Public Works and Government Services Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links

Home > Accountability and Transparency > ATIP > Privacy Act - Annual Report 2009-2010 

Institutional links

Privacy Act - Annual Report 2009-2010

Table of Contents

Preface

Part I: Background

  1. Public Works and Government Services Canada

Part II: Report on the Privacy Act

  1. Organization of the Access to Information and Privacy Directorate
  2. Summary of Activities and Highlights
  3. Privacy Impact Assessments
  4. Statistical Report - Interpretation and Explanation of Trends
  5. Complaints and Requests for Judicial Review

Annex A: Delegation of Authority (Excerpt)

Annex B: Privacy Act, Sections 8 and 9 (Excerpt)

Annex C: Statistical Report - Privacy Act


Top of Page

Preface

The Privacy Act (Revised Statutes of Canada, 1985, Chapter P-21) was proclaimed on July 1, 1983. The Act was most recently amended as a result of the royal assent of the Federal Accountability Act on December 12, 2006. Certain provisions came into force on December 12, 2006, and others took effect on April 1, 2007, and September 1, 2007.

The Privacy Act extends to individuals the right of access to information about themselves held by the government, subject to specific and limited exceptions. The Act also provides individuals the right to a reasonable expectation of privacy, including a basic right to exercise control over the collection, use and disclosure of their personal information.

Section 72 of the Privacy Act requires that the head of every federal government institution prepare for submission to Parliament an annual report on the administration of the Act within their institution during each fiscal year.

This Annual Report provides a summary of the management and administration of the Privacy Act within Public Works and Government Services Canada (PWGSC) for the fiscal year 2009-2010.


Top of Page

Part I - Background

1. Public Works and Government Services Canada

The Department, founded in 1841, was instrumental in the building ofour nation's canals, roads and bridges, the Houses of Parliament, post offices and federal buildings across the country.

Today, the Department has evolved into a sophisticated operational arm of government that employs nearly 14,000 staff working in the National Capital and five regional offices in Halifax, Montreal, Toronto, Edmonton, and Vancouver.

The Department of Public Works and Government Services Act, passed in 1996, established the Department and set out the legal authorities for PWGSC's services. The Act established PWGSC as the principle common service organization providing government departments, boards and agencies with support services for their programs.

The Minister of PWGSC is also the Receiver General for Canada and has the authority for the administration of services related to benefits, superannuation, pension plans, and the disbursement of pay to federal employees. The Minister is responsible for maintaining the Public Accounts of Canada.

PWGSC's goal is to manage business in a way that strengthens accountability and adds value for clients. In doing so, PWGSC:

  • injects more than $14 billion annually into the Canadian economy through government procurement;
  • issues nearly 13 million federal pay and pension payments to Canadians;
  • provides accommodation to parliamentarians and to more than 255,000 public servants in 1,800 locations across Canada;
  • provides translation and interpretation services for more than 1,800 sessions of Parliament annually, and translates 1.7 million pages of text on behalf of other federal organizations; and,
  • handles more than $1.7 trillion in cash flow transactions as the Receiver General for Canada.

PWGSC's Program Activity Architecture (PAA), as approved by Treasury Board, contributes to our strategic outcome to provide high-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions. The following table lists the nine program activities that comprise PWGSC's PAA.

  • Acquisitions;
  • Accommodation and Real Property Assets Management;
  • Receiver General for Canada;
  • Information Technology Infrastructure Services;
  • Federal Pay and Pension Administration;
  • Linguistic Management and Services;
  • Specialized Programs and Services;
  • Procurement Ombudsman; and,
  • Internal Services.

Top of Page

Part II - Report on the Privacy Act

1. Organization of the Access to Information and Privacy Directorate

The Access to Information and Privacy Directorate (ATIP) administers the provisions of the Privacy Act for PWGSC, including two Special Operating Agencies, Audit Services Canada and the Translation Bureau, as well as the Office of the Procurement Ombudsman.

The Director, ATIP, reports to the Director General, Executive Secretariat, who, in turn, reports tothe Assistant Deputy Minister, Corporate Services, Policy and Communications. The ATIP Directorate was reorganized to maximize business delivery, and operates with three units to manage the requests received within the Department. Reporting to the Director, ATIP, the units are overseen by the Manager, Intake and Administration, the Manager, ATIP Operations, and the Chief, Privacy Policy. The first two are responsible for processing ATIP requests, consultations, complaints, and court cases received by the Department, while the other is dedicated to privacy policy. The administrative functions of the ATIP Directorate are supported by an administrative assistant and four clerks.

1.1 Delegation Instruments

Under section 3 of the Privacy Act, the Minister of the Department is designated as the head of the government institution for purposes of the administration of the Act. Pursuant to section 73, the Minister may delegate any of his powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head, specified in the order.

Within PWGSC this delegation instrument continued to be based on a centralized process with the Director General, Executive Secretariat, who reports to the Assistant Deputy Minister of Corporate Services, Policy and Communications Branch, the Director, ATIP, and the Managers, Risk and Quality Management, having full delegated authority under the Privacy Act, with the exception of paragraph 8(2)(m). Certain administrative functions are also delegated to the ATIP Chiefs to speed the processing of requests.

The delegation instrument was revised in 2009 to provide additional delegation to the ATIP Chiefs to make disclosure decisions on routine requests (full disclosure, and disclosure in part with exemption under section 26 of the Act).

An excerpt of the Delegation of Authorities approved by the Minister of Public Works and Government Services is found at Annex A.

The Director, Cheque Redemption Control, in Matane, Quebec, shares administrative powers under paragraph 8(2)(e) of the Act in regard to releasing transacted cheques to law enforcement bodies. This provides administrative flexibility in processing requests for cheques issued under the authority of the Receiver General for Canada.


Top of Page
1.2 Responsibilities of the ATIP Directorate

The responsibilities of the ATIP Directorate include the following:

  • managing all activities within PWGSC relating to the operation of the Act, as well as the regulations, directives and guidelines pursuant to them;
  • developing, producing and promulgating departmental privacy policies, procedures, standards and guidelines;
  • developing and delivering awareness training to PWGSC managers and staff to ensure departmental responsiveness to the legal obligations imposed by the Act and associated regulations;
  • reviewing departmental policies, procedures and agreements to ensure that they are in compliance with the provisions of the Act and making recommendations for amendments.;
  • defending institutional decisions on the administration of the Act during investigations conducted by the Privacy Commissioner of Canada and during judicial proceedings at the Federal Court of Canada and the Supreme Court of Canada;
  • collaborating with departmental branches to ensure that Privacy Impact Assessments (PIAs) are completed and Personal Information Banks (PIBs) are established for new or substantially modified programs or activities, as well as registering the new or modified PIBs with the Treasury Board of Canada Secretariat (TBS);
  • coordinating and approving the annual update of PWGSC's chapter in the TBS publication Info Source;
  • reporting annually to Parliament, in accordance with section 72 of the Act and any instructions issued pursuant to paragraph 71(1)(e) of the Act;
  • acting as spokesperson for the Department in dealings with TBS, the Privacy Commissioner of Canada and other government departments and agencies;
  • notifying the Office of the Privacy Commissioner of Canada of any initiative or issue that may relate to the Privacy Act or any of its provisions, or that may have an impact on the privacy of Canadians, at a sufficiently early stage to permit the Commissioner to review and discuss the issues involved, including:
    1. new data matching programs by providing a copy of the departmental assessment of the program, at least 60 days before it is implemented;
    2. use or disclosure of personal information in a manner consistent with the purpose for which the information was obtained or compiled, for which the consistent use is not identified in Info Source;
    3. development of legislation or regulations with privacy implications, prior to submission of the appropriate documentation for approval by the Governor-in-Council, or where applicable, prior to the approval of ministerial regulations;
    4. disclosure in the public interest under paragraph 8(2)(m) of the Privacy Act, either prior to the disclosure, or if this is not practicable, at the time of disclosure;
    5. PIAs, at a reasonably early stage prior to implementing the initiative, program or service; and,
    6. any suspected or actual breach or violation of security involving personal information.

The administration of the Act by the ATIP Directorate is also facilitated at the branch, sector, and regional office levels of PWGSC. Each organizational branch has an ATIP Liaison Officer who coordinates the collection of information and provides guidance to branch managers on the application of the Act, as well as related departmental directives and procedures.


Top of Page
1.3 Policies and Procedures
1.3.1 Departmental Policies

For the reference of all employees, departmental policies are posted on PWGSC's intranet.

Departmental Policy 002 outlines the privacy Delegation of Authority and sets out the definitions, and the roles and responsibilities of all stakeholders within PWGSC. An annex to the Policy has been developed to outline the administrative attribution of powers and the departmental guidelines and procedures with respect to the disclosure of personal information pursuant to subsection 8(2) of the Privacy Act. Paragraphs (8)(2)(j) and (m) of the Act continue to be delegated by the Minister pursuant to section 73 of the Act.

Departmental Policy 014 sets out definitions as well as the roles and responsibilities of employees with respect to the protection of personal information in the workplace.

1.3.2 ATIP Liaison Officer Handbook

The Departmental ATIP Liaison Officer Handbook outlines the intent and the requirements of the Privacy Act and related Treasury Board guidelines so that all staff are aware of their responsibilities for the collection, use, disclosure, retention and disposal of personal information. In particular, staff are informed of their responsibilities to record and account for all uses and disclosures of personal information, by documenting all activities relating to personal information and by maintaining the relevant material on official departmental files.

Responsibility centres are also advised to consult with the ATIP Directorate before collecting any personal information and whenever there are questions relating to the retention and disposal of personal information.

The ATIP Liaison Officer Handbook is produced by the ATIP Directorate and is posted on PWGSC's intranet as a guide to:

  • introduce departmental ATIP Liaison Officers across the Department to the Privacy Act and regulations;
  • outline the roles and responsibilities of each PWGSC ATIP stakeholder; and,
  • provide national processing standards and guidelines for the centralized handling of requests.
1.3.3 ATIP Directorate Desk Procedures

The ATIP Directorate has an ATIP Officer Desk Procedures manual in place, tostandardize the work procedures used by staff, to facilitate the training of new hires and to complement the functionality of the electronic ATIP tracking system.


Top of Page

2. Summary of Activities and Highlights

2.1 Management Accountability Framework (MAF) Action Plan

The MAF 12 Information Management requirements for Access to Information and Privacy (ATIP) necessitate PWGSC to demonstrate compliance with statutory and regulatory requirements of the acts. For Privacy, this also includes demonstration of sound management practices with respect to the handling and protection of personal information as well as consistent public reporting on the administration of the Act.

PWGSC is committed to the continuous improvement of its management fundamentals and has used the results of the MAF assessment as a benchmark. Sustained senior management engagement is key to ensuring the Department continues to improve its results. MOUs have been drafted between ADMs and the DM to ensure that the actions are taken to position the department to meet all the elements of MAF.

In 2009-2010, an action plan was developed to specifically address MAF Round VI results relating to ATIP. In order to resolve the personal information gap, an inventory was compiled involving all branches, identifying their personal information holdings using the TBS Personal Information Bank (PIB) checklist. The ATIP Directorate has been working with the branches to identify and develop any new and/or revised PIBs resulting from approximately 170 pieces of inventory. As a result, several PIBs were submitted to TBS in 2009-2010 to ensure that all personal information under PWGSC's control is registered and appropriately described in accordance with the Privacy Act.

Process improvements continue to be made. The branches are now required to provide the Privacy Impact Assessment (PIA) summaries and related meta data at the same time that they submit the final PIA reports for approval. As a result, the summaries of the PIAs completed in 2009-2010 have been prepared in a timely manner for posting on the departmental ATIP Web site and the related hyperlinks are included in the annual report to Parliament, in accordance with TBS policy and mandatory reporting requirements.

The ATIP Directorate is focused on pursuing its work with the branches to address any remaining PIB gaps and ensure that the personal information holdings are described appropriately in Info Source.

With the actions undertaken to improve compliance with the Act, the Department received a green rating in the MAF Round VI assessment results.


Top of Page
2.2 ATIP Officer Development Program

The ATIP Officer Development Program was developed in 2006 and revised in 2008-2009 to address the Department's mid and long-term shortage of skilled ATIP professionals by recruiting new employees at the junior level, fostering their loyalty to PWGSC, and preparing them to fill senior ATIP Officer positions at the PM-04 group and level within a three-year horizon. The Program is also intended to reduce the costs associated with thecompetitive staffing process and, in the long-term, the use of consultants.

In 2009-2010, the PM-02 and PM-03 competitions launched in the previous fiscal year resulted in a pool of qualified candidates and, as of April 1, 2010, three employees have been selected and hired under the program.

An external advertised process to recruit PM-01 ATIP Trainees was also undertaken during the fiscal year, and nominations will be made in summer of 2010.

2.3 Committees

The Director General, Executive Secretariat, participates on the Interdepartmental DG Committee. The objective is to provide strategic advice to TBS on ATIP Policies and operational questions.

The Director, ATIP, is a member of the Interdepartmental ATIP Working Group that is chaired by TBS. In this capacity, PWGSC participated in the development of new Guidelines on Privacy and a General Privacy Protocol for Non-Administrative Use during the 2009-2010 fiscal year.

2.4 Information Sessions

An overview of Privacy is incorporated into the general ATIP information sessions that were delivered to approximately 100 participants during the fiscal year and are described in the PWGSC Annual Report on the Access to Information Act.

In addition, one kick-off session, 23 group sessions and several one-on-one briefings were also provided to 103 departmental Info Source coordinators, managers and employees, including four conference calls with the regions, toprovide advice and guidance on TBS requirements as well as to address the gaps identified in the MAF Round VI Assessment and to improve the content of PWGSC's chapter of Info Source.


Top of Page
2.5 Collection, Use and Disclosure of Personal Information
2.5.1 Personal Information Banks

The ATIP Directorate must be notified whenever personal information in a PIB is used or disclosed for a use consistent with the purpose for which the information was obtained or compiled by the Department, but where such use is not included in the statement of consistent uses published in Info Source.

Between January and March 2009, an inventory of personal information held bythe Department was compiled to ensure that all personal information is appropriately described in accordance with the Privacy Act. During the 2009-2010 fiscal year, the ATIP Directorate has reviewed this inventory to identify, develop and register any new or revised PIBs resulting from this exercise.

The following five new and revised PIBsFootnote 1 were registered with TBS in 2009-2010:

  • PWGSC PPU 155 - Financial Delegation of Authority Database
  • PWGSC PPU 182 - Conflict Management Contracts
  • PWGSC PPU 183 - Fairness Monitoring - Procurement Process
  • PWGSC PPU 185 - Green Citizenship Passport Program
  • PWGSC PCE 706 - Shared travel Services Initiative - Traveller Profile

The Department also registered 13 new Standard PIBs developed by TBS:

  • PSU 912 - Professional Services Contracts
  • PSU 913 - Disclosure to Investigative Bodies
  • PSU 914 - Public Communications
  • PSU 915 - Internal Communications
  • PSU 931 - Accounts Payable
  • PSU 932 - Accounts Receivable
  • PSU 933 - Canadian Human Rights Act - Complaints
  • PSU 934 - Ex-Talent Management
  • PSU 935 - Human Resources Planning
  • PSU 936 - Library Services
  • PSU 937 - Lobbying Act Requirements
  • PSU 938 - Outreach Activities
  • PSU 939 - Security Incidents

The ATIP Directorate continued to work with TBS and branches of PWGSC on the development of the following new and/or revised PIBs:

  • PWGSC PPU 001 - Review of Procurement Practices and Supplier Complaints
  • PWGSC PPU 006 - Crown and Leased Housing Landlords
  • PWGSC PPU 015 - Industrial Personnel Clearance and Reliability Records
  • PWGSC PPU 025 - Government Consulting Services
  • PWGSC PPU 026 - Buyer Information - Crown Assets
  • PWGSC PPU 045 - Controlled Goods Registry Information
  • PWGSC PPU 150 - Crown Copyright and Licensing
  • PWGSC PPU 195 - Certification Program - Procurement and Material Management
  • PWGSC PPU 200 - Evidence Management
  • PWGSC PPU 210 - Forensic Accounting
  • PWGSC PCU 606 - Internal and External Credential Management Services
  • PWGSC PCU 701 - Crown and Leased Housing Tenants
  • PWGSC PCU 702 - Public Service Pensions Data Bank
  • PWGSC PCU 703 - Federal Government Employees, Pensioners and Survivors - Insurance Information
  • PWGSC PCU 705 - Public Service Pay Systems
  • PWGSC PCU 709 - Document Imaging Solutions
  • PWGSC PCU 711 - Translation Bureau Services
  • PWGSC PCU 712 - Receiver General Payments
  • PWGSC PCU 713 - Receiver General Payment Information Slips
  • PWGSC PCU 715 - Central Index
  • PWGSC PCU 717 - Receiver General Deposits

Top of Page
2.5.2 Exempt Banks

PWGSC does not have any exempt banks.

2.5.3 Departmental Forms

Departmental Policy 061 (Forms Management) requires that all new and revised forms that collect personal information be reviewed by the ATIP Directorate to ensure compliance with privacy legislative and policy requirements. During the 2009-2010 fiscal year, eight forms were submitted for review.

2.5.4 Disclosure Under Paragraph 8(2)(e) of the Act

The Department processed ten disclosures of personal information to investigative bodies during 2009-2010.

A copy of every request received under paragraph 8(2)(e), and a record of any information disclosed pursuant to the request, is kept in accordance with subsection 8(4) of the Privacy Act.

2.5.5 Disclosure Under Other Paragraphs of Subsection 8(2) of the Act

During fiscal year 2009-2010, PWGSC disclosed personal information pursuant to paragraph 8(2)(b), (c), (d) and (f) of the Privacy Act. There were no disclosures made under paragraphs 8(2)(g) or 8(2)(m) of the Act.

In accordance with subsection 9(1) of the Act, the Department retains a record of any use or purpose for which the information is disclosed where that use or purpose is not identified in the relevant PIB.

An excerpt of the Privacy Act, sections 8 and 9 is enclosed at Annex B: Privacy Act, Sections 8 and 9 (Excerpt) for reference.

2.5.6 Data Sharing Activities

The Controlled Goods Directorate (CGD) has two main objectives: to ensure that in Canada only authorized individuals access controlled goods; and, to prevent and detect unauthorized individuals from accessing controlled goods. In order to eliminate the risk associated with the transfer of controlled goods, the CGD has established procedures and agreements, in partnership with other Canadian agencies, to assist in conducting security assessment of individuals wishing to possess, examine or transfer controlled goods and more particularly foreign visitors and foreign temporary workers.

The following data sharing activities were initiated by CGD in 2009-2010:

  • Data Sharing Between CGD and the Canadian Security Intelligence Service (CSIS)
    CGD has initiated a datasharing Memorandum of Understanding (MOU) with the CSIS for the provision of security assessments of foreign temporary workers and visitors who may have access to the controlled goods in Canada. A Privacy Impact Assessment (PIA) has been undertaken to assess the privacy implications of the data sharing between CGD and CSIS.
  • Security Intelligence Analysis Division (SIAD) Reports Sharing Between CGD and CSIS
    CGD prepared two reports based on the Security Intelligence Analysis Division (SIAD) work concerning the controlled goods-related visits to Canadian industry by foreign visitors and foreign temporary workers. These reports were prepared using the analysis information gathered during the security assessment process as requested by the Canadian industry holding these controlled goods and the foreign visitors and/or foreign temporary workers. A PIA has been undertaken to assess the privacy implications related to this one-time sharing these reports with CSIS.

Top of Page

3. Privacy Impact Assessments

The Treasury Board of Canada approved the Privacy Impact Assessment Policy with an effective date of May 2, 2002. The goal of the Policy is to allow government institutions to identify whether a program or a service delivery initiative, involving the collection, use or disclosure of personal information as defined in the Privacy Act, complies with privacy principles. The Policy also aims to avoid or mitigate any identifiable risks to privacy.

In 2005, the ATIP Directorate developed a departmental PIA framework and a draft departmental PIA policy that established the review and approval process within PWGSC, as well as the roles and responsibilities of stakeholders. Project managers follow this framework and draft policy when conducting PIAs. A revised policy, that will align with TBS's new PIA directive, is planned for next fiscal year.

The ATIP Directorate staff provides advice and guidance to PWGSC managers throughout the PIA process, including the review of PIA reports and liaison with the Office of the Privacy Commissioner.

Currently, when PWGSC's Legal Services unit employees review contractual terms and conditions, they inform contracting officers to seek the advice of the ATIP Directorate on the need for a PIA. The ATIP Directorate informs the contracting officers to check with their client departments and provides the name and telephone number of the responsible ATIP Coordinator. PWGSC's ATIP Directorate also advises on the requirement to include appropriate security and privacy clauses in procurement documentation.

In collaboration with the Information Technology Services Branch, the ATIP Directorate launched its Internet site in January 2005. The site is intended to facilitate the public's understanding of the Access to Information Act, the Privacy Act and associated departmental procedures. Summaries of the results of PIA reports conducted by PWGSC are published on this Web site.

The Department is modernizing its pension systems in order to generate savings and to improve how it delivers these services to current and retired public servants. Using information technology products, services and programs more effectively and efficiently is also a key priority for PWGSC. As a result, the Department must conduct PIAs for the programs and services that are substantially redesigned or transformed for electronic service delivery in a manner that affects the collection, use or disclosure of personal information. This has lead to the initiation of six new PIAs in fiscal year 2009-2010 and the ATIP Directorate's involvement in their development.

Table I
PIAs and Preliminary PPIAs (PPIAs)
Reporting Period PIAs PPIAs
Outstanding from Previous Years Initiated Completed Cancelled or Postponed Carried Forward to Next Fiscal Year
2007-2008 13 1 2 6 6 0
2008-2009 6 9 2 1 12 0
2009-2010 12 6 5 3 10 1

Top of Page
3.1 PIAs Completed

The following PIAs were completed and sent to the Privacy Commissioner of Canada:

  • Industrial Security Program (ISP) - Release of Personal Security Screening Information
    A PIA was completed in relation to a proposal to substantially modify the Personal Information Bank (PIB) PWGSC PPU 015, including a thorough description of the consistent uses, and the sharing of personal information with the Royal Canadian Mounted Police, the Canadian Security Intelligence Service, credit bureaus, and a select group of authorized persons. The privacy risks identified with the PIB and the accompanying operating procedures are being addressed, including proper communication to those affected.
  • Government of Canada Pension Modernization Project (GOCPMP) - Release 1.5
    The Government of Canada undertook a PIA to ensure that privacy was considered throughout the development and deployment of Release 1.5 of the Pension Modernization Project (PenMod). The privacy risks identified in the PIA of Release 1.5 PenMod are rated "Medium" in severity. The proposed mitigating mechanisms forthe identified privacy risks indicate a continued commitment by the Crown in ensuring the confidentiality and privacy of the personal information collected from individuals. The PIA summary and related meta data have been prepared for publication on the ATIP web site.
  • Office of the Procurement Ombudsman (OPO), Reviewing, Resolving, and Improving Procurement Related Issues
    A PIA was undertaken to assess the privacy implication of this new program activity, which reviews procurement practices across federal departments and agencies, investigates complaints from potential suppliers with respect to awards of contracts for goods and services below certain thresholds, and complaints concerning the administration of contracts; and ensures the provision of an alternative dispute resolution program for contracts. Security and privacy measures have been taken to mitigate the privacy risks identified in the PIA. Sincethe PIA was completed atthe end of the fiscal year and sent to the Privacy Commissioner in April 2010, the PIA summary and related meta data are being prepared for publication on the ATIP web site.
  • Online Registration and Credential Administration (ORCA)
    This shared service issues identity-based public key infrastructure (PKI) credentials to Government of Canada (GC) employees. The credential supports the secure exchange of information with the assurance of knowing that the identities of the parties involved are indeed who they say they are and also features security elements such as authentication, access control, confidentiality, integrity and non-repudiation. A PIA was completed toreview the identity verification method used by the ORCA application, which is dependent on subscribers (GC employees) providing their personal information, known as shared secrets. The ORCA Release 1.0 enhancement does not pose any significant privacy risks to personal information.
  • Receiver General Buy Button (RGBB) Upgrade
    A PIA was undertaken to review the RGBB service modernization that will continue to enable clients to use the RGBB for credit card and now also Interac as payment processing methods. The payment information is processed electronically using the RGBB service from clients' web sites (also known as storefronts) that accept electronic payments. Privacy risks have been identified with the RGBB upgrade service and are evaluated at 'low' in severity with a plan to mitigate these risks within an acceptable timeframe. It is important to note that the RGBB basic business model has not changed only the service provider and the collection of two additional pieces of personal information which will ensure accurate and secure payments are processed.
3.2 PIAs Cancelled or Postponed

The PIA for the following project was cancelled or postponed due to budget restrictions, initiative not being pursued or application being abandoned.

  • Access and Identity Management Services - Release 2
  • Online Personnel Security Screening Services to Passport Canada
  • Shared Travel Services Initiative - Release 3.0
3.3 PIAs Being Conducted

The following PIAs, which were initiated in 2009-2010 and previous fiscal years, were still ongoing at the end of the reporting period:

  • Certification Program for Federal Government Procurement and Material Management
  • Compensation Web Application (CWA) Integration with ORCA
  • Green Citizenship Passport Program (GCPP)
  • Insurance Renewal Project - Integrated Data File
  • Managed Security Services
  • Pay Card Access for Data Correction Purposes
  • Provision of Services by the Cheque Redemption Control Directorate to Service Canada
  • Secure Electronic Forms
  • Security Intelligence Analysis Division (SIAD) Reports Sharing Between CGD and CSIS
  • Use of the Social Insurance Number as a File Identifier for the Administration of the Public Service, Canadian Forces and Royal Canadian Mounted Police Pension Plans
3.4 Preliminary PIAs

When the detailed information required for a comprehensive assessment is not yet available, a Preliminary PIA (PPIA) may be completed. In exceptional circumstances, a PPIA may also be undertaken, instead of a full PIA, when the proposed initiative does not appear to raise privacy issues.

The following PPIA was initiated in the 2009-2010 fiscal year:

  • Virtual Computing Services

Top of Page

4. Statistical Report: Interpretation and Explanation of Trends

4.1 Requests under the Privacy Act

It is the practice of PWGSC to process requests formally where the information is sensitive and may be subject to an exemption or an exclusion pursuant to sections 18 through 28, 69 and 70 of the Act.

There were 78 requests filed under the Privacy Act in 2009-2010. The majority of the cases (15 percent) were for documents related to labour relations, 14 percent security clearances, 11 percent staffing, 10 percent pension and pay, and 13 percent other employment related records. The remaining cases (37 percent) were for correspondence and other personal information pertaining to the requesters.

Compared with the last fiscal year, PWGSC experienced a 28 percent increase in the total number of privacy requests received.

Table II provides the related detail.

Table II
Processing Trends for Privacy Requests
Reporting Period Outstanding Received Completed Carried Forward
2007-2008 6 67 67 6
2008-2009 6 61 56 11
2009-2010 11 78 71 18
4.1.1 Interdepartmental Consultations

In addition to privacy requests, the Department received only one privacy consultation in 2009-2010, on a total of 10 pages of records. PWGSC responded to this consultation within 12 days. The consultation request is not reflected in the statistical tables at Annex C: Statistical Report - Privacy Act.


Top of Page
4.2 Disposition of Completed Requests

Of the 89 requests in progress, 71 requests (80 percent) were completed during the 2009-2010 reporting period. The remaining 18 requests (20 percent) were carried forward to the next fiscal year.

Of the 71 cases where the Department completed the request, information was released either in whole or in part in 42 requests (59 percent). The 71 completed requests represent approximately 12,000 pages of records reviewed, and 10,162 pages released.

4.2.1 All Disclosed

In 13 of the 71 completed cases (18 percent), the applicants were provided with full access to the relevant records. This figure is a decrease by seven percentage points from last fiscal year.

4.2.2 Disclosed in Part

PWGSC was compelled by the exemptive and exclusionary provisions of the Privacy Act to provide applicants partial access in 29 of the 71 completed cases or 82 percent. This represents a five percentage point decrease from last fiscal year. In most instances, the information withheld relates to information about other individuals.

4.2.3 Nothing Disclosed (All Exempted or All Excluded)

PWGSC was not compelled by the exemptive and exclusionary provisions of the Privacy Act to release no information.

4.2.4 Unable to Process

After an initial review, the Department was unable to process 10 requests (14percent). Inall instances this was because the Department did not have any records relating to the request.

4.2.5 Abandoned by the Applicant

Of the completed privacy requests, 15 (21 percent) were eventually considered to be abandoned. Such an action may occur at any point in the processing of a request.

4.2.6 Transferred

Four of the 71 requests completed (6 percent) were transferred to other government institutions in 2009-2010.


Top of Page
4.3 Exemptions Invoked

An individual's right of access to his/her personal information under the Privacy Act is limited by a number of exemptions specified in sections 18 through 28 of the legislation.

Annex C: Statistical Report - Privacy Act is intended to show the types of exemptions invoked to refuse access. For clarity purposes, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five exemptions. If the same exemption was used several times for the same request, it would be reported only once.

As noted in Annex C: Statistical Report - Privacy Act, information about another individual (section 26 of the Act) accounts for the majority of the exemptions applied by the Department.

4.4 Exclusions Invoked

Pursuant to section 69, the Act does not apply to material that is published or available for purchase, library or museum material preserved solely for public record, material deposited with the Library and Archives Canada, as well as records considered to be confidences of the Queen's Privy Council of Canada pursuant to section 70 of the Act.

As in the case of exemptions, Annex C: Statistical Report - Privacy Act is intended to show the types of exclusions invoked. Again, for the sake of clarity, if five different exclusions are cited in one request, one exclusion under each relevant section would be reported for a total of five. If the same exclusion was used several times for the same request, it would be reported only once.

Section 70 was invoked by PWGSC for one privacy request processed in the 2009-2010 fiscal year.

4.5 Extension of the Time Limits

Of the 71 requests completed during the fiscal year, 15 (21 percent) needed to be extended in accordance with section 15 of the Privacy Act. Due to the nature of PWGSC's mandate, the records requested often contained sensitive information from another government department. As a result, in nine cases meeting theoriginal time limit would have unreasonably interfered with the operations of the Department. For the remaining six cases, there was theneed toconsult with other government departments.

4.6 Completion Time

Within the first thirty days, 53 requests (75 percent) were completed, while 10 (14 percent) were completed within 31 to 60 days, and eight (11 percent) were completed between 61 and 120 days from the date of receipt by the Department. None of the cases required more than 120 days to process. On average, privacy requests were completed within 26 days in 2009-2010 which is 12 days faster than the requests completed in the previous fiscal year.


Top of Page
4.7 Translations

There were three requests for the translation of information from one official language to another.

4.8 Method of Access

Of the 42 requests in which information was released, the requesters received paper copies of the information in 40 cases. The requesters examined the records in the other two cases.

4.9 Corrections and Notations

There was one request for the correction of personal information or for a notation to be placed on a file.

4.10 Costs

The total salary costs associated with the privacy program were $232,575, and operations and maintenance costs were $113,164, for a combined total of $345,739. The associated full-time equivalent resources utilized were estimated at 3.24 for the 2009-2010 fiscal year.

5. Complaints and Requests for Judicial Review

The Table III provides a breakdown of the complaints made to the Privacy Commissioner of Canada and of requests for judicial review made to the Federal Court of Canada, for which PWGSC has been informed of over the past three fiscal years.

Table III
Complaints and Requests for Judicial Review
Reporting Period Complaints Requests for Judicial Review
2007-2008 2 1
2008-2009 0 0
2009-2010 7 0
5.1 Complaints to the Office of the Privacy Commissioner of Canada

Seven complaints were lodged withthe Privacy Commissioner of Canada against PWGSC in the 2009-2010 fiscal year. Of the seven complaints received, two concerned information withheld under the Act, two were about the processing of the requests, one related to the time extension taken, and one was for the delay in responding to the request. The remaining complaint concerned an unauthorized disclosure of personal information.

Of the complaints investigated, three were not well founded and fourcomplaint investigations were still ongoing at the end of the fiscal year.

5.2 Requests for Judicial Review

There were no requests made to the Federal Court of Canada seeking a judicial review.


Top of Page

Annex A: Delegation of Authorities (Excerpt)

Please note that the May 8, 2007 version has been updated as follows:

  1. Addition of the Deputy Minister's signature.
  2. Changes to Schedule 1

Extension of the delegations pursuant to the Access to Information Act and the Privacy Act to additional limited positions in the Access to Information and Privacy Directorate.

Minister's and Deputy Minister's Delegation of Authorities

We hereby delegate the powers vested in the offices of the Minister and Deputy Minister of Public Works and Government Services, in the manner defined in Schedules 1 to 4, the associated Tables of Equivalent Positions and specific delegations in the Notes to these schedules, including officers appointed on a temporary or acting basis to positions so defined, subject to the principles, guidelines, limitations and restrictions described in the department's Delegation of Authorities Manual and all relevant legislation, regulations and policies.

Specifically, this instrument is intended to delegate authority, as defined by:

Schedule 1

"Department–Wide Authorities", the "Table of Equivalent Positions" for Schedule 1 and the Specific Delegations contained in the "Notes to Schedule 1";

Schedule 2
"Real Property Services Authorities", the "Table of Equivalent Positions" for Schedule 2 and the Specific Delegations contained in the "Notes to Schedule 2";

Schedule 3

"Common Service Acquisition Authorities", the "Table of Equivalent Positions" for Schedule 3 and the Specific Delegations contained in the "Notes to Schedule 3";

Schedule 4

"Receiver General for Canada Authorities".

Further, these delegations are made on the explicit understanding that they are to be used only:

  • commensurate with the level of responsibility assigned to the position and when required to undertake the duties of that position as described in the operational plans of the Department; and
  • to attain departmental objectives, within the departmental mandate; or
  • to attain clients' objectives when providing common services to client departments.

The department's Delegation of Authorities Manual documents the delegated authorities of Public Works and Government Services Canada and includes important information on the conditions under which we have made these delegations. All officers of the Department who are acting on our behalf in any matter related to these delegations must make themselves familiar with the contents of the Manual to ensure that they are fully cognizant of the conditions and implications of doing so.

[original signed by the minister]
The Honourable Christian Paradis, P.C., M. P. (Mégantic-L'Érable)
Minister of Public Works and Government Services

François Guimont
Deputy Minister of Public Works and Government Services

DEPARTMENTWIDE AUTHORITIES SCHEDULE 1

TABLE OF EQUIVALENT POSITIONS for Schedule 1

This Table defines the positions at each of the four levels that receive the general delegations of authorities through the Schedule.

Notes:

  1. Unless restricted by legislation, regulations and policies, the Deputy Minister and Associate Deputy Minister have full delegated authority; and
  2. For any position titles not listed in this Table of Equivalent Positions, the equivalent positions as recognized by the Chief Financial Officer shall apply.
Level Positions
Level 1 Chief Financial Officer
Assistant Deputy Minister
Associate, Assistant Deputy Minister
Chief Executive Officer
Chief Operating Officer
Chief Risk Officer
Director General
Associate Director General
Vice President
Executive Director
Special Advisor to Deputy Minister
Regional Director General
Senior Advisor Accelerated Infrastructure Program
Regional Director
Senior Director
Director, Cheque Redemption and Control
Product Executive, Product Management
Delivery Executive, Service Management & Delivery
Level 2 Director
Deputy Director
Level 3 Manager
Financial Management Advisor
Facilities Management Integrator
Internal Audit Principal
Executive Assistant
Level 4 Head
Group Head
Chief
Section Chief
Team Leader
Supervisor
Unit Supervisor
Administrator
Senior Officer
Officer
Project Leader
Senior Advisor
Advisor
Senior Analyst
Analyst
Agent
Coordinator
Engineer
Specialist
Technologist
Inspector
Operator
Architect
Designer
Assistant
Hydrogeologist
Surveyor
Superintendent
Planner
Cartographer
Foreman
Technician
Stores-Person
Trainer
Counsellor
Estimator
Appraiser
Sign Writer
Fitter
Procurement Clerk

Supplementary Information SCHEDULE 1

  Asset Disposals Asset Write Offs Asset Loans Project Approval: Information Technology Investments Treasury Board Submission Amendment to the Table of Equivalent Positions Access to Information Act
Departmental Limit FULL FULL FULL $5M NEW $10M EXIST FULL FULL FULL
Level 1 FULL See Notes FULL FULL See Notes See Notes See Notes See Notes
  50 51 52 53 54 55 56
  Privacy Act Use of Government Vehicles Exemption From Parking Charges Certification of True Copies Release Settlement Documents
Departmental Limit FULL FULL FULL FULL FULL
Level 1 See Notes See Notes See Notes See Notes See Notes
  57 58 59 60 61

Columns 50 to 52 are administrative authorities that allow managers to identify assets for disposal, write-off or loan. The authority to complete these transactions is only delegated to officers of Materiel Management in Crown Assets Distribution Centres.

Departmental Limit: FULL means the authority to dispose, write-off or loan assets for which the Department is responsible.

Level 1: FULL means the authority to dispose, write-off or loan assets for which the manager is responsible.

Column 53 is a specific secondary control on spending related to IT procurement that is delegated to the Deputy (replacement of existing system) and CEO and COO, ITS (investment in new system).

Column 54 is a primary control on spending when that spending is outside the limits of Departmental authority. This is the authority to initiate a TB Submission. Only the Minister and Deputy Minister may approve a Submission to the Treasury Board.

Columns 55 to 61 are administrative authorities which are delegated to positions with assigned responsibility. Exercising of these authorities must also comply with relevant legislation, regulation and policy requirements and limitations.

Administrative Authorities – Approvals

  Asset Disposals Asset Write-Offs Asset Loans Project Approval: Information Technology Investments Treasury Board Submission Amendment to the Table of Equivalent Positions Access to Information Act
Departmental Limit FULL FULL FULL $5M NEW $10M EXIST FULL FULL FULL
Generic Levels  
Level 1 FULL See Notes FULL FULL See Notes See Notes See Notes See Notes
Level 2 FULL See Notes FULL FULL       See Notes
Level 3 FULL See Notes FULL See Notes FULL See Notes       See Notes
Level 4   See Notes         See Notes
References to "Notes to Schedule 1" 50 51 52 53 54 55 56

Administrative Authorities - Approvals

  Privacy Act Use of Government Vehicles Exemption From Parking Charges Certification of True Copies Release Settlement Documents
Departmental Limit FULL FULL FULL FULL FULL
Generic Levels
Level 1 See Notes See Notes See Notes See Notes See Notes
Level 2 See Notes See Notes     See Notes
Level 3 See Notes See Notes      
Level 4 See Notes See Notes      
References to "Notes to Schedule 1" 57 58 59 60 61
PDF Version 387KB
Help with Alternative Format

Column 56 – Access to Information Act
Specific Delegation of Authority

  • Level 1 – Director General, Executive Secretariat – Full
  • Level 2 – Director, Access to Information and Privacy – Full
  • Level 3 – Manager, Risk and Quality Management – Full
  • Level 4 – Chief, Access to Information and Privacy – Full[1]
  • Level 4 – ATIP Officer – Full[2]

[1] Only in regard to Sections 7, 9, 25, 27 and 33; and Subsections 8(1), 11(2) to 11(6), 19(1) and 24(1) of the Access to Information Act; Section 8 and Subsections 6(1), 7(2)(3) of the Access to Information Regulations.

[2] Only in regard to Section 9 and Subsection 27(1) of the Access to Information Act.

Column 57 – Privacy Act
Specific Delegation of Authority

  • Level 1 - Director General, Executive Secretariat - Full
  • Level 2 - Director, Access to Information and Privacy - Full*
  • Level 3 - Manager, Risk and Quality Management - Full*
  • Level 4 - Chief, Access to Information and Privacy - Full(1)
  • Level 4 - ATIP Officer - Full(2)

* Except for Section 8(2)(m) of the Privacy Act re; personal information to be disclosed in the public interest.

(1) only in regard to Sections 14, 15 and 26 of the Privacy Act; and section 9 of the Privacy Regulation.

(2) Only in regard to Section 15 of the Privacy Act.


Top of Page

Annex B: Privacy Act, Sections 8 and 9 (Excerpt)

Disclosure of personal information

8. (1) Personal information under the control of a government institution shall not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with this section.

Where personal information may be disclosed

(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed

  • (a) for the purpose for which the information was obtained or compiled by the institution or for a use consistent with that purpose;
  • (b) for any purpose in accordance with any Act of Parliament or any regulation made thereunder that authorizes its disclosure;
  • (c) for the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information;
  • (d) to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada;
  • (e) to an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed;
  • (f) under an agreement or arrangement between the Government of Canada or an institution thereof and the government of a province, the council of the Westbank First Nation, the council of a participating First Nation - as defined in subsection 2(1) of the First Nations Jurisdiction over Education in British Columbia Act -, the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful investigation;
  • (g) to a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem;
  • (h) to officers or employees of the institution for internal audit purposes, or to the office of the Comptroller General or any other person or body specified in the regulations for audit purposes;
  • (i) to the Library and Archives of Canada for archival purposes;
  • (j) to any person or body for research or statistical purposes if the head of the government institution
    • (i) is satisfied that the purpose for which the information is disclosed cannot reasonably be accomplished unless the information is provided in a form that would identify the individual to whom it relates, and
    • (ii) obtains from the person or body a written undertaking that no subsequent disclosure of the information will be made in a form that could reasonably be expected to identify the individual to whom it relates;
  • (k) to any aboriginal government, association of aboriginal people, Indian band, government institution or part thereof, or to any person acting on behalf of such government, association, band, institution or part thereof, for the purpose of researching or validating the claims, disputes or grievances of any of the aboriginal peoples of Canada;
  • (l) to any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada by that individual or make a payment owing to that individual by Her Majesty in right of Canada; and
  • (m) for any purpose where, in the opinion of the head of the institution,
    • (i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or
    • (ii) disclosure would clearly benefit the individual to whom the information relates.

Personal information disclosed by Library and Archives of Canada

(3) Subject to any other Act of Parliament, personal information under the custody or control of the Library and Archives of Canada that has been transferred there by a government institution for historical or archival purposes may be disclosed in accordance with the regulations to any person or body for research or statistical purposes.

Copies of requests under paragraph (2)(e) to be retained

(4) The head of a government institution shall retain a copy of every request received by the government institution under paragraph (2)(e) for such period of time as may be prescribed by regulation, shall keep a record of any information disclosed pursuant to the request for such period of time as may be prescribed by regulation and shall, on the request of the Privacy Commissioner, make those copies and records available to the Privacy Commissioner.
Notice of disclosure under paragraph (2)(m)

Record of disclosures to be retained

9. (1) The head of a government institution shall retain a record of any use by the institution of personal information contained in a personal information bank or any use or purpose for which that information is disclosed by the institution where the use or purpose is not included in the statements of uses and purposes set forth pursuant to subparagraph 11(1)(a)(iv) and subsection 11(2) in the index referred to in section 11, and shall attach the record to the personal information.


Top of Page

Annex C: Statistical Report - Privacy Act

PDF Version 28KB
Help with Alternative Format

Institution: PUBLIC WORKS AND GOVERNMENT SERVICES CANADA
Reporting period: 01/04/2009 to 31/03/2010

I. Requests under the Privacy Act

Received during reporting period: 78
Outstanding from previous period: 11

TOTAL: 89 

Completed during reporting period: 71 
Carried forward: 18 

II. Disposition requests completed

  1. All disclosed: 13 
  2. Disclosed in part: 29 
  3. Nothing disclosed (exclusion): 0
  4. Nothing disclosed (exemption): 0 
  5. Unable to process: 10
  6. Abandoned by applicant: 15 
  7. Transferred: 4 

TOTAL: 71 


Top of Page

III. Exemptions invoked

Exemptions Numbers
S.
Art. 18(2) 		0
S.
Art. 19(1)(a) 		0
(b) 0
(c) 0
(d) 0
S.
Art. 20		 0
S.
Art. 21		 2
S.
Art. 22(1)(a)		 0
(b) 4
(c) 0
S.
Art. 22(2)		 0
S.
Art. 23(a)		 0
(b) 0
S.
Art. 24		 0
S.
Art. 25		 1
S.
Art. 26		 28
S.
Art. 27		 5
S.
Art. 28		 0

IV. Exclusions cited

Exclusions Numbers
S.
Art. 69(1)(a) 		0
(b) 0
S.
Art. 70(1)(a)		 1
(b) 0
(c) 1
(d) 0
(e) 0
(f) 0

V. Completion time

  • 30 days or under: 53
  • 31 to 60 days: 10 
  • 61 to 120 days: 8 
  • 121 days or over: 0 

Top of Page

VI. Extensions

30 days or under

  • Interference with operations: 9 
  • Consultation: 6 
  • Translation: 0

TOTAL: 15

31 days or over

  • Interference with operations: 0
  • Consultation: 0
  • Translation: 0

TOTAL: 0

VII. Translations

Translations requested: 3

  • Translations prepared
    • English to French: 0
    • French to English: 3

VIII. Method of access

  • Copies given: 40 
  • Examination: 2
  • Copies and examination: 0

IX. Corrections and notation

  • Corrections requested: 1
  • Corrections made: 1
  • Notation attached: 0

X. Costs

Financial (all reasons)
  • Salary: $232,575
  • Administration (O and M): $113,164
  • TOTAL: $345,739
Person year utilizatlon (all reasons)
  • Person year (decimal format): 3.24

Top of Page

Supplemental Reporting Requirements - Privacy Act

Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA) Policy (which came into effect on May 2, 2002) through a variety of means. Institutions are therefore required to report the following information for this reporting period.

Indicate the number of:

Preliminary Privacy Impact Assessments initiated: __________1__________

Preliminary Privacy Impact Assessments completed: __________0__________

Privacy Impact Assessments initiated: __________6__________

Privacy Impact Assessments completed: __________5__________

Privacy Impact Assessments forwarded to the Office of the Privacy Commissioner (OPC): __________4__________

If your institution did not undertake any of the activities noted above during the reporting period, this must be stated explicitly.

1PIB Legend:
PCU - Central Bank (General Public); PCE - Central Bank (Employees);
PPU - Particular Bank (General Public); PPE - Particular Banks (Employees);
PSU - Standard Bank (General Public); PSE - Standard Bank (Employees)
(Return to original text of footnote 1)

Date Modified: 2012-06-18

Top of Page
Important Notices