2015 to 2016 Annual report on the Privacy Act
The Privacy Act (Revised Statutes of Canada, 1985, Chapter P-21) was proclaimed on July 1, 1983. The Act was amended as a result of the royal assent of the Federal Accountability Act on December 12, 2006. Certain provisions came into force on December 12, 2006, and others took effect on April 1, 2007, and September 1, 2007.
The Privacy Act gives Canadian citizens, permanent residents and individuals present in Canada a right of access to information about themselves held by the government, subject to specific and limited exceptions. The Act also provides individuals the right to a reasonable expectation of privacy, including a basic right to exercise control over the collection, use and disclosure of their personal information.
Section 72 of the Privacy Act requires that the head of every federal government institution prepare for submission to Parliament an annual report on the administration of the Act within their institution during each fiscal year.
This annual report provides a summary of the management and administration of the Privacy Act within Public Services and Procurement Canada for the fiscal year 2015 to 2016.
On this page
- Part I: Introduction
- Part II: The Public Services and Procurement Canada Access to Information and Privacy Program
- Part III: Interpretation and explanation of trends of the statistical report
- 1. Departmental overview of requests received
- 2. Requests under the Privacy Act
- 3. Requests closed during the reporting period
- 4. Exemptions and exclusions
- 5. Format of information released
- 6. Complexity
- 7. Processing time
- 8. Translation
- 9. Disclosures under subsection 8(2) of the act
- 10. Requests for correction of personal information and notations
- 11. Consultations from other government institutions and organizations
- 12. Complaints and requests for judicial review
- 13. Privacy impact assessments
- 14. Resources related to the Privacy Act
- Annex A: Delegation of authorities (excerpt)
- Annex B: Statistical report on the Privacy Act
Part I: Introduction
1. Background
The Department, founded in 1841 and originally known as The Board of Works, was instrumental in the building of our nation's canals, roads and bridges, the Houses of Parliament, post offices and federal buildings across the country.
In 1993, the Department became Public Works and Government Services Canada (PWGSC) through the amalgamation of the former Supply and Services Canada, Public Works Canada, Government Telecommunications Agency (Communications Canada), and the Translation Bureau (Secretary of State of Canada). In November 2015, the Department's name changed to Public Services and Procurement Canada (PSPC).
The Department of Public Works and Government Services Act, passed in 1996, established the current Department and set out the legal authorities for PSPC services. The Act established PSPC as a common service organization that provides government departments, boards and agencies with support services for their programs.
PSPC employs approximately 12,500 permanent employees working in locations across Canada and headquartered in the National Capital Area.
The Office of the Procurement Ombudsman, an independent office, and part of the portfolio of the Minister of Public Services and Procurement, was established on May 5, 2008, as one of the final steps in the implementation of the Federal Accountability Act.
2. Raison d'être and responsibilities
PSPC plays an important role in the daily operations of the Government of Canada. It supports federal departments and agencies in the achievement of their mandated objectives as their central purchasing agent, real property manager, linguistic authority, treasurer, accountant, pay and pension administrator, and common service provider. The Department's vision is to excel in government operations, and our strategic outcome and mission is to deliver high-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions. The goal is to manage business in a way that demonstrate integrity, accountability, efficiency, transparency, and adds value for client departments and agencies, and Canadians.
PSPC is a leader in transforming its back-office. By enabling government-wide critical programs and services as well as delivering major transformation initiatives, the Department is helping the Government of Canada do business in line with the modern standards defining a renewed organization such as efficiency, effectiveness, connectivity and better value for clients and Canadians.
The Office of the Procurement Ombudsman, which reports to the Minister and operates independently, reviews complaints from suppliers. It also reviews procurement practices in departments and agencies, and makes recommendations for the improvement of those practices to ensure fairness, openness and transparency in the procurement process.
3. Strategic outcome and program alignment architecture
PSPC's program alignment architecture (PAA), as approved by the Treasury Board, supports the strategic outcome to deliver high-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions. The following lists the programs that comprise PSPC's PAA:
- Acquisitions
- Accommodation management and real property services
- Receiver General for Canada
- Integrity programs and services
- Federal pay and pension administration
- Linguistic management and services
- Specialized programs and services
- Procurement OmbudsmanFootnote 1
- Internal services
Part II: The Public Services and Procurement Canada Access to Information and Privacy Program
1. Access to Information and Privacy Directorate structure and responsibilities
The Access to Information and Privacy (ATIP) Directorate administers the provisions of the Access to Information Act for PSPC, including one special operating agency, the Translation Bureau, as well as the Office of the Procurement Ombudsman.
In 2015 to 2016, the ATIP Directorate operated with up to 22 ATIP officers, six students and four consultants who worked under five team leaders to manage the requests received within the Department, as well as four senior ATIP policy advisors.
The Director, ATIP, reports to the Director General, Ministerial Services and Access to Information (DG-MSAI), who, in turn, reports to the Assistant Deputy Minister, Policy, Planning and Communications Branch (ADM-PPCB). Reporting to the Director, ATIP, the teams are overseen by the three Managers, ATIP Operations, and the Manager, ATIP Privacy and Policy. The operational units are responsible for processing ATIP requests, consultations, complaints, and court cases; the other unit is responsible for the privacy program as well as ATIP policy, advice, training, monitoring and reporting, and complaint management. The administrative functions are supported by an administrative assistant, an office manager and up to seven support staff members.
The ATIP Directorate is responsible for establishing and directing all activities within PSPC relating to the management of the departmental ATIP program, in accordance with the departmental delegation instruments and the provisions of the Act, Regulations, directives, policies and guidelines.
The administration of the Act by the ATIP Directorate is also facilitated at the branch and regional office levels of PSPC. Each organizational branch has an ATIP liaison officer who coordinates the collection of information and provides guidance to branch managers on the application of the Act, as well as related departmental directives and procedures.
2. Delegation instruments
Under section 3 of the Privacy Act, the Minister is designated as the head of the government institution for purposes of the administration of the Act. Pursuant to section 73, the Minister may delegate any of her powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head, specified in the order.
Within PSPC, this delegation instrument is based on a centralized process with the Director and managers of the ATIP Directorate having full delegated authority under the Act. Certain administrative functions are also delegated to the ATIP team leaders to speed up the processing of requests. Full authority under the Act is also delegated to the ADM-PPCB and the DG-MSAI who are responsible for the ATIP program.
An excerpt of the delegation of authorities approved by the former Minister of Public Works and Government Services is provided in Annex A: Delegation of authorities (excerpt).
3. Privacy management framework
3.1 Governance
As the protection of personal information is becoming a growing priority, both in the private and public sectors, the Department made changes in 2015 to 2016 to its privacy governance framework.
PSPC appointed the DG-MSAI as the first departmental Chief Privacy Officer (CPO) and established a Privacy Oversight Committee, which is chaired by the CPO and represented at the DG-level by branches with major personal information holdings.
The ATIP Directorate consolidated privacy and its operations and the policy functions within one unit now called Privacy and Policy. This additional focus on privacy will ensure that it is managed proactively as a priority, and allow for proper allocation of resources to manage departmental privacy risks.
3.2 Review of Public Services and Procurement Canada privacy management framework
A review of the PSPC departmental privacy framework was conducted and the results indicated that while certain elements of a comprehensive management framework were being put in place, there remains gaps/opportunities for improvement in relation to the framework to help ensure compliance with Treasury Board and departmental polices, and associated directives/requirements under the Privacy Act.
A management action plan (MAP) has been developed to address the gaps identified in the report and include the following activities:
- implement the CPO function and the Privacy Oversight Committee (complete)
- develop a privacy impact assessment (PIA) environmental scan (complete) and update the list of ongoing and anticipated PIAs
- publish the Privacy breach protocol on the departmental intranet site
- finalize the departmental Directive on privacy practices and the Protocol for non-administrative uses of personal information
- prepare a communications plan to make PSPC employees aware of the new privacy policy instruments
- develop and initiate implementation of a privacy risk-based and targeted training program
- report annually to the Deputy Minister executive committee on the state of privacy in the Department
4. Policies and procedures
4.1 Departmental Policy on Access to Information and Privacy
For the reference of all employees, departmental policies are posted on PSPC's intranet.
The Policy on the access to information and privacy program (002) outlines the delegation of authority and sets out the definitions, and the roles and responsibilities of all stakeholders within PSPC.
The Policy on protection of personal and private information in the workplace (014) sets out definitions as well as the roles and responsibilities of employees with respect to the protection of personal information in the workplace.
The Privacy breach protocol was approved by the CPO in June 2015 and the Privacy Oversight Committee in February 2016. The document outlines the steps to be followed by a PSPC employee, agent, student or contractor who discovers any actual or suspected breach of privacy. The guidance provided in the protocol ensures that when a privacy breach occurs, it is quickly controlled and similar breaches are prevented from occurring.
The new Directive on privacy practices (002-1) is being finalized, in consultation with departmental stakeholders. It has been developed to establish effective privacy management practices in order to ensure that personal information under the control of the Department is managed in a manner that is consistent with the Privacy Act, the Privacy Regulations, and related TBS policy instruments. The directive will also align with the proposed TBS privacy policy suite architecture which will combine the directives and standard under one directive on privacy practices and mandatory procedures.
The Protocol for non-administrative use of personal information is also being finalized. The document outlines the privacy protection principles and procedures to be followed by programs and activities to ensure that low-risk, non-administrative use of personal information is handled in a manner that is consistent with the Privacy Act and the TBS policies and directives.
4.2 Access to Information and Privacy liaison officer handbook
The ATIP liaison officer handbook is produced by the ATIP Directorate as a guide to introduce departmental ATIP liaison officers across the Department to the Privacy Act and regulations, to outline the roles and responsibilities of each PSPC ATIP stakeholder, and to provide national processing standards and guidelines for the centralized handling of requests.
4.3 Access to Information and Privacy Directorate desk procedures
The ATIP Directorate has an ATIP officer desk procedures manual in place to standardize the work procedures used by staff, to facilitate the training of new hires and to complement the functionality of the electronic ATIP tracking system.
5. Training
5.1 Departmental employees
A brief overview of privacy is incorporated into the general ATIP information sessions. During the fiscal year, the ATIP Directorate delivered 19 training and awareness sessions to 273 managers and employees at all levels from all branches of the Department.
As well, a section on ATIP is included in the Department's Orientation Program for new employees. This section provides information on employee obligations under the Act, including an explanation of the duty to assist, a reminder that only those delegated under the Act can make disclosure decisions, a reference to procedures for reporting suspected contraventions, as well as a link to the departmental policy on ATIP.
5.2 Access to Information and Privacy Directorate staff
The ATIP officer development program created in 2006 was revised in 2015 to 2016 to update the mandatory training section and to allow for internal deployment of qualified employees at level into the program. The objective of the program is to address the Department's mid and long-term shortage of skilled ATIP professionals by recruiting new employees at the junior level, and preparing them to fill senior ATIP officer positions at the PM-4 group and level up to a five-year horizon. The program is also intended to reduce the costs associated with the competitive staffing process and the use of consultants.
ATIP staff has the opportunity to register and complete certification programs such as the International Association of Privacy Professionals (IAPP) certification program, take advantage of the ATIP training offered in house and by TBS. Staff can also attend conferences such as the Canadian Access and Privacy Association (CAPA) conference and the Canadian Bar Association annual ATIP law symposium.
6. Personal information banks
In accordance with section 10 of the Privacy Act, all personal information under the control of the institution that is used for an administrative purpose, or that is retrievable by name or personal identifier has to be described in personal information banks (PIBs).
Also, as required by the TBS directives on privacy practices and PIA, any new or substantially modified PIB has to be approved by TBS before implementing the new or modified program or activity.
The following PIBs were revised and submitted to TBS in 2015 to 2016 for approval and registration:
- PSPC PCU 709—Document imaging services
- PSPC PPU 015—Industry and personnel security screening
- PSPC PPU 184—Integrity assessment services
PSPC does not have any exempt banks.
7. Collection of personal information
The PSPC Forms management policy (061)requires that all new and revised forms that collect personal information be reviewed by the ATIP Directorate to ensure compliance with privacy legislative and policy requirements. As well, the ATIP Directorate reviews electronic forms on departmental intranet and Internet sites, including surveys and public opinion research. It also assists with the development of the related privacy notices and consent statements.
8. Material privacy breaches
A privacy breach involves improper or unauthorized collection, use, disclosure, retention or disposal of personal information. A privacy breach may occur within an institution or off-site and may be the result of inadvertent errors or malicious actions by employees, third parties, partners in information-sharing agreements or intruders.
A breach is deemed "material" if the breach involves sensitive personal information and could reasonably be expected to cause serious injury or harm to the individual and/or involves a large number of affected individuals.
Three material privacy breaches were reported to the ATIP Directorate and the Corporate Security Directorate during the fiscal year. In accordance with the TBS Guidelines for privacy breaches, the ATIP Directorate reported the incidents to the Office of the Privacy Commissioner (OPC) and TBS.
Two of the incidents related to mismailed completed security applications to the wrong companies. The individuals who received the packages in error immediately reported the incidents to the Department. The documents were recovered and the individuals confirmed that they did not make any copy. The Industrial Security Sector notified the affected individuals of their right to complain to the Office of the Privacy Commissioner.
The other case involved six tickets containing attachments with personal informations that were inadvertently entered in the Pay Modernization Project defect tracking tool (Oracle Work Centre, OWC) hosted by IBM in a data centre in Kentuky, USA. The files were removed from the system and a set of mitigation measures has been put in place to ensure the system no longer contains any Protected B personal information and that this type of incident does not recur. The Department decided not to notify the individuals as the departmental investigation confirmed that the information consisted of scrambled and highly incomprehensible data, and it was unlikely that a user not associated with a ticket would have viewed the data contained in the tickets.
Part III: Interpretation and explanation of trends of the statistical report
Statistical reporting on the administration of the Act has been conducted since 1983. Since 2011 to 2012, government institutions have completed more in-depth statistical reporting forms on the administration of the Act as prescribed by the TBS. The 2015 to 2016 statistical report on the Privacy Act is provided in Annex B: Statistical report on the Privacy Act .
1. Departmental overview of requests received
The ATIP Directorate processed all requests received by the Department pursuant to the Privacy Act. Each request is first reviewed for clarity and then assigned to one or more organizational units of the Department that become responsible for locating and retrieving the records containing the information sought.
Organizational units review their relevant records and provide recommendations to the ATIP Directorate on sensitivities related to their disclosure. Where necessary, the ATIP Directorate also undertakes consultations with other organizations before a skilled analyst reviews each record to make a decision on disclosure. The ATIP Directorate then notifies the requester and provides access to all of the records that can be disclosed.
2. Requests under the Privacy Act
The Department received 255 requests under the Privacy Act in 2015 to 2016. The requests mainly related to pension and pay, labour relation matters, other employment related records, staffing processes, security clearances as well as correspondence and other personal information pertaining to the requesters.
Compared with the previous fiscal year, PSPC experienced a 54% increase in the total number of privacy requests received. Chart I provides an overview of the trends related to the volume of requests processed by PSPC over the past three fiscal years.
Chart I: Processing trends for privacy requests
Chart summary
2013 to 2014: 20 requests outstanding from previous fiscal year, 352 requests received, 301 requests completed, and 71 requests carried forward to next fiscal year
2014 to 2015: 71 requests outstanding from previous fiscal year, 166 requests received, 224 requests completed, and 13 requests carried forward to next fiscal year
2015 to 2016: 13 requests outstanding from previous fiscal year, 255 requests received, 241 requests completed, and 27 requests carried forward to next fiscal year
3. Requests closed during the reporting period
Of the 268 requests in progress, 241 requests (90%) were completed during the 2015 to 2016 reporting period. The remaining 27 requests (10%) were carried forward to the next fiscal year. Of the 241 cases where the Department completed the request, information was released either in whole or in part in 152 requests (63%). Chart II provides an overview of the disposition of requests closed by PSPC during the fiscal year.
Chart II: Disposition of privacy requests closed
Chart summary
All disclosed: 64 requests (28%)
Disclosed in part: 88 requests (39%)
All exempted/all excluded: 0 requests (0%)
No records exist: 60 requests (27%)
Abandoned: 13 requests (6%)
Neither confirmed nor denied: 0 requests (0%)
4. Exemptions and exclusions
An individual's right of access to his/her personal information under the Privacy Act is limited by a number of exemptions specified in sections 18 through 28 of the legislation.
Pursuant to section 69, the Act does not apply to material that is published or available for purchase, library or museum material preserved solely for public record, material deposited with the Library and Archives Canada, as well as records considered to be confidences of the Queen's Privy Council of Canada pursuant to section 70 of the Act.
Annex B: Statistical report on the Privacy Act shows the types of exemptions and exclusions invoked to refuse access. For clarity purposes, if five different exemptions and/or exclusions were used in one request, each relevant section would be reported for a total of five. If the same exemption or exclusion was used several times for the same request, it would be reported only once.
As noted in Annex B: Statistical report on the Privacy Act , information about another individual (section 26 of the Act) accounts for the vast majority of the exemptions applied by the Department. Sections 69 and 70 were not invoked by PSPC for any of the privacy request processed in the 2015 to 2016 fiscal year.
5. Format of information released
Of the 152 requests in which information was released, records were provided in the form of paper copies for 88 requests (58%), whereas 64 cases (42%) were in electronic format. There were no cases where access was provided in another format or in-person examination. It should be noted that the data in this section reflect only requests for which information was all disclosed or disclosed in part.
6. Complexity
PSPC processed more than 40,000 pages during the reporting period. This represents a 35% decrease compared with the previous fiscal year. While on average files contained 226 pages to be processed, 17 requests had over 500 pages, and eight had more than 1000 pages. Chart III provides the trends related to the relevant pages processed and disclosed by PSPC over the past three fiscal years.
Chart III: Trends for relevant pages processed and disclosed
Chart summary
2013 to 2014: 46,566 pages processed and 38,505 pages disclosed
2014 to 2015: 62,728 pages processed and 27,501 pages disclosed
2015 to 2016: 40,836 pages processed and 37,449 pages disclosed
In addition to the volume of records, consultations were required for 10 of the 241 requests completed (4%).
7. Processing time
Of the 241 requests completed during the fiscal year, 60 requests (25%) needed to be extended in accordance with section 15 of the Act. In 51 cases meeting the original time limit would have unreasonably interfered with the operations of the Department. For the remaining nine cases, there was a need to consult with other government institutions.
Despite the volume, 179 requests (74%) were completed within the initial 30-day period, while 49 requests (20%) were completed within 31 to 60 days. The average processing time for all requests completed was 28 days. This is 13 days less than the previous fiscal year.
Due to the volume of records to be processed, 13 requests (5%) fell in a deemed refusal status and were closed after the statutory deadline. This represents a 3% improvement compared with last fiscal year. In 11 of those (85%), the maximum 30-day time extension allowed under the Act was not sufficient to complete the review. On average, PSPC needed an additional 76 days to complete these late files.
The ATIP Directorate workload was the principal reason of delays in 69% of the 13 late cases. Other factors such as necessary consultations, complexity of requests and the reassignment of files within the ATIP Directorate also contributed to the delays.
The Department's timeliness and compliance for completing requests is closely monitored by the ATIP Directorate.
8. Translation
There were no requests for the translation of information from one official language to another.
9. Disclosures under subsection 8(2) of the act
During 2015 to 2016, the Department made 49 disclosures of personal information to investigative bodies pursuant to paragraph 8(2)(e) of the Act. A copy of every request received under paragraph 8(2)(e), and a record of any information disclosed pursuant to the request, is kept in accordance with subsection 8(4) of the Act.
There was one disclosure made under paragraph 8(2)(m) of the Act. The ATIP Directorate notified the Office of the Privacy Commissioner in writing of this disclosure in accordance with subsection 8(5) of the Act.
10. Requests for correction of personal information and notations
There was no request for the correction of personal information or for notations to be placed on a file.
11. Consultations from other government institutions and organizations
The Department received nine privacy consultations in 2015 to 2016, for a total of 349 pages of records to review. PSPC closed these nine consultations and took nine days on average to respond. This is four days less than the previous fiscal year.
12. Complaints and requests for judicial review
Table I provides the breakdown of complaints made to the Office of the Privacy Commissioner of Canada and of requests for judicial review filed with the Federal Court of Canada, for which PSPC has been informed of over the past three fiscal years.
| Reporting period | Complaints | Judicial reviews |
|---|---|---|
| 2013 to 2014 | 13 | 0 |
| 2014 to 2015 | 7 | 0 |
| 2015 to 2016 | 2 | 0 |
12.1 Complaints to the Office of the Privacy Commissioner of Canada
In 2015 to 2016, the Office of the Privacy Commissioner notified the Department that it had received two new delay complaints, one of which related to a request received in the previous fiscal year. This shows a continued decrease compared with the previous fiscal years.
The Office of the Privacy Commissioner closed seven complaints in 2015 to 2016. Of these, five were well-founded, one was settled in the course of the investigation, and one was discontinued. Five complaint investigations were still ongoing at the end of the fiscal year. PSPC regularly reviews investigative findings to improve its administration of the Privacy Act.
12.2 Requests for judicial review
There was no request made to the Federal Court of Canada seeking a judicial review.
13. Privacy impact assessments
In accordance with the TBS Directive on privacy impact assessment (PIA), a PIA must be initiated for a program or activity in the following circumstances:
- when personal information is used for or is intended to be used as part of a decision-making process that directly affects the individual
- upon substantial modifications to existing programs or activities where personal information is used or intended to be used for an administrative purpose
- when contracting out or transferring a program or activities to another level of government or the private sector results in substantial modifications to the program or activities
The ATIP Directorate provides advice and guidance to PSPC managers throughout the PIA process, including the review of PIA reports and liaison with the Office of the Privacy Commissioner.
Summaries of the Privacy Impact Assessments completed by Public Services and Procurement Canada are published on the departmental Internet site. The site is intended to facilitate the public's understanding of the Access to Information Act, the Privacy Act and associated departmental procedures.
Table II provides the number of assessments conducted in the last three fiscal years.
| Reporting period | Initiated | Completed |
|---|---|---|
| 2013 to 2014 | 1 | 0 |
| 2014 to 2015 | 2 | 2 |
| 2015 to 2016 | 1 | 1 |
During the 2015 to 2016 fiscal year, the following PIA was completed and sent to the Privacy Commissioner of Canada and the Treasury Board of Canada Secretariat.
Federal public service pension administration—PSPC is responsible for the administration of most federal employee pension plans. A PIA was undertaken to determine the state of compliancy with privacy-related legislative and policy requirements. Results of the PIA confirmed that the pension administration program complies with all key requirements. The program does not face any privacy risks which cannot be managed using either current safeguards or be mitigated by remaining activities underway as part of the privacy action plan. The PIA summary will be posted on the PSPC Internet site.
14. Resources related to the Privacy Act
The total salary costs associated with the Privacy program amounted to $600,536, and operations and maintenance costs to $65,061, for a combined total of 665,597. The number of employee and temporary help resources was estimated at 10 for the 2015 to 2016 fiscal year.
Annex A: Delegation of authorities (excerpt)
Please note that the November 4, 2011 version has been updated as follows:
Changes to Schedule 1
- Integration of "printing" under goods procurement within department-wide authorities. While printing is currently covered under standing offers which offer specific authorities, integrating printing within the goods procurement will provide additional clarity and flexibility
- Increased limits for the Software Licensing Supply Arrangements (SLSA) from $40,000 to $100,000 upon review of business volumes in collaboration with Acquisitions Branch
- Integration of new travel authorities and revision of hospitality, events and conferences authorities in order to be aligned and compliant with the revised TB Directive on travel, hospitality, conference and event expenditures, effective August 1, 2013
- Integration of a new authority for the Chief Financial Officer to act as the delegated travel and hospitality approval authority in situations where the Deputy Minister participates at the hospitality event or is the traveler
- Modification of the delegations pursuant to the Access to Information Act and the Privacy Act in order to reflect the transfer of the mandate for these authorities from the DG, Executive Secretariat to the DG responsible for the ATIP program, and the provision of additional authorities to team leaders
- Amendment to revenue agreement memoranda of understanding and specific services agreements authorities in order to allow incumbents of certain Real Property positions (level 3 and 4) to perform low risk transactions in order to avoid project delays
- Modification of the authority to make changes to the table of equivalent positions in order to allow the Deputy Minister to perform changes to the specific delegation of authorities in accordance with the TB Directive on delegation of financial authorities for disbursements
- Addition or change to the "table of equivalent positions" and "specific delegation of authorities" tables to reflect the current organizational structures
Minister's and Deputy Minister's delegation of authorities
We hereby delegate the powers vested in the offices of the Minister and Deputy Minister of Public Works and Government Services, in the manner defined in Schedules 1 to 4, the associated tables of equivalent positions and specific delegations in the notes to these schedules, including officers appointed on a temporary or acting basis to positions so defined, subject to the principles, guidelines, limitations and restrictions described in the department's delegation of authorities manual and all relevant legislation, regulations and policies.
Specifically, this instrument is intended to delegate authority, as defined by:
- Schedule 1
-
"Department-wide authorities"
, the"table of equivalent positions"
for Schedule 1 and the specific delegations contained in the"notes to Schedule 1"
- Schedule 2
-
"Real Property authorities"
, the"table of equivalent positions"
for Schedule 2 and the specific delegations contained in the"notes to Schedule 2"
- Schedule 3
-
"Common service acquisition authorities"
, the"table of equivalent positions"
for Schedule 3 and the specific delegations contained in the"notes to Schedule 3"
- Schedule 4
-
"Receiver General for Canada authorities"
Further, these delegations are made on the explicit understanding that they are to be used only to:
- commensurate with the level of responsibility assigned to the position and when required to undertake the duties of that position as described in the operational plans of the Department
- attain departmental objectives, within the departmental mandate
- attain clients' objectives when providing common services to client departments
The department's delegation of authorities manual documents the delegated authorities of Public Works and Government Services Canada and includes important information on the conditions under which we have made these delegations. All officers of the Department who are acting on our behalf in any matter related to these delegations must make themselves familiar with the contents of the manual to ensure that they are fully cognizant of the conditions and implications of doing so.
Original signed by
The Honourable Diane Finley,
P.C., M. P. (Haldimand: Norfolk)
Minister of Public Works and Government Services
May 29, 2014
Michelle d'Auray
Deputy Minister of Public Works and Government Services
May 16, 2014
Department-wide authorities: Schedule 1
The Privacy Act protects the privacy of individuals with respect to their personal information held by government institutions and provides individuals with a right of access to such information. The authority granted herein is the authority to approve the release of personal information held by the department, in accordance with the Privacy Act, and to provide the authority to perform any of the powers, duties or functions of the Minister under the act.
This act is an administrative authority that is delegated to positions with assigned responsibility. Exercising of this authority must also comply with relevant legislation, regulation and policy requirements and limitations.
Public Works and Government Services Canada has full delegation of authority for the Privacy Act for which the department is responsible. The following table defines the exceptions where authority is delegated to specific positions.
| Applicable equivalent positions at that level | Type of delegated authority | Limit of delegated authority | |
|---|---|---|---|
| Level 1 | Assistant Deputy Minister responsible for the Access to Information and Privacy (ATIP) program | Full | None |
| Director General responsible for the ATIP program | Full | None | |
| Level 2 | Director, Access to Information and Privacy | Full | Except for section 8(2)(m) of the Privacy Act regarding personal information to be disclosed in the public interest |
| Level 3 | Manager, Access to Information and Privacy | Full | Except for section 8(2)(m) of the Privacy Act regarding personal information to be disclosed in the public interest |
| Level 4 | Chief or Team Leader, Access to Information and Privacy | Full | Only in regard to sections 14, 15, 26 and 27 of the Privacy Act; and section 9 of the Privacy Regulation |
| ATIP Officer | Full | Only in regard to section 15 of the Privacy Act |
Annex B: Statistical report on the Privacy Act
Name of institution: Public Services and Procurement Canada
Reporting period: April 1, 2015 to March 31, 2016
Part 1: Requests under the Privacy Act
| Type | Number of Requests |
|---|---|
| Received during reporting period | 255 |
| Outstanding from previous reporting period | 13 |
| Total | 268 |
| Closed during reporting period | 241 |
| Carried over to next reporting period | 27 |
Part 2: Requests closed during the reporting period
2.1 Disposition and completion time
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 8 | 53 | 3 | 0 | 0 | 0 | 0 | 64 |
| Disclosed in part | 1 | 31 | 44 | 8 | 1 | 2 | 1 | 88 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 45 | 15 | 0 | 0 | 0 | 0 | 0 | 60 |
| Request abandoned | 25 | 1 | 2 | 1 | 0 | 0 | 0 | 29 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 79 | 100 | 49 | 9 | 1 | 2 | 1 | 241 |
2.2 Exemptions
| Section | Number of requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 5 |
| 22(1)(a)(i) | 2 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 5 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 78 |
| 27 | 15 |
| 28 | 0 |
2.3 Exclusions
| Section | Number of requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
2.4 Format of information released
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 47 | 17 | 0 |
| Disclosed in part | 41 | 47 | 0 |
| Total | 88 | 64 | 0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 5,400 | 5,377 | 64 |
| Disclosed in part | 35,333 | 32,072 | 88 |
| All exempted | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 |
| Request abandoned | 103 | 0 | 29 |
| Neither confirmed nor denied | 0 | 0 | 0 |
| Total | 40,836 | 37,449 | 181 |
2.5.2 Relevant pages processed and disclosed by size of requests
| Disposition | Less than 100 pages processed | 101 to 500 pages processed | 501 to 1000 pages processed | 1001 to 5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 46 | 882 | 16 | 2,999 | 2 | 1,496 | 0 | 0 | 0 | 0 |
| Disclosed in part | 26 | 843 | 39 | 9,438 | 15 | 9,160 | 8 | 12,631 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 29 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 101 | 1,725 | 55 | 12,437 | 17 | 10,656 | 8 | 12,631 | 0 | 0 |
2.5.3 Other complexities
| Disposition | Consultation required | Legal advice sought | Interwoven information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 9 | 0 | 1 | 1 | 11 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 1 | 0 | 25 | 25 | 51 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 10 | 0 | 26 | 26 | 62 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
| Number of requests closed past the statutory deadline | Principal reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 13 | 9 | 1 | 0 | 3 |
2.6.2 Number of days past deadline
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 1 | 4 | 5 |
| 16 to 30 days | 1 | 0 | 1 |
| 31 to 60 days | 0 | 3 | 3 |
| 61 to 120 days | 0 | 1 | 1 |
| 121 to 180 days | 0 | 1 | 2 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 1 | 1 |
| Total | 2 | 11 | 13 |
2.7 Requests for translation
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 1 | 0 | 1 |
| French to English | 0 | 0 | 0 |
| Total | 1 | 0 | 1 |
Part 3: Disclosures under subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 49 | 1 | 1 | 51 |
Part 4: Requests for correction of personal information and notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Part 5: Extensions
5.1 Reasons for extensions and disposition of requests
| Disposition of requests where an extension was taken | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation or conversion |
|
|---|---|---|---|---|
| Section 70 | Other | |||
| All disclosed | 2 | 0 | 0 | 0 |
| Disclosed in part | 46 | 0 | 8 | 0 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 1 | 0 | 0 | 0 |
| Request abandoned | 2 | 0 | 1 | 0 |
| Total | 51 | 0 | 9 | 0 |
5.2 Length of extensions
| Length of extensions | 15(a)(i) Interference with operations |
15(a)(ii) Consultation |
15(b) Translation purposes |
|
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 3 | 0 | 0 | 0 |
| 16 to 30 days | 48 | 0 | 9 | 0 |
| Total | 51 | 0 | 9 | 0 |
Part 6: Consultations received from other institutions and organizations
6.1 Consultations received from other Government of Canada institutions and organizations
| Consultations | Other government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during reporting period | 9 | 349 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 9 | 349 | 0 | 0 |
| Closed during the reporting period | 9 | 349 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 7 | 1 | 0 | 0 | 0 | 0 | 0 | 8 |
| Disclosed in part | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 8 | 1 | 0 | 0 | 0 | 0 | 0 | 9 |
6.3 Recommendations and completion time for consultations received from other organizations
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7: Completion time of consultations on Cabinet confidences
7.1 Requests with Legal Services
| Number of days | Fewer than 100 pages processed | 101 to 500 pages processed | 501 to 1,000 pages processed | 1,001 to 5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
7.2 Requests with Privy Council Office
| Number of days | Fewer than 100 pages processed | 101 to 500 pages processed | 501 to 1,000 pages processed | 1,001 to 5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 8: Complaints and investigations notices received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 2 | 0 | 7 | 0 | 9 |
Part 9: Privacy impact assessments
Number of PIA(s) completed: 1
Part 10: Resources related to the Privacy Act
10.1 Costs
| Expenditures | Amount |
|---|---|
| Salaries | $600,536 |
| Overtime | $0 |
Goods and services
|
$65,061 |
| Total | $665,597 |
10.2 Human resources
| Resources | Person years dedicated to privacy activities |
|---|---|
| Full-time employees | 9.53 |
| Part-time and casual employees | 0.29 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 0.16 |
| Students | 0.41 |
| Total | 10.39 |
Note: Enter values to two decimal places.
- Date modified: