Public Works and Government Services Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > Accountability and Transparency > ATIP > Privacy Act - Annual Report 2007-2008

Institutional links

Privacy Act - Annual Report 2007-2008

Table of Contents

Preface

Part I: Background

  1. Public Works and Government Services Canada

Part II: Report on the Privacy Act

  1. Organization of the Access to Information and Privacy (ATIP) Directorate
  2. Summary of Activities and Highlights
  3. Privacy Impact Assessments
  4. Statistical Report - Interpretation and Explanation of Trends
  5. Complaints and Requests for Judicial Review

Annex A: Delegation of Authority (Excerpt)

Annex B: Privacy Act, Sections 8 and 9 (Excerpt)

Annex C: Statistical Report - Privacy Act


Top of Page

Preface

The Privacy Act (Revised Statutes of Canada, 1985, Chapter P-21) was proclaimed on July 1, 1983. The Act was amended as a result of the royal assent of the Federal Accountability Act on December 12, 2006. Certain provisions came into force on December 12, 2006, and others took effect on April 1, 2007 and September 1, 2007.

The Privacy Act extends to individuals the right of access to information about themselves held by the government, subject to specific and limited exceptions. The law also provides individuals the right to a reasonable expectation of privacy, including a basic right to exercise control over its collection, use and disclosure.

Section 72 of the Privacy Act requires that the head of every federal government institution prepare for submission to Parliament an annual report on the administration of the Act within the institution during each fiscal year.

This Annual Report provides a summary of the management and administration of the Privacy Act within Public Works and Government Services Canada (PWGSC) for the fiscal year 2007-2008.

Additional Copies

Additional copies of these reports can be obtained by contacting:

Access to Information and Privacy (ATIP) Directorate
Public Works and Government Services Canada
Place du Portage, Phase III, 5C1
11 Laurier Street
Gatineau, Quebec
K1A 0S5

Telephone: 819-956-1820
Fax: 819-994-2119

Part I: Background

1. Public Works and Government Services Canada (PWGSC)

PWGSC is the Government of Canada's principal provider of common and central services. We support the daily operations of 125 federal departments and agencies, and administer the legislative and policy requirements of 19 Acts of Parliament. Our operating environment is influenced by the priorities of government and the service demands of our client departments and agencies.

PWGSC has annual expenditures of approximately $5.2 billion and employs about 13,000 people. We provide a wide range of services such as purchasing goods and services, managing the government's accommodations and real estate portfolio including restoration of the Parliament Buildings, pay and compensation, Information Technology (IT), as well as industrial security, audit and linguistic services.

PWGSC has two strategic outcomes: Quality Services and Sound Stewardship. Our focus on Quality Services and Sound Stewardship contributes directly and indirectly to the Government of Canada's four strategic outcome areas: those related to economic, social, international and government affairs.

To better reflect the PWGSC approach to service delivery and organizational structure, the program activities that support our strategic outcomes have been grouped to highlight our key service areas:

  • Real Property;
  • Acquisitions;
  • Information Technology Services;
  • Receiver General and Public Service Compensation;
  • Consulting, Information and Shared Services;
  • Special Operating Agencies
    • Audit Services Canada;
    • Translation Bureau;
  • Greening Government Operations; and
  • Corporate Management.

Top of Page

Part II: Report on the Privacy Act

1. Organization of the Access to Information and Privacy (ATIP) Directorate

The ATIP Directorate administers the provisions of the Privacy Act for PWGSC, including the two Special Operating Agencies, and the Office of the Procurement Ombudsman.

1.1 Delegation Instruments

Under section 3 of the Privacy Act, the Minister of the Department is designated as the head of the government institution for the purposes of the administration of the Act.

The delegation instrument continued to be based on a centralized process with the Director, ATIP and the Managers, Risk and Quality Management having full delegated authority under the Privacy Act, with the exception of paragraph 8(2)(m) of the Act. The Chief, Privacy and Policy has limited delegation of authority under paragraph 14(a) (nil reply only) and section 15 of the Act (extension of time limits).

An excerpt of the Delegation of Authorities approved by the Minister of PWGSC is enclosed at Annex A.

The Director of the Cheque Redemption Control Directorate in Matane, Quebec shares administrative powers under paragraph 8(2)(e) of the Act in regard to releasing original cheques to law enforcement bodies. This provides administrative flexibility in processing requests for cheques.

1.2 Responsibilities of the ATIP Directorate

The Director, ATIP, reports to the Director General of Executive Secretariat who, in turn, reports to the Assistant Deputy Minister of Corporate Services, Policy, and Communications Branch.

The responsibilities of the ATIP Directorate include the following:

  • managing all activities within PWGSC relating to the operation of the Act, as well as the regulations, directives and guidelines pursuant to them;
  • developing, producing and promulgating departmental Privacy policies, procedures, standards and guidelines;
  • developing and delivering awareness training to PWGSC managers and employees to ensure departmental responsiveness to the legal obligations imposed on them by the Act and Regulations;
  • reviewing departmental policies, procedures and agreements to ensure that they are in compliance with the provisions of the Act and making recommendations for amendments;
  • defending institutional decisions on the administration of the Act during investigations conducted by the Privacy Commissioner of Canada and during judicial proceedings at the Federal Court of Canada and the Supreme Court of Canada;
  • assisting departmental managers and employees during the course of an investigation and ensuring that the records of the institution are available to the Office of the Privacy Commissioner as deemed necessary to the full investigation of the complaint;
  • coordinating and approving the annual update of the PWGSC description of its organization and its record holdings for inclusion in the Treasury Board publication Info Source;
  • reporting annually to Parliament in accordance with section 72 of the Act and any instructions issued pursuant to paragraph 71(1)(e) of the Privacy Act;
  • acting as spokesperson for the Department in dealings with the Treasury Board of Canada Secretariat, the Privacy Commissioner of Canada and other government departments and agencies;
  • notifying the Office of the Privacy Commissioner of Canada of any initiative or issue that may relate to the Privacy Act or any of its provisions, or that may have an impact on the privacy of Canadians, at a sufficiently early stage to permit the Commissioner to review and discuss the issues involved, including:
    1. new data matching programs by providing a copy of the Departmental assessment of the program, at least 60 days before it is implemented;
    2. use or disclosure of personal information in a manner consistent with the purpose(s) for which the information was obtained or compiled, for which the consistent use is not identified in Info Source;
    3. development of legislation or regulations with privacy implications, prior to submission of the appropriate documentation for approval by the Governor-in-Council, or where applicable, prior to the approval of Ministerial regulations;
    4. disclosure in the public interest under paragraph 8(2)(m) of the Privacy Act, either prior to the disclosure, or if this is not practicable, at the time of disclosure;
    5. Privacy Impact Assessments (PIAs), at a reasonably early stage prior to implementing the initiative, program or service; and
    6. any suspected or actual breach or violation of security involving personal information. There should be no delay in the reporting of these security breaches.

The administration of the legislation by the ATIP Directorate is also facilitated at the branch, sector, and regional office levels. Each organizational branch has an ATIP Liaison Officer (normally reporting to an Assistant Deputy Minister, a Director General, or a Regional Director General) who coordinates the collection of information and provides guidance to branch managers on the operation of the Act, departmental directives and procedures.


Top of Page
1.3 Policies and Procedures
1.3.1 Departmental Policies

Departmental Policy 002 links to the Privacy delegation of authority and sets out the definitions, and the roles and responsibilities of all stakeholders within PWGSC. An annex to the policy has been developed to outline the administrative attribution of powers and the departmental guidelines and procedures with respect to the disclosure of personal information pursuant to subsection 8(2) of the Privacy Act. Paragraphs (8)(2)(j) and (m) of the Act continue to be delegated by the Minister pursuant to section 73 of the Act. The policy will be updated during 2008-2009 to reflect changes made as a result of the TBS ATIP Policy Suite Renewal.

Departmental Policy 014 sets out the definitions and the roles and responsibilities of employees with respect to the protection of personal and private information in the workplace.

1.3.2 ATIP Liaison Officer Handbook

The Departmental ATIP Liaison Officer Handbook outlines the intent and the requirements of the Privacy Act and Treasury Board guidelines so that all staff are aware of their responsibilities with respect to the collection, use, disclosure, retention and disposal of personal information. In particular, staff are informed of their responsibilities to record and account for all uses and disclosures of personal information, by documenting all activities relating to personal information and by maintaining the relevant material on official departmental files.

Responsibility centres are also advised to consult with the ATIP Directorate before collecting any personal information and when there is any doubt concerning which rules to apply in the retention and disposal of personal information.

The ATIP Liaison Officer Handbook is produced by the ATIP Directorate and used as a guide to:

  • introduce the ATIP Liaison Officers across the Department to the Privacy Act and regulations;
  • outline the roles and responsibilities of each PWGSC ATIP stakeholder; and
  • provide national processing standards and guidelines for the centralized handling of requests.
1.3.3 ATIP Directorate Desk Procedures

The ATIP Directorate has developed and regularly updates its ATIP Officer Desk Procedures manual, to standardize the work procedures used by office staff, facilitate the training of new staff and complement the processes of the electronic ATIP tracking system.


Top of Page

2. Summary of Activities and Highlights

The amount of time devoted by ATIP Directorate staff to privacy issues, including the provision of advice, was similar to the last fiscal year.

2.1 Committees

As a member of the interdepartmental ATIP Working Group, which is chaired by TBS, the PWGSC ATIP Directorate has participated in the development of the revised Policy on Privacy Protection and the Directive on the Social Insurance Number (SIN) during the 2007-2008 fiscal year. The ATIP Policy Suite Renewal Initiative will be ongoing for the next couple of years.

The ATIP Directorate is represented on a departmental committee, the Computer Forensics Working Group, chaired by the Information Technology Security Directorate, where advice is required for the development of a process/protocol for ensuring that the IT evidence gathered during an investigation is preserved in a way that it can be admitted in a court of law.

2.2 Information Sessions

During the last fiscal year, the ATIP Directorate has not given any presentation specific to privacy. However, a privacy overview is typically incorporated into the general ATIP information sessions. These are included in the PWGSC Annual Report on the Access to Information Act.

One Info Source group training session and 14 one-on-one briefings were also provided to 42 departmental Info Source Coordinators, managers and employees to provide advice and guidance with respect to TBS requirements for the personal information banks.


Top of Page
2.3 Collection, Use and Disclosure of Personal Information
2.3.1 Personal Information Banks (PIBs)

The ATIP Directorate must be notified where personal information in a PIB is used or disclosed for a use consistent with the purpose for which the information was obtained or compiled by the Department, but where such use is not included in the statement of consistent uses published in Info Source.

One PIB was registered with the Treasury Board Secretariat in 2007-2008.

  • PWGSC PCU 606 - Government of Canada Public Key Infastructure (GC PKI) Certificates

The ATIP Directorate continued to work with TBS and the PWGSC branches on the development of the following new and revised PIBs:

Central Banks (General Public)

  • PWGSC PCU 603 - Public Enquiry
  • PWGSC PCU 604 - Government of Canada Publication Orders
  • PWGSC PCU 705 - Public Pay Systems
  • PWGSC PCU 707 - Directory Services

Central Banks (Employees)

  • PWGSC PCE 702 - Public Service Pensions Data Bank
    (changing to PWGSC PPU 135)
  • PWGSC PCE 706 - Shared Travel Services

Particular Banks (General Public)

  • PWGSC PPU 050 - Telephone Call Detail
  • PWGSC PPU 090 - Cheque Redemption
  • PWGSC PPU 095 - Bill Payment and Image Archival Records
  • PWGSC PPU 110 - Secure Channel Client Service Centre (abandoned)
  • PWGSC PPU 125 - Seized Assets Registry
  • PWGSC PPU 136 - Electronic Remittances
  • PWGSC PPU 151 - Library Services

Particular Banks (Employees)

  • PWGSC PPE 840 - Informal Conflict Resolution
  • PWGSC PPE 845 - CS Development Program
  • PWGSC PPE 850 - Translation Bureau Integrated Information System

Standard Banks (General Public)

  • PWGSC PSU 912 - Contracts
  • PWGSC PSU 917 - Personnel Security Screening
2.3.2 Exempt Banks

PWGSC does not have any exempt banks.


Top of Page
2.3.3 Departmental Forms

Departmental Policy 061 (Forms Management) requires that all new and revised forms that collect personal information be reviewed by the ATIP Directorate to ensure compliance with privacy legislative and policy requirements. During the 2007-2008 fiscal year, 20 requests were submitted for a compliance review and the development of the required privacy notice.

2.3.4 Disclosure Under Paragraph 8(2)(e) of the Act

The Department processed 14 requests for the disclosure of personal information to investigative bodies during 2007-2008.

A copy of every request received under paragraph 8(2)(e) and a record of any information disclosed pursuant to the request is kept in accordance with subsection 8(4) of the Privacy Act.

2.3.5 Disclosure Under Other Paragraphs of Subsection 8(2) of the Act

During fiscal year 2007-2008, PWGSC disclosed personal information pursuant to paragraphs 8(2)(a), 8(2)(b), 8(2)(c) and 8(2)(f) of the Privacy Act. There was no disclosure made under paragraphs 8(2)(g) or 8(2)(m) of the Act.

In accordance with subsection 9(1) of the Act, the Department retains a record of any use or purpose for which the information is disclosed by the institution where the use or purpose is not identified in the relevant Personal Information Bank.

An excerpt of the Privacy Act, sections 8 and 9 is enclosed at Annex B for reference.

2.3.6 Data Matching and Sharing Activities

The following data matching and sharing activities were initiated in 2007-2008.

Use and Storage of the Social Insurance Number (SIN) for Pension Purposes

During fiscal year 2007-2008, PWGSC has been working closely with TBS on a proposal to authorize the use of the SIN for pension plan administration purposes. The use of the SIN is required to administer the legislated requirements of the Public Service Pension Plan, the Canadian Forces Pension Plan and the Royal Canadian Mounted Police (RCMP) Pension Plan. Individuals can only contribute to a maximum of 35 years among the three pension plans, and to one plan at a time for any period of service. A Memorandum of Understanding (MOU) between PWGSC, National Defence and the RCMP has been prepared and provided to TBS for their review.

Industrial Security MOUs with Foreign Nations

The Canadian and International Industrial Security Directorate is responsible for the negotiation of Industrial Security MOUs with foreign countries. Two Annexes (Protected A and Protected B Sharing of Information) were drafted for various stakeholders to review and identify privacy concerns, and provide any relevant recommendations. This initiative will be resumed in 2008-2009.


Top of Page

3. Privacy Impact Assessments (PIA)

The Treasury Board of Canada approved the Privacy Impact Assessment (PIA) Policy, with an effective date of May 2, 2002. The goal of the policy is to allow government institutions to identify whether a program or a service delivery initiative, involving the collection, use or disclosure of personal information as defined in the Privacy Act, complies with the privacy principles and to help officials avoid or mitigate any identifiable risks to privacy.

The ATIP Directorate has developed a departmental PIA framework and a draft departmental PIA policy that clearly outline the review and approval process within PWGSC, as well as the roles and responsibilities of stakeholders. Project managers have followed the framework and the draft policy when conducting their PIAs.

The ATIP Directorate provides advice and guidance to PWGSC managers throughout the PIA process, including the review of draft/final PIA reports and liaison with the Office of the Privacy Commissioner.

PIAs are required when a program or service is contracted out to the private sector. Currently, when the PWGSC Legal Services unit reviews contractual terms and conditions, they inform the contracting officers to contact the ATIP Directorate to advise on the need for a PIA. The ATIP Directorate informs the contracting officers to check with their client departments and provides the name and telephone number of the client department's ATIP Coordinator. The PWGSC ATIP Directorate also advises on the requirement to include appropriate security and privacy clauses in the procurement documentation.

In collaboration with the Information Technology Services Branch, the ATIP Directorate launched its Internet site in January 2005. The site is intended to facilitate the public's understanding of the Access to Information Act, the Privacy Act and associated departmental procedures. Summaries of the results of PIA reports conducted by PWGSC are published on this web site.

In fiscal year 2007-2008, the ATIP Directorate was involved in several departmental initiatives that required the development of PIAs and Preliminary PIAs (PPIAs).

Table I
PIAs and PPIAs
Reporting Period PIAs1 PPIAs
Outstanding
from
Previous
Years		 Initiated Completed Cancelled
or
Postponed		 Carry
Forward
to Next
Fiscal Year
2005-2006 11 10 8 0 13 9
2006-2007 13 0 0 0 13 4
2007-2008 13 1 2 6 6 0
3.1 PIAs Completed

The following PIAs were completed and sent to the Privacy Commissioner of Canada during the 2007-2008 fiscal year:

  • Compensation Web Application - Release 2
  • Ministerial and Deputy Ministerial Correspondence Tracking System (CCM Mercury)
3.2 PIAs Cancelled or Postponed

The PIAs for the following projects were cancelled or postponed due to budget restrictions, initiative not being pursued or applications being abandoned.

  • Harmonization of Control Goods Program and Industrial Security Program
  • PSSA Self Service Web Application
  • Translation Bureau Central Archives
  • Translation Bureau File Transfer Protocol
  • Translation Bureau Intranet, Extranet and Internet
  • Translation Bureau Training Site

Top of Page
3.3 PIAs Being Conducted

The following PIAs, which were initiated in 2007-2008 and previous fiscal years, were still ongoing at the end of the reporting period:

  • Access and Identity Management Services - Release 2
  • Government of Canada Publications Website (previously entitled E-Bookstore)
  • Green Citizenship Passport Program
  • Secure Electronic Forms
  • Shared Travel Services Initiative - Release 3.0
  • Translation Bureau Termium Plus
3.4 Preliminary PIAs (PPIAs)

When the detailed information required for a comprehensive assessment is not yet available, a PPIA may be completed. In exceptional circumstances, a PPIA may also be undertaken (instead of a full PIA) when the proposed initiative does not seem to raise privacy issues.

There were no PPIAs initiated in the 2007-2008 fiscal year.

The following PPIAs that were initiated in the previous years were completed during 2007-2008:

  • Common Business Authentication and Delegation Model
  • eContact
  • Electronic Freight Rate Information Base and E-form Entry (eFrisbee)
  • Government of Canada Marketplace
  • Information Protection Centre
  • Secure Channel Quebec Proof of Concept
  • Secure Channel Secure Message Routing Services

The PPIAs on the following projects were still ongoing at the end of the fiscal year:

  • Hosting Environment
  • Secure Channel Managed Security services
  • Secure Electronic Forms

Top of Page

4. Statistical Report: Interpretation and Explanation of Trends

4.1 Requests under the Privacy Act

It is the practice of PWGSC to process requests formally where the information is sensitive and may be subject to an exemption or an exclusion pursuant to sections 18 through 28, 69 and 70 of the Act.

There were 67 requests filed under the Privacy Act in 2007-2008. The majority of the cases were for documents related to security clearances (20 per cent), labour relations and investigations (18 per cent), pension and pay (16 per cent), and other employment related records (13 per cent). The remaining cases were for correspondence and other personal information pertaining to the applicants (33 per cent).

Compared with the last fiscal year, PWGSC experienced a six per cent decrease in the total number of privacy requests received.

Table II
Processing Trends for Privacy Requests
Reporting Period Outstanding Received Completed Carried
Forward
2005-2006 4 62 64 2
2006-2007 2 71 67 6
2007-2008 6 67 67 6
4.1.1 Interdepartmental Consultations

In addition to the privacy requests received by PWGSC, 10 government institutions consulted with PWGSC about the disclosure of information on 13 different cases. These consultation requests are not reflected in the statistical tables at Annex C, but they account for 23 per cent of the ATIP Directorate's privacy caseload.

4.1.2 Informal Review of Records

Applicants may obtain access to their personal information on an informal basis by contacting the manager of the program area who controls the records. In these instances, the ATIP Directorate provides assistance and advice on an "as required" basis.

Although not reflected in the statistical tables at Annex C, seven requests were submitted by management during the fiscal year for the informal review of documents prior to their proactive disclosure to the individuals concerned. A total of 715 pages were reviewed and recommended for release on an informal basis.


Top of Page
4.2 Disposition of Completed Requests

Of the 73 requests processed, 67 (92 per cent) were completed during the 2007-2008 reporting period. The processing of the remaining six requests (eight per cent) was not completed as of March 31, 2008.

Taking into account only those cases where the Department was able to process the request, information was released, either in whole or in part, in 72 per cent of the cases.

The completed requests are categorized as follows:

4.2.1 All Disclosed

In 21 of the 67 completed cases (31 per cent), the requesters were provided with complete access to the relevant records.

4.2.2 Disclosed in Part

In 27 instances (40 per cent), the requesters were granted partial access.

4.2.3 Nothing Disclosed (All Exempted or All Excluded)

There was no request where all of the information was withheld (exempted or excluded).

4.2.4 Unable to Process

After an initial review, the Department was unable to process 12 requests (18 per cent). In most instances, this was because the Department did not have any records that were relevant to the request.

4.2.5 Abandoned by the Applicant

Of the completed requests, five were considered to be abandoned (eight per cent). Such an action may occur at any stage of the request processing.

4.2.6 Transferred

Although there is no provision in the legislation for transferring a request, two requests (three per cent) were transferred with the consent of the applicant and agreement of the institution of greater interest.

4.3 Exemptions Invoked

An individual's right of access to their personal information under the Privacy Act is limited by a number of exemptions specified in sections 18 through 28 of the legislation.

Annex C is intended to show the types of exemptions invoked to refuse access. For example, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five exemptions. If the same exemption was used several times for the same request, it would be reported only once.

As noted in Annex C, the majority of the exemptions invoked was under section 26 (information about another individual) of the Act.


Top of Page
4.4 Exclusions Invoked

The Act does not apply to published material or material available for purchase by the public, library or museum material preserved solely for public record, material placed in the Library and Archives Canada, or records considered to be confidences of the Queen's Privy Council, pursuant to sections 69 and 70 of the Act respectively.

As in the case of exemptions, Annex C is intended to show the types of exclusions invoked to refuse access. For example, if five different exclusions are cited in one request, one exclusion under each relevant section would be reported for a total of five. If the same exclusion was used several times for the same request, it would be reported only once.

No exclusion was cited in dealing with privacy requests.

4.5 Extension of the Time Limits

Time extensions were required and taken on 19 cases. In three cases, there was the need to consult with other government departments. For the remaining 16 cases, meeting the original time limit would have unreasonably interfered with the operations of the institution.

4.6 Completion Time

Forty-four requests (66 per cent) were completed within the first 30 days, 12 (18 per cent) were completed within 31 to 60 days, and five (seven per cent) were completed between 61 and 120 days from the date of receipt by the Department. Six cases (nine per cent) required more than 120 days to process.

4.7 Translations

There was no request for the translation of information from one official language to another.

4.8 Method of Access

Copies of the records were given in response to 48 requests (72 per cent). It should be noted that this category reflects only those requests where the information was all disclosed or disclosed in part.

4.9 Corrections and Notations

There was no request received for the correction of personal information or for a notation to be placed on a file.

4.10 Costs

Salary costs associated with privacy issues were $221,270, and operational and maintenance costs were $87,359, for a total cost of $308,629. The associated full-time equivalent resources utilization was 3.2.


Top of Page

5. Complaints and Requests for Judicial Review

Table III provides a breakdown of the complaints made to the Privacy Commissioner of Canada and of requests for judicial review made to the Federal Court of Canada, over the past three fiscal years.

Table III
Complaints and Requests for Judicial Review
Reporting Period Complaints Requests for Judicial Review
2005-2006 7 0
2006-2007 2 0
2007-2008 2 1
5.1 Complaints to the Office of the Privacy Commissioner of Canada

The ATIP Directorate saw no change in the number of complaints made to the Privacy Commissioner of Canada in the 2007-2008 fiscal year.

Of the two complaints lodged with the Office of the Privacy Commissioner during the fiscal year, both concerned the delay in providing a response to the requestor.

Three investigations were concluded relating to complaints that had been received by PWGSC in this and previous fiscal years. Two complaints were resolved to the satisfaction of the requestor and the other one was settled in the course of the investigation. Two complaint investigations were still being conducted at the end of the fiscal year.

5.2 Requests for Judicial Review

There was one request made to the Federal Court of Canada seeking a judicial review.

Federal Court File Number T-1314-07: The applicant sought a review by the Federal Court as PWGSC failed to provide the information requested within time period established under the Privacy Act. The documents were disclosed to the applicant in September 2007 and the application has been discontinued.

Annex A: Delegation of Authorities (Excerpt)

For information on this Annex A: Delegation of Authorities (Excerpt),
see Annex A: Delegation of Authority (Excerpt).


Top of Page

Annex B - Privacy Act, Sections 8 and 9 (Excerpt)

Disclosure of personal information

8. (1) Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.

Where personal information may be disclosed

(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed

  1. for the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose;
  2. for any purpose in accordance with any Act of Parliament or any regulation made there under that authorizes its disclosure;
  3. for the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information;
  4. to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada;
  5. to an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed;
  6. under an agreement or arrangement between the Government of Canada or an institution thereof and the government of a province, the council of the Westbank First Nation, the council of a participating First Nation — as defined in subsection 2(1) of the First Nations Jurisdiction over Education in British Columbia Act —, the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful investigation;
  7. to a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem;
  8. to officers or employees of the institution for internal audit purposes, or to the office of the Comptroller General or any other person or body specified in the regulations for audit purposes;
  9. to the Library and Archives of Canada for archival purposes;
  10. to any person or body for research or statistical purposes if the head of the government institution
    1. is satisfied that the purpose for which the information is disclosed cannot reasonably be accomplished unless the information is provided in a form that would identify the individual to whom it relates, and
    2. obtains from the person or body a written undertaking that no subsequent disclosure of the information will be made in a form that could reasonably be expected to identify the individual to whom it relates;
  11. to any aboriginal government, association of aboriginal people, Indian band, government institution or part thereof, or to any person acting on behalf of such government, association, band, institution or part thereof, for the purpose of researching or validating the claims, disputes or grievances of any of the aboriginal peoples of Canada;
  12. to any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada by that individual or make a payment owing to that individual by Her Majesty in right of Canada; and
  13. for any purpose where, in the opinion of the head of the institution,
    1. the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or
    2. disclosure would clearly benefit the individual to whom the information relates.

Personal information disclosed by Library and Archives of Canada

(3) Subject to any other Act of Parliament, personal information under the custody or control of the Library and Archives of Canada that has been transferred there by a government institution for historical or archival purposes may be disclosed in accordance with the regulations to any person or body for research or statistical purposes.

Copies of requests under paragraph (2)(e) to be retained

(4) The head of a government institution shall retain a copy of every request received by the government institution under paragraph (2)(e) for such period of time as may be prescribed by regulation, shall keep a record of any information disclosed pursuant to the request for such period of time as may be prescribed by regulation and shall, on the request of the Privacy Commissioner, make those copies and records available to the Privacy Commissioner. Notice of disclosure under paragraph (2)(m)

Record of disclosures to be retained

9. (1) The head of a government institution shall retain a record of any use by the institution of personal information contained in a personal information bank or any use or purpose for which that information is disclosed by the institution where the use or purpose is not included in the statements of uses and purposes set forth pursuant to subparagraph 11 (1) (a) (iv) and subsection 11(2) in the index referred to in section 11, and shall attach the record to the personal information.


Top of Page

Annex C: Statistical Report - Privacy Act

PDF Version  63KB
Help with Alternative Format

Institution: PUBLIC WORKS AND GOVERNMENT SERVICES CANADA
Reporting period: 4/1/2007 to 3/31/2008

I. Requests under the Privacy Act

Received during reporting period: 67
Outstanding from previous period: 6

TOTAL: 73

Completed during reporting period: 67
Carried forward: 6

II. Disposition requests completed

  1. All disclosed: 21
  2. Disclosed in part: 27
  3. Nothing disclosed (exclusion): 0
  4. Nothing disclosed (exemption): 0
  5. Unable to process: 12
  6. Abandoned by applicant: 5
  7. Transferred: 2

TOTAL: 67


Top of Page

III. Exemptions invoked

ExemptionsNumbers
S.
Art. 18(2) 		0
S.
Art. 19(1)(a) 		0
(b) 0
(c) 0
(d) 0
S.
Art. 20		 0
S.
Art. 21		 0
S.
Art. 22(1)(a)		 1
(b) 1
(c) 0
S.
Art. 22(2)		 0
S.
Art. 23(a)		 0
(b) 0
S.
Art. 24		 0
S.
Art. 25		 0
S.
Art. 26		 16
S.
Art. 27		 8
S.
Art. 28		 0

IV. Exclusions cited

ExclusionsNumbers
S.
Art. 69(1)(a) 		0
(b) 0
S.
Art. 70(1)(a)		 0
(b) 0
(c) 0
(d) 0
(e) 0
(f) 0

V. Completion time

  • 30 days or under: 44
  • 31 to 60 days: 12
  • 61 to 120 days: 5
  • 121 days or over: 6

Top of Page

VI. Extensions

30 days or under

  • Interference with operations: 16
  • Consultation: 3
  • Translation: 0

TOTAL: 19

31 days or over

  • Interference with operations: 0
  • Consultation: 0
  • Translation: 0

TOTAL: 0

VII. Translations

Translations requested: 0

  • Translations prepared
    • English to French: 0
    • French to English: 0

VIII. Method of access

  • Copies given: 48
  • Examination: 0
  • Copies and examination: 0

IX. Corrections and notation

  • Corrections requested: 0
  • Corrections made: 0
  • Notation attached: 0

X. Costs

Financial (all reasons)
  • Salary: $221,270
  • Administration (O and M): $87,359
  • TOTAL: $308,629
Person year utilizatlon (all reasons)
  • Person year (decimal format): 3.2

1 The number of PIAs and PPIAs for 2005-2006 and 2006-2007 have been revised to reflect those that changed from PIAs to PPIAs. (Back to note 1)

Date Modified: 2012-06-18

Top of Page
Important Notices