Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

PRIVACY ACT

Annual Report

April 1, 2007 to March 31, 2008

ATIP Secretariat

Table of Contents

 

1. Introduction
2. Organization
3. Delegation Order
4. Statistical Report
5. Interpretation of the Statistical Report
6. Privacy Impact Assessments

7. New Data Matching Activities and Data Sharing Activities

8. Training Activities

9. Disclosures of Personal Informationad hoc

10. Changes to the Institution’s Organization, Programs, Operations or Policy

11. New and/or Revised Privacy Policies

12. Major Changes as a Result of Issues Raised by the Privacy Commissioner

13. Major Changes as a Result of Issues Raised by the Auditor General

14. Privacy Complaints

15. Applications/Appeals Submitted to the Federal Court, or the Federal Court of Appeal

Appendix A: Delegation Order—April 18, 2007
Appendix B: Delegation Order—July 3, 2007
Appendix C: Delegation Order—November 30, 2007
Appendix D: Statistical Report

1. Introduction

This report is submitted to Parliament by the Office of the Information Commissioner of Canada (OIC). It is the first annual report for the OIC pursuant to Section 72 of the Privacy Act.1 The following sections provide information on the activities of the institutional Privacy program.

The purpose of the Privacy Act 1 is to protect the privacy of individuals with respect to personal information about themselves held by federal government institutions and provide individuals with a right of access to that information.

The mandate of the Information Commissioner of Canada is to investigate complaints related to the disclosure of information under the Access to Information Act (ATIA).2 When royal assent was received on December 12, 2006, for the Federal Accountability Act,3 the OIC and approximately 70 other agencies became subject to the provisions of both the ATIA and the Privacy Act. The OIC then established an Access to Information and Privacy program from the ground up, and prepared to achieve operational readiness for April 1, 2007.

In its initial year of operation, the institutional ATIP program was staffed with one position: the Director of Information Management, who was responsible for all aspects of request processing. Over the course of the year a submission to the Treasury Board Secretariat was prepared for funding effective April 1, 2008, in order to ensure full capacity as the ATIP program got underway.



2. Organization

During the reporting period, the OIC was set up along four business lines:

The Complaints Resolution and Compliance Branch carries out investigations and dispute resolution efforts to resolve complaints.

The Policy, Communications and Operations Branch monitors federal institutions’ performance under the Act, provides strategic advice and direction for the Office to address systemic and policy issues, leads the Office’s external relations with the public, the government and Parliament, and provides strategic and corporate leadership in the areas of financial management, administration and security, internal audit and information management. This Branch is also responsible for the OIC’s ATIP function.

The Legal Services Branch represents the Commissioner in court cases and provides legal advice on investigations and legislative and administrative matters.

The Human Resources Branch oversees all aspects of human resources management—staffing, classification, staff relations, employment equity, planning, learning and development, compensation and official languages—and provides advice to managers and employees on human resources issues.

1 Privacy Act, R.S., 1985, c. P-21
2 Access to Information Act, R.S. 1985, c.A-1
3 Federal Accountability Act, 2006, c.9

The ATIP Secretariat within the Policy, Communications and Operations Branch carries out the administration and processing of requests for information under the Privacy Act. The ATIP Secretariat is staffed by the position of Director, Information Management.



3. Delegation Order

Under the Privacy Act, the head of the institution is responsible for setting out what powers have been delegated, and to whom, under a delegation order.

In its first year of operation, the institutional privacy program worked with three successive delegation orders. The change in orders is attributable to the fact that the ATIP Secretariat continued to grow from the time of its inception, and this evolution was then reflected in the delegation orders. The first order stipulates that the institutional ATIP Coordinator holds delegated authority under the Act along with the Senior Legal Advisor. The second order named the Assistant Commissioner of the Policy, Communications and Operations Branch and the ATIP Coordinator. The third order, which was in place at the end of the reporting period, included the third position of Senior Policy Analyst.

A copy of all three delegation orders is attached as Appendices A, B and C.



4. Statistical Report

The statistical report is attached as Appendix D.

5. Interpretation of the Statistical Report

The following section provides information on requests received by the OIC under the Privacy Act. Given the low number of requests received during the reporting period, statistics are only available for the following categories of information:

  • requests received during the reporting period
  • disposition of requests completed
  • exemptions invoked
  • method of access
  • completion times
  • costs

The remaining categories of information cited on the TBS statistical report on the Privacy Act were not applicable to the requests received by the OIC.



5.1 Requests Received Under the Privacy Act

There were three requests received during the reporting period. Each one was completed before the end of the fiscal year—none were carried over.

5.2 Disposition of Requests Completed

Of the three requests completed, two resulted in full disclosure. The remaining file resulted in partial disclosure of the information requested.

5.3 Exemptions Invoked

Only one exemption was invoked during the reporting period. The exemption was pursuant to section 26 of the Act, which deals with the personal information of another person.



5.4 Completion Times

All three requests were completed within 30 days.

5.5 Method of Access

Two of the completed requests were provided to the applicants in photocopies. The remaining file was examined in the reading room and copies were subsequently provided to the requester.



5.6 Costs

Financial (all reasons)
Salary $1,052
Administration (O&M) $1,020
TOTAL $2,072
Person year utilization (all reasons)
Person year (decimal format) 0.02

6. Privacy Impact Assessments

Given that the reporting period represented the first year that the OIC was subject to the ATIA and the Privacy Act, the ATIP Secretariat focused on developing and implementing the processes for responding to requests.



7. New Data Matching Activities and Data Sharing Activities

No data matching activities or data sharing activities were undertaken during the reporting period.



8. Training Activities

The ATIP Secretariat is responsible for providing the OIC as a whole with training and ongoing coaching on interpretation of the legislation and organizational Privacy processes. The initial step taken by the ATIP Secretariat to ensure institutional readiness to implement the Privacy Act was to make sure all employees were trained on the provisions of the legislation, their responsibilities and the institutional processes. Training was provided to all employees in both French and English.



9. Disclosures of Personal Information

Section 8(2) of the Privacy Act stipulates under which circumstances personal information under the control of a government institution may be disclosed. During the reporting period, no personal information under the control of the OIC was disclosed under subsection 8(2).



10. Changes to the Institution’s Organization, Programs, Operations or Policy

When the OIC became subject to the Act, the organization had to move quickly to ensure operational readiness. The OIC staffed the ATIP Secretariat with one position, that of the Director, Information Management, and also set up a reading room. Additionally, a submission was prepared for Treasury Board Secretariat to request funding for positions, processing software, office furniture and equipment.



11. New and/or Revised Privacy Policies

During the reporting period work began on the necessary policy instruments to support the work of the ATIP Secretariat. 

12. Major Changes as a Result of Issues Raised by the Privacy Commissioner

The Privacy Commissioner of Canada raised no issues during the reporting period. 



13. Major Changes as a Result of Issues Raised by the Office of the Auditor General or other Agents of Parliament

The Office of the Auditor General of Canada raised no issues during the reporting period.

14. Privacy Complaints

There were no privacy complaints received during the period in question.



15. Applications/Appeals Submitted to the Federal Court, or the Federal Court of Appeal

There were no appeals submitted to the Federal Court during the reporting period.

Appendix A

Appendix A



Appendix B

Appendix B



Appendix C

Appendix C



Appendix D

Appendix D