Annual Report of the Privacy Act 2013-2014

1.0 Introduction

The Privacy Act protects the privacy of Canadian citizens and permanent residents against the unauthorized use and disclosure of personal information about themselves held by a government institution. It also provides individuals with a right of access to that information and the right to correct inaccurate personal information. In addition, the Privacy Act legislates how the government collects, stores, disposes, uses and discloses personal information.

Section 72 of the Privacy Act requires that the Head of every federal government institution submit an annual report to Parliament on the administration of this Act over the fiscal year.

This report describes how the Correctional Service Canada (CSC) fulfilled its privacy responsibilities during the reporting period covering 2013-2014.

Our reporting Head, the Minister of Public Safety, has delegated the administration of the Privacy Act, including the reporting of the Annual Report, to the Commissioner of CSC.

2.0 Organization

2.1 About Correctional Service Canada

Correctional Service Canada was formed in 1979 through the amalgamation of the Canadian Penitentiary Service and the Parole Board of Canada. CSC has the fundamental obligation to contribute to public safety by actively encouraging and assisting offenders to become law-abiding citizens, while exercising reasonable, safe, secure and humane control.

It does this by operating under the rule of law, in particular the Correctional and Conditional Release Act (CCRA), which provides its legislative framework. The Commissioner of CSC has the authority, extending from the CCRA, to issue directives, procedures and guidelines to carry out the agency's operations.

CSC contributes to public safety by administering court-imposed sentences for offenders sentenced to two years or more. This involves managing institutions (penitentiaries) of various security levels and supervising offenders on different forms of conditional release, while assisting them in become law-abiding citizens. CSC also administers post-sentence supervision of offenders with Long Term Supervision Orders for up to 10 years.

CSC works closely with its Public Safety Portfolio partners, including the Royal Canadian Mounted Police (RCMP), the Parole Board of Canada (PBC), the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), and three review bodies, including the Office of the Correctional Investigator (OCI).

2.2 The Access to Information and Privacy Division

The Access to Information and Privacy Division (ATIP) is comprised of one Director and eight teams: an Administrative Unit, two Access to Information Teams, four Privacy Teams and a Policy and Training Unit. The Administrative Unit is responsible for processing incoming requests, generating routine correspondence, tasking the institutions in order to retrieve records for privacy requests, ensuring quality control, preparing final release packages for the mail, and providing general support to the ATIP office. The Access to Information and Privacy Teams review and analyze documents, provide guidance, conduct consultations, process complaints received about their files from the Offices of the Information and Privacy Commissioners, and provide guidance and support to program areas on the application of the Acts. In addition, the Access to Information teams are responsible for tasking the branches and regions in order to retrieve records. The Policy and Training Unit develops policies, guidelines, tools and procedures to support ATIP requirements within CSC, oversees the Privacy Impact Assessment process, manages privacy breaches, processes complaints on the use and disclosure of personal information from the Office of the Privacy Commissioner, and provides training to CSC employees.

During the 2013-2014 fiscal year, there were 58 full-time equivalents (FTE), and 10 casual employees.

The ATIP Division is part of the Policy Sector and reports to the Director General of Rights, Redress and Resolution. It is responsible for the overall administration of the Access to Information Act and the Privacy Act. In addition, each sector, region, institution, district, parole office and community correctional centre has an Access to Information and Privacy liaison who assists the national ATIP Division in administering its overall responsibilities.

During the next reporting period, the ATIP Division will be undergoing a restructuring in order to improve and streamline workflow with the overall goal of increasing the efficiency of the office.

2.3 Operational Challenges

The ATIP Division continues to receive a large volume of formal and informal privacy requests including:

  • Requests from offenders for copies of their files.
  • Indian Residential School Settlement (IRSS) Claim requests.
  • Informal privacy requests from employees, Workplace Safety and Insurance Board (WSIB) claims and the Department of Justice (DOJ).
  • Requests under sections 8(2)(e) and 8(2)(f) of the Privacy Act from the RCMP, Offices of the Attorney General, Canada Revenue Agency and police services.
  • Disciplinary and harassment reports.
  • Fact-finding investigation reports.

3.0 Highlights & Accomplishments

3.1 Training & Awareness

The Policy and Training Unit (PTU) plays a fundamental role in developing and delivering training to employees at National Headquarters, Regional Headquarters and at the institutional level across Canada, as well as the ATIP staff, on Access to Information and Privacy related matters.

During this reporting period, the ATIP Division continued delivering ATIP Awareness training to the sectors and the regions in order to ensure CSC employees have an understanding of ATIP and the importance of their role in the process. Regional ATIP Liaisons also delivered training sessions within their regions. Employees were trained from various areas of CSC, including:

  • Health Services
  • Correctional Managers
  • Community Engagement
  • Administrative Assistants
  • Victim Services
  • Chiefs of Administration
  • Executive Secretariat
  • Finance
  • Chaplaincy
  • Managers of Assessment and Intervention
  • Wardens and Deputy Wardens
  • Parole Officers
  • National Monitoring Centre
  • Labour Relations
  • Performance Management
  • Staff Training Coordinators
  • Security Intelligence Analysts
  • Sentence Administration Staff
  • Policy Sector
  • Case Management Staff

A total of 315 employees received ATIP training at NHQ and in the regions this reporting period.

The Policy and Training Unit continues to offer training to Regional ATIP Liaisons and provide advice and answer questions and concerns regarding training, policy and guidelines, interpretations of the Act, etc. through its GEN-NHQ Policy and Training email account. This continues to be a very useful tool.

3.2 Policies, Guidelines, and Procedures

Over the past year, the Policy and Training Unit has

  • updated CSC's Privacy Breach Guidelines and Privacy Risk Assessment to ensure staff have a clear understanding of what is required when reporting a breach of personal information, how to properly assess the level of risk and the importance of implementing corrective measures;
  • prepared new bulletins on the "Need to Know" principle and the Privacy Impact Assessment process which were sent out to all CSC employees in order to build awareness;
  • created procedures and tools for the processing of requests under section 8(2) of the Privacy Act in order to ensure consistency;
  • developed and implemented new privacy breach procedures for the ATIP office to ensure the accurate reporting, monitoring and tracking of breaches across the organization; and
  • drafted procedures for the tracking of Privacy Impact Assessment Checklists and Privacy Impact Assessments in order to centralize all relevant documents and records of decision.

3.3 Audit of Privacy of Offender Information at CSC

As stated in the 2012-2013 Annual Report, the Commissioner of CSC asked for a privacy audit on the protection of offenders' personal information within the institutions as a result of the number of breaches which have occurred over the years. During this fiscal year, Internal Audit completed the Audit of Privacy of Offender Information. The Audit was national in scope and focused on the overall privacy of offender information and the prevention and reporting of privacy breaches.

The Audit found that the privacy management framework needs to be strengthened in order to ensure that the privacy of offender information is maintained. Recommendations for CSC have been identified and included in a Management Action Plan (MAP). The ATIP Division is working closely with senior management at National Headquarters and in the regions to develop and implement actions in order to address these recommendations.

3.4 ATIP Website – Internal and External

CSC's ATIP Division continues to ensure its internal ATIP website is kept updated with the most current information in order to educate the wider CSC community on privacy related issues. The site includes information regarding policies and procedures, directives, privacy breach prevention and reporting, Privacy Impact Assessment procedures, and a list of ATIP Tips and Bulletins.

CSC's website continues to be user-friendly and includes dedicated pages for instructions on submitting access and privacy requests and how to make a request for correction of personal information, the duty to assist, an up-to-date list of the completed Privacy Impact Assessments, and frequently asked questions. For more information, please consult the ATIP Division's Internet site.

3.5 Info Source

CSC is responsible for providing comprehensive, accurate and up-to-date descriptions of its functions, programs, activities and Personal Information Banks (PIBs) that describe the collection, use, disclosure and retention of personal information in Info Source. CSC continues to be dedicated to updating its PIBs on an annual basis and ensuring they are aligned with the appropriate Class of Records.

CSC's Info Source chapter is updated as revisions arise and can be found on its external website.

3.6 Management Accountability Framework (MAF)

There was no MAF for the fiscal year 2013-2014.

3.7 Ongoing Activities

Throughout the 2013-2014 fiscal year, officials of the ATIP Division supported the administration of the Privacy Act through many of its other activities, including:

  • Providing privacy advice to various program areas regarding new initiatives, for example:
  • Victim Services
  • Community Reintegration Branch
  • Public Health
  • Research Branch
  • Policy, Planning and Quality Improvement
  • Reintegration Programs
  • Information Management
  • Information Sharing with External Partners
  • Reviewing CSC's forms to ensure they contain the required privacy statements.
  • Participating as a member of the Government of Canada (GC) Forum on ATIP. The Forum serves as a direct link to the ATIP community where members discuss issues including PIAs, policy developments and training initiatives.
  • Attending networking functions with other ATIP colleagues such as the ATIP Community meetings presided by the Treasury Board, the annual Canadian Access and Privacy Association (CAPA) conference, the annual Information Commissioner and Privacy Commissioner's breakfast and the annual PIA information session held by the Office of the Privacy Commissioner.
  • Maintaining our relationship with the Office of the Privacy Commissioner.
  • Assisting program areas with the completion of Privacy Impact Assessment (PIA) Checklists for new initiatives and projects, and reviewing them in order to determine if a full PIA is required.
  • Drafting Privacy Impact Assessments, Information Sharing Agreements and Memoranda of Understanding for new initiatives.
  • Providing advice to CSC employees on privacy matters, including how to report on and prevent breaches of personal information and ensure that corrective measures are implemented and responding to general ATIP questions from our colleagues in the sectors and regions.
  • Serving as the Secretariat for CSC's Privacy Committee chaired by the Assistant Commissioner, Policy.

4.0 Privacy Impact Assessments

At the end of the reporting period, there were 3 ongoing PIAs which are expected to be completed during the next reporting period.

5.0 Privacy Breaches

CSC is among the top 10 federal departments that collect and handle the largest amount of personal information. Over the 2013-2014 reporting period, the ATIP Division processed 156 privacy breaches, a 22 percent decrease from 2012-2013 which can be attributed to the ongoing education regarding the importance of reporting privacy breaches. It should be noted that most of the privacy breaches are low risk.

Although CSC has improved its results, there continues to be a number of privacy breaches. CSC takes this seriously and continues to educate staff on the protection of personal information as follows:

  • An ongoing component of our training includes a comprehensive section on privacy breaches.
  • Staff is continuously reminded of their obligations to safeguard and protect personal information and adopt privacy sensitive approaches in the workplace.
  • ATIP Division continues to work with all liaisons on how to report on privacy breaches, implement corrective measures and prevent further privacy breaches, in order to cultivate a culture of awareness regarding the importance of safeguarding personal information.
  • The Privacy Breach Guidelines and Privacy Risk Assessment were updated. CSC's Privacy Breach Guidelines provide employees with direction on the department's privacy breach reporting mechanism. This tool provides information on responsibilities, types of breaches, reporting and notification. In addition, the Guidelines provide information on how to conduct a Privacy Risk Assessment (PRA) at the operational level where the impact and the circumstances of the breaches are best known. CSC continues to report all moderate and high-level breaches to the OPC.
  • Commissioner's Directive 568-1, Recording and Reporting of Security Incidents, was updated to include the requirement for all breaches of personal information to be reported in the daily situation report (SITREP) of security incidents. This report is disseminated to staff that have a need-to-know. ATIP receives a copy of the SITREP in order to ensure all breaches of personal information have been reported in accordance with the Breach Guidelines.

6.0 Delegation of Authority

The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to the departmental ATIP Coordinator through a delegation instrument signed by the Minister of Public Safety. The approval of exemptions remains with the Director, the Deputy Directors as well as the Team Leaders. Delegation for public interest releases as well as research and statistics rests with the Commissioner, the Senior Deputy Commissioner and the Assistant Commissioner, Policy.

A detailed delegation instrument can be viewed in Appendix A.

Chapter II – Privacy Act Statistical Report and Supplementary Reporting Requirements for 2013-2014

7.0 Statistical Report

See Appendix B for CSC's Statistical Report on the Privacy Act.

8.0 Interpretation of the 2013-2014 Statistical Report

8.1 Requests Received Under the Privacy Act

In 2013-2014, CSC received 8,508 Privacy Act requests. A total of 4,860 requests were carried over from the previous reporting year, totaling 13,368 requests requiring processing in 2013-2014. Please refer to Appendix B for the Statistical Report.

8.2 Disposition of Requests

Of the 8,255 requests completed during the 2013-2014 reporting period, 1,155 requests were full disclosures, 4,095 were partial disclosures, 75 were withheld in their entirety, 1,611 were unable to process resulting from no records existing, and 1,319 were abandoned by the applicant. In total, 913,213 pages were processed.

8.3 Exemptions

A breakdown of the exemptions applied during this reporting period is as follows:

Exemption Description Number of Times Applied
Obtained in Confidence 1515
Federal-Provincial Affairs 0
International Affairs and Defence 5
Law Enforcement & Investigation 3446
Policing Services 0
Security Clearances 1
Individuals Sentenced for an Offence 616
Safety of the Individuals 20
Information about another individual 4055
Solicitor-Client Privilege 41
Medical Record 1
Information to be published 1
Library/Museum Material 0

8.4 Completion Time

During the reporting period, CSC completed 2,293 requests in less than 30 days; 1,959 between 31 and 60 days; 921 requests between 61 to 120 days; and 3,082 were completed in over 121 days.

8.5 Informal Requests

There are a significant number of informal requests processed by the ATIP Division. During the reporting period, 1,661 informal requests were completed. These include:

  • Releasing information through informal means where possible.
  • Reviewing investigation reports, including fact-finding, harassment, disciplinary, and Board of Investigation reports.
  • Reviewing requests relating to the Indian Residential School Settlement claims.

8.6 Method of Access

Where information was available for release, copies were provided in 5,250 cases which included paper copies, electronic, CDs and examination.

8.7 Corrections and Notations

CSC received a total of two requests for correction of personal information. Both corrections have been made.

8.8 Consultations from Other Institutions and Organizations

The ATIP Division's workload involves responding to consultations in response to formal requests received by other institutions and organizations. CSC works closely with its partners under the Public Safety portfolio such as CBSA, RCMP, CSIS, PBC, OCI, as well as Citizenship and Immigration in order to respond to consultations in a timely fashion.

During the 2013-2014 reporting period, the ATIP Division received a total of 57 consultations from other institutions and organizations.

The following chart provides the type and number of consultations received over the 2013-2014 reporting year:

Type of Consultation Number of Consultations Received
in 2013-2014
Other government institutions 43
Other organizations 14
Total 57

9.0 Supplementary Reporting Requirements

9.1 Complaints and Investigations

Applicants have the right of complaint to the Office of the Privacy Commissioner (OPC) pursuant to the Privacy Act and may exercise this right at any time during the processing of their request. At the end of this reporting period, CSC received a total of 314 complaints and 208 findings were issued.

The majority of the privacy complaints received during this reporting period concern denial of access, use and disclosure, and delay/time limit complaints. CSC processed 8,255 requests and received 314 complaints representing less than 3.7% of the requests processed by CSC.

The following chart provides a breakdown of the complaints made to the OPC:

Type of Complaint Received Finding Active
Access 55 41 100
Delay/Time Limits 226 133 102
Collection 2 1 2
Use and Disclosure 22 29 29
Retention and Disposal 2 0 3
Correction/Notation 0 0 0
Extension 5 4 3
Language 2 0 3
Total 314 208 242

Some key issues raised and subsequent actions taken as a result of the privacy complaints CSC received and the OPC's investigations and recommendations during this reporting period are:

  • Over the past year, the OPC has provided our office with a number of recommendations concerning the management of privacy within the institutions. Subsequently, the basic handling procedures of personal information have been discussed with management at the institutions and new procedures have been implemented to ensure the proper handling of personal information.
  • Numerous complaints were filed over the past year which concerned personal information of both employees and offenders being accessed, shared and/or released to those without a need to know. As a result, the ATIP Division developed and distributed a bulletin on the "Need to Know" principle to help raise awareness and to provide tips on its application.

The ATIP Division continues to deliver training and develop tools to educate staff on the protection of personal information. It is CSC's vision that the deliverables identified in the Management Action Plan from the Audit of Privacy of Offender Information will also help raise awareness and strengthen the privacy management framework to work towards the common goal of reducing breaches of personal information.

9.2 Disclosure of Personal Information Pursuant to 8(2)

Subsection 8(2) of the Privacy Act states that "personal information under the control of a government institution may be disclosed" under certain specific circumstances without the consent of the individual.

The mandate of CSC requires that it routinely shares personal information with other areas of the Criminal Justice Community and Law Enforcement Agencies (which includes municipal, provincial, international, federal police forces or other law enforcement bodies) to ensure the offenders are appropriately managed in a safe, secure and humane environment and to ensure the safety of the offender, other offenders, staff and the community at large.

The following is a statistical breakdown of disclosures pursuant to 8(2) of the Privacy Act:

Paragraph Description Requests Processed
8(2)(b) Personal information may be disclosed "in accordance with any Act of Parliament or any regulation…that authorizes its disclosure." 2
8(2)(c) Personal information may be disclosed to comply "with a subpoena or warrant issued or order made by a court, a person or body with jurisdiction to compel the production of information" or to comply "with rules of court relating to the production of information." 1
8(2)(d) Personal information may be disclosed "to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada." 4
8(2)(e) Personal information may be disclosed "to an investigative body […] for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation…" 72
8(2)(f) Personal information may be disclosed "under an agreement or arrangement between the Government of Canada [...] and the government of a province [or territory] [...] for the purpose of administering or enforcing any law or carrying out a lawful investigation." 353
8(2)(l) Personal information may be disclosed "to any government institution for the purpose of locating an individual in order to collect a debt owing […] by that individual or make a payment owing to that individual…" 0
8(2)(m) Personal information may be disclosed when "…it is in the public interest or (when) disclosure would clearly benefit the individual to whom the information relates." This could include limited offender information related to Boards of Investigation, transfer dates, locations and medical information 2 Note: The Privacy Commissioner was notified prior to disclosure in all cases.

9.3 Federal Court

CSC was named as the respondent in three federal court reviews related to Privacy requests.

9.4 Resources

The ATIP Division expended a total of $2,757,009.00 – $2,735,332.00 was in salary costs, $1,495.00 in overtime costs, and $20,182.00 in operating costs.

Appendix A – Privacy Act Delegation Order

The Minister of Public Safety, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Correctional Service of Canada, under the sections of the Act set out in the schedule opposite each position.

Section Action Commissioner Senior Deputy Commissioner Assistant Commissioner Policy Director ATIP Deputy Director, ATIP Team Leaders, ATIP Regional Deputy Commissioners Wardens & District Directors
8(2)(j) Disclose personal information for research purposes          
8(2)(m) Disclose personal information in the public interest or in the interest of the individual          
8(4) Retain copy of 8(2)(e) requests and disclosed records
8(5) Notify Privacy Commissioner of 8(2)(m) disclosures          
9(1) Retain record of use
9(4) Notify Privacy Commissioner of consistent use and amend index      
10 Include personal information in personal information banks      
14 Respond to request for access within 30 days; give access or give notice          
15 Extend time limit for responding to request for access          
17(2)(b) Decide whether to translate requested information          
18(2) May refuse to disclose information contained in an exempt bank    
19(1) Shall refuse to disclose information obtained in confidence from another government    
19(2) May disclose any information referred to in 19(1) if the other government consents to the disclosure or makes the information public    
20 May refuse to disclose information injurious to the conduct of federal-provincial affairs    
21 May refuse to disclose information injurious to international affairs or defence    
22 May refuse to disclose information prepared by an investigative body, information injurious to the enforcement of a law, or information injurious to the security of penal institutions    
23 May refuse to disclose information prepared by an investigative body for security clearances    
24 May refuse to disclose information collected by the Canadian Penitentiary Service, the National Parole Service or the National Parole Board while individual was under sentence if conditions in section are met    
25 May refuse to disclose information which could threaten the safety of individuals    
26 May refuse to disclose information about another individual, and shall refuse to disclose such information where disclosure is prohibited under Section 8    
27 May refuse to disclose information subject to solicitor-client privilege    
28 May refuse to disclose information relating to the individual's physical or mental health where disclosure is contrary to the best interests of the individual    
31 Receive notice of investigation by the Privacy Commissioner
33(2) Right to make representations to the Privacy Commissioner during an investigation
35(1) Receive Privacy Commissioner's report of findings of the investigation and give notice of action taken
35(4) Give complainant access to information after 35(1)(b) notice
36(3) Receive Privacy Commissioner's report of findings of investigation of exempt bank
37(3) Receive report of Privacy Commissioner's findings after compliance investigation
51(2)(b) Request that Section 51 hearing be held in the National Capital Region      
51(3) Request and be given right to make representations in Section 51 hearings
72(1) Prepare annual report to Parliament            
77 Responsibilities conferred on the head of the institution by the regulations made under section 77 which are not included above


Dated, at the City of Ottawa, this

__th day of ____, 2013


The Honourable Steven Blaney, P.C., M.P.
Minister of Public Safety

Appendix B – Statistical Report

Statistical Report on the Privacy Act

Name of institution: Correctional Service Canada                                       

Reporting period:  2013-04-01 to 2014-03-31

PART 1 – Requests under the Privacy Act

Requests under the Privacy Act  Number of Requests
Received during reporting period 8508
Outstanding from previous reporting period 4860
Total 13368
Closed during reporting period 8255
Carried over to next reporting period 5113

 PART 2 – Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion Time
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 26 269 428 160 108 130 34 1155
Disclosed in part 56 629 1209 608 443 614 536 4095
All exempted 5 17 20 15 4 12 1 74
All excluded 0 0 0 0 0 0 1 1
No records exist 779 319 225 87 51 33 117 1611
Request abandoned 150 43 77 51 35 40 923 1319
Total 1016 1277 1959 921 641 829 1612 8255
2.2 Exemptions
Section Number of requests Section Number of requests Section Number of requests
18(2) 0 22(1)(a)(i) 942 23(a) 1
19(1)(a) 28 22(1)(a)(ii) 9 23(b) 0
19(1)(b) 2 22(1)(a)(iii) 3 24(a) 28
19(1)(c) 789 22(1)(b) 824 24(b) 588
19(1)(d) 694 22(1)(c) 1668 25 20
19(1)(e) 2 22(2) 0 26 4055
19(1)(f) 0 22.1 0 27 41
20 0 22.2 0 28 1
21 5 22.3 0    
2.3  Exclusions
Section Number of requests Section Number of requests Section Number of requests
69(1)(a) 1 70(1)(a) 0 70(1)(d) 0
69(1)(b) 0 70(1)(b) 0 70(1)(e) 0
69.1 0 70(1)(c) 0 70(1)(f) 0
        70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 1137 13 5
Disclosed in part 4089 3 3
Total 5226 16 8
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages
Number of pages
Number of requests
All disclosed 36535 35489 1155
Disclosed in part 838147 711972 4095
All exempted 664 0 74
All excluded 0 0 19
Request abandoned 37867 0 1319
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100 pages processed 101-500
pages processed
pages processed
pages processed
More than 5000 pages processed
Number of Requests Pages disclosed Number of Requests Pages disclosed Number of Requests Pages disclosed Number of Requests Pages disclosed Number of Requests Pages disclosed
All disclosed 1086 23276 67 11146 2 1067 0 0 0 0
Disclosed in part 2291 80948 1377 251285 264 154612 162 220082 1 5045
All exempted 72 0 2 0   0 0 0 0 0
All excluded 1 0 0 0 0 0 0 0 0 0
Abandoned 1174 0 100 0 35 0 0 0 0 0
Total 4624 104224 1546 262431 301 155679 162 220082 1 5045
2.5.3  Other complexities
Disposition Consultation required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 14 16 30
Disclosed in part 52 1 560 580 1193
All exempted 0 0 3 3 6
All excluded 0 0 0 0 0
Abandoned 3 0 11 13 27
Total 55 1 588 612 1256
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of requests closed past the statutory deadline Principal Reason
Workload External consultation Internal consultation Other
4195 3752 5 0 438
2.6.2 Number of days past deadline
Number of days past deadline Number of requests past
deadline where no extension was taken
Number of requests past
deadline where an extension was taken
1 to 15 days 137 267 404
16 to 30 days 58 188 246
31 to 60 days 93 297 390
61 to 120 days 161 490 651
121 to 180 days 110 275 385
181 to 365 days 224 388 612
More than 365 days 666 841 1507
Total 1449 2746 4195
2.7 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

PART 3 – Disclosures under subsection 8(2)

Paragraph 8(2)(e) Paragraph 8(2)(m) Total
70 9 79

PART 4 – Requests for correction of personal information and notations

 Requests for correction of personal information and notations Number
Requests for correction received 2
Requests for correction accepted 2
Requests for correction refused 0
Notations attached 0

 PART 5 – Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of requests where an extension was taken 15(a)(i)
Interference with operations
Translation or conversion
Section 70 Other
All disclosed 735 1 0 2
Disclosed in part 2846 1 24 4
All exempted 41 0 0 0
All excluded 0 0 0 0
No records exist 343 0 2 1
Request abandoned 655 0 3 0
Total 4620 2 29 7
5.2 Length of extensions
Length of extensions 15(a)(i)
Interference with operations
Translation purposes
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 4620 2 29 7
Total 4620 2 29 7

 PART 6 – Consultations received from other institutions and organizations

6.1 Consultations received from other government institutions and organizations
Consultations Other government institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 43 3531 14 325
Outstanding from the previous reporting period 0 0 0 0
Total 43 3531 14 325
Closed during the reporting period 40 3443 14 325
Pending at the end of the reporting period 3 88 0 0
6.2 Recommendations and completion time for consultations received from other government institutions
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days than 365 days Total
Disclose entirely 11 1 0 0 0 0 0 12
Disclose in part 16 3 4 0 0 0 0 23
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 4 0 0 1 0 0 0 5
Other 0 0 0 0 0 0 0 0
Total 31 4 4 1 0 0 0 40
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121  to 180 days 181 to 365 days than 365 days Total
Disclose entirely 3 0 0 0 0 0 0 3
Disclose in part 8 2 0 0 0 0 0 10
Exempt entirely 1 0 0 0 0 0 0 1
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 12 2 0 0 0 0 0 14

 PART 7 – Completion time of consultations on Cabinet confidences

Number of days Number of responses received Number of responses received past deadline
1 to 15 0 0
16 to 30 0 0
31 to 60 0 0
61 to 120 0 0
121 to 180 0 0
181 to 365 0 0
More than 365 0 0
Total 0 0

PART 8 – Resources related to the Privacy Act

8.1 Costs
Expenditures Amount
Salaries $2,735,332
Overtime $1,495
Goods and Services $20,182

Contracts for privacy impact assessments


Professional services contracts



Total $2,757,009
8.2 Human Resources
Resources Dedicated full-time Dedicated part-time Total
Full-time employees 43.00 3.00 46.00
Part-time and casual employees 9.00 0.00 9.00
Regional staff 0.00 0.00 0.00
Consultants and agency personnel 0.00 0.00 0.00
Students 0.00 0.00 0.00
Total 52.00 3.00 55.00