Annual Report to Parliament on the Administration of the Privacy Act 2023-2024
Table of Contents
- Introduction
- Organizational Structure
- Delegation Order
- Performance 2023-2024
- Training and Awareness
- Policies, Guidelines, and Procedures
- Initiatives and Projects to Improve Privacy
- Summary of Key Issues and Actions Taken on Complaints
- Material Privacy Breaches
- Privacy Impact Assessments
- Public Interest Disclosures
- Monitoring Compliance
- Annex A: Designation Order
- Annex B: ¶¶ÒùÊÓƵ 2023-2024 Statistical Report
- Annex C: ¶¶ÒùÊÓƵ 2023-2024 Supplemental Statistical Report
Introduction
We are pleased to table the Annual Report to Parliament on the administration of the Privacy Act (the Act) for fiscal year 2023-2024, as required under section 72 of the Act. ¶¶ÒùÊÓƵ is not reporting on behalf of wholly owned subsidiaries or non-operational institutions.
Note: The Department is referred to in this report as ¶¶ÒùÊÓƵ (GAC). Its legal name, however, remains the Department of Foreign Affairs, Trade and Development, as set out in the Department of Foreign Affairs, Trade and Development Act.
Purpose of the Privacy Act
The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.
Mandate of the Institution
¶¶ÒùÊÓƵ, under the leadership of the Minister of Foreign Affairs; the Minister of Export Promotion, International Trade and Economic Development; and the Minister of International Development, is responsible for advancing Canada’s international relations, including:
- Developing and implementing foreign policy;
- Fostering the development of international law, international trade and commerce;
- Providing international assistance (encompassing humanitarian, development, and peace and security);
- Providing consular services for Canadians; and
- Overseeing the Government of Canada’s global network of missions abroad.
¶¶ÒùÊÓƵ manages Canada’s diplomatic and consular relations with foreign governments and international organizations, engaging and influencing international players to advance Canada’s political, legal and economic interests, including poverty reduction, the empowerment of women and girls, the promotion of a rules-based international order, international peace and security, human rights, inclusive and accountable governance, peaceful pluralism, inclusion and respect for diversity, and environmental sustainability.
In support of efforts to eradicate global poverty and contribute to a more peaceful, prosperous, and inclusive world, the department manages the majority of Canada’s international assistance. The department also leads coordinated Canadian responses to crises and natural disasters abroad, including the provision of needs-based humanitarian assistance.
¶¶ÒùÊÓƵ also manages Canada’s international platform—a global network of missions in approximately 110 countries that supports the international work of the department and partner departments, agencies, and co-locators.
To improve and maintain market access for Canadian businesses, ¶¶ÒùÊÓƵ leads the negotiation of bilateral, plurilateral and multilateral trade agreements, the administration of export and import controls, as well as the management of international trade disputes. The Department also provides advice and services to help Canadian businesses succeed abroad and attract foreign direct investment to Canada, and supports international innovation, science, and technology.
The Department delivers consular services and provides travel information to Canadians.
It also supports global peace and stability and addresses international security threats such as terrorism, transnational organized crime and the proliferation of weapons, and materials of mass destruction.
¶¶ÒùÊÓƵ develops and implements policy and programming based on analysis of available evidence, including through consultation and engagement with Canadians and international stakeholders. The department is responsible for fostering the development of international law and its applications in Canada’s foreign relations.
The department’s legal responsibilities are detailed in the 2013 .
For more information on the ministers’ mandated commitments, see the .
Organizational Structure
The Access to Information and Privacy Protection Division (The ATIP Division) is responsible for the administration of the Access to Information Act and the Privacy Act (PA), including the processing of requests and consultations. The Director of the ATIP Division reports to the Corporate Secretary who, in turn, reports to the Deputy Minister of Foreign Affairs.
In 2023-2024, the ATIP Division had 69 Full-time Equivalent positions to fulfill the Department’s obligations under both the Access to Information Act and the Privacy Act. During the fiscal year, the ATIP Division filled on average, 50 of those 69 positions and relied on up to 7 ATIP consultants.
The ATIP Division is led by a director, who manages the teams that administer the access to information and privacy acts:
- The Operational Unit is managed by four deputy directors who head one or two processing teams. There are five team leaders who supervise processing teams. one senior advisor, twenty-two analysts, and seven consultants distributed throughout these teams. The Operational Unit is responsible for the processing and review of access, privacy, and consultation It also includes a team with dedicated resources to work on complaints, which processes legacy complaints and works closely to resolve them with the Office of the Information Commissioner and the Office of the Privacy Commissioner (OPC).
- The Privacy Policy Team is managed by one deputy director and includes one team leader, five analysts, who deal directly with privacy breaches, departmental complaints, privacy impact assessments, and requests for privacy advice.
- The Policy and Governance Team is managed by one deputy director and includes one senior ATIP policy and governance advisor who coordinates process modernization, procedural updates, and departmental training.
- The Business Practices and Systems Unit is managed by one deputy director and includes one ATIP systems analyst, three business analysts and four clerks who process incoming and outgoing ATIP correspondence, imaging services, technical support, and other administrative tasks.
- The Corporate Affairs Unit is managed by one deputy director and includes one administrative assistant and one consultant. This group is responsible for the oversight of the division’s human resources, budget management, and general administration.
All employees are working within a hybrid model, with telework from home and in-office presence at headquarters (125 Sussex Drive). ¶¶ÒùÊÓƵ did not have any regional ATIP staff.
During the 2023-2024 fiscal year, ¶¶ÒùÊÓƵ did not have any service agreements pursuant to section 73.1 of the Privacy Act.
Delegation Order
Consistent with section 73 of the Privacy Act, the Minister’s authority is delegated to the deputy ministers, to the Corporate Secretary, to the Director of the ATIP Division, and to the deputy directors of the ATIP Division. It is also delegated to heads of mission for the purpose of public interest disclosures under paragraph 8(2)(m) of the Act.
A copy of ¶¶ÒùÊÓƵ’s signed Designation Order is provided in Annex A.
Performance 2023-2024
Number of Requests
In 2023-2024, the Department received 361 new requests under the Privacy Act, an increase of 206% compared to the 2022-2023 fiscal year. A total of 61 requests were carried over into this reporting period; 36 requests were outstanding from the previous reporting period and 25 outstanding from more than one reporting period.
During the same reporting period, 344 requests were completed; an increase of 177% compared to the 2022-2023 fiscal year. The rise in the number of received and completed requests, compared to 2022-2023, reflects a small group of individuals that submitted 220 requests. Several days after submitting these requests, these individuals decided to abandon all their requests.
Text version
Privacy Requests | 2020-2021 | 2021-2022 | 2022-2033 | 2023-2024 |
---|---|---|---|---|
Received | 82 | 109 | 118 | 361 |
Completed | 74 | 110 | 124 | 344 |
Active Requests Carried Over to the Next Reporting Period
At the end of reporting period, 35% of ¶¶ÒùÊÓƵ’s outstanding requests were still on time. The carry-over of active files at the end of fiscal year 2023-2024 was 78.
2018-2019 | 2019-2020 | 2020-2021 | 2021-2022 | 2022-2023 | 2023-2024 | Total | |
---|---|---|---|---|---|---|---|
On time | 0 | 0 | 0 | 0 | 0 | 27 | 27 |
Late | 4 | 4 | 5 | 5 | 6 | 27 | 51 |
Total | 4 | 4 | 5 | 5 | 6 | 54 | 78 |
Extensions
During the reporting period, the Department took extensions on 17 out of the 344 requests it closed. The reasons for extension include 12 extensions taken under paragraph 15(a)(i) for interference with operations and 5 extensions under paragraph 15 (a)(ii) for required consultation.
Compliance Rate
The compliance rate is defined as the percentage of privacy requests that the Department responded within the deadline required under the Act. In 2023-2024, the departmental compliance rate for ¶¶ÒùÊÓƵ was 82%. This means that 18% of privacy requests received a response beyond the deadline. The compliance rate for the reporting period increased by 30 percentage points compared to the previous reporting period.
Completion Time
During the reporting period, the Department closed a total of 258 requests closed in 15 days or less (75%), 19 requests closed within 16-30 days (5%), 16 requests closed within 31-60 days (5%), 28 requests closed within 61-120 days (8%), 10 requests closed within 121-180 days (3%), 6 requests closed within 181-365 days (2%), and 7 requests took over 365 days to complete (2%).
Text version
Completion Time
This pie graph illustrates the percentage of requests that were completed during the reporting period within the following timeframes: 1 to 15 days (75%), 16 to 30 days (5%), 31 to 60 days (5%), 61 to 120 days (8%), 121 to 180 days (3%), 181 to 365 days (2%), and over 365 days (2%).
Disposition of Completed Requests
Of the 344 privacy requests closed during the 2023-2024 fiscal year, 10 were all disclosed (3%), 54 were disclosed in part (16%), 1 was all exempted (<1%), 1 was all excluded (<1%), 14 had no records in existence (4%), and 264 were abandoned (77%).
Text version
Disposition of Completed Requests
This pie graph illustrates the percentage of requests that were completed during the reporting period with the following dispositions: All Disclosed (3%), Disclosed in Part (16%), All Exempted (<1%), All Excluded (<1%), No records exist (4%), and Request abandoned (77%).
Consultations from Other Institutions
Given its mandate and various responsibilities at the international level, the Department plays a key role under the Act on behalf of other institutions of the Government of Canada. Specifically, the Department consulted foreign governments on behalf of other federal government institutions when the latter needed to determine whether they could release records that originated abroad.
During the reporting period, the Department received two new consultations from other government institutions and didn’t carry over any consultation from the previous reporting period. ¶¶ÒùÊÓƵ was able to complete these two consultation requests during the fiscal year having reviewed 124 pages.
Of the two consultation requests closed this fiscal year, one request was closed within 16-30 days (50%), and one request within 61-120 days (50%).
Number of Days Taken | Number of Requests Closed | Percentage |
---|---|---|
0-15 days | 0 | 0% |
16-30 days | 1 | 50% |
31-60 days | 0 | 0% |
61-120 days | 1 | 50% |
121-180 days | 0 | 0% |
181-365 days | 0 | 0% |
More than 365 days | 0 | 0% |
Staffing
In 2023-2024, the ATIP Division had approximately 12 Full time Equivalents dedicated to privacy activities (personal information requests and privacy policy). This is consistent with the staffing level of the previous reporting period.
Text version
Privacy Protection Total Human Resources in FTE | 2020-2021 | 2021-2022 | 2022-2023 | 2023-2024 |
---|---|---|---|---|
Total | 11.63 | 11.45 | 11.67 | 12.00 |
Training and Awareness
The ATIP Division continues to develop tools, guidance and training for ATIP analysts, ATIP liaison officers and subject matter experts across ¶¶ÒùÊÓƵ.
Again, during the reporting period, the ATIP Division benefited from its Professional Development Program (PDP), which allows the Department to train and promote its ATIP analysts from junior (PM-01) to senior (PM-05) levels. This long-standing program continues to be highly successful in addressing recruitment, retention, and succession planning issues. Most of the employees working in the ATIP Division are already part of the PDP and are eligible for promotion to the next level once they meet the required objectives. The PDP aims to build a more robust ATIP capacity within ¶¶ÒùÊÓƵ by “growing its own”, thereby addressing the shortage of analysts and team leaders across the federal ATIP community.
ATIP Training was also provided to the ATIP Division at ¶¶ÒùÊÓƵ. During the reported fiscal year, the ATIP Division hired a consultant to deliver an introductory course on the administration of the Access to Information Act and Privacy Act. The course was delivered to 28 employees from June 20 to June 22, 2023. Furthermore, on December 4, 2023, the same consultant provided an in-depth training on the application of exemptions and exclusions of the Access to Information Act and Privacy Act, 37 employees attended the training entitled “Exemptions provisions of ATIP” which was geared for ATIP analysts and ATIP team leaders. Lastly, on February 22, 2024, a different consultant provided training to 43 employees on the application of subsection 70(1) of the Privacy Act. The training provided insight on how to identify confidences of the King’s Privy Council for Canada and the necessary steps to undertake when excluding information pertaining to subsection 70(1) of the PA.
Additionally, the ATIP Division provided the following training modules to GAC employees:
- ATIP for liaison officers
- ATIP for reviewing officers
Due to GAC’s rotational employee structure, ATIP training sessions were made available upon request and attendance varied between 1 and 76 employees. During the fiscal year, a total of 57 training sessions were delivered to 691 ¶¶ÒùÊÓƵ employees. Of these presentations, 50 were delivered virtually via the use of MS Teams and 7 training sessions were delivered in person.
Along with internal coaching, the division also participated in training for other divisions within the Department. For example, the Blended Learning Program for administrative/executive assistants at headquarters educated 37 participants on privacy awareness and gave an overview of their obligations vis-à-vis the Privacy Act. Furthermore, ATIP training was provided to 13 participants during the Foreign Service Executive Administrative Assistants onboarding program.
The Privacy Policy Team maintains an updated spreadsheet, documenting all privacy training sessions conducted within the organization throughout the fiscal year, ensuring an accurate reflection of specific topics discussed and keeping track of employees’ increasing privacy awareness.
Over the reporting period, the Privacy Policy Unit delivered privacy training to the Missions Inspections Group through three dedicated sessions, each involving 13 participants. These sessions were structured to include active learning techniques, utilizing depersonalized privacy examples to illustrate key concepts while ensuring that sensitive information remained confidential. This method facilitated an engaging environment where participants could freely discuss their questions and concerns. In addition to these tailored sessions, the Privacy Policy Unit also supported broader departmental training initiatives.
In addition, the Unit conducted a specialized session for the Crime and Terrorism Policy Division. This session was designed to meet the specific business requirements of the program, focusing on the Privacy Impact Assessment (PIA) process and its essential components.
The Privacy Policy Unit also conducted training for the broader ATIP Division on public interest disclosures, privacy breaches, and the definition of personal information. This training, attended by 40 members of the division, included detailed discussions and practical examples to clarify these critical issues. The sessions aimed to ensure that all participants understood how to manage privacy-related matters in line with departmental policies and regulations. This effort underscores the unit’s commitment to improving the division’s expertise in privacy management and supporting its role in upholding information security standards.
Policies, Guidelines, and Procedures
Step by Step guide
During the reporting period, the ATIP Division at ¶¶ÒùÊÓƵ developed a comprehensive step-by-step manual to help both junior and more experienced ATIP Analysts in navigating the A-To-Z process of both Access to Information and/or Privacy Act requests at ¶¶ÒùÊÓƵ. The manual is divided into multiple chapters covering topics such as: detailing the specific steps an analyst must follow when handling new requests, steps when reviewing responsive records, and the actions required before completing the approval process and disclosing the information to the requester. Each chapter was drafted one at a time and was reviewed by management who provided comments and insight before the guide was implemented and shared with the ATIP Division.
Guidelines
Throughout the fiscal year, the ATIP Division also implemented the following three guidelines:
- How to handle the names of ¶¶ÒùÊÓƵ officials and exempt staff at ¶¶ÒùÊÓƵ under the Access to Information Act.
- Processing cellular numbers under the Access to Information Act at ¶¶ÒùÊÓƵ.
- Processing an Access to Information Act request which contains personal information of the requester.
Each guideline was drafted individually and reviewed by the management team who provided comments and insights before the guidelines were shared with the entire division and implemented.
Outreach
During fiscal year 2022-2023, the responsibility of retrieving and providing recommendations for the disclosure of records made pursuant to the ATIA or PA shifted from the Director’s General office to the Assistant Deputy Minister (ADM) office. Since the implementation of the ATIP ADM Tasking initiative, two ADM offices have contacted the Corporate Secretary/ATIP Division to get a sense of their branch’s performance in relation to their response time and administration of the ATIA and PA. During the 2023-2024 fiscal year, the ATIP Division, represented by the Corporate Secretary and/or the Director of the Access to Information Division, delivered presentations to the Indo-Pacific sector as well as the Consular, Security and Emergency Management sector at their executive meetings.
ATIP at the Corporate Management Meeting
During the 2023-2024 fiscal year, the Corporate Secretary of ¶¶ÒùÊÓƵ responsible for overseeing the administration of the Access to Information Act attended GAC’s Corporate Management Meeting (CMC) on November 8, 2023. At the meeting, the Corporate Secretary emphasized the importance of responding promptly to ATIP requests and of reducing the backlog of ATIP taskings. Best practices were discussed to best achieve these goals.
HR Strategies
The implementation of the hybrid work model proved beneficial for the retention of staff in the ATIP Division. However, recruitment of skilled analysts, at GAC as in other government institutions, remains a challenge, especially at the senior analyst level. Despite the challenges, there have been recent successes having onboarded five new employees in the 2023-2024 fiscal year. The ATIP division also actively utilizes its Professional Development Program resulting in the promotion of one senior analyst.
These initiatives have aided in the ATIP Division’s successes in the 2023-2024 fiscal year.
Privacy Tools and Initiatives
The implementation of the Privacy Management Framework, officially launched in November 2022, continues to be a cornerstone for the Department's privacy practices. Over the past year, this framework has guided the development and refinement of privacy policies and procedures, ensuring adherence to evolving legislative regulations. It underscores our commitment to transparency, accountability, and robust security measures in data processing, storage, and sharing. The ongoing application of this framework enhances our ability to safeguard individual privacy rights and reinforces the trust between GAC and Canadian citizens, marking a significant advancement in our privacy management efforts.
The ATIP Division is making significant progress with several key initiatives. The Privacy Impact Assessment policy, which was launched in August 2023, plays a critical role in identifying and mitigating privacy risks associated with new or revised programs and projects. Looking ahead, the development of handling practices for senior management, a Data and Privacy Breach Protocol, and a Protocol for the Handling of Personal Information for Non-Administrative Purposes are all on track, with completion anticipated for Fall 2024. These tools are essential for ensuring that senior management is equipped to address privacy issues, that breaches are managed efficiently, and that personal information is handled appropriately in non-administrative contexts. Collectively, these efforts demonstrate the unit's ongoing commitment to advancing privacy management and bolstering information security across the department.
The Privacy Policy Team continued to actively participate in the Department of Justice led modernization of the Privacy Act and awaits the next meetings on its development so that ¶¶ÒùÊÓƵ’s views can be reflected within.
Initiatives and Projects to Improve Privacy
New Request Processing Software Solution
The current case management software used to process requests is becoming obsolete and will no longer be supported by the vendor in the coming years. GAC is using this opportunity to replace the legacy software and leverage new technology to increase efficiencies in our service delivery and to better handle the large volume of ATIP requests. Deployment of the new solution is anticipated for fiscal year 2025-2026.
Summary of Key Issues and Actions Taken on Complaints
Requests for Personal Information
During fiscal year 2023-2024, 20 complaints were made to the Office of the Privacy Commissioner of Canada regarding privacy requests to the Department. The reasons for the complaints are as follows:
Reason for Complaint | Number of Complaints |
---|---|
Collection | 1 |
Delay | 16 |
Miscellaneous | 1 |
Refusal-Exemptions | 1 |
Refusal-General | 1 |
Over the course of the reporting period, 8 complaints against the Department were closed. The findings on closed complaints were as follows:
Complaint Findings | Number of Complaints |
---|---|
Discontinued | 3 |
No finding | 1 |
Well-Founded | 5 |
All closed complaints regarding access to personal information were resolved by responding to or providing additional information to the requesters. The ATIP Division ensured continuous and consistent follow-ups on outstanding taskings, utilizing escalation procedures to fully respond to requesters and close complaints.
The ATIP Division continues to operate a team dedicated to managing complaints from the Office of the Privacy Commissioner (OPC). This team serves as the primary point of contact between ¶¶ÒùÊÓƵ and the OPC, working closely and collaboratively to strengthen relationships and improve ¶¶ÒùÊÓƵ’s ATIP program performance.
Management of Personal Information
The Privacy Policy Team received 1 new complaint during the reporting period relating to the management of personal information. Specifically, they can be summarized as:
A mission’s unauthorized disclosure of personal information of an employee to the rest of employees.
The team closed the complaint relating to the management of personal information during the reporting period May 11, 2023. In this instance the Office of the Privacy Commissioner sought representations from the Department, further to any steps taken since the incident to ensure the security and the privacy of staff information. The Department informed the OPC that as an effective measure in preventing reoccurrence, a privacy training will include elements specifically related to communications and how details that could be considered personal information should be effectively managed.
Training will include examples of specific cases such as this one dealing with vaccination policy.
Active Complaints Carried Over to the Next Reporting Period
2017-2018 | 2018-2019 | 2019-2020 | 2020-2021 | 2021-2022 | 2022-2023 | 2023-2024 | Total | |
---|---|---|---|---|---|---|---|---|
Active | 2 | 3 | 2 | 1 | 6 | 4 | 10 | 28 |
Material Privacy Breaches
During fiscal year 2023-2024, six material privacy breaches were reported to the Department. At the end of the fiscal year, six material privacy breach notifications were reported to the Treasury Board Secretariat and the Office of the Privacy Commissioner.
Material Breaches Reported to OPC and TBS 2023-2024 | ||
---|---|---|
No. | Description | Summary of Action |
1 | Disclosure of Personal Information, wrong recipients received the passport form application (MOUS) forms. |
|
2 | WSHDC via IRCC, Disclosure of Personal Information, Lost passport (1) |
|
3 | MANIL, Disclosure of personal information, lost Birth Certificate (1) |
|
Privacy Impact Assessments
During the fiscal year, ¶¶ÒùÊÓƵ finalized two Privacy Impact Assessments.
1 - Flight PS752 Commemorative Scholarship Program
On January 8, 2020, fifty-five Canadians and thirty Canadian permanent residents were lost in the downing of Ukraine International Airlines Flight 752 (PS752) by an Iranian surface-to-air missile. In December 2020, Cabinet approved the establishment of the Flight PS752 Commemorative Scholarship Program as a tribute to those lost. Its purpose is to acknowledge the significant number of academics and students among the victims of Flight PS752, and to pay tribute to their contribution to Canadian postsecondary institutions. Following Cabinet’s approval, five million dollars over the course of five years was allocated to the Program in memory of the victims of PS752. The Program’s planned implementation was announced by the Minister of Foreign Affairs in January 2022 with the aim of delivering the first scholarships to applicants for the 2024-25 academic year; the launch date was later amended by the Minister of Foreign Affairs to the 2023-24 academic year.
In the management, administration, and operation of the Program, GAC will be collecting personal information from scholarship applicants. Personal information will generally be limited to an applicant’s name, biographic, and contact information; past education and academic information; planned uses of scholarship funds; and the applicant’s connection to Flight PS752. As each scholarship is to be awarded in the memory of a victim of Flight PS752, kinship with the victims, specifically those applicants from countries with economic hardship and/or oppressive regimes, is to be considered as part of the Program’s eligibility and evaluation criteria. The Program is open to both Canadian and international students planning on attending Canadian educational institutions to pursue their studies, personal information is likely to be collected from both Canadians and foreign nationals. Information collected and used to confirm or certify the veracity and eligibility of applicant includes:
- Applicant’s immigration status in Canada
- Information supporting a stated familial relationship with a victim of PS752,
- Financial and banking information
- Information about registered studies in Canada
Personal information may also be used in support of the distribution and administration of scholarship awards. As a commemorative scholarship, and as a tribute to the victims of Flight PS752, information about scholarship recipients may be disclosed to the families of Flight victims or made public by GAC through Program reports and corporate communications. This includes GAC or GAC-supported websites, posters, and brochures used for Program promotion. Personal information may also be shared under new agreement or an existing information-sharing arrangement with Canadian and foreign academic institutions, a student's diplomatic representation in Canada and foreign embassy in Canada, or a Canadian embassy/high commission/consulate abroad. Limited personal information may also be disclosed to other federal institutions, such as the Canada Revenue Agency (for tax reporting purposes), Immigration, Refugees and Citizenship Canada, or the Canada Border Services Agency (to ensure compliance with the immigration or visitation terms and conditions to which the student has agreed in relation to the completion of their studies)
The PIA for the program was completed under the direction of the Head of the PS752 Task Force. It included a review of the Program’s application and evaluation process, and a review of policies, procedures and controls implemented by GAC to ensure that its collection and use of applicant information complies with federal requirements and best practices for the handling of personal information. The PIA also included a summary review of the platform to be used for the collection of personal information, and an assessment of program evaluation and reporting plans.
Based on the present assessment, privacy risks arising from the implementation, management, administration of the PS752 Commemorative Scholarship Program are expected to be moderate to low. GAC has significant experience in the creation and implementation of international scholarship programs and is expected to leverage existing processes, IT infrastructure, and systems to ensure the secure collection, use, disclosure, and retention of personal information. Although the receipt and vetting of applications (along with the selection or recommendation of scholarship recipients) has been delegated to an arm’s length Program Administrator, the contract governing the Program Administrator’s services includes essential clauses pertaining to privacy and security. All personal information collected from applicants will remain under the care and custody of the Government of Canada and will not be used for purposes other than those for which it was first collected or a use consistent with its collection.
Applicant information will be housed on GAC servers in a Protected B environment, consistent with the information’s sensitivity, and securely destroyed after it is of no further value. Notwithstanding the privacy positive measures noted above, several issues were identified during the PIA process requiring remedial action. The following recommendations are intended to address those issues. Once implemented, the overall or residual level of privacy risk relating to the Program and its management and administration is expected to be reduced to a low or acceptable level.
Recommendations
- Notification – It is recommended that GAC develop a stand-alone privacy notice for inclusion in the Program posting and scholarship application form. The privacy notice should include all mandatory elements prescribed by the Treasury Board of Canada Secretariat’s (TBS) Directive on Privacy Practices, including a link to an approved Personal Information Bank (PIB).
- Data Review and Minimization – It is recommended that GAC undertake an annual review of personal information elements to be collected in relation to the Program to ensure that each element is directly related and demonstrably necessary to meet the Program’s needs and objectives.
- Data Management – It is recommended that the PS752 Task Force (as the Program owner) identify and adopt, where appropriate, standard departmental practices and protocols developed by GAC’s International Scholarships Program for the handling of personal information in relation to the PS752 Scholarship Program. Alternatively, the PS752 Task Force should develop a stand-alone privacy protocol to support the proper handling of PS752 scholarship data. That protocol should set out key roles, responsibilities, and accountabilities for the proper handling of personal information, and establish express limits on the collection, use, disclosure, and retention of applicant information.
- Monitoring and Compliance – It is recommended that GAC track and monitor the Program Administrator’s compliance with the data privacy requirements set out in its master service agreement, particularly those pertaining to access to Program data and its use, disclosure, retention, and security.
- Data De-Identification - It is recommended that GAC de-identify or anonymize personal information belonging to scholarship applicants where that information is to be used for non-administrative purposes, including Program evaluation, promotion, reporting, policy, research, and statistical purposes.
- Openness – It is recommended that GAC identify an appropriate PIB describing the collection, use, disclosure, and retention of personal information in relation to the Program to ensure that the Department meets transparency requirements prescribed under the Privacy Act. A new PIB may be required where the activities of the PS752 Scholarship Program and/or the handling of applicant information is not in keeping with the collection, use, disclosure, and retention of personal information by GAC in relation to its broader International Scholarships Program (as currently described in PIB GAC PPU 911).
GAC has reviewed the above recommendations and has developed a mitigation plan to address each risk and recommendation. Wherever possible, potential impacts on the privacy of scholarship applicants will be managed by GAC through existing legal, policy, and technical measures geared at the protection of personal information.
A new PIB for the program was created:
- PIB Title: Flight PS752 Commemorative Scholarship Program
- PIB#: GAC PPU 953
- TBS Registration#: 20230023
2 - Global Affairs Learning Management System (LMS)
¶¶ÒùÊÓƵ (CFSI) currently is a sub-school of the Canada School of Public Service (the School), using the current Learning Management System (LMS) via the service provider Saba, currently known as MyAccount. The current LMS will be decommissioned on August 31st 2022. The School engaged in a contract with Desire to Learn (D2L) and GAC signed an MOU with the School for the use of their contract with D2L under a federated multi-tenancy model. The federated multi-tenancy model provides autonomy to GAC in the management of their departmental learning platform and benefit from the collective work undertaken by the School, including, procurement, system configurations, accessibility and official languages compliance, as well as cyber security assessments that align to the GC Security control profile for cloud based GC services (ITSG-33 & PROTECTED B / Medium Integrity / Medium Availability) guidelines provided by the Canadian Centre for Cyber Security. Under this secure Next Generation Digital Learning Environment (NGDLE) umbrella, GAC can benefit from its own instance of Brightspace, a LMS provided by the vendor, D2L. GAC can configure the system to its specific needs and will manage its own integrations, modifying as required. Included as a component of the learning platform ecosystem is Course Merchant, a product catalog that allows users to advertise offerings and enable registrations. In the federated multi-tenancy model, GAC leverages the School’s contract with D2L to gain access to these software as a service (SaaS) products. GAC works directly with the vendor(s) for all system implementation or administration support as outlined in the contract, providing the same level of access to the vendor as the School. The new LMS solution for which this PIA is requested is to be assessed as a separate initiative in its entirety; This PIA represents a new service provided by CFSI to the Global Affairs learning community. If there is any leverage of CSPS services, it is uniquely for contractual purpose towards parties like, for example, the 3rd party solution Desire2Learn or SSC.
Recommendations
Openness – It is recommended that GAC identify an appropriate PIB describing the collection, use, disclosure, and retention of personal information in relation to the Program to ensure that the Department meets transparency requirements prescribed under the Privacy Act. A new PIB is under development.
GAC a mitigation plan to address each risk and recommendation. Wherever possible, potential impacts on the privacy of learners will be managed by GAC through existing legal, policy, and technical measures geared at the protection of personal information.
All the identified risks were low, and the mitigation measures are already in place.
Public Interest Disclosures
Subsection 8(2) of the Privacy Act provides that “personal information under the control of a government institution may be disclosed” without consent under certain specific circumstances.
During the 2023-2024 fiscal year, the Department made a total of 102 disclosures pursuant to paragraph 8(2)(m) of the Privacy Act. In 20 cases, the Department determined that the public interest in disclosing personal information clearly outweighed any invasion of privacy that could result. All other disclosures were determined to clearly benefit the individual to whom the information related.
Disclosures pursuant to subparagraph 8(2)(m)(i):
- 9 disclosures were made in the interest of public safety.
Disclosures pursuant to subparagraph 8(2)(m)(ii):
- 10 disclosures were made to notify the relevant authorities of an individual’s detainment and arrest abroad.
- 1 disclosure was made to a family member on compassionate grounds.
- 4 disclosures were made to a family member as subject was distressed or missing abroad.
- 2 disclosures were made to a family member for next of kin notification.
- 1 disclosure was related to advising local authorities, or agencies regarding a child welfare case.
- 1 disclosure was made to a non-custodial parent for child safety purposes.
- 5 disclosures were related to advising authorities regarding a possible kidnapping.
- 4 disclosures were made to the local authorities to conduct a wellness check, and
- 65 disclosures were made to either the family, friend, doctor, or legal counsel of an individual requiring medical assistance.
In all instances notification to the Privacy Commissioner occurred after disclosure.
Monitoring Compliance
Ongoing Reporting
The ATIP Division prepares and distributes a weekly statistics report to the ATIP Division’s management team that tracks the number of requests that were received and closed, as well as any emerging trends and performance statistics. The report also allows for comparison of workload and completion rates in relation to the previous year to identify changes in ATIP processing.
Additionally, an active tasking report is generated and posted to the intranet weekly to identify all current active taskings within the Department. This report is available for all offices of primary interest (OPIs) to view and lists all open taskings by branch, highlighting late files.
During fiscal year 2023-2024, the director general and corporate secretary overseeing the administration of the access to information and privacy acts continued to send the ATIP Twice Monthly Performance Report to deputy ministers, assistant deputy ministers, and directors general, outlining the number of active taskings and compliance within each of the branches/special bureaus. The intent of this procedure is to sensitize senior management to the backlog of active taskings, thereby increasing compliance.
New in the reporting period, the ATIP Division implemented the ATIP Quarterly Report. ATIP Quarterly Reports are also sent to deputy ministers, assistant deputy ministers, and directors general, outlining branches and special bureaus' performance on completed taskings and compliance under the Access to Information Act and Privacy Act. This report's intent was to recognize the ATIP work completed throughout the year by branches and bureaus by keeping a close eye on their ATIP compliance rate.
Limiting Inter-institutional Consultations
During the reporting period, the ATIP Division monitored superfluous inter-institutional consultations by having experienced ATIP team leaders oversee the relevant records before they were sent out for consultation. By doing so, ATIP team leaders were able to reduce the number of consultations sent to the other Government of Canada institutions and other organizations outside the Government of Canada, reducing the amount of time to process requests and not overburdening other departments with unnecessary consultations.
Frequently Requested Types of Information
Throughout fiscal year 2023-2024, ¶¶ÒùÊÓƵ did not monitor or review frequently requested types of information for the purpose of making the information available by other means.
Privacy Protection in Contracting
In reviewing contracts, the Privacy Policy Team provides privacy clauses that are written to call out privacy protections and regulatory requirements within the statement of work and then mapped to service-level agreements to ensure there are no questions concerning data privacy responsibilities, breach response, incident response, media press releases on breaches, and other considerations, as if the vendor were part of the organization.
As per the information sharing agreements, the Privacy Policy group ensure privacy protection assisted by the TBS Guidance on Preparing Information Sharing Agreements Involving Personal Information.
Annex A: Designation Order
Text version
Privacy Act Designation Order
The Minister of Foreign Affairs, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons acting in those positions, to exercise the powers and perform the duties and functions of the Minister of Foreign Affairs as the head of a Government institution under the sections of the Act set out after each position in the schedule. This designation replaces the designation dated October 2, 2009.
Schedule
Position
- Deputy Minister of Foreign Affairs (all sections)
- Deputy Minister for International Trade (all sections)
- Deputy Minister for International Development (all sections)
- Associate Deputy Minister of Foreign Affairs (all sections)
- Assistant Deputy Minister, Consular Services (pursuant only to paragraph 8(2)(m) as it relates to public interest disclosure)
- Heads of Mission (pursuant only to paragraph 8(2)(m) as it relates to public interest disclosure)
- Director General, Corporate Secretariat (all sections)
- Director, Access to Information and Privacy Protection Division (all sections)
- Deputy Directors, Access to Information and Privacy Protection Division (all sections)
The Honourable Chrystia Freeland, P.C., M.P.Ottawa, July 4, 2017
Annex B: ¶¶ÒùÊÓƵ 2023-2024 Statistical Report
Statistical Report on the Privacy Act
Name of institution: ¶¶ÒùÊÓƵ
Reporting period: 2023-04-01 to 2024-03-31
Section 1: Requests Under the Privacy Act
1.1 Number of requests received
Request Type | Number of Requests |
---|---|
Received during reporting period | 361 |
Outstanding from previous reporting periods | 61 |
Outstanding from previous reporting period | 36 |
Outstanding from more than one reporting period | 25 |
Total | 422 |
Closed during reporting period | 344 |
Carried over to next reporting period | 78 |
Carried over within legislated timeline | 27 |
Carried over beyond legislated timeline | 51 |
1.2 Channels of requests
Source | Number of Requests |
---|---|
Online | 341 |
13 | |
7 | |
In person | 0 |
Phone | 0 |
Fax | 0 |
Total | 361 |
Section 2: Informal Requests
2.1 Number of informal requests
Type | Number of Requests |
---|---|
Received during reporting period | 0 |
Outstanding from previous reporting periods | 0 |
Outstanding from previous reporting period | 0 |
Outstanding from more than one reporting period | 0 |
Total | 0 |
Closed during reporting period | 0 |
Carried over to next reporting period | 0 |
2.2 Channels of informal requests
Source | Number of Requests |
---|---|
Online | 0 |
0 | |
0 | |
In person | 0 |
Phone | 0 |
Fax | 0 |
Total | 0 |
2.3 Completion time of informal requests
Completion Time | |||||||
---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.4 Pages released informally
Less Than 100Pages Released | 100-500Pages Released | 501-1000Pages Released | 1001-5000Pages Released | More Than 5000Pages Released | |||||
---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Released | Number of Requests | Pages Released | Number of Requests | Pages Released | Number of Requests | Pages Released | Number of Requests | Pages Released |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
3.1 Disposition and completion time
Disposition of Requests | Completion Time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed | 2 | 6 | 0 | 2 | 0 | 0 | 0 | 10 |
Disclosed in part | 1 | 5 | 8 | 23 | 9 | 4 | 4 | 54 |
All exempted | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
All excluded | 0 | 0 | 0 | 0 | 0 | 1 | 0 | 1 |
No records exist | 4 | 5 | 1 | 2 | 1 | 1 | 0 | 14 |
Request abandoned | 251 | 3 | 6 | 1 | 0 | 0 | 3 | 264 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 258 | 19 | 16 | 28 | 10 | 6 | 7 | 344 |
3.2 Exemptions
Section | Number of Requests |
---|---|
18(2) | 0 |
19(1)(a) | 2 |
19(1)(b) | 0 |
19(1)(c) | 0 |
19(1)(d) | 0 |
19(1)(e) | 0 |
19(1)(f) | 0 |
20 | 0 |
21 | 11 |
22(1)(a)(i) | 0 |
22(1)(a)(ii) | 0 |
22(1)(a)(iii) | 0 |
22(1)(b) | 0 |
22(1)(c) | 0 |
22(2) | 0 |
22.1 | 0 |
22.2 | 0 |
22.3 | 0 |
22.4 | 0 |
23(a) | 0 |
23(b) | 0 |
24(a) | 0 |
24(b) | 0 |
25 | 0 |
26 | 49 |
27 | 5 |
27.1 | 0 |
28 | 0 |
3.3 Exclusions
Section | Number of Requests |
---|---|
69(1)(a) | 0 |
69(1)(b) | 0 |
69.1 | 0 |
70(1) | 1 |
70(1)(a) | 1 |
70(1)(b) | 0 |
70(1)(c) | 0 |
70(1)(d) | 0 |
70(1)(e) | 0 |
70(1)(f) | 0 |
70.1 | 0 |
3.4 Format of information released
Paper | Electronic | Other | |||
---|---|---|---|---|---|
E-record | Data set | Video | Audio | ||
0 | 64 | 0 | 1 | 1 | 0 |
3.5 Complexity
3.5.1 Relevant pages processed and disclosed for paper and e-record formats
Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
---|---|---|
21,651 | 17,893 | 330 |
3.5.2 Relevant pages processed by request disposition for paper and e-record formats by size of requests
Disposition | Less Than 100 Pages Processed | 100-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Processed | Number of Requests | Pages Processed | Number of Requests | Pages Processed | Number of Requests | Pages Processed | Number of Requests | Pages Processed | |
All disclosed | 10 | 258 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 22 | 1,110 | 23 | 5,603 | 4 | 2,728 | 4 | 5,351 | 1 | 5,886 |
All exempted | 0 | 0 | 0 | 0 | 1 | 703 | 0 | 0 | 0 | 0 |
All excluded | 1 | 12 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 264 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 297 | 1,380 | 23 | 5,603 | 5 | 3,431 | 4 | 5,351 | 1 | 5,886 |
3.5.3 Relevant minutes processed and disclosed for audio formats
Number of Minutes Processed | Number of Minutes Disclosed | Number of Requests |
---|---|---|
6 | 0 | 1 |
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Disposition | Less than 60 Minutes processed | 60-120 Minutes processed | More than 120 Minutes processed | |||
---|---|---|---|---|---|---|
Number of requests | Minutes Processed | Number of requests | Minutes Processed | Number of requests | Minutes Processed | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 1 | 6 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1 | 6 | 0 | 0 | 0 | 0 |
3.5.5 Relevant minutes processed and disclosed for video formats
Number of Minutes Processed | Number of Minutes Disclosed | Number of Requests |
---|---|---|
1 | 1 | 1 |
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Disposition | Less than 60 Minutes processed | 60-120 Minutes processed | More than 120 Minutes processed | |||
---|---|---|---|---|---|---|
Number of requests | Minutes Processed | Number of requests | Minutes Processed | Number of requests | Minutes Processed | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 1 | 1 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1 | 1 | 0 | 0 | 0 | 0 |
3.5.7 Other complexities
Disposition | Consultation Required | Legal Advice Sought | Interwoven Information | Other | Total |
---|---|---|---|---|---|
All disclosed | 1 | 0 | 0 | 2 | 3 |
Disclosed in part | 4 | 3 | 10 | 0 | 17 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 1 | 0 | 1 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 5 | 3 | 11 | 2 | 21 |
3.6 Closed requests
3.6.1 Number of requests closed within legislated timelines
- Number of requests closed within legislated timelines: 285
- Percentage of requests closed within legislated timelines (%): 82.84883721
3.7 Deemed refusals
3.7.1 Reasons for not meeting legislated timelines
Number of requests closed past the legislated timelines | Principal Reason | |||
---|---|---|---|---|
Interference with operations / Workload | External Consultation | Internal Consultation | Other | |
59 | 28 | 3 | 5 | 23 |
3.7.2 Request closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines | Number of requests past legislated timeline where no extension was taken | Number of requests past legislated timeline where an extension was taken | Total |
---|---|---|---|
1 to 15 days | 4 | 4 | 8 |
16 to 30 days | 7 | 1 | 8 |
31 to 60 days | 9 | 3 | 12 |
61 to 120 days | 12 | 1 | 13 |
121 to 180 days | 7 | 1 | 8 |
181 to 365 days | 3 | 0 | 3 |
More than 365 days | 7 | 0 | 7 |
Total | 49 | 10 | 59 |
3.8 Requests for translation
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Section 4: Disclosures Under Subsections 8(2) and 8(5)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
0 | 102 | 0 | 102 |
Section 5: Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 0 |
Total | 0 |
Section 6: Extensions
6.1 Reasons for extensions
Number ofextensions taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b)Translation purposes or conversion | |||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet ConfidenceSection (Section 70) | External | Internal | ||
17 | 2 | 6 | 0 | 4 | 0 | 2 | 3 | 0 |
6.2 Length of extensions
Number ofextensions taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b)Translation purposes or conversion | |||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet ConfidenceSection (Section 70) | External | Internal | ||
1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 days | 2 | 6 | 0 | 4 | 0 | 2 | 3 | 0 |
31 days or greater | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 2 | 6 | 0 | 4 | 0 | 2 | 3 | 0 |
Section 7: Consultations Received From Other Institutions and Organizations
7.1 Consultations received from other Government of Canada institutions and other organizations
Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
---|---|---|---|---|
Received during the reporting period | 2 | 124 | 0 | 0 |
Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
Total | 2 | 124 | 0 | 0 |
Closed during the reporting period | 2 | 124 | 0 | 0 |
Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclose in part | 0 | 0 | 0 | 1 | 0 | 0 | 0 | 1 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
Total | 0 | 1 | 0 | 1 | 0 | 0 | 0 | 2 |
7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada
Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion Time of Consultations on Cabinet Confidences
8.1 Requests with Legal Services
Number of Days | Fewer Than 100 Pages Processed | 100-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More than 5000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8.2 Requests with Privy Council Office
Number of Days | Fewer Than 100 Pages Processed | 100-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More than 5000 Pages Processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
20 | 19 | 14 | 0 | 53 |
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)
10.1 Privacy Impact Assessments
- Number of PIAs completed: 2
- Number of PIAs modified: 0
10.2 Institution-specific and Central Personal Information Banks
Personal Information Banks | Active | Created | Terminated | Modified |
---|---|---|---|---|
Institution-specific | 19 | 2 | 0 | 0 |
Central | 50 | 0 | 0 | 0 |
Total | 69 | 2 | 0 | 0 |
Section 11: Privacy Breaches
11.1 Material Privacy Breaches Reported
- Number of material privacy breaches reported to TBS: 3
- Number of material privacy breaches reported to OPC: 3
11.2 Non-Material Privacy Breaches
- Number of non-material privacy breaches: 4
Section 12: Resources Related to the Privacy Act
12.1 Allocated Costs
Expenditures | Amount |
---|---|
Salaries | $1,029,252 |
Overtime | $16,085 |
Goods and Services | $188,174 |
Professional services contracts | $162,644 |
Other | $25,530 |
Total | $1,233,511 |
12.2 Human Resources
Resources | Person Years Dedicated to Privacy Activities |
---|---|
Full-time employees | 10.796 |
Part-time and casual employees | 0.178 |
Regional staff | 0.000 |
Consultants and agency personnel | 0.586 |
Students | 0.000 |
Total | 11.560 |
Annex C: ¶¶ÒùÊÓƵ 2023-2024 Supplemental Statistical Report
Supplemental Statistical Report on the Access to Information Act and the Privacy Act
Name of institution: ¶¶ÒùÊÓƵ
Reporting period: 2023-04-01 to 2024-03-31
Section 1: Open Requests and Complaints Under the Access to Information Act
1.1 Enter the number of open requests that are outstanding from previous reporting periods.
Fiscal Year Open Requests Were Received | Open Requests that are Within Legislated Timelines as of March 31, 2024 | Open Requests that are Beyond Legislated Timelines as of March 31, 2024 | Total |
---|---|---|---|
Received in 2023-24 | 528 | 618 | 1,146 |
Received in 2022-23 | 141 | 345 | 486 |
Received in 2021-22 | 48 | 154 | 202 |
Received in 2020-21 | 0 | 60 | 60 |
Received in 2019-20 | 1 | 44 | 45 |
Received in 2018-19 | 2 | 8 | 10 |
Received in 2017-18 | 0 | 4 | 4 |
Received in 2016-17 | 1 | 0 | 1 |
Received in 2015-16 | 0 | 0 | 0 |
Received in 2014-15 or earlier | 0 | 0 | 0 |
Total | 721 | 1,233 | 1,954 |
1.2 Enter the number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods.
Fiscal Year Open Complaints Were Received by Institution | Number of Open Complaints |
---|---|
Received in 2023-24 | 227 |
Received in 2022-23 | 11 |
Received in 2021-22 | 1 |
Received in 2020-21 | 1 |
Received in 2019-20 | 1 |
Received in 2018-19 | 0 |
Received in 2017-18 | 0 |
Received in 2016-17 | 0 |
Received in 2015-16 | 0 |
Received in 2014-15 or earlier | 0 |
Total | 241 |
Section 2: Open Requests and Complaints Under the Privacy Act
2.1 Enter the number of open requests that are outstanding from previous reporting periods.
Fiscal Year Open Requests Were Received | Open Requests that are Within Legislated Timelines as of March 31, 2024 | Open Requests that are Beyond Legislated Timelines as of March 31, 2024 | Total |
---|---|---|---|
Received in 2023-24 | 27 | 27 | 54 |
Received in 2022-23 | 0 | 6 | 6 |
Received in 2021-22 | 0 | 5 | 5 |
Received in 2020-21 | 0 | 5 | 5 |
Received in 2019-20 | 0 | 4 | 4 |
Received in 2018-19 | 0 | 4 | 4 |
Received in 2017-18 | 0 | 0 | 0 |
Received in 2016-17 | 0 | 0 | 0 |
Received in 2015-16 | 0 | 0 | 0 |
Received in 2014-15 or earlier | 0 | 0 | 0 |
Total | 27 | 51 | 78 |
2.2 Enter the number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods.
Fiscal Year Open Complaints Were Received by Institution | Number of Open Complaints |
---|---|
Received in 2023-24 | 10 |
Received in 2022-23 | 4 |
Received in 2021-22 | 6 |
Received in 2020-21 | 1 |
Received in 2019-20 | 2 |
Received in 2018-19 | 3 |
Received in 2017-18 | 2 |
Received in 2016-17 | 0 |
Received in 2015-16 | 0 |
Received in 2014-15 or earlier | 0 |
Total | 28 |
Section 3: Social Insurance Number
Has your institution begun a new collection or a new consistent use of the SIN in 2023-24? No
Section 4: Universal Access under the Privacy Act
How many requests were received from foreign nationals outside of Canada in 2023-24? 234
- Date modified: