit is responsible for, but is not limited to, the following:
- Providing policy advice and guidance to the senior management team on access to information (ATI) and the protection of personal information
- Developing ATIP policy instruments and tools
- Assisting program officials in conducting privacy impact assessments (PIA) and drafting personal information-sharing agreements
- Preparing and delivering training and awareness sessions throughout the department
- Coordinating SSC’s annual reporting requirements
- Publishing an updated version of SSC’s Info Source chapter.
- Acting as the main point of contact with the OIC and OPC with respect to various audits, reviews, systemic investigations and privacy breaches
The ATIP Division’s administration of the Acts is facilitated at the branch and the directorate level of SSC. This would not be possible without the large number of employees across the Department who identify and review information to respond to requests.
SSC was not party to any service agreements under section 73.1 of the Privacy Act during the reporting period.
Performance 2022–2023
The Statistical Report (Annex B) on the administration of the Privacy Act provides a summary of the personal information requests and consultations processed during the 2022–2023 reporting period.
Requests Received
SSC received 65 requests submitted under the Privacy Act between April 1, 2022, and March 31, 2023. This total represents an increase of 14 percent from the previous year. Eleven requests were carried forward from 2021–2022 for a total of 76 requests for the reporting period. Privacy requests received were mainly from SSC employees seeking human resources-related information such as staffing competitions and email exchanges with specific criteria.
SSC processed 72 privacy requests and carried over 4 requests to the next reporting period. One carried-over request received in 2022–2023 is within the legislated timeline, and 3 requests are beyond the legislated timeline.
The ATIP Division experienced a slight increase in the number of pages processed at 37,198 pages for 2022–2023. There was a 1 percent increase in pages disclosed from last year.
It is important to note that SSC achieved a compliance rate of 91.6 percent. Although this is a slight decrease from the previous report’s 95.7 percent, SSC is above the community average.
The ATIP Division continues to ensure it monitors its turnaround times in processing requests on a regular basis, and tracks the timeliness of their completion.
The Policy and Governance Unit closed 60 Privacy Advice (PA) files during the year. PA files consist of privacy advice that was provided to program areas, employees and other departments. The advice was provided on various types of initiatives, such as the vaccination policy, surveys, privacy questions, disclosures and procedures. The Unit experienced a 38.7 percent decrease from the previous reporting period. Although SSC experienced a decrease in privacy advice pieces from 2021–2022, the advice provided in the current reporting period pertained to new platforms and initiatives that were more complex in nature. For example, the implementation of the hybrid work model led to the adoption of new technologies to support a hybrid workforce.
Privacy requests – Text version
| Fiscal Year | Received | Processed |
|---|---|---|
| 2022-23 | 65 | 72 |
| 2021-22 | 56 | 47 |
| 2020-21 | 59 | 60 |
| 2019-20 | 92 | 92 |
| 2018-19 | 113 | 115 |
| 2017-18 | 90 | 90 |
Disposition of Requests Completed
Of the 72 privacy requests completed, SSC released records in full in 4 cases (6 percent).
The Division observed an influx of requests with higher complexity subjects, such as grievance and harassment investigations that require detailed analysis. Furthermore, in the increasingly digital environment, a request can generate thousands of pages of records, owing to the large numbers of emails and other electronic documents. The Department invoked exemptions in 21 requests (29 percent). Of the remaining 51 requests (71 percent), either no records existed or the request was abandoned. SSC has 11 active carried-over requests from 2021–2022.
Extensions
Section 15 of the Privacy Act allows the statutory time limits to be extended under certain circumstances, such as when consultations are required, if translation is needed or if the request is for a large volume of records and processing it within the original time limit would unreasonably interfere with the operations of the Department. In 2022–2023, SSC invoked a total of 17 extensions. These extensions were invoked to provide sufficient processing time, owing to the increased volume of records. In some instances, the extensions were deemed necessary for external consultations such as Legal Services.
Completion Time
The Privacy Act sets the timelines for responding to privacy requests. It also allows for extensions in cases where responding to the request requires the review of a large volume of information or extensive when consultations with other government institutions or other third parties are needed. SSC responded to 55 requests (76 percent) within 30 days or fewer, and a further 10 requests (14 percent) within 31 to 60 days. The Department completed 3 requests (4 percent) within 61 to 120 days and 4 requests between 121 and 365 days.
Completion Time – Text version
| Completion time | 30 days or less | 31 to 60 days | 61 to 120 days | 121 to 365 days |
|---|---|---|---|---|
| Percentage of requests completed | 76% | 14% | 4% | 6% |
Exemptions
The Privacy Act allows, and in some instances requires, that some personal information is exempted and not released. For example, personal information may be exempted when it relates to law enforcement investigations, pertains to another individual besides the requester or is subject to solicitor client privilege.
The majority of exemptions applied by SSC related to section 26, which protects personal information. That section was applied in 26 instances. Paragraph 22(1)(b) (law enforcement and criminal investigations) was used in 6 instances, and section 27 was applied in 3 instances.
Exclusions
The Privacy Act does not apply to information that is already publicly available, such as government publications and material in libraries and museums. It also excludes material such as Cabinet Confidences. The ATIP Division did not apply any exclusions under the Act during the reporting period.
Consultations
No consultation requests under the Privacy Act were received at SSC from other departments.
Internal Consultations
Branches within SSC will send documents to the ATIP Division to be reviewed in the spirit of the Privacy Act. These documents are typically complex in nature and may include labour relations documents, audit reports, documents to be proactively disclosed and consultations related to internal policies. During the 2022–2023 reporting period, SSC completed 35 internal consultations and reviewed a total of 2,066 pages. This represents an increase of 45 percent for completed requests and a decrease of 36 percent in pages reviewed.
Challenges
The ATIP Division continued working full-time during the third reporting period of the pandemic. Our accomplishments included adapting and improving all processes to continue to respond to requests from the Canadian public.
The ATIP Division was able to achieve these accomplishments while facing many challenges. Listed below are some of the major challenges faced by the Division, and what was done to overcome them:
- SSC ATIP kept using the legacy software Connect (formerly ePost) to provide requesters with their response packages. The poor performance of the tool caused delays in answering requesters.
- Recruiting and retaining employees is a challenge. The Division is looking into different innovative ways to recruit and retain employees.
Complaints, Audits and Investigations
SSC was subject to 2 complaints under section 35 of the Privacy Act during the reporting period. There are no outstanding complaints from the previous reporting period. In addition, there were no audits involving the Department conducted by the OPC. SSC did not receive any notices of investigation from the OPC pursuant to section 31 of the Privacy Act.
Monitoring Compliance
The Division implemented various internal procedures to ensure that privacy requests are processed in a timely and efficient manner. For example, the team monitors workloads and progress on privacy requests. This provided for timely adjustment as needed.
In 2022–2023, SSC did not receive any requests to correct personal information under the Privacy Act.
Public Interest Disclosure
Paragraph 8(2)(m) of the Privacy Act allows the head of the institution to disclose personal information without the consent of the affected individual in cases where, in the opinion of the head of the institution, the public interest outweighs any invasion of privacy that could result from the disclosure or when it is clearly in the best interest of the individual to disclose. For 2022–2023 , SSC did not disclose any personal information under this paragraph.
Training and Awareness
The Division is dedicated to fostering a culture of ATIP excellence across SSC. As a result, the Division continues to develop and deliver training and awareness activities aimed at more openness and transparency throughout the Department. ATIP employees participated in many training sessions and conferences to broaden the knowledge of the entire Division. Four employees attended the Canadian Access and Privacy Association Conference and 15 employees attended a three-part training session about access to information, case studies and privacy impact assessments.
Mandatory Training
In order to ensure that all SSC employees, regardless of their position or level, are made aware of their responsibilities related to ATIP and that they gain an in-depth understanding of the related best practices and principles, SSC launched, in collaboration with the Canada School of Public Service, the online Access to Information and Privacy Fundamentals course (I015) on July 14, 2016. While this course is optional for all public service employees through the Canada School of Public Service website, its completion has been made mandatory for all SSC employees. For this reporting period, 1,290 employees successfully completed the course. This represents a 20.7 percent increase from the previous reporting period where 1,069 employees completed the course.
ATIP 101 Internal Training
The ATIP Division continued to adapt their training from in-person to online. The trainers delivered 4 internal training and awareness sessions to approximately 37 participants, which included SSC executives, managers and employees at all levels. The number of participants who received training this reporting period decreased by 86 percent. In the previous year, 269 employees participated in training. The ATIP 101 training is not mandatory. The Division promotes training in various ways internally and deliver it when we have participants that have signed up for specific sessions. The Division endeavours to find ways to increase participation as training is an important contributor to the continued success of ATIP management at SSC.
Tasking Request Training
The purpose of this training is to inform all SSC employees of their roles and responsibilities related to ATIP requests, with a focus on how to correctly respond to a request tasked to an office of primary interest. The trainers delivered 2 internal training and awareness sessions to approximately 15 participants in 2022–2023.
Privacy Breach Training
The Division delivered 3 Privacy Breach training sessions over the course of 2022–2023. A total of 17 employees attended this course. This training serves to promote privacy best practices and advise employees of their privacy obligations to avoid the creation of privacy breaches.
Privacy Impact Assessment Training
In order for program areas to understand the Privacy Impact Assessment (PIA) process, the ATIP Policy and Governance Unit developed PIA training. Multiple sessions were made available to SSC employees. During the reporting period, none were delivered, owing to the lack of enrolment. PIAs are a specific privacy assessment required by TBS in certain circumstances. They are not required often, so it was expected that the numbers of sessions would be limited. The Division has now incorporated the training as part of the PIA process in order to provide support before any PIA is started. Next year’s number of sessions delivered is expected to reflect this change.
Mentoring
The ATIP Division takes innovation very seriously and focuses on the personal development of its employees. The Division has established learning sessions where a variety of topics are discussed. Experienced employees in the ATIP Division provide guidance and support to new employees by helping them navigate the culture, answering any questions and helping them learn the necessary skills to succeed. By investing in mentoring, we can improve employee retention and foster a culture of continuous learning and development.
Data Privacy Day
On January 28, 2022, SSC celebrated Data Privacy Day to raise awareness and demonstrate the importance of privacy and the protection of personal information in day-to-day activities. The ATIP Division developed communiqués, published content on social media by senior leaders and promoted privacy training through SSC’s internal communication network. Material was disseminated through Twitter, LinkedIn and internal communication channels.
Policies, Guidelines, Procedures and Initiatives
To maintain a high standard of excellence and to continually improve customer services under the Privacy Act, the Policy and Governance Unit undertook the following initiatives:
- responded to 60 requests for privacy advice to branches and other departments. These included privacy advice pieces on NEXTGEN pay system, which is an initiative to replace the current Government of Canada pay system (Phoenix) and over 33 existing HR systems now in use across government
- provided various privacy notice statements
- created an identity verification procedure for privacy requests, to limit potential privacy breaches and standardize the approach with requesters.
Initiatives and Projects to Improve Privacy
- To help program areas acquire a better understanding of privacy requirements and risks, the Policy and Governance Unit is working on an online reporting form, to modernize the way privacy breaches are reported in the organization (a preliminary assessment to determine if a PIA is required). Il is also developing a privacy protocol for the use of personal information for non-administrative purposes.
- The ATIP Division believes diversity in the workplace can lead to a more inclusive and innovative environment, where employees feel valued and respected for their unique perspectives and experiences. The Division is in the process of reviewing current written communication standards to be more inclusive.
- The ATIP Division’s collaboration with TBS led SSC to be an early adopter of AtipXpress, an ATIP request processing software solution. This next-generation software manages the entire lifecycle of an ATIP request from the initial request to final delivery of documents, including request management, correspondence, document management, fee/payment, document review and redaction and reporting. This software will propel the Division forward in addressing current and future ATIP challenges.
Summary of Key Issues and Action Taken on Complaints
From the time a request is received, the Division works with requesters to fully understand the request to reduce the processing time and ensure the relevancy of the records provided. In addition, the Division has taken diverse actions to keep the number of complaints at a minimum. For instance, the Division regularly revises its procedures to improve performance and reduce the response time to provide improved service to Canadians.
ATIP analysts receive ongoing training on the complaints process and the handling of complaints received from the OPC. The Division has established a streamlined process for handling complaints where the Deputy Director, Operations Unit, is responsible for providing representations to the OPC. The Director and Deputy Director, Operations Unit continue to work closely with the OPC in resolving complaints.
SSC received two complaints relating to time delays during this reporting period. In order to resolve complaint issues, the ATIP Division provided rolling interim releases when possible to start giving requesters information more rapidly.
Material Privacy Breaches
A privacy breach refers to the improper or unauthorized access, collection, use, disclosure, retention or disposal of personal information. A material breach involves sensitive personal information that could reasonably be expected to cause serious injury or harm to the individual. During the reporting period, no material breaches occurred or were reported to the OPC.
The ATIP Division monitors and documents all privacy breaches reported. The Division also reviews how and where in the Department they occurred to provide tailored privacy breach training to specific groups to promote awareness and increase prevention.
Privacy Impact Assessments
During the reporting period, one PIA was completed. The Enterprise IT Service Management (ITSM) initiative is an SSC-led project under the Service Management Branch (SMB) Portfolio, which is a multi-year project to establish an enterprise-wide state-of-the-art ITSM solution as a replacement for SSC’s current enterprise ITSM tool, Enterprise Control Desk (ECD). This project will directly support Service Management and other program initiatives by providing an enterprise ITSM tool solution to be configured and deployed to production by a vendor.
At the end of 2022–2023 , 2 PIAs were at various stages of the approval process. They will be reflected in future reports.
SSC continued its collaboration with other departments by sharing the Digital Communications and Collaboration Solution (DCC) PIA. The Policy and Governance Unit completes privacy risk checklists (PRC), which allows the team to determine if a PIA is required. During this reporting period, 39 were completed and 7 were carried over to the next fiscal year. PRC’s assesses new programs and initiatives used in the department, as well as SSC’s partners, in the collection, use, disclosure, storage and retention period of personal information. There was an 18 percent increase in privacy risks checklists this reporting period compared to last year. The increase could be explained by years of collaboration and increased awareness within SSC.
Annex A – Delegation Order
Shared Services Canada
Access to Information Act and Privacy Act Delegation Order
The Minister of Digital Government, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister as the head of Shared Services Canada, under the provisions of the acts and related regulations set out in the schedule opposite each position.
This designation replaces all previous delegation orders.
Schedule
| Position | Access to Information Act and Regulations | Privacy Act and Regulations |
|---|---|---|
| 1. President | Full authority | Full authority |
| 2. Executive Vice President | Full authority | Full authority |
| 3. Assistant Deputy Minister, Strategy and Engagement Branch | Full authority | Full authority |
| 4. Corporate Secretary and Chief Privacy Officer | Full authority | Full authority |
| 5. Director, Access to Information and Privacy Protection Division | Full authority | Full authority |
| 6. Deputy Directors, Operations and Policy and Governance, Access to Information and Privacy Protection Division | Full authority | Full authority |
Dated, at Ottawa,
this 6th day of January, 2023
The Honourable Helena Jaczek
Minister of Public Services and Procurement and Head of Shared Services Canada
Annex B — Statistical Report
Statistical Report on the Privacy Act
Name of institution: Shared Services Canada
Reporting period: 2022-04-01 to 2023-03-31
Section 1: Requests under the Privacy Act
| Number of requests | ||
|---|---|---|
| Received during the reporting period | 65 | |
| Outstanding from the previous reporting period | 11 | |
|
11 | |
|
0 | |
| Total | 76 | |
| Closed during the reporting period | 72 | |
| Carried over to the next reporting period | 4 | |
|
3 | |
|
1 | |
| Source | Number of requests |
|---|---|
| Online | 57 |
| 2 | |
| 6 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 65 |
Section 2: Informal Requests
| Number of requests | ||
|---|---|---|
| Received during the reporting period | 0 | |
| Outstanding from the previous reporting period | 0 | |
|
0 | |
|
0 | |
| Total | 0 | |
| Closed during the reporting period | 0 | |
| Carried over to the next reporting period | 0 | |
| Source | Number of requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
| Completion Time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Less than 100 pages released | 100-500 pages released | 501-1000 pages released | 1001-5000 pages released | More than 5000 pages released | |||||
|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 2 | 1 | 1 | 0 | 0 | 0 | 0 | 4 |
| Disclosed in part | 0 | 5 | 9 | 3 | 0 | 4 | 0 | 21 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 41 | 0 | 0 | 0 | 0 | 0 | 0 | 41 |
| Request abandoned | 6 | 0 | 0 | 0 | 0 | 0 | 0 | 6 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 49 | 6 | 10 | 3 | 0 | 4 | 0 | 72 |
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 18(2) | 0 | 22(1)(a)(i) | 0 | 23(a) | 0 |
| 19(1)(a) | 0 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
| 19(1)(b) | 0 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
| 19(1)(c) | 0 | 22(1)(b) | 6 | 24(b) | 0 |
| 19(1)(d) | 0 | 22(1)(c) | 0 | 25 | 0 |
| 19(1)(e) | 0 | 22(2) | 0 | 26 | 26 |
| 19(1)(f) | 0 | 22.1 | 0 | 27 | 3 |
| 20 | 0 | 22.2 | 0 | 27.1 | 0 |
| 21 | 0 | 22.3 | 0 | 28 | 0 |
| 22.4 | 0 |
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
| 69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
| 69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
| 70(1)(c) | 0 | 70.1 | 0 |
| Paper | Electronic | Other | |||
|---|---|---|---|---|---|
| E-record | Data set | Video | Audio | ||
| 0 | 25 | 0 | 0 | 0 | 0 |
3.5 Complexity
| Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|
| 37198 | 7199 | 31 |
| Disposition | 100 pages or less processed | 100-500 pages processed | 501-1000 pages processed | 1,001-5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | |
| All disclosed | 2 | 22 | 2 | 539 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 120 | 7 | 1829 | 4 | 2515 | 5 | 11089 | 3 | 21084 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 6 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 10 | 142 | 9 | 2368 | 4 | 2515 | 5 | 11089 | 3 | 21084 |
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 0 | 0 | 0 |
| Disposition | Less than 60 minutes processed | 60 – 120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 72 | 72 | 2 |
3.5.6 Relevant Minutes Processed per Request Disposition for Video Formats by Size of Requests
| Disposition | Less than 60 minutes processed | 60 – 120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 2 | 72 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 2 | 72 | 0 | 0 |
| Disposition | Consultation required | Legal advice sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 4 | 2 | 1 | 0 | 7 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 4 | 2 | 1 | 0 | 7 |
3.6 Closed Requests
| Number of requests closed within legislated timeline | 66 |
| Percentage of requests closed within legislated timelines (%) | 91.6666667 |
3.7 Deemed Refusals
| Number of requests closed past the legislated timelines | Principal reason | |||
|---|---|---|---|---|
| Interference with operations/ Workload | External consultation | Internal consultation | Other | |
| 6 | 5 | 0 | 1 | 0 |
| Number of days past legislated timelines | Number of requests past legislated timeline where no extension was taken | Number of requests past legislated timeline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 6 | 6 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 6 | 6 |
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Section 5: Requests for Correction of Personal Information and Notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 6: Extensions
| Number of extensions taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 17 | 0 | 14 | 0 | 0 | 0 | 3 | 0 | 0 |
| Length of Extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b)Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 14 | 0 | 0 | 0 | 3 | 0 | 0 |
| 31 days or greater | 0 | |||||||
| Total | 0 | 14 | 0 | 0 | 0 | 3 | 0 | 0 |
Section 7: Consultations received from other institutions and organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 0 | 0 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclosed entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclosed entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempted entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Excluded entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion time for consultations on Cabinet Confidences
| Number of Days | Fewer Than 100 Pages Processed | 100-500 pages processed | 501-1000 pages processed | 1,001-5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of Days | 100 pages or less processed | 100-500 pages processed | 501-1000 pages processed | 1,001-5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 2 | 0 | 2 |
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)
| Number of PIAs completed | 0 |
|---|---|
| Number of PIAs modified | 1 |
| Personal information banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution-Specific | 0 | 0 | 0 | 0 |
| Central | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
Section 11: Privacy Breaches
| Number of material privacy breaches reported to TBS | 0 |
|---|---|
| Number of material privacy breaches reported to OPC | 0 |
| Number of non-material privacy breaches | 21 |
|---|
Section 12: Resources related to the Privacy Act
| Expenditure | Amount | |
|---|---|---|
| Salaries | $472,716 | |
| Overtime | $0 | |
| Goods and services | $128,469 | |
| $0 | - |
| $128,469 | |
| Total | $601,185 | |
| Resources | Person years dedicated to Access to Privacy activities |
|---|---|
| Full-time employees | 4.730 |
| Part-time and casual employees | 0.180 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 0.000 |
| Students | 0.600 |
| Total | 5.510 |
Note: Enter values to three decimal places.
Page details
- Date modified: