Annual Report of the Privacy Act 2012-2013

Introduction

The Privacy Act protects the privacy of Canadian citizens and permanent residents against the unauthorized use and disclosure of personal information about themselves held by a government institution. It also provides individuals with a right of access to that information and the right to correct inaccurate personal information. In addition, the Privacy Act legislates how the government collects, stores, disposes, uses and discloses personal information.

Section 72 of the Privacy Act requires that the Head of every federal government institution submit an annual report to Parliament on the administration of this Act over the fiscal year. This report describes how the Correctional Service Canada (CSC) fulfilled its privacy responsibilities during the reporting period covering 2012-2013.

Our reporting Head, the Minister of Public Safety, has delegated the administration of the Privacy Act, including the reporting of the Annual Report, to the Commissioner of CSC.

Chapter I – Report on the Privacy Act

Organization

About Correctional Service Canada

The Correctional Service of Canada was formed in 1979 through the amalgamation of the Canadian Penitentiary Service and the Parole Board of Canada. CSC has the fundamental obligation to contribute to public safety by actively encouraging and assisting offenders to become law-abiding citizens, while exercising reasonable, safe, secure and humane control.

It does this by operating under the rule of law, in particular the Correctional and Conditional Release Act (CCRA), which provides its legislative framework. The Commissioner of CSC has the authority, extending from the CCRA, to issue directives, procedures and guidelines to carry out the agency’s operations.

CSC contributes to public safety by administering court-imposed sentences for offenders sentenced to two years or more. This involves managing institutions (penitentiaries) of various security levels and supervising offenders on different forms of conditional release, while assisting them in become law-abiding citizens. CSC also administers post-sentence supervision of offenders with Long Term Supervision Orders for up to 10 years.

CSC works closely with its Public Safety Portfolio partners, including the Royal Canadian Mounted Police (RCMP), the Parole Board of Canada (PBC), the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), and three review bodies, including the Office of the Correctional Investigator (OCI).

In consideration of CSC’s mandate, the agency collects and retains a substantial amount of personal information.

As reported upon in the departmental 2012-2013 Report on Plans and Priorities, CSC has been faced with a number of complex challenges that has impacted on its operations over the past few years – including the ATIP Division. CSC has an offender population that has more extensive histories of violence and violent crimes; previous youth and adult convictions; affiliations with gangs and organized crime; higher rates of infection of Hepatitis C and Human Immunodeficiency Virus(HIV); a disproportionate representation of First Nations; Métis and Inuit offenders; serious substance abuse histories and related problems; and serious mental health disorders.

In addition, CSC has undergone a number of recent criminal justice legislative changes such as the Truth in Sentencing Act, the Tackling Violent Crime Act, the Abolition of Early Parole Act, and the Safe Streets and Communities Act. As a result of these changes, the ATIP Division has not only been called upon to process more complex Privacy requests, but has been involved in a number of working groups to ensure that privacy is paramount in any new programs or major changes to existing programs.

The Access to Information and Privacy Division

The Access to Information and Privacy Division (ATIP) reports to the Director General of Rights, Redress and Resolution, under the Policy Sector, and is responsible for the overall administration of the Access to Information Act and the Privacy Act. In addition, each sector, region, institution, parole office and community correctional centre has an Access to Information and Privacy liaison who assists the national ATIP Division in administering its overall responsibilities. The ATIP Division has a total of 54 full-time equivalents which are comprised of:

Director
Administrative Assistant

Managers of Operations – ATI
Senior Analysts
Junior Information Officer

Manager Privacy Policy and Training
Policy Advisors
Analyst

Team Leaders – Privacy
Analysts
Junior information Officers

Office Manager
Clerks

Operational Challenges

The ATIP Division continues to process a large number of both formal and informal privacy requests, including a large backlog of Indian Residential School Settlement (IRSS) Claim requests.

The ATIP Division also processes a significant number of informal privacy requests in response to employee requests, Workers’ Compensation Board (WCB) claims, Department of Justice (DOJ), and other provincial court cases and provides internal assistance to CSC officials within institutions, Regional Headquarters and National Headquarters. These can be extremely time-consuming and are frequently urgent. The ATIP Division’s workload is such that most of these informal reviews are handled by the Policy and Training Unit and the Management Team.

Highlights & Accomplishments

Training & Awareness

The Policy and Training Unit (PTU) plays a fundamental role in developing and delivering training to employees at National Headquarters, Regional Headquarters and in the Institutions across Canada, as well as the ATIP staff, on Access to Information and Privacy related matters.

During this reporting period, the ATIP Division focused on delivering ATIP Awareness training to the sectors and the regions in order to ensure CSC employees have an understanding of ATIP and the importance of their role in the process. Regional ATIP Liaisons also delivered training sessions within their regions. Employees were trained from various areas of CSC, including:

  • Health Services
  • Community Engagement
  • Offender Redress
  • Executive Secretariat
  • Chaplaincy
  • Wardens and Deputy Wardens
  • National Monitoring Centre
  • Performance Management
  • Security Intelligence Analysts
  • Access to Information and Privacy
  • Correctional Managers
  • Administrative Assistants
  • Chiefs of Administration
  • Finance
  • Managers of Assessment and Intervention
  • Parole Officers
  • Labour Relations
  • Staff Training Coordinators
  • Sentence Administration Staff
  • Case Management Staff

A total of 522 employees received ATIP training at NHQ and in the regions this reporting period.

The Policy and Training Unit continues to offer training to Regional ATIP Liaisons and provide advice and answer questions and concerns regarding training, policy and guidelines, interpretations of the Act, etc. through its GEN-NHQ Policy and Training email account. This continues to be a very useful tool.

Policies, Guidelines, and Procedures

The PTU spent this year continuing its review of its policies and procedures to ensure they were compliant and reflected the most current information. This included the revision of the Privacy Impact Assessment Checklist, Privacy Breach Guidelines and Privacy Risk Assessment template, as well as the development of the Privacy Breach and Privacy Impact Assessment ATIP Bulletins.

Two new tools were created during this reporting period:

  1. ATIP Resource Toolkit – an electronic tool designed to support the development of ATIP staff by providing a centralized location for policies, procedures and other ATIP-related documents, and
  2. Privacy Request Checklist – a tool that serves as a guide to staff when processing formal privacy requests in order to ensure each request goes through the proper steps from beginning to end.

Following feedback from Treasury Board Secretariat (TBS), CSC ATIP is exploring ways to inform requesters of its Duty to Assist under the Privacy Act. ATIP’s internet site has a page dedicated to the Duty to Assist principles; however, we are looking at additional ways to transmit this information such as posting notices in penal institutions.

One of CSC ATIP’s priorities continues to be fostering its relationship with the Office of the Privacy Commissioner. As much as possible, CSC provides detailed rationales in response to formal complaints and also notifies the OPC of all moderate and high level breaches.

Due to the vast quantities of personal information handled by the CSC, the ATIP Division continues to be proactive in promoting awareness regarding the safeguarding of its information holdings and stresses in each training session how to avoid breaches.

Audit on Privacy Breaches at CSC

As a result of the number of breaches of offenders’ personal information, CSC’s Commissioner has asked for a privacy audit on the protection of offenders’ personal information within the institutions. The audit team has visited a number of institutions and it is anticipated that the results of the audit will assist in mitigating the occurrences of future breaches and provide concrete recommendations to reduce the number of breaches.

ATIP Website – Internal and External

CSC’s ATIP Division continues to ensure its internal ATIP website is kept updated with the most current information in order to educate the wider CSC community on privacy related issues. The site includes information regarding policies and procedures, directives, privacy breach prevention and reporting, Privacy Impact Assessment procedures, and a list of ATIP Tips and Bulletins.

This fiscal year, ATIP’s external internet section was revised and updated to ensure it is in compliance with TBS’ Web Content Accessibility Guidelines. The updated content continues to be user-friendly and includes dedicated pages for instructions on submitting access and privacy requests and how to make a request for correction of personal information, the duty to assist, an up-to-date list of the completed Privacy Impact Assessments, and frequently asked questions.

Info Source

CSC is responsible for providing comprehensive, accurate and up-to-date descriptions of its functions, programs, activities and Personal Information Banks (PIBs) that describe the collection, use, disclosure and retention of personal information in Info Source. CSC continues to be dedicated to updating its PIBs on an annual basis and ensuring they are aligned with the appropriate Class of Records.

CSC was also part of the Info Source Pilot Working Group in September 2012 on the decentralization of Info Source. CSC’s Info Source chapter can now be found on its external website and will be updated as revisions arise.

Management Accountability Framework (MAF)

As a result of the Deficit Reduction Action Plan exercise, there was no MAF for the fiscal year 2012-2013. However, it should be noted that CSC improved its MAF ratings for the 2011-2012 review in relation to the Privacy Act and now has acceptable and strong ratings.

Ongoing Activities

Throughout the 2012-2013 fiscal year, officials of the ATIP division supported the administration of the Privacy Act through many of its other activities, including:

  • Participating in working groups in order to provide privacy advice, including:
    • Electronic Monitoring of offenders in the community.
    • A joint agreement between CSC and CBSA to aid them in the enforcement of border control and deportation.
    • Bill C-350 in which creditors may seek monies from offenders.
    • Telecommunications to assist offender visits by using videoconferencing and emails.
    • ChildLink – a pilot project that will allow virtual visits using videoconference calls from mothers to their children in the community.
    • Telehealth initiatives in which health services will be delivered, electronically such as dispensing pharmacy services, medical consultations, etc.
    • Assisting the Policy Sector with its review of the Commissioner’s Directives.
  • Reviewing CSC’s forms to ensure they contain the required privacy statements.
  • Participating as a member of the Government of Canada (GC) Forum on ATIP. The Forum serves as a direct link to the ATIP community where members discuss issues including PIAs, policy developments and training initiatives.
  • Attending networking functions with other ATIP colleagues such as the ATIP Community meetings presided by the Treasury Board, the annual Canadian Access and Privacy Association (CAPA) conference, the annual Information Commissioner and Privacy Commissioner’s breakfast and the annual PIA information session held by the Office of the Privacy Commissioner.
  • Strengthening our communication and relationship with the Office of the Privacy Commissioner – ATIP sponsored a learning session for their investigators to assist them in understanding how Preventive Security works within CSC and the penal institutions. These learning sessions help familiarize investigators with the unique challenges and issues of CSC.
  • Assisting program areas with the completion of the Privacy Impact Assessment (PIA) Checklist for new initiatives and projects, and reviewing them in order to determine if a full PIA is required.
  • Providing advice to CSC employees on privacy matters, including how to report on and prevent breaches of personal information and ensure that corrective measures are implemented and responding to general ATIP questions from our colleagues in the sectors and regions.
  • Serving as the Secretariat for CSC’s Privacy Committee chaired by the Assistant Commissioner, Policy.

Privacy Impact Assessments

There was one PIA completed this reporting year as follows:

Electronic Monitoring Second Pilot (EM-PII)

In 2008, CSC completed a Privacy Impact Assessment (PIA) for the Electronic Monitoring Pilot Project which examined the capacity of CSC to use EM technology to monitor higher risk and/or needs of offenders on release in the community. The project ended in 2011, and at the present time (May 2013) EM services are not operational within CSC. However, with the coming into force of the Safe Streets and Communities Act, legal authority exists for CSC to monitor offender compliance with a condition of a temporary absence, work release, parole, statutory release or long-term supervision that restricts their access to a person or geographical area or requires them to be in a geographical area.

A new PIA has been completed for a second pilot of EM in order to determine the extent to which the conclusions contained in the 2008 PIA are still valid and applicable and to identify the new privacy risks that may have to be addressed. Prior to any decision to fully implement EM, CSC will need to further examine the effectiveness and efficiency of EM as a supervision tool, as well as determining cost efficiency. It is anticipated that this second pilot will commence in early 2014.

Phase II will implement EM as a supervision tool in all five CSC regions in order to test the EM technology and functionality in various geographical areas.

At the end of the reporting period, there were four ongoing PIAs which are expected to be completed during the next reporting period.

Privacy Breaches

CSC is among 10 federal departments that collect and handle the largest amount of personal information. Over the 2012-2013 reporting period, the ATIP Division processed 201 privacy breaches, a slight decrease from 2011-2012. However, it should be noted that most of the privacy breaches are low risk.

Although CSC continues to see a large number of privacy breaches, this can be attributed to the ongoing education regarding the importance of reporting privacy breaches. An ongoing component of our training includes a comprehensive section on privacy breaches and staff is continuously reminded of their obligations to safeguard and protect personal information and adopt privacy sensitive approaches in the workplace. ATIP continues to work with all liaisons on how to report on privacy breaches, implement corrective measures and prevent further privacy breaches, in order to cultivate a culture of awareness regarding the importance of safeguarding personal information.

CSC’s Privacy Breach Guidelines provide employees with direction on the department’s privacy breach reporting mechanism. This tool provides information on responsibilities, types of breaches, reporting and notification. In addition, the Guidelines provide information on how to conduct a Privacy Risk Assessment (PRA) at the operational level where the impact and the circumstances of the breaches are best known. This fiscal year, the Guidelines have been updated to include more information as to what constitutes a low, medium and high-level breach; the fact that CSC now reports all moderate and high-level breaches to the OPC and what is required when notifying them; additional information on notifying individuals that their personal information is breached and corrective measures; updated letters; and a more user-friendly PRA.

All breaches are reported to ATIP’s Policy and Training Unit which provides recommendations to staff on how to safeguard personal information, report breaches to the OPC if required, and monitors the breaches to ensure corrective measures are implemented to prevent a similar occurrence in the future. The unit also identifies areas which may require additional training on the protection of personal information and provided that training.

Delegation of Authority

The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to the departmental ATIP Coordinator through a delegation instrument signed by the Minister of Public Safety. The approval of exemptions remains with the Director, the Deputy Directors as well as the Team Leaders. Delegation for public interest releases as well as research and statistics rests with the Commissioner, the Senior Deputy Commissioner and the Assistant Commissioner, Policy.

A detailed delegation instrument can be viewed in Appendix A.

Chapter II – Privacy Act Statistical Report and Supplementary Reporting Requirments for 2012-2013

Statistical Report

See Appendix B for CSC’s Statistical Report on the Privacy Act.

Interpretation of the 2012-2013 Statistical Report

Requests received under the Privacy Act

In 2012-2013, CSC received 11,054 Privacy Act requests. A total of 4,063 requests were carried over from the previous reporting year, totaling 15,117 requests requiring processing in 2012-2013. In total, 990,926 pages were processed. In addition, the Division processed 1,438 informal requests totaling 91,496 pages for personal information relating to Indian and Residential School Settlements, harassment, and disciplinary investigation reports, as well as 52 consultations from other government institutions and 17 miscellaneous requests for personal information. Please refer to Appendix B for the Statistical Report.

Figure 1: Formal Requests and carried over

This graphs shows that in 2010-2011 there were 13,864 requests that required processing, in 2011-2012 there were 13,727 requests that required processing, and in 2012-2013, there were 15,117 requests that required processing.

Figure 1

Disposition of Requests

Of the 10,654 requests completed during the 2012-2013 reporting period, 1,099 requests were full disclosures, 4,461 were partial disclosures, 76 were withheld in their entirety, 3,883 were unable to process resulting from no records existing, and 1135 were abandoned by the applicant.

Figure 2: Disposition of Requests

This graph shows that of the 10,654 requests completed during the 2012-2013 reporting period, 1,099 requests were full disclosures, 4,461 were partial disclosures, 76 were withheld in their entirety, 3,883 were unable to process resulting from no records existing, and 1135 were abandoned by the applicant.

Figure 2

Exemptions

A breakdown of the exemptions applied during this reporting period is as follows:

Note.

This table shows the number of times each exemption was applied during this reporting period. Obtained in Confidence was applied 1421 times, Federal-Provincial Affairs was not applied, International Affairs and Defence was applied five times, Law Enforcement & Investigation was applied 3719 times, Policing Service was applied one time, Security Clearances was not applied, Individuals Sentenced for an Offence was applied 729 times, Safety of the Individual was applied 23 times, Information about another individual was applied 4351 times, Solicitor-Client Privilege was applied 59 times, Medical Record was applied two times, Information to be published was not applied, and Library/Museum Material was applied one time.

Exemption Description Number of Times Applied
Obtained in Confidence 1421
Federal-Provincial Affairs 0
International Affairs and Defence 5
Law Enforcement & Investigation 3719
Policing Services 1
Security Clearances 0
Individuals Sentenced for an Offense 729
Safety of the Indivicuals 23
Information about Another Individual 4351
Solicitor-Client Privilege 59
Medical Record 2
Information to be Published 0
Library/Museum Material 1

Completion Time

During the reporting period, CSC completed 4,484 requests in less than 30 days; 2,597 between 31 and 60 days; 1,364 requests between 61 to 120 days; and 2,209 were completed in over 121 days.

Informal Requests

There are a significant number of informal requests processed by the ATIP Division. During the reporting period, 1,438 informal requests were completed. These include:

  • releasing information through informal means where possible
  • reviewing investigation reports, including fact-finding, harassment, disciplinary, and Board of Investigation reports
  • processing requests from the province, including Coroners’ inquests and Crown Counsel reviews
  • reviewing requests relating to the Indian Residential School Settlement claims

Method of Access

Where information was available for release, copies were provided in 5,560 cases which included paper copies, electronic, CDs and examination.

Corrections and Notations

CSC received a total of three requests for correction to personal information. A total of one correction was made. The remaining two were not made in accordance with the Privacy Act, but were dealt with pursuant to the Corrections & Conditional Release Act.

Consultations from Other Institutions

The ATIP Division’s workload involves responding to consultations in response to formal requests received by other institutions. CSC works closely with its partners under the Public Safety portfolio such as CBSA, RCMP, CSIS , PBC, OCI, as well as Citizenship and Immigration in order to respond to consultations in a timely fashion.

During the 2012-2013 reporting period, the ATIP Division received a total of 52 consultations from other institutions processing requests under the Privacy Act.

The following chart provides the type and number of consultations received over the 2012-2013 reporting year:

Note.

This table shows the type and number of consultations received this reporting period. Forty-three consultations were received from other government institutions and nine consultations were received from other organizations, totalling 52 consultations received.

Type of Consultation Number of Consultations Received
in 2012-2013
Other Government Institutions 43
Other Organizations 9
Total 52

Suppliementary Reporting Requirements

Complaints and Investigations

Applicants have the right of complaint to the Office of the Privacy Commissioner (OPC) pursuant to the Privacy Act and may exercise this right at any time during the processing of their request. At the end of this reporting period, CSC received a total of 170 complaints and 152 findings were issued for these complaints.

The majority of the privacy complaints received during this reporting period concern denial of access, use and disclosure, and delay/time limit complaints. CSC processed 10,654 requests and received 170 complaints representing less than 2% of the requests processed by CSC.

The following chart provides a breakdown of the type of complaint made to the OPC:

Note.

For each type of complaint made to the OPC, this table shows how many were received, for how many CSC received a finding, and how many were still active at the end of this reporting period. For Access complaints, 51 were received, 54 received findings, and 83 were active; for Delay/Time Limit complaints, 72 were received, 60 received findings, and 19 were active; for Collection complaints, one was received, one received findings, and one was active; for Use and Disclosure complaints, 42 were received, 36 received findings, and 47 were active; for Retention and Disposal complaints, two were received, none received findings, and two were active; for Correction/Notation complaints, none were received, none received findings, and none were active; for Extension complaints, two were received, one received findings, and one was active; and for Language complaints, none were received, none received findings and one was active. In total, 170 complaints were received, 152 findings were received, and 154 were active.

Type of Complaint Received Finding Active
Access 51 54 83
Delay/Time Limits 72 60 19
Collection 1 1 1
Use and Disclosure 42 36 47
Retention and Disposal 2 0 2
Correction/Notation 0 0 0
Extension 2 1 1
Language 0 0 1
Total 170 152 154

Some key issues raised and subsequent actions taken as a result of the privacy complaints CSC received and the OPC’s investigations and recommendations during this reporting period are:

  1. A complaint was filed with the OPC concerning the improper disclosure of sensitive offender health information. As a result, the OPC recommended that CSC report all moderate and high level breaches to them and ensure that corrective measures are reported to the affected individuals, as appropriate. CSC has now updated its Breach Guidelines to reflect the requirement to report on all moderate and high level breaches to the OPC, as well as the notification letters.
  2. CSC has had difficulty providing personal information on audiotapes and videos in response to Privacy Act requests. The ATIP Division is in the process of purchasing software which will allow ATIP to vet documents in these formats, thereby eliminating a number of complaints on this issue.
  3. Over the past year, the OPC has provided our office with a number of recommendations concerning the management of privacy within the department. Subsequently, CSC’s Commissioner sent a Communiqué advising staff to respond to requests in a timely fashion, to collect all information responsive to requests and to retain personal information for a minimum retention period of two years. He further advised staff to report all Privacy Breaches, consult with the ATIP Division prior to starting any new programs that involve the collection, use or disclosure of personal information; and to follow sound information management practices.

Disclosure of Personal Information Pursuant to 8(2)

Subsection 8(2) of the Privacy Act states that “personal information under the control of a government institution may be disclosed” under certain specific circumstances without the consent of the individual.

The mandate of CSC requires that it routinely shares personal information with other areas of the Criminal Justice Community and Law Enforcement Agencies (which includes municipal, provincial, international, federal police forces or other law enforcement bodies) to ensure the offenders are appropriately managed in a safe, secure and humane environment and to ensure the safety of the offender, other offenders, staff and the community at large.

The following is a statistical breakdown of disclosures pursuant to 8(2) of the Privacy Act:

Note.

This table lists the sections of 8(2) with their descriptions and the number of requests processed during this reporting period pursuant to each section. For a full description of the section of 8(2), consult the Privacy Act. During the reporting period, eight requests were processed pursuant to 8(2)(b) and 8(2)(c), 10 requests were processed pursuant to 8(2)(d), 70 requests were processed pursuant to 8(2)(e), 454 requests were processed pursuant to 8(2)(f), seven were processed pursuant to 8(2)(l), and three were processed pursuant to 8(2)(m).

Paragraph Description Requests Processed
8(2)(b) Personal information may be disclosed “in accordance with any Act of Parliament or any regulation…that authorizes its disclosure.” 8
8(2)(c) Personal information may be disclosed to comply “with a subpoena or warrant issued or order made by a court, a person or body with jurisdiction to compel the production of information” or to comply “with rules of court relating to the production of information.” 8
8(2)(d) Personal information may be disclosed “to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada.” 10
8(2)(e) Personal information may be disclosed “to an investigative body […] for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation…” 70
8(2)(f) Personal information may be disclosed “under an agreement or arrangement between the Government of Canada [...] and the government of a province [or territory] [...] for the purpose of administering or enforcing any law or carrying out a lawful investigation.” 454
8(2)(l) Personal information may be disclosed “to any government institution for the purpose of locating an individual in order to collect a debt owing […] by that individual or make a payment owing to that individual…” 7
8(2)(m) Personal information may be disclosed when “…it is in the public interest or (when) disclosure would clearly benefit the individual to whom the information relates.” This could include limited offender information related to Boards of Investigation, transfer dates, locations and medical information 3
Note: The Privacy Commissioner was notified prior to disclosure in all cases.

Federal Court

CSC was named as the respondent in two federal court reviews related to Privacy requests.

Resources

The ATIP Division expended a total of $3,206,686. Of this, $3,136,212 was in salary costs, plus an additional $21,015 in overtime. Operating costs totaled $49,459.

Appendix A – Privacy Act Delegation

The Minister of Public Safety, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Correctional Service of Canada, under the sections of the Act set out in the schedule opposite each position.

The dots (•) represent the person(s) designated to exercise the powers and perform the duties and functions of the Minister under the section(s) of the Act.

Schedule
Section Action Commissioner Senior Deputy Commissioner Assistant Commissioner Policy Director ATIP Deputy Director, ATIP Team Leaders, ATIP Regional Deputy Commi-ssioners Wardens & District Directors
8(2)(j) Disclose personal information for research purposes          
8(2)(m) Disclose personal information in the public interest or in the interest of the individual          
8(4) Retain copy of 8(2)(e) requests and disclosed records
8(5) Notify Privacy Commissioner of 8(2)(m) disclosures          
9(1) Retain record of use
9(4) Notify Privacy Commissioner of consistent use and amend index      
10 Include personal information in personal information banks      
14 Respond to request for access within 30 days; give access or give notice          
15 Extend time limit for responding to request for access          
17(2)(b)

Decide whether to translate requested information

         
18(2) May refuse to disclose information contained in an exempt bank    
19(1) Shall refuse to disclose information obtained in confidence from another government    
19(2) May disclose any information referred to in 19(1) if the other government consents to the disclosure or makes the information public    
20 May refuse to disclose information injurious to the conduct of federal-provincial affairs    
21 May refuse to disclose information injurious to international affairs or defence    
22 May refuse to disclose information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions    
23 May refuse to disclose information prepared by an investigative body for security clearances    
24 May refuse to disclose information collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while individual was under sentence if conditions in section are met    
25 May refuse to disclose information which could threaten the safety of individuals    
26 May refuse to disclose information about another individual, and shall refuse to disclose such information where disclosure is prohibited under Section 8    
27 May refuse to disclose information subject to solicitor-client privilege    
28 May refuse to disclose information relating to the individual's physical or mental health where disclosure is contrary to the best interests of the individual    
31 Receive notice of investigation by the Privacy Commissioner
33(2) Right to make representations to the Privacy Commissioner during an investigation
35(1) Receive Privacy Commissioner's report of findings of the investigation and give notice of action taken
35(4) Give complainant access to information after 35(1)(b) notice
36(3) Receive Privacy Commissioner's report of findings of investigation of exempt bank
37(3) Receive report of Privacy Commissioner's findings after compliance investigation
51(2)(b) Request that Section 51 hearing be held in the National Capital Region      
51(3) Request and be given right to make representations in Section 51 hearings
72(1) Prepare annual report to Parliament            
77 Responsibilities conferred on the head of the institution by the regulations made under section 77 which are not included above

Dated, at the City of Ottawa, this
3rd day of September, 2010
Original signed by The Honourable Vic Toews, P.C., M.P.
Minister of Public Safety

Appendix B – Statistical Report

The Treasury Board Secretariat mandates that a Statistical Report be generated every fiscal year and submitted along with each government institution’s Annual Report. The following tables represent the same information as described above.

Statistical Report on the Privacy Act

Name of Institution:  Correctional Service Canada

Reporting Period:  2012-04-01 to 2013-03-31

PART 1 - Requests under the Privacy Act

  Number of Requests
Received during reporting period 11,054
Outstanding from previous reporting period 4,063
Total 15,117
Closed during reporting period 10,654
Carried over to next reporting period 4,463

PART 2 - Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion Time
1 to 15
days
16 to 30
days
31 to 60
days
61 to 120
days
121 to 180
days
181 to 365
days
More than
365 days
Total
All disclosed 12 365 407 197 30 54 34 1,099
Disclosed in part 18 1,071 1,568 694 245 434 431 4,461
All exempted 7 20 25 8 2 9 5 76
All excluded 0 0 0 0 0 0 0 0
No records exist 2,122 605 514 435 33 40 134 3,883
Request abandoned 173 91 83 30 11 54 693 1,135
Total 2,332 2,152 2,597 1,364 321 591 1,693 10,654
2.2 Exemptions
Section Number
of
requests
18(2) 0
19(1)(a) 24
19(1)(b) 7
19(1)(c) 493
19(1)(d) 897
19(1)(e) 0
19(1)(f) 0
20 0
21 5
Section Number
of
requests
22(1)(a)(i) 1,082
22(1)(a)(ii) 20
22(1)(a)(iii) 32
22(1)(b) 840
22(1)(c) 1,781
22(2) 1
22.1 0
22.2 0
22.3 0
Section Number
of
requests
23(a) 0
23(b) 0
24(a) 45
24(b) 684
25 23
26 4,351
27 59
28 2
2.3 Exclusions
Section Number
of
requests
69(1)(a) 1
69(1)(b) 0
69.1 0
Section Number
of
requests
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
Section Number
of
requests
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 1,081 17 1
Disclosed in part 4,453 7 1
Total 5,534 24 2
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages processed Number of pages disclosed Number of requests
All disclosed 37,406 36,098 1,099
Disclosed in part 921,836 785,605 4,461
All exempted 1,392 0 76
All excluded 0 0 0
Request abandoned 30,292 990 1,135
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 1,020 20,897 74 10,962 4 2,439 1 1,800 0 0
Disclosed in part 2,425 82,647 1,587 301,836 286 165,957 163 235,165 0 0
All exempted 72 0 3 0 1 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Abandoned 1,076 43 41 117 12 830 6 0 0 0
Total 4,593 103,587 1,705 312,915 303 169,226 170 236,965 0 0
2.5.3 Other complexities
Disposition Consultation
required
Assessment
of fees
Legal advice
sought
Other Total
All disclosed 0 0 14 14 28
Disclosed in part 174 1 621 621 1,417
All exempted 0 0 3 3 6
All excluded 0 0 0 0 0
Abandoned 8 0 4 4 16
Total 182 1 642 642 1,467
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of requests closed past the statutory deadline Principal Reason
Workload External consultation Internal consultation Other
4,554 3,518 116 1 919
2.6.2 Number of days past deadline
Number of days past deadline Number of requests
past deadline where
no extension was taken
Number of requests
past deadline where
an extension was taken
Total
1 to 15 days 600 231 831
16 to 30 days 376 122 498
31 to 60 days 503 165 668
61 to 120 days 455 154 609
121 to 180 days 112 153 265
181 to 365 days 232 223 455
More than 365 days 484 744 1,228
Total 2,762 1,792 4,554
2.7 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

PART 3 - Disclosures under subsection 8(2)

Paragraph 8(2)(e) Paragraph 8(2)(m) Total
70 8 78

PART 4 - Requests for correction of personnal information and notations

Number
Requests for correction received 3
Requests for correction accepted 1
Requests for correction refused 0
Notations attached 0

PART 5 - Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of requests where an extension was taken 15(a)(i)
Interference with operations
15(a)(ii)
Consultation
15(b)
Translation or conversion
Section 70 Other
All disclosed 429 0 0 0
Disclosed in part 2,274 0 30 0
All exempted 29 0 0 0
All excluded 0 0 0 0
No records exist 208 0 1 0
Request abandoned 516 0 16 0
Total 3,456 0 47 0
5.2 Length of extensions
Length of extensions 15(a)(i)
Interference
with operations
15(a)(ii)
Consultation
15(b)
Translation purposes
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 3,456 0 47 0
Total 3,456 0 47 0

PART 6 - Consultations received from other institutions and organizations

6.1 Consultations received from other institutions and organizations
Consultations Other government institutions Number of pages to review Other organizations Number of pages to review
Received during reporting period 43 1,912 9 299
Outstanding from the previous reporting period 3 118 0 0
Total 46 2,030 9 299
Closed during the reporting period 45 2,030 9 299
Pending at the end of the reporting period 1 0 0 0
6.2 Recommendations and completion time for consultations received from other government institutions
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
Disclose entirely 14 2 0 0 0 0 0 16
Disclose in part 24 3 0 0 0 0 0 27
Exempt entirely 0 1 0 0 0 0 0 1
Excluded entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 1 0 0 0 1
Total 38 6 0 1 0 0 0 45
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
Disclose entirely 5 0 0 0 0 0 0 5
Disclose in part 2 0 1 0 0 0 0 3
Exempt entirely 0 0 0 0 0 0 0 0
Excluded entirely 0 0 0 0 0 0 0 0
Consult other institution 1 0 0 0 0 0 0 1
Other 0 0 0 0 0 0 0 0
Total 8 0 1 0 0 0 0 9

PART 7 - Completion time of consultations on Cabinet confidences

Number of days Number of responses received Number of responses past deadline
1 to 15 0 0
16 to 30 0 0
31 to 60 0 0
61 to 120 0 0
121 to 180 0 0
181 to 365 0 0
More than 365 0 0
Total 0 0

PART 8 - Resources related to the Privacy Act

8.1 Costs
Expenditures Amount
Salaries $3,136,212
Ovetime $21,015
Goods and Services $49,459
  • Contracts for privacy impact assessments
$0
  • Professional services contracts
$13,605
  • Other
$35,854
Total $3,206,686
8.2 Human Resources
Resources Dedicated full-time Dedicated part-time Total
Full-time employees 42.00 8.00 50.00
Part-time and casual employees 8.00 0.00 8.00
Regional Staff 0.00 0.00 0.00
Consultants and agency personnel 0.00 0.00 0.00
Students 0.00 0.00 0.00
Total 50.00 8.00 58.00