Privacy Act: Plain Language Guide to Exemptions and Exclusions
On this page
- Section 18: Exempt banks
- Section 19: Personal information obtained in confidence
- Section 20: Federal–provincial affairs
- Section 21: International affairs and defence
- Subsection 22(1): Law enforcement and investigations
- Subsection 22(2): Policing services for provinces or municipalities
- Section 22.1: Information obtained by the Privacy Commissioner
- Section 22.2: Public Sector Integrity Commissioner
- Section 22.3: Public Servants Disclosure Protection Act
- Section 22.4: Secretariat of National Security and Intelligence Committee of Parliamentarians
- Section 23: Security clearances
- Section 24: Individuals sentenced to an offence
- Section 25: Safety of individuals
- Section 26: Personal information about another individual
- Section 27: Solicitors, advocates and notaries
- Section 27.1: Protected information – patents and trademarks
- Section 28: Medical records
- Subsection 69(1): Library and museum material
- Section 69.1: Canadian Broadcasting Corporation
- Subsection 70(1): Confidences of the King’s Privy Council for Canada
- Section 70.1: Certificate under the Canada Evidence Act
The Privacy Act gives everyone a general right to access their personal information held by government institutions. It also protects that personal information from unauthorized collection, use, retention and disclosure.
However, the right of access to one’s personal information has some limits. There are two classes of exceptions to the general right of access:
- exemptions where certain types of personal information are exempt from the Privacy Act’s access requirements
- exclusions where the Privacy Act does not apply to personal information
The Privacy Act allows for government institutions to refuse to release certain kinds of personal information. This guide is organized by the sections of the Privacy Act that deal with the exemptions and exclusions from release. They will help you understand why parts of your response package have been blacked out and not released to you.
Generally, to be included in the response package, the information must meet the following three requirements to be defined as your personal information and releasable under the Privacy Act:
- You can be identified by the information. Your name is in the record, or your identity can be deduced by the information in the record, whether alone or when combined with information from other sources.
- The information is about you as an individual. Information about corporations and other legal persons does not fall within the definition of your personal information. However, information about individual(s) in a sole proprietorship or in a partnership would be considered “personal information” within the meaning of section 3 of the Privacy Act.
- The information is recorded. It can be recorded in any form. For example, video recordings and photographic images of you contain personal information about you because they show something about your race, gender, age and ethnic origin, as well as your appearance or the sound of your voice. This applies to recordings and images of employees of a government institution and public figures. Oral conversations, even if personal in nature, are not considered personal information for the purposes of the Privacy Act unless the conversation is recorded in some manner.
Note that when someone gives an opinion or makes a statement about someone else, that opinion or statement is generally considered the personal information of both parties. This can impact whether it is released to you.
Right of access and severability
A personal information request generally gives you access to your own personal information. The records containing your personal information may also include information other than your personal information. Institutions may release some of this additional information to you. In practice, parts of the records that are not exempt or excluded will not be blacked out, while the parts of a document where Privacy Act exceptions do apply will be blacked out.
Sections 18 to 28 of the Privacy Act deal with exemptions. These limit one’s access to personal information. An exemption could be made, for example, because the release of the personal information could cause injury to a person or the country. It could also be made because of how the information was obtained (such as during an investigation). Some exemptions are mandatory, in which case the institutions are legally required to withhold the personal information. Others are discretionary, in which case privacy officials may decide whether releasing the information is appropriate.
Sections 69 and 70 of the Privacy Act are referred to as “exclusions” because they cover information that is excluded from the application of the Privacy Act. Individuals do not have a right of access to this information.
Section 18: Exempt banks
Government of Canada institutions collect personal information about individuals for programs or activities, such as granting a benefit or determining how much in taxes is owed. Institutions must publish a listing, called a personal information bank, of the personal information they collect and how it is managed. The listing is published on the institution’s Info Source website.
Some personal information banks are for programs and activities focused on international affairs, defence, law enforcement and national security investigations. Given the sensitive nature of personal information that would be held by programs related to these personal information banks, these personal information banks may be designated as exempt from personal information requests. In such a case, the personal information in these designated banks does not have to be disclosed to the requester under section 18 of the Privacy Act. You can find more information about these exempt personal information banks on the institutions’ websites.
In order to protect its ongoing international affairs, defence, law enforcement and investigations, the Government of Canada does not provide access to the personal information in an exempt bank.
Exempt banks are rare, but they primarily include security, intelligence, national defence, and national security investigation records.
Subsection 18(1) protects exempted personal information banks that contain files predominantly of personal information described in section 21 or 22 of the Privacy Act. These sections are also explained in this guide.
Subsection 18(2) allows the head of a government institution to refuse to release personal information contained in an exempt bank under subsection 18(1).
Section 19: Personal information obtained in confidence
The Government of Canada works with other governments, as well as with international governmental organizations such as the United Nations. As part of this work, the Government of Canada may obtain confidential personal information from a governmental source that is protected under section 19.
Section 19 protects personal information that the federal government obtains in confidence from other governments or international organizations of states. The section 19 exemption gives assurance to these entities that the Government of Canada will not release information provided in confidence.
Subsection 19(1) protects confidential personal information supplied by other governments or international organizations of states. This is a mandatory exemption, and institutions are legally required to withhold personal information where it applies. The head of a Government of Canada institution must refuse to release personal information obtained in confidence from the following:
- the government of a foreign state or one of its institutions
- an international organization of states or one of its institutions
- the government of a province or one of its institutions
- a municipal or regional government or one of its institutions that was established under an act of the legislature of a province
- a First Nations government or council
There may be two exceptions to this section:
- where the entity who supplied the personal information agrees to release the information
- where the source of the personal information makes that information public
Section 20: Federal–provincial affairs
The Government of Canada works with provinces and territories and other organizations on federal–provincial issues to ensure smooth government operations across the country.
The Privacy Act allows federal government departments to prevent the release of personal information that would harm the Government of Canada’s ability to conduct these activities.
The Government of Canada’s work with provincial partners is vital to ensuring that governments across Canada function properly.
For this work, the Government of Canada may gather and analyze personal information, the disclosure of which could be harmful to the Government of Canada’s conduct of federal–provincial affairs. This exemption can be used to prevent the disclosure of personal information judged to be harmful to federal–provincial affairs even if the personal information is not confidential.
As a discretionary exemption, section 20 allows the head of a government institution to refuse to release personal information that could harm the Government of Canada’s ability to conduct federal–provincial affairs.
Section 21: International affairs and defence
The Government of Canada works to ensure the safety of Canadians and advance Canada’s interests abroad.
Some government institutions deal with security threats, such as cyberattacks and terrorist activities. Other institutions have a diplomatic role or play a role in military or other defence activities.
To advance these international interests, the Government of Canada may work with and share personal information with other countries and international organizations. Releasing this sensitive personal information to the public may harm the government and its allies.
Government institutions that work abroad and conduct global and national security operations must protect the sources and methods required to do their jobs.
The personal information of Canadian personnel could reveal sensitive information relating to a military unit or other defence organization, such as the training, capabilities and skills of members. Revealing an intelligence source publicly could compromise the flow of valuable information and the source’s safety, even to an individual who previously worked on the file. Finally, protecting opinions expressed about an individual could be important for effective diplomacy.
The release of this kind of personal information can make it more difficult for the Government of Canada to detect threats to the country and its allies.
As a discretionary exemption, section 21 allows the head of a government institution to refuse to release personal information if the release could harm:
- the conduct of international affairs
- the defence of Canada or any state allied with Canada
- the detection, prevention or suppression of subversive or hostile activities such as espionage or sabotage
For further examples, refer to the Access to Information Act, section 15.
Subsection 22(1): Law enforcement and investigations
Many Government of Canada institutions enforce laws that ensure the safety of Canada and Canadians.
Law enforcement often refers to policing. However, Canada also enforces laws relating to administrative matters, such as tax enforcement. Enforcing these laws usually requires conducting investigations. Investigations typically create or collect a wide range of personal information.
Some personal information is collected through specialized policing techniques. These techniques are usually kept confidential to protect the investigative process. The Privacy Act allows government institutions to protect personal information that may make it difficult for them to conduct lawful investigations if it were released.
Publicly releasing personal information about law enforcement activities or administrative investigations could:
- make it more difficult for Government of Canada institutions to enforce laws or carry out important functions such as protecting national security
- interfere with criminal or other investigations or prosecutions
- reveal techniques used to gather and analyze evidence or intelligence
- hurt relationships with confidential information sources
- make it difficult to make arrests by allowing people or organizations to evade law enforcement officials
As a discretionary exemption, subsection 22(1) states that the head of a government institution may refuse to release personal information requested when:
- the information comes from an investigative body listed in the Privacy Regulations and releasing this information could harm law enforcement or conduct of an investigation
- information that, if released, could harm the enforcement of any law of Canada or a province or the conduct of lawful investigations
- information that, if released, could harm the security of penal institutions
Subsection 22(2): Policing services for provinces or municipalities
The Royal Canadian Mounted Police (RCMP) is Canada’s national police force. The RCMP often performs policing services for provincial and municipal governments.
Subsection 22(2) of the Privacy Act states that a government institution will refuse to release any record that contains personal information that the RCMP obtained or prepared while performing policing services for a province or a municipality.
The RCMP gathers personal information while performing policing services for provinces or municipalities.
Subsection 22(2) allows provincial and municipal authorities to get the federal government’s cooperation to protect the personal information that the RCMP obtained or prepared in relation to policing services in their jurisdiction.
For example, if the RCMP provided policing services to a municipality in relation to organized crime, the municipality may want to protect that personal information because it relates to future investigations or pending litigation.
Subsection 22(2) states that the head of a government institution will not release any personal information if the federal government has agreed to a request from the province or municipality to protect the personal information that was obtained or prepared by the RCMP while performing policing services for the province or municipality. This is a mandatory exemption, and institutions are legally required to withhold personal information where it applies.
Section 22.1: Information obtained by the Privacy Commissioner
Section 22.1 protects personal information obtained or prepared during investigations by the Privacy Commissioner, such as the details of a complaint that was filed with the Privacy Commissioner.
Protecting personal information related to the Privacy Commissioner’s investigations helps ensure their ability to perform their duties and powers independently and to facilitate cooperation throughout the investigation.
Subsection 22.1(1) states that the Privacy Commissioner will refuse to release any personal information that was obtained or created by them or on their behalf during an investigation conducted by them or under their authority. This is a mandatory exemption, and institutions are legally required to withhold personal information where it applies.
Subsection 22.1(2) is an exception to 22.1(1) and states that the Privacy Commissioner cannot refuse to release personal information created by them or on their behalf once all investigations and all related proceedings have concluded.
Section 22.2: Public Sector Integrity Commissioner
The Public Sector Integrity Commissioner investigates wrongdoing in the federal public service and helps protect whistleblowers.
To protect people who contact the Public Sector Integrity Commissioner about alleged wrongdoing, the Privacy Act requires the Office of the Public Sector Integrity Commissioner to protect personal information in investigation files.
Personal information obtained or created by the Office of the Public Sector Integrity Commissioner in an investigation may include sensitive or harmful information, particularly towards a whistleblower.
For example, if a whistleblower contacted the Public Sector Integrity Commissioner with damaging information about practices or negligence by a Government of Canada institution and their personal information became public, the whistleblower may be vulnerable to reprisals.
Section 22.2 requires the Public Sector Integrity Commissioner to refuse to release personal information obtained or created by or for them during an investigation or for the purpose of making a disclosure under the Public Servants Disclosure Protection Act. This is a mandatory exemption, and institutions are legally required to withhold personal information where it applies.
Section 22.3: Public Servants Disclosure Protection Act
The Public Servants Disclosure Protection Act allows federal public servants to report allegations of wrongdoing in their workplace safely and confidentially.
Both the allegations and any potential investigations are often sensitive. The Privacy Act requires that heads of government institutions protect any related personal information.
The purpose of this exemption is to allow federal public servants to safely report allegations of wrongdoing in the workplace. Section 22.3 protects any personal information created during the entire investigative process.
The ability to report wrongdoings safely not only helps ensure the integrity of the public service, but also protects those who report wrongdoing from reprisals.
Section 22.3 requires the heads of government institutions to refuse to release any personal information requested under the Privacy Act that was obtained or created:
- to make a disclosure under the Public Servants Disclosure Protection Act
- during an investigation into a release under the Public Servants Disclosure Protection Act
This is a mandatory exemption, and institutions are legally required to withhold personal information where it applies.
Section 22.4: Secretariat of National Security and Intelligence Committee of Parliamentarians
The National Security and Intelligence Committee of Parliamentarians (NSICOP) has a mandate to review the legislative, regulatory, policy, administrative and financial framework for Canada’s national security and intelligence community. The Secretariat of NSICOP helps it fulfill its mandate.
NSICOP prepares reports for the Prime Minister and Parliament, with sensitive information redacted.
To draft these reports, NSICOP can access any information, with few exceptions, that is under the control of a government institution. This means that the Secretariat may obtain or create highly sensitive records about national security and intelligence.
The Privacy Act requires that the Secretariat not release the personal information it has obtained or created.
NSICOP members hold the highest level of security clearance and are bound to secrecy by the Security of Information Act. This allows them to receive classified briefings and access sensitive materials to review Canada’s national security and intelligence organizations.
The Secretariat supports NSICOP in performing their reviews. This organization is made up of public servants who can also access sensitive materials but, unlike NSICOP, the Secretariat is subject to the Privacy Act.
To protect national security and intelligence interests, section 22.4 protects all personal information obtained or created by the Secretariat in support of NSICOP’s mandate from being released.
Section 22.4 states that the Secretariat must refuse to release any personal information obtained or created by or for it while assisting the NSICOP in fulfilling its mandate. This is a mandatory exemption, and institutions are legally required to withhold personal information where it applies.
Section 23: Security clearances
The government investigates the reliability and loyalty of its employees and contractors. These investigations are conducted when someone is hired and throughout their employment, usually every five to 10 years. The type of work an individual does will determine the frequency and depth of the investigations. Following the investigation, the employee or contractor may be given a security clearance.
Government institutions may collect personal information from the investigative bodies listed in Schedule IV of the Privacy Regulations as part of the security clearance process. Information is usually not released when it could reveal the identity of whoever supplied the information. When someone gives an opinion or a statement about someone else, that opinion or statement is considered the personal information of both parties.
This exemption can be applied to security clearances that are required by the Government of Canada or for the government or institution of a province or foreign state.
When an investigative body provides a government institution with information on an individual, the expectation is that the source of this information will not be released. The information is shared only for the purpose of determining whether a security clearance should be granted.
Information collected by the government from investigative bodies may contain sensitive personal information about an individual who provided investigative bodies with information about the person undergoing the security clearance. Releasing this personal information and potentially revealing its source could make getting similar information in future, from the same source or elsewhere, more difficult. Other non-personal information obtained during the security clearance process cannot be protected under this provision.
As a discretionary exemption, section 23 states that the head of a government institution may refuse to release any personal information whose release could reveal the source of information that was obtained or prepared by an investigative body specified in Schedule IV of the Privacy Regulations.
That information must have been used to determine whether to grant a security clearance. It should be exempted if the release of the information could reveal the identity of the individual who provided the information.
Section 24: Individuals sentenced to an offence
Correctional Service Canada and the Parole Board of Canada collect personal information about individuals who are sentenced for a federal offence.
The personal information could include the following:
- information about an individual while they are serving their sentence in a government facility
- information that an inmate has provided to the staff of an institution about another inmate
- information about an inmate provided from outside sources
- information about an individual’s compliance with the conditions of their parole or mandatory supervision program, either supplied by the individual or someone else
Personal information may be exempted from a request while an individual is under sentence. This exemption can continue to apply after their sentence is completed.
Providing this type of personal information to a requester may reveal information that was given in confidence. It may also lead the requester to do something that breaches the conditions of their sentence or parole.
For example, information may have been provided to the government that would lead to parole being revoked for an individual. A victim may report that an offender contacted them when no contact is a condition of their release. If confidentiality was promised, this information would not be released.
As a discretionary exemption, section 24 states that the head of a government institution may refuse to release personal information that was collected or obtained by Correctional Service Canada or the Parole Board of Canada while the individual was under sentence for an offence if releasing the personal information could:
- lead to a serious disruption of the individual’s institutional, parole or statutory release program
- reveal information about another individual when that individual supplied the information under a promise of confidentiality
Section 25: Safety of individuals
Sometimes, the Government of Canada has or learns of personal information that could put individuals in danger if that information were released.
When the personal information being requested could put one or more individuals in danger, the Privacy Act allows the government to protect that personal information from being released.
This exemption protects individuals against physical or psychological harm. It does not protect an individual’s economic security. The risk to the individual must be serious.
The risk is based on many factors, including past threats made against an individual and the behaviour of the potential offender.
As a discretionary exemption, section 25 states that the head of government institutions may refuse to release any personal information requested if they have reasonable grounds to believe that its release could threaten the safety of an individual.
Section 26: Personal information about another individual
Any information that is recorded about an identifiable individual is considered “personal information.” It must be appropriately safeguarded, used and managed in accordance with the Privacy Act.
Although a requester has a right of access to their own personal information, that right does not extend to information about another individual. This exemption protects an individual’s personal information from being released to someone else.
Section 26 protects personal information about another individual held by government institutions from being released.
As a discretionary exemption, this exemption may be applied where personal information about another individual is found in documents that include information about the requester. However, there are three situations where someone else’s personal information could be released:
- where consent is obtained from the other individual
- where the information is publicly available
- where the release is allowed under section 8 of the Privacy Act, which specifies when personal information can be disclosed without consent
Section 27: Solicitors, advocates and notaries
Government institutions administer and adhere to laws as part of their regular business.
Institutions must act lawfully, and sometimes their decisions or actions can be challenged before the courts. As a result, government institutions frequently employ legal professionals to advise and support them.
Legal opinions, routine communications and litigation files can contain personal information when individuals are involved. The Privacy Act allows the government to protect some of this personal information from disclosure when it is subject to solicitor–client privilege.
The solicitor–client privilege exemption refers to two types of privilege: solicitor–client privilege and litigation privilege.
- Solicitor–client privilege, also known as legal advice privilege, applies to all communications between a lawyer and their client relating to seeking or giving legal advice or assistance.
- Litigation privilege applies to records created for ongoing or anticipated litigation.
Solicitor–client privilege is necessary to administer justice and maintain the public’s confidence in the legal system. It allows clients and their legal professionals to have candid discussions. Clients need to be assured that communications between them and their legal representatives are strictly confidential. Like litigation privilege, this privilege never expires.
Litigation privilege allows litigators to prepare their cases in private without interference by the other party before they make their case in court.
Section 27 ensures that government institutions receive protections for communications with their legal professionals, similar to the private sector.
However, it does not apply where solicitor–client privilege has been waived.
As a discretionary exemption, section 27 states that the head of a government institution may refuse to release personal information subject to solicitor–client privilege.
Section 27.1: Protected information – patents and trademarks
Patents protect inventions, processes and scientific creations from being copied. Likewise, trademarks protect brands, logos and slogans from being copied.
Patent agents and trademark agents are licensed professionals who help clients secure legal protections for their intellectual property by submitting patent or trademark applications.
Section 27.1 of the Privacy Act protects privileged communications between clients and their patent or trademark agent.
Conversations between patent agents or trademarks agents and their clients may involve sensitive information regarding intellectual property and are privileged in the same way as solicitor–client privilege.
If sensitive information regarding intellectual property was made public, a competitor may use that information to their advantage.
As a discretionary exemption, section 27.1 states that the head of an institution may refuse to release personal information subject to privileges set out in section 16.1 of the Patent Act or section 51.13 of the Trademarks Act.
Section 28: Medical records
Sensitive medical or mental health information about an individual may be collected by a government institution, either directly from the individual or indirectly from a medical professional.
Government institutions may hold sensitive physical or mental health information about individuals. Although it may be collected, it may not be in the best interests of an individual to be given access to parts of their medical records, especially through a personal information request. Other avenues might be more appropriate.
The decision on what is in the best interest of an individual will be made by the head of a government institution. It is possible for the head to allow a qualified medical professional, such as a psychologist, to review the information so as to provide an opinion on whether to release the information.
The government institution may also require that the requester examine this information in person and in the presence of a medical professional so that the medical professional may explain or clarify the information to the requester.
As a discretionary exemption, section 28 states that the head of an institution may refuse to release any personal information that relates to the physical or mental health of that individual if it would be contrary to the best interests of the individual to view the information.
Sections 13 and 14 of the Privacy Regulations outline how medical practitioners or psychologists may help decide what should be released to the requester and how they can help explain and clarify what is released.
Subsection 69(1): Library and museum material
Federal museums and libraries preserve certain information to exhibit or for the public’s use. They also accept donations of materials by members of the public, private organizations or representatives acting on their behalf.
The Privacy Act does not provide a right of access to materials held in museums or libraries.
Museums and libraries preserve material for public reference and exhibition purposes. This includes material donated by private citizens or organizations. This material is protected to prevent the public from accessing the material held by museums or libraries via the Privacy Act instead of paying for the services of the museum or library or another third party providing search services.
Subsection 69(1) states that the Act does not apply and grants no right of access to the following categories of information:
- library or museum material preserved solely for public reference or exhibition purposes
- material placed by or on behalf of persons or organizations other than government institutions in the following:
- Library and Archives of Canada
- National Gallery of Canada
- Canadian Museum of History
- Canadian Museum of Nature
- Canada Science and Technology Museum
- Canadian Museum for Human Rights
- Canadian Museum of Immigration at Pier 21
Section 69.1: Canadian Broadcasting Corporation
The Canadian Broadcasting Corporation (CBC) is a Canadian Crown corporation and Canada’s national public broadcaster.
It collects and uses personal information for its administrative activities, such as expenditures and staffing, and about their journalistic, creative and programming activities. Examples of these activities include planned stories, the names of key sources and anticipated programming.
The CBC operates at arm’s length from the Government of Canada but is still subject to the Privacy Act. The Access to Information Act excludes information that relates to the CBC’s journalistic or creative activities, other than general administration.
Freedom of the press is in the Canadian Charter of Rights and Freedoms. A free press is important because it means that broadcasters can publish stories without political or public scrutiny or interference.
Since they provide programming other than journalism, broadcasters operate in a competitive environment where each broadcaster wants to attract the most viewers. Releasing planned creative and programming activities could harm a broadcaster’s ability to make money from those activities.
Section 69.1 recognizes the unique position of the CBC. Given that it receives government funding, its management functions and administration should be open to public scrutiny as with any other government institution subject to the Privacy Act. However, the CBC’s specific mandate requires that the same protections extended to private broadcasters apply for CBC’s journalistic sources so that it can maintain its creative and programming independence.
Section 69.1 is an exclusion that states that the Privacy Act does not apply to any information that is under the control of the CBC that relates to its journalistic, creative or programming activities (for example, show or news anchor selection rationale) other than information that relates to its general administration (for example, personnel files and pay administration files).
Subsection 70(1): Confidences of the King’s Privy Council for Canada
The Government of Canada is based on a parliamentary system that includes a Cabinet. The Cabinet is a body of advisors and is a committee of the King’s Privy Council for Canada.
Members of the Cabinet are ministers of the Crown who are responsible for government policy. To set policies and priorities for the country, the Cabinet meets regularly to discuss and make decisions on a variety of issues.
The federal public service provides confidential advice to ministers to support their participation in Cabinet. As a result, institutions hold information about Cabinet meetings and discussions. The Privacy Act excludes these records, as they are confidences of the King’s Privy Council.
Releasing Cabinet discussions would harm the Cabinet’s ability to discuss issues freely and make informed decisions. The decision-making process and its supporting records are traditionally protected, which enables ministers to have open discussions. Although rare, personal information may be within these types of records but may not be accessible to the individual if the records remain a Cabinet confidence.
Subsection 70(1) states that the Privacy Act does not apply to confidences of the King’s Privy Council for Canada, including:
- memoranda to present proposals or recommendations to council
- discussion papers to present background explanations, analyses of problems or policy options to council for decision-making
- agendas of council or records of council deliberations or decisions
- records used for or reflecting communications or discussions between ministers of the Crown on matters relating to the making of government decisions or the formulation of government policy
- records to brief ministers of the Crown about matters that are before, or are proposed to be brought before, council or that are the subject of communications or discussions referred to in paragraph 70(1)(d)
- draft legislation
Subsection 70(2) specifies that for the purposes of subsection 70(1), the word “council” means the King’s Privy Council for Canada, committees of the King’s Privy Council for Canada, Cabinet and committees of Cabinet.
Subsection 70(3) specifies that this exclusion has two exceptions:
- confidences of the King’s Privy Council for Canada that are more than 20 years old
- discussion papers (see paragraph 70(1)(b)):
- if the decisions related to the discussion papers have been made public
- where the decisions have not been made public, if four years have passed since the decisions were made
Section 70.1: Certificate under the Canada Evidence Act
Certain Government of Canada institutions conduct criminal and civil prosecutions on behalf of the government. These legal proceedings may involve sensitive information that was obtained in confidence from foreign entities or that relates to national defence or national security.
In national security prosecutions, records about the case may contain information on terrorism offences, war crimes, human smuggling, information that is classified or information obtained from foreign law enforcement partners.
The Canada Evidence Act authorizes the Attorney General of Canada to issue a certificate to prevent sensitive information from being released.
The Privacy Act excludes information that the Attorney General of Canada has issued a certificate about.
For the Attorney General of Canada to issue a certificate, there must be a risk to international relations, national defence or national security. Therefore, that information should be excluded from the Privacy Act.
This section ensures that the Privacy Act is aligned with the Canada Evidence Act. This means that information protected under the Canada Evidence Act cannot be released under the Privacy Act.
If the Attorney General of Canada issues a certificate after a complaint is filed with the Privacy Commissioner, the complaint is discontinued. The information cannot be released and must be returned to the institution by the Privacy Commissioner.
Subsection 70.1(1) of the Privacy Act states that when the Attorney General of Canada issues a certificate under section 38.13 of the Canada Evidence Act that prohibits a person’s personal information from being released before that person files a complaint under the Privacy Act about access to that information, the Privacy Act does not apply to that personal information.
Subsection 70.1(2) states that when the Attorney General of Canada issues a certificate under section 38.13 of the Canada Evidence Act that prohibits a person’s personal information from being released after that person files a complaint under the Privacy Act about access to that information:
- all proceedings under the Privacy Act about the complaint, including an investigation, appeal or judicial review, are discontinued
- the Privacy Commissioner shall not release the information and shall take all necessary precautions to prevent its release
- the Privacy Commissioner shall, within 10 days after the certificate is published in the Canada Gazette, return the information to the head of the government institution that controls the information
Subsection 70.1(3) states that the Privacy Commissioner and every person acting on their behalf or under their direction in the course of their duties must not release information certified under section 38.3 of the Canada Evidence Act.
Subsection 70.1(4) limits the power of delegation. Up to a maximum of four officers or employees specially designated within the Office of the Privacy Commissioner may investigate a complaint for information that was subject to a certificate under section 38.13 of the Canada Evidence Act.
- Date modified: