Public Works and Government Services Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > Accountability and Transparency > ATIP > Privacy Act - Annual Report 2008-2009

Institutional links

Privacy Act - Annual Report 2008-2009

Table of Contents

  1. Public Works and Government Services Canada
  1. Organization of the Access to Information and Privacy Directorate
  2. Summary of Activities and Highlights
  3. Privacy Impact Assessments
  4. Statistical Report - Interpretation and Explanation of Trends
  5. Complaints and Requests for Judicial Review

Top of Page

Preface

The Privacy Act (Revised Statutes of Canada, 1985, Chapter P-21) was proclaimed on July 1, 1983. The Act was most recently amended as a result of the royal assent of the Federal Accountability Act on December 12, 2006. Certain provisions came into force on December 12, 2006, and others took effect on April 1, 2007, and September 1, 2007.

The Privacy Act extends to individuals the right of access to information about themselves held by the government, subject to specific and limited exceptions. The Act also provides individuals the right to a reasonable expectation of privacy, including a basic right to exercise control over the collection, use and disclosure of their personal information.

Section 72 of the Privacy Act requires that the head of every federal government institution prepare for submission to Parliament an annual report on the administration of the Act within their institution during each fiscal year.

This Annual Report provides a summary of the management and administration of the Privacy Act within Public Works and Government Services Canada (PWGSC) for the fiscal year 2008-2009.


Top of Page

Part I - Background

1. Public Works and Government Services Canada

The Department was originally founded in 1841 and was instrumental in the building of our nation's canals, roads and bridges, the Houses of Parliament, post offices, and federal buildings across the country.

Today, the Department has evolved into a sophisticated operational arm of government that employs nearly 14,000 staff working in the National Capital and five regional offices in Halifax, Montreal, Toronto, Edmonton, and Vancouver.

The Department of Public Works and Government Services Act, passed in 1996, established the Department and set out the legal authorities for services provided. Specifically, the Act established PWGSC as a common service agency providing government departments, boards and agencies with services in support of their programs, including:

  • acquisition of goods and services;
  • office accommodation and facilities;
  • architectural and engineering services;
  • construction, maintenance and repair of public works and federal real property; and,
  • provision of translation, information technology, telecommunications, industrial security, consulting and audit services.

The Act also specifies that the Minister of Public Works and Government Services is the Receiver General for Canada and has the authority for the administration of services related to benefits, superannuation and pension plans as well as disbursement of pay to federal employees.

PWGSC's goal is to run a business in a way that strengthens accountability and adds value to our clients. In doing so, PWGSC:

  • provides accommodation to parliamentarians and to more than 241,000 public servants in 1,800 locations across Canada;
  • injects more than $14 billion annually into the Canadian economy through government procurement;
  • issues nearly 13.5 million federal pay and pension payments to Canadians;
  • helps more than 18,000 small- and medium-sized enterprises do business with the federal government;
  • provides translation and interpretation services annually for more than 2,000 sessions of Parliament and 1.5 million pages of translation for other federal organizations; and,
  • handles more than $1.6 trillion in cash flow transactions as the Receiver General for Canada.

In 2008, we improved our reporting to Parliament by streamlining our Program Activity Architecture, which consolidates the number of program activities from twenty-six to nine, and establishes the strategic outcome as follows: High-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions.

The PWGSC program activities, which contribute to the Department's strategic outcome, are as follows:

  • Acquisitions;
  • Accommodation and Real Property Assets Management;
  • Receiver General for Canada;
  • Information Technology Infrastructure;
  • Federal Pay and Pension Administration;
  • Linguistic Management and Services;
  • Specialized Programs and Services;
  • Procurement Ombudsman; and,
  • Internal Services.

Top of Page

Part II - Report on the Privacy Act

1. Organization of the Access to Information and Privacy Directorate

The Access to Information and Privacy Directorate (ATIP) administers the provisions of the Privacy Act for PWGSC, including two Special Operating Agencies, Audit Services Canada and the Translation Bureau, as well as the Office of the Procurement Ombudsman.

The Director, ATIP, reports to the Director General, Executive Secretariat, who, in turn, reports to the Assistant Deputy Minister, Corporate Services, Policy and Communications. For most of the 2008-2009 fiscal year, the ATIP Directorate has operated with five teams to manage the requests received within the Department. Overseeing these teams, and reporting to the Director, ATIP, were two Managers, Risk and Quality Management. Four of the teams were responsible for processing ATIP requests, consultations, complaints, and court cases received by the Department, while the other team was dedicated to privacy policy. The administrative functions of the ATIP Directorate were supported by an administrative assistant and three clerks.

1.1 Delegation Instruments

Under section 3 of the Privacy Act, the Minister of the Department is designated as the head of the government institution for purposes of the administration of the Act. Pursuant to section 73, the Minister may delegate any of his powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head, specified in the order.

Within PWGSC this delegation instrument continued to be based on a centralized process with the Director General, Executive Secretariat, who reports to the Assistant Deputy Minister of Corporate Services, Policy and Communications Branch, the Director, ATIP, and the Managers, Risk and Quality Management, having full delegated authority under the Privacy Act, with the exception of paragraph 8(2)(m). Certain administrative functions are also delegated to the ATIP Chiefs to speed the processing of requests.

An excerpt of the Delegation of Authorities approved by the Minister of Public Works and Government Services is enclosed at Annex A: Delegation of Authority (Excerpt).

The Director, Cheque Redemption Control, in Matane, Quebec, shares administrative powers under paragraph 8(2)(e) of the Act in regard to releasing transacted cheques to law enforcement bodies. This provides administrative flexibility in processing requests for cheques issued under the authority of the Receiver General for Canada.


Top of Page
1.2 Responsibilities of the ATIP Directorate

The responsibilities of the ATIP Directorate include the following

  • Managing all activities within PWGSC relating to the operation of the Act, as well as the regulations, directives and guidelines pursuant to them.
  • Developing, producing and promulgating departmental privacy policies, procedures, standards and guidelines.
  • Developing and delivering awareness training to PWGSC managers and staff to ensure departmental responsiveness to the legal obligations imposed by the Act and associated regulations.
  • Reviewing departmental policies, procedures and agreements to ensure that they are in compliance with the provisions of the Act and making recommendations for amendments.
  • Defending institutional decisions on the administration of the Act during investigations conducted by the Privacy Commissioner of Canada and during judicial proceedings at the Federal Court of Canada and the Supreme Court of Canada.
  • Collaborating with departmental branches to ensure that Privacy Impact Assessments (PIAs) are completed and Personal Information Banks (PIBs) are established for new or substantially modified programs or activities, as well as registering the new or modified PIBs with the Treasury Board of Canada Secretariat (TBS).
  • Coordinating and approving the annual update of PWGSC's chapter in the TBS publication Info Source.
  • Reporting annually to Parliament, in accordance with section 72 of the Act and any instructions issued pursuant to paragraph 71(1)(e) of the Act.
  • Acting as spokesperson for the Department in dealings with TBS, the Privacy Commissioner of Canada and other government departments and agencies.
  • Notifying the Office of the Privacy Commissioner of Canada of any initiative or issue that may relate to the Privacy Act or any of its provisions, or that may have an impact on the privacy of Canadians, at a sufficiently early stage to permit the Commissioner to review and discuss the issues involved, including:
    1. New data matching programs by providing a copy of the departmental assessment of the program, at least 60 days before it is implemented.
    2. Use or disclosure of personal information in a manner consistent with the purpose for which the information was obtained or compiled, for which the consistent use is not identified in Info Source.
    3. Development of legislation or regulations with privacy implications, prior to submission of the appropriate documentation for approval by the Governor-in-Council, or where applicable, prior to the approval of ministerial regulations.
    4. Disclosure in the public interest under paragraph 8(2)(m) of the Privacy Act, either prior to the disclosure, or if this is not practicable, at the time of disclosure.
    5. PIAs, at a reasonably early stage prior to implementing the initiative, program or service.
    6. Any suspected or actual breach or violation of security involving personal information.

The administration of the Act by the ATIP Directorate is also facilitated at the branch, sector, and regional office levels of PWGSC. Each organizational branch has an ATIP Liaison Officer who coordinates the collection of information and provides guidance to branch managers on the application of the Act, as well as related departmental directives and procedures.


Top of Page
1.3 Policies and Procedures
1.3.1 Departmental Policies

For the reference of all employees, departmental policies are posted on PWGSC's intranet.

Departmental Policy 002 outlines the privacy Delegation of Authority and sets out the definitions, and the roles and responsibilities of all stakeholders within PWGSC. An annex to the Policy has been developed to outline the administrative attribution of powers and the departmental guidelines and procedures with respect to the disclosure of personal information pursuant to subsection 8(2) of the Privacy Act. Paragraphs (8)(2)(j) and (m) of the Act continue to be delegated by the Minister pursuant to section 73 of the Act.

Departmental Policy 014 sets out definitions as well as the roles and responsibilities of employees with respect to the protection of personal information in the workplace.

1.3.2 ATIP Liaison Officer Handbook

The Departmental ATIP Liaison Officer Handbook outlines the intent and the requirements of the Privacy Act and related Treasury Board guidelines so that all staff are aware of their responsibilities for the collection, use, disclosure, retention and disposal of personal information. In particular, staff are informed of their responsibilities to record and account for all uses and disclosures of personal information, by documenting all activities relating to personal information and by maintaining the relevant material on official departmental files.

Responsibility centres are also advised to consult with the ATIP Directorate before collecting any personal information and whenever there are questions relating to the retention and disposal of personal information.

The ATIP Liaison Officer Handbook is produced by the ATIP Directorate and is posted on PWGSC's intranet as a guide to:

  • introduce departmental ATIP Liaison Officers across the Department to the Privacy Act and regulations;
  • outline the roles and responsibilities of each PWGSC ATIP stakeholder; and,
  • provide national processing standards and guidelines for the centralized handling of requests.
1.3.3 ATIP Directorate Desk Procedures

The ATIP Directorate has developed and regularly updates its ATIP Officer Desk Procedures manual, to standardize the work procedures used by staff, to facilitate the training of new hires and to complement the functionality of the electronic ATIP tracking system.


Top of Page

2. Summary of Activities and Highlights

2.1 Management Accountability Framework Action Plan

PWGSC is committed to the continuous improvement of its management fundamentals and has used the results of the most recent Management Accountability Framework (MAF) assessment as a benchmark. Senior management engagement has been key in building action plans that ensure ongoing improvement and monitor progress.

In 2008-2009, an action plan was developed to specifically address MAF Round V results relating to ATIP. Key objectives were: engagement of departmental executives on ATIP legislative and policy requirements as well as clarifying accountabilities of departmental stakeholders in the ATIP process; inventory of all personal information in the Department; registration of all PIBs and ensuring all relevant information holdings are described in PWGSC's Info Source chapter; piloting the revised TBS PIA process with the Office of the Procurement Ombudsman; and, undertaking awareness training sessions.

2.1.1 MAF Action Plan Activities Undertaken During The Fiscal Year
  • A presentation was delivered to the Department Policy Committee on November 24, 2008, as well as follow-up presentations to branch management committees to inform executives of the MAF results and engage them on the plan to address the gaps identified in the MAF assessment.
  • Between January and March 2009, an inventory of all personal information held by the Department was compiled using the new PIB template developed by TBS. The intent is to identify, develop and register any resulting new and/or revised PIBs and to ensure that all registered PIBs and classes of personal information are included in PWGSC's Info Source chapter in accordance with the Privacy Act.
  • In preparing the annual update of Info Source, the ATIP Directorate obtained a copy of the most recent departmental Program Activity Architecture in order to revise the description of PWGSC's main functions, programs and activities in accordance with the requirements and format instructions for Info Source.
  • In order to assist branch coordinators with the required input, the ATIP Directorate developed a table listing all of the program activities and sub-activities, and whether classes of records, PIBs, classes of personal information, and manuals existed or were required for any of the listed activities. See also section 2.4 for additional information on training sessions and briefings delivered to departmental Info Source coordinators.
  • As a member of the TBS ATIP Working Group, the ATIP Directorate volunteered to work with the Office of the Procurement Ombudsman to pilot the new PIA template and to provide feedback to TBS.

Top of Page
2.2 ATIP Officer Development Program

The ATIP Officer Development Program was developed in 2006 to address the Department's mid- and long-term shortage of skilled ATIP professionals by recruiting new employees at the junior level, fostering their loyalty to PWGSC, and preparing them to fill senior ATIP Officer positions at the PM-04 group and level within a three-year horizon. The Program is also intended to reduce the costs associated with the competitive staffing process and, in the long-term, the use of consultants.

As part of the ATIP Improvement Plan, and in order to develop and retain our employees, the Program was revised in 2008-2009 to include all ATIP Officers at the PM-01, -02 and/or -03 group and levels that are currently employed in the ATIP Directorate or hired through regular advertised processes. This accelerated approach to learning has been adopted by other departments as a method of addressing skills shortages in the ATIP community.

2.3 Committees

The Director, ATIP, is a member of the Interdepartmental ATIP Working Group that is chaired by TBS. In this capacity, PWGSC participated in the development of new directives on privacy requests and correction of personal information; privacy practices; and, privacy impact assessment during the 2008-2009 fiscal year.

2.4 Information Sessions

During the fiscal year, four information sessions on privacy legislative and policy requirements were given to approximately 65 managers in the Information Technology Services, Human Resources, Acquisitions, Accounting, Banking and Compensation branches of PWGSC.

In addition, two group training sessions and several one-on-one briefings were also provided to 30 departmental Info Source coordinators, managers and employees to provide advice and guidance on TBS requirements as well as to address the gaps identified in the MAF Round V Assessment and to improve the content of PWGSC's chapter of Info Source.

Furthermore, an overview of Privacy is incorporated into the general ATIP information sessions that were delivered to approximately 450 participants during the fiscal year and are described in the PWGSC Annual Report on the Access to Information Act.


Top of Page
2.5 Collection, Use and Disclosure of Personal Information
2.5.1 Personal Information Banks

The ATIP Directorate must be notified whenever personal information in a PIB is used or disclosed for a use consistent with the purpose for which the information was obtained or compiled by the Department, but where such use is not included in the statement of consistent uses published in Info Source.

The following eleven new and revised PIBs1 were registered with TBS in 2008-2009:

  • PWGSC PPU 026 - Buyer Information
  • PWGSC PPU 051 - PWGSC's T1204 Tombstone Information
  • PWGSC PPU 071 - Supplier Registration Index
  • PWGSC PPU 125 - Seized Property Management Information System
  • PWGSC PPU 155 - Financial Delegation of Authority Database
  • PWGSC PPU 182 - Conflict Management - Contracts
  • PWGSC PPU 183 - Fairness Monitoring - Procurement Process
  • PWGSC PPU 702 - Public Services Pensions Data Bank
  • PWGSC PPU 705 - Public Service Compensation Systems
  • PWGSC PCE 706 - Shared Travel Services Initiative - Traveller Profile
  • PWGSC PCU 707 - Directory Services

The Department also registered six new Standard PIBs developed by TBS:

  • PWGSC PSE 902 - Staffing
  • PWGSC PSU 906 - Internal Disclosure of Wrongdoing in the Workplace
  • PWGSC PSE 911 - Discipline
  • PWGSC PSE 912 - Performance Management Reviews
  • PWGSC PSU 914 - Public Communications
  • PWGSC PSU 918 - Governor In Council Appointments

The ATIP Directorate continued to work with TBS and branches of PWGSC on the development of the following new and/or revised PIBs:

  • PWGSC PPU 001 - Procurement Ombudsman - Complaints
  • PWGSC PPU 006 - List of Landlords
  • PWGSC PPU 028 - On-Line Standards
  • PWGSC PPU 040 - Direct Deposit Interface System
  • PWGSC PPU 045 - Controlled Goods Registry Information
  • PWGSC PPU 050 - Telephone Call Details
  • PWGSC PPU 070 - List of Land Surveyors
  • PWGSC PPU 115 - Internet, Intranet Services, and Extranet Services
  • PWGSC PPU 136 - Electronic Remittance
  • PWGSC PPU 150 - Crown Copyright
  • PWGSC PPU 153 - SIGMA User Profile
  • PWGSC PPU 185 - Green Citizenship
  • PWGSC PCU 603 - Public Enquiry
  • PWGSC PCU 604 - Government of Canada Publication Orders
  • PWGSC PCU 709 - Bill Payment Services and Image Archival Records
  • PWGSC PPE 840 - Informal Conflict Resolution
  • PWGSC PPE 845 - CS Development Program
  • PWGSC PPE 850 - Translation Bureau Integrated Information System
  • PWGSC PSU 936 - Library Services

Between January and March 2008, an inventory of personal information held by the Department was compiled to ensure that all personal information is appropriately described in accordance with the Privacy Act. During the next fiscal year, the ATIP Directorate will identify, develop and register any new or revised PIBs resulting from this inventory.


Top of Page
2.5.2 Exempt Banks

PWGSC does not have any exempt banks.

2.5.3 Departmental Forms

Departmental Policy 061 (Forms Management) requires that all new and revised forms that collect personal information be reviewed by the ATIP Directorate to ensure compliance with privacy legislative and policy requirements. During the 2008-2009 fiscal year, 48 forms were submitted for review and 46 reviews were completed. Of these forms, 38 were used in pension administration.

2.5.4 Disclosure Under Paragraph 8(2)(e) of the Act

The Department processed seven disclosures of personal information to investigative bodies during 2008-2009.

A copy of every request received under paragraph 8(2)(e), and a record of any information disclosed pursuant to the request, is kept in accordance with subsection 8(4) of the Privacy Act.

2.5.5 Disclosure Under Other Paragraphs of Subsection 8(2) of the Act

During fiscal year 2008-2009, PWGSC disclosed personal information pursuant to paragraph 8(2)(f) of the Privacy Act. There were no disclosures made under paragraphs 8(2)(g) or 8(2)(m) of the Act.

In accordance with subsection 9(1) of the Act, the Department retains a record of any use or purpose for which the information is disclosed where that use or purpose is not identified in the relevant PIB.

An excerpt of the Privacy Act, sections 8 and 9 is enclosed at Annex B: Privacy Act, Sections 8 and 9 (Excerpt) for reference.

2.5.6 Data Sharing Activities

The following one data sharing activity was initiated in 2008-2009.

Memorandum of Understanding between the Controlled Goods Directorate and the Canadian Security Intelligence Service

The Controlled Goods Directorate (CGD) is responsible for the security assessment of foreign temporary workers and visitors who may have access to controlled goods. A Memorandum of Understanding was prepared to formalize mechanisms by which the CGD provides personal information on individuals registering under the Contolled Goods Regulations to the Canadian Security Intelligence Service to conduct security assessments.


Top of Page

3. Privacy Impact Assessments

The Treasury Board of Canada approved the Privacy Impact Assessment Policy with an effective date of May 2, 2002. The goal of the Policy is to allow government institutions to identify whether a program or a service delivery initiative, involving the collection, use or disclosure of personal information as defined in the Privacy Act, complies with privacy principles. The Policy also aims to avoid or mitigate any identifiable risks to privacy.

In 2005, the ATIP Directorate developed a departmental PIA framework and a draft departmental PIA policy that established the review and approval process within PWGSC, as well as the roles and responsibilities of stakeholders. Project managers follow this framework and draft policy when conducting PIAs. A revised policy, that will align with TBS's forthcoming PIA directive, is planned for next fiscal year.

The ATIP Directorate staff provides advice and guidance to PWGSC managers throughout the PIA process, including the review of PIA reports and liaison with the Office of the Privacy Commissioner.

Currently, when PWGSC's Legal Services unit employees review contractual terms and conditions, they inform contracting officers to seek the advice of the ATIP Directorate on the need for a PIA. The ATIP Directorate informs the contracting officers to check with their client departments and provides the name and telephone number of the responsible ATIP Coordinator. PWGSC's ATIP Directorate also advises on the requirement to include appropriate security and privacy clauses in procurement documentation.

In collaboration with the Information Technology Services Branch, the ATIP Directorate launched its Internet site in January 2005. The site is available at The Access to Information and Privacy Programs. The site is intended to facilitate the public's understanding of the Access to Information Act, the Privacy Act and associated departmental procedures. Summaries of the results of PIA reports conducted by PWGSC are published on this Web site.

The Department is modernizing its pension systems in order to generate savings and to improve how it delivers these services to current and retired public servants. Using information technology products, services and programs more effectively and efficiently is also a key priority for PWGSC. As a result, the Department must conduct PIAs for the programs and services that are substantially redesigned or transformed for electronic service delivery in a manner that affects the collection, use or disclosure of personal information. This has lead to the initiation of nine new PIAs in fiscal year 2008-2009 and the ATIP Directorate's involvement in their development.

Table I
PIAs and PPIAs
Reporting Period PIAs PPIAs
Outstanding from Previous Years Initiated Completed Cancelled or Postponed Carried Forward to Next Fiscal Year
2006-2007 13 0 0 0 13 4
2007-2008 13 1 2 6 6 0
2008-2009 6 9 2 1 12 0

Top of Page
3.1 PIAs Completed

The following PIAs were completed and sent to the Privacy Commissioner of Canada during the 2008-2009 fiscal year:

  • Government of Canada Pension Modernization Project - Release 1.0
    The Government of Canada undertook a PIA to ensure that privacy was considered throughout the development and deployment of Release 1.0 of the Pension Modernization Project (PenMod). The privacy risks identified in the PIA of PenMod Release 1.0 were rated Low in severity. The proposed mitigating mechanisms for the identified privacy risks indicate a continued commitment by the Crown to ensure the confidentiality and privacy of personal information collected from individuals. The PIA summary is available at Privacy Impact Assessment Summary.
  • Government of Canada Publications Website
    PWGSC's Publishing and Depository Services Program created a Web application to provide an integrated computerized solution for the management, publishing, promotion and sales of Government of Canada publications. Results of the PIA demonstrated that the Publications Website application presents few privacy risks to Canadians and these have been mitigated by implementing the recommendations in the Privacy Risk Management Plan. The PIA summary is available at Publications Website Privacy Impact Assessment Summary.
3.2 PIAs Cancelled or Postponed

The PIA for the following project was cancelled or postponed due to budget restrictions, initiative not being pursued or application being abandoned.

  • Translation Bureau Termium Plus
3.3 PIAs Being Conducted

The following PIAs, which were initiated in 2008-2009 and previous fiscal years, were still ongoing at the end of the reporting period:

  • Access and Identity Management Services - Release 2
  • Certification Program for Federal Government Procurement and Material Management
  • Green Citizenship Passport Program (GCPP)
  • Industrial Security Program (ISP)
  • Managed Security Services
  • Online Personnel Security Screening Services to Passport Canada
  • Pay Card Access for Data Correction Purposes
  • Procurement Ombudsman Reviewing, Resolving, and Improving Procurement Related Issues
  • Provision of Services by the Cheque Redemption Control Directorate to Service Canada
  • Receiver General Buy Button Upgrade
  • Secure Electronic Forms
  • Shared Travel Services Initiative - Release 3.0
3.4 Preliminary PIAs

When the detailed information required for a comprehensive assessment is not yet available, a Preliminary PIA (PPIA) may be completed. In exceptional circumstances, a PPIA may also be undertaken, instead of a full PIA, when the proposed initiative does not appear to raise privacy issues.

There were no PPIAs completed in the 2008-2009 fiscal year.


Top of Page

4. Statistical Report: Interpretation and Explanation of Trends

4.1 Requests under the Privacy Act

It is the practice of PWGSC to process requests formally where the information is sensitive and may be subject to an exemption or an exclusion pursuant to sections 18 through 28, 69 and 70 of the Act.

There were 61 requests filed under the Privacy Act in 2008-2009. The majority of the cases (20 percent) were for documents related to security clearances, 18 percent labour relations and investigations, 16 percent pension and pay, and 13 percent other employment related records. The remaining cases (33 percent) were for correspondence and other personal information pertaining to the requesters.

Compared with the last fiscal year, PWGSC experienced a nine percent decrease in the total number of privacy requests received.

Table II provides the related detail.

Table II
Processing Trends for Privacy Requests
Reporting Period Outstanding Received Completed Carried Forward
2006-2007 2 71 67 6
2007-2008 6 67 67 6
2008-2009 6 61 56 11
4.1.1 Interdepartmental Consultations

In addition to privacy requests, the Department received six privacy consultations from six different federal institutions in 2008-2009, on a total of 39 pages of records. On average, PWGSC responded to consultations within 18 days. These consultation requests are not reflected in the statistical tables at Annex C: Statistical Report - Privacy Act but do account for nine percent of the ATIP Directorate's privacy caseload.

4.1.2 Informal Review of Records

Requesters may obtain access to their personal information on an informal basis by contacting the manager of the program area that controls the records. In these instances, the ATIP Directorate provides assistance and advice on an as required basis. Although not reflected in the statistical tables at Annex C: Statistical Report - Privacy Act, one request consisting of 364 pages was referred informally during the fiscal year prior to its proactive disclosure.


Top of Page
4.2 Disposition of Completed Requests

Of the 67 requests in progress, 56 requests (84 percent) were completed during the 2008-2009 reporting period. The remaining 11 requests (16 percent) were carried forward to the next fiscal year. Of this number, 8 were received in March 2009 and could not be completed before the end of the fiscal year.

Of the 56 cases where the Department completed the request, information was released either in whole or in part in 32 requests (57 percent). The 56 completed requests represent approximately 16,000 pages of records reviewed, and 7,571 pages released.

4.2.1 All Disclosed

In 13 of the 56 completed cases (23 percent), the applicants were provided with full access to the relevant records. This figure is a decrease by eight percentage points from last fiscal year.

4.2.2 Disclosed in Part

PWGSC was compelled by the exemptive and exclusionary provisions of the Privacy Act to provide applicants partial access in 19 of the 56 completed cases or 34 percent. This represents a six percentage point decrease from last fiscal year. In most instances, the information withheld relates to information about other individuals.

4.2.3 Nothing Disclosed (All Exempted or All Excluded)

In 2 of the 56 completed requests (5 percent), PWGSC was compelled by the exemptive and exclusionary provisions of the Privacy Act to release no information. This represents an increase from the previous fiscal year when all completed requests resulted in disclosures.

4.2.4 Unable to Process

After an initial review, the Department was unable to process 18 requests (32 percent). In all instances this was because the Department did not have any records relating to the request.

4.2.5 Abandoned by the Applicant

Of the completed privacy requests, 4 (7 percent) were eventually considered to be abandoned. Such an action may occur at any point in the processing of a request.

4.2.6 Transferred

None of the 56 requests completed were transferred to another government institution in 2008-2009.


Top of Page
4.3 Exemptions Invoked

An individual's right of access to his/her personal information under the Privacy Act is limited by a number of exemptions specified in sections 18 through 28 of the legislation.

Annex C: Statistical Report - Privacy Act is intended to show the types of exemptions invoked to refuse access. For clarity purposes, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five exemptions. If the same exemption was used several times for the same request, it would be reported only once.

As noted in Annex C: Statistical Report - Privacy Act, information about another individual (section 26 of the Act) accounts for the majority of the exemptions applied by the Department.

4.4 Exclusions Invoked

Pursuant to section 69, the Act does not apply to material that is published or available for purchase, library or museum material preserved solely for public record, material deposited with the Library and Archives Canada, as well as records considered to be confidences of the Queen's Privy Council of Canada pursuant to section 70 of the Act.

As in the case of exemptions, Annex C: Statistical Report - Privacy Act is intended to show the types of exclusions invoked. Again, for the sake of clarity, if five different exclusions are cited in one request, one exclusion under each relevant section would be reported for a total of five. If the same exclusion was used several times for the same request, it would be reported only once.

No exclusions were invoked by PWGSC during the processing of privacy requests in the 2008-2009 fiscal year.

4.5 Extension of the Time Limits

Of the 56 requests completed during the fiscal year, 13 needed to be extended in accordance with section 15 of the Privacy Act. Due to the nature of PWGSC's mandate, the records requested often contained sensitive information from another government department. As a result, in nine cases there was the need to consult with other government departments. For the remaining four cases, meeting the original time limit would have unreasonably interfered with the operations of the Department. On average, requests were completed within 38 days.

4.6 Completion Time

Within the first thirty days, 44 requests (79 percent) were completed, while 6 (11 percent) were completed within 31 to 60 days, and 2 (3 percent) were completed between 61 and 120 days from the date of receipt by the Department. Finally, 4 cases (7 percent) required more than 120 days to process. However, on average, privacy requests were completed within 38 days in 2008-2009 which is 12 days faster than the requests completed last year.


Top of Page
4.7 Translations

There were no requests for the translation of information from one official language to another.

4.8 Method of Access

Of the 32 requests in which information was released, the applicants received paper copies of the information in all cases.

4.9 Corrections and Notations

There were no requests for the correction of personal information or for a notation to be placed on a file.

4.10 Costs

The total salary costs associated with the privacy program were $221,815, and operations and maintenance costs were $207,358, for a combined total of $429,173. The associated full-time equivalent resources utilized were estimated at 2.75 for the 2008-2009 fiscal year.

5. Complaints and Requests for Judicial Review

The Table III provides a breakdown of the complaints made to the Privacy Commissioner of Canada and of requests for judicial review made to the Federal Court of Canada, for which PWGSC has been informed of over the past three fiscal years.

Table III
Complaints and Requests for Judicial Review
Reporting Period Complaints Requests for Judicial Review
2006-2007 2 0
2007-2008 2 1
2008-2009 0 0
5.1 Complaints to the Office of the Privacy Commissioner of Canada

No complaints were lodged with the Privacy Commissioner of Canada against PWGSC in the 2008-2009 fiscal year.

5.2 Requests for Judicial Review

There were no requests made to the Federal Court of Canada seeking a judicial review.


Top of Page

Annex B: Privacy Act, Sections 8 and 9 (Excerpt)

Disclosure of personal information

8. (1) Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.

Where personal information may be disclosed

(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed

  • (a) for the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose;
  • (b) for any purpose in accordance with any Act of Parliament or any regulation made thereunder that authorizes its disclosure;
  • (c) for the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information;
  • (d) to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada;
  • (e) to an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed;
  • (f) under an agreement or arrangement between the Government of Canada or an institution thereof and the government of a province, the council of the Westbank First Nation, the council of a participating First Nation - as defined in subsection 2(1) of the First Nations Jurisdiction over Education in British Columbia Act -, the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful investigation;
  • (g) to a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem;
  • (h) to officers or employees of the institution for internal audit purposes, or to the office of the Comptroller General or any other person or body specified in the regulations for audit purposes;
  • (i) to the Library and Archives of Canada for archival purposes;
  • (j) to any person or body for research or statistical purposes if the head of the government institution
    • (i) is satisfied that the purpose for which the information is disclosed cannot reasonably be accomplished unless the information is provided in a form that would identify the individual to whom it relates, and
    • (ii) obtains from the person or body a written undertaking that no subsequent disclosure of the information will be made in a form that could reasonably be expected to identify the individual to whom it relates;
  • (k) to any aboriginal government, association of aboriginal people, Indian band, government institution or part thereof, or to any person acting on behalf of such government, association, band, institution or part thereof, for the purpose of researching or validating the claims, disputes or grievances of any of the aboriginal peoples of Canada;
  • (l) to any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada by that individual or make a payment owing to that individual by Her Majesty in right of Canada; and
  • (m) for any purpose where, in the opinion of the head of the institution,
    • (i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or
    • (ii) disclosure would clearly benefit the individual to whom the information relates.

Personal information disclosed by Library and Archives of Canada

(3) Subject to any other Act of Parliament, personal information under the custody or control of the Library and Archives of Canada that has been transferred there by a government institution for historical or archival purposes may be disclosed in accordance with the regulations to any person or body for research or statistical purposes.

Copies of requests under paragraph (2)(e) to be retained

(4) The head of a government institution shall retain a copy of every request received by the government institution under paragraph (2)(e) for such period of time as may be prescribed by regulation, shall keep a record of any information disclosed pursuant to the request for such period of time as may be prescribed by regulation and shall, on the request of the Privacy Commissioner, make those copies and records available to the Privacy Commissioner.
Notice of disclosure under paragraph (2)(m)

Record of disclosures to be retained

9. (1) The head of a government institution shall retain a record of any use by the institution of personal information contained in a personal information bank or any use or purpose for which that information is disclosed by the institution where the use or purpose is not included in the statements of uses and purposes set forth pursuant to subparagraph 11(1)(a)(iv) and subsection 11(2) in the index referred to in section 11, and shall attach the record to the personal information.


Top of Page

Annex C: Statistical Report - Privacy Act

PDF Version 28KB
Help with Alternative Format

Institution: PUBLIC WORKS AND GOVERNMENT SERVICES CANADA
Reporting period: 01/04/2008 to 31/03/2009

I. Requests under the Privacy Act

Received during reporting period: 61
Outstanding from previous period: 6

TOTAL: 67

Completed during reporting period: 56
Carried forward: 11

II. Disposition requests completed

  1. All disclosed: 13
  2. Disclosed in part: 19
  3. Nothing disclosed (exclusion): 0
  4. Nothing disclosed (exemption): 2
  5. Unable to process: 18
  6. Abandoned by applicant: 4
  7. Transferred: 0

TOTAL: 56


Top of Page

III. Exemptions invoked

Exemptions Numbers
S.
Art. 18(2) 		0
S.
Art. 19(1)(a) 		0
(b) 0
(c) 0
(d) 0
S.
Art. 20		 0
S.
Art. 21		 1
S.
Art. 22(1)(a)		 3
(b) 0
(c) 0
S.
Art. 22(2)		 0
S.
Art. 23(a)		 0
(b) 0
S.
Art. 24		 0
S.
Art. 25		 2
S.
Art. 26		 19
S.
Art. 27		 7
S.
Art. 28		 0

IV. Exclusions cited

Exclusions Numbers
S.
Art. 69(1)(a) 		0
(b) 0
S.
Art. 70(1)(a)		 0
(b) 0
(c) 0
(d) 0
(e) 0
(f) 0

V. Completion time

  • 30 days or under: 44
  • 31 to 60 days: 6
  • 61 to 120 days: 2
  • 121 days or over: 4

Top of Page

VI. Extensions

30 days or under

  • Interference with operations: 4
  • Consultation: 9
  • Translation: 0

TOTAL: 13

31 days or over

  • Interference with operations: 0
  • Consultation: 0
  • Translation: 0

TOTAL: 0

VII. Translations

Translations requested: 0

  • Translations prepared
    • English to French: 0
    • French to English: 0

VIII. Method of access

  • Copies given: 32
  • Examination: 0
  • Copies and examination: 0

IX. Corrections and notation

  • Corrections requested: 0
  • Corrections made: 0
  • Notation attached: 0

X. Costs

Financial (all reasons)
  • Salary: $221,815
  • Administration (O and M): $207,358
  • TOTAL: $429,173
Person year utilizatlon (all reasons)
  • Person year (decimal format): 2.75

Top of Page

Supplemental Reporting Requirements - Privacy Act

Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA) Policy (which came into effect on May 2, 2002) through a variety of means. Institutions are therefore required to report the following information for this reporting period.

Indicate the number of:

Preliminary Privacy Impact Assessments initiated: _0___

Preliminary Privacy Impact Assessments completed: __________0____

Privacy Impact Assessments initiated: ___9_____

Privacy Impact Assessments completed: __2_______

Privacy Impact Assessments forwarded to the Office of the Privacy Commissioner (OPC): ________2________

If your institution did not undertake any of the activities noted above during the reporting period, this must be stated explicitly.

1PIB Legend:
PCU - Central Bank (General Public); PCE - Central Bank (Employees);
PPU - Particular Bank (General Public); PPE - Particular Banks (Employees);
PSU - Standard Bank (General Public); PSE - Standard Bank (Employees) (Back to note 1)

Date Modified: 2012-06-18

Top of Page
Important Notices