Annual Report of the Privacy Act April 1, 2014 – March 31, 2015

Chapter I – Report on the Privacy Act

1.0 Introduction

The Privacy Act protects the privacy of Canadian citizens and permanent residents against the unauthorized use and disclosure of personal information about themselves held by a government institution. It also provides individuals with a right of access to that information and the right to correct inaccurate personal information. In addition, the Privacy Act legislates how the government collects, stores, disposes, uses and discloses personal information.

Section 72 of the Privacy Act requires that the Head of every federal government institution submit an annual report to Parliament on the administration of this Act over the fiscal year.

This report describes how the Correctional Service Canada (CSC) fulfilled its privacy responsibilities during the reporting period covering 2014-2015.

Our reporting Head, the Minister of Public Safety, has delegated the administration of the Privacy Act, including the reporting of the Annual Report, to the Commissioner of CSC.

2.0 Organization

2.1 About Correctional Service Canada

Correctional Service Canada was formed in 1979 through the amalgamation of the Canadian Penitentiary Service and the Parole Board of Canada. CSC has the fundamental obligation to contribute to public safety by actively encouraging and assisting offenders to become law-abiding citizens, while exercising reasonable, safe, secure and humane control.

It does this by operating under the rule of law, in particular the Correctional and Conditional Release Act (CCRA), which provides its legislative framework. The Commissioner of CSC has the authority, extending from the CCRA, to issue directives, procedures and guidelines to carry out the agency’s operations.

CSC contributes to public safety by administering court-imposed sentences for offenders sentenced to two years or more. This involves managing institutions (penitentiaries) of various security levels and supervising offenders on different forms of conditional release, while assisting them in become law-abiding citizens. CSC also administers post-sentence supervision of offenders with Long Term Supervision Orders for up to 10 years.

CSC works closely with its Public Safety Portfolio partners, including the Royal Canadian Mounted Police (RCMP), the Parole Board of Canada (PBC), the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), and three review bodies, including the Office of the Correctional Investigator (OCI).

2.2 The Access to Information and Privacy (ATIP) Division

The ATIP Division is part of the Policy Sector and reports to the Director General of Rights, Redress and Resolution. The Division is responsible for the overall administration of the Access to Information Act and the Privacy Act. In addition, each sector, region, institution, district, parole office and community correctional centre has an Access to Information and Privacy liaison who assists the national ATIP Division in administering its overall responsibilities.

During the 2014-2015 fiscal year, the ATIP Division underwent a restructuring in order to improve and streamline workflow with the overall goal of increasing the efficiency of the office.

The Access to Information and Privacy Division (ATIP) is comprised of one Director, three Deputy Directors, five Team Leaders, one Senior Policy Advisor and seven teams: an Administrative Unit, five teams of analysts who process both Access and Privacy requests, and a Policy and Training Unit. Each team has its own administrative support. The Administrative Unit is responsible for processing incoming requests, generating routine correspondence, tasking the institutions in order to retrieve records for privacy requests, ensuring quality control, preparing final release packages for the mail, and providing general support to the ATIP office. The Access to Information and Privacy (ATIP) Teams review and analyze documents, provide guidance, conduct consultations, process complaints received about their files from the Offices of the Information and Privacy Commissioners, and provide guidance and support to program areas on the application of the Acts. In addition, the ATIP teams are responsible for tasking the branches and regions in order to retrieve records. The Policy and Training Unit develops reports, policies, guidelines, tools and procedures to support ATIP requirements within CSC, oversees the Privacy Impact Assessment process, manages privacy breaches, processes complaints on the use and disclosure of personal information from the Office of the Privacy Commissioner, and provides training to CSC employees.

During the 2014-2015 fiscal year, there were 38 full-time equivalents (FTE), and two casual employees whose time was devoted to Privacy Act activities.

2.3 Privacy Governance at CSC

The Privacy Committee was created in 2008, providing CSC with an opportunity to fulfill its commitment to ensuring that privacy is a core consideration in its responsibilities for managing the personal information of its employees, of offenders and members of the public.

The Privacy Committee meets quarterly and its responsibilities are as follows:

  • establish processes and procedures to ensure that privacy principles are reflected in policy and program development;
  • examine the impact on CSC of privacy issues raised by research and by the privacy community, especially the Office of the Privacy Commissioner;
  • provide senior level review of privacy issues and challenges that arise at the operational level and rendering decisions where necessary; and
  • review particular risk issues escalated for its consideration (e.g. serious privacy breaches) and monitoring the implementation of Treasury Board’s policies.

While the ATIP Division acts as the privacy policy focal point for CSC by guiding the development of privacy policies and guidelines, the Privacy Committee is the key mechanism to ensure that CSC’s Privacy Management Framework is implemented in a collaborative way with full cooperation from sectors and regions. The Privacy Committee’s Terms of Reference were updated during 2014-2015.

During this fiscal year, CSC revised its Privacy Management Framework (PMF). CSC’s PMF represents its commitment to the protection of personal information, describes the processes in place to achieve sound privacy management practices, and establishes clear objectives and standards for the collection, accuracy, security, use, disclosure, transmission, access, retention and disposal of personal information at CSC.

2.4 Operational Challenges

The ATIP Division continues to receive a large volume of formal and informal privacy requests, including:

  • Requests from offenders for copies of their files;
  • Informal privacy requests from employees, Workplace Safety and Insurance Board (WSIB) claims and the Department of Justice (DOJ);
  • Requests under sections 8(2)(e) and 8(2)(f) of the Privacy Act from the RCMP, Offices of the Attorney General, Canada Revenue Agency and police services;
  • Disciplinary and harassment reports; and
  • Fact-finding investigation reports.

3.0 Highlights & Accomplishments

3.1 Improved Efficiencies

During the 2014-2015 fiscal year, CSC ATIP identified and implemented new practices in an effort to make things more efficient. These include:

  • re-structuring of the ATIP Division;
  • introduction of a new and improved triage process;
  • implementation of quarterly and mid-year reports which provide trends and analysis and are distributed to senior management at National Headquarters and in the Regions and the Executive Committee;
  • creation of a 1-800 number to allow Canadians to readily contact the Division through a single point of contact;
  • exploring the use of scanning for the regions so that they may scan documents in response to ATIP retrievals thereby reducing the number of documents photocopied and sent by mail – this project is underway and will be implemented in April 2015;
  • better use of ATIP reporting and data extraction to report on Divisional results on a regular basis; and
  • creation of a Complaint’s Coordinator who serves as a point of contact within the Division for complaints received from the Office of the Privacy Commissioner.

3.2 Backlog

During the last fiscal year, CSC made it a priority to address its backlog. A dedicated backlog team was created which saw a total of 969 outstanding requests closed during a six month period. Since this proved to be a success, during the next fiscal year CSC ATIP will continue taking a team approach to addressing the outstanding backlog for 2012-2014 – three of the five teams of analysts will be responsible for a specific year of backlog until all outstanding requests are closed. The remaining two teams will be responsible for the current files.

Also, in order to address the outstanding backlog of Indian and Residential School Settlement (IRSS) Claim requests, the ATIP Division received monies from Aboriginal Affairs and Northern Development Canada to create a team of contract analysts dedicated to reviewing and closing these requests. The project commenced on September 20, 2014, and was completed March 10, 2015, ahead of schedule and within budget. This proved to be successful with the closing of 967 IRSS requests. CSC no longer has any outstanding IRSS requests.

3.3 Consensus Rationale Team

As a result of staff recommendations, the ATIP Division created a Consensus Rationale Team (CRT) during this reporting period. It is a forum for ATIP staff to discuss and share their views on the review of ATIP requests, i.e. the application of exemptions, in an effort to ensure consistency in our practices. The CRT meets on a bi-weekly basis and is followed by the ATIP Management Team “Record of Decision” meetings which further support consistency in how analysts review privacy requests.

3.4 Policies, Guidelines, and Procedures

Over the past year, the Policy and Training Unit has

  • Updated CSC’s Privacy Breach Guidelines and process in order to ensure compliance with CSC’s Commissioner’s Directive 568-1 – Recording and Reporting on Security Incidents.
  • Converted CSC’s Privacy Risk Assessment (PRA) into an official form in order to make it more accessible to staff. The PRA was also revised to include additional information following consultations with the Office of the Privacy Commissioner. This will be rolled out to all employees in April 2015.
  • Drafted the template for the new Quarterly Report which is intended for senior management, at Headquarters and in the regions, in order to keep them apprised of trends in access to information and privacy requests, privacy breaches and any issues that have arisen during that period.
  • Revised CSC’s Privacy Management Framework.
  • Revised the Terms of Reference for the Privacy Committee.
  • Developed a fact sheet to be used as a quick reference tool for how to complete a Privacy Risk Assessment.
  • Created a spreadsheet to be used as a reference tool by ATIP staff containing the decisions made at the CRT meetings.

3.5 Training & Awareness

The Policy and Training Unit (PTU) plays a fundamental role in developing and delivering training to employees at National Headquarters, Regional Headquarters and at the institutional level across Canada, as well as the ATIP staff, on Access to Information and Privacy related matters.

During this reporting period, the ATIP Division continued delivering ATIP Awareness training to the sectors and the regions in order to ensure CSC employees have an understanding of ATIP and the importance of their role in the process. Regional ATIP Liaisons also delivered training sessions within their regions. Employees were trained from various areas of CSC, including:

  • Correctional Managers
  • Administrative Assistants
  • Chiefs of Administration
  • Finance
  • Managers of Assessment and Intervention
  • Parole Officers
  • Labour Relations
  • Staff Training Coordinators
  • Sentence Administration Staff
  • Case Management Staff
  • Health Services
  • Community Engagement
  • Victim Services
  • Aboriginal Affairs
  • Chaplaincy
  • Wardens and Deputy Wardens
  • Evaluation
  • Performance Management
  • Security Intelligence Analysts
  • Policy Sector

A total of 74 training sessions were delivered this reporting period – 595 employees received ATIP training at NHQ and in the regions.

The Policy and Training Unit continues to offer training to Regional ATIP Liaisons and provide advice and answer questions and concerns regarding training, policy and guidelines, interpretations of the Act, etc. through its GEN-NHQ Policy and Training email account. This continues to be a very useful tool.

All staff completed the mandatory security training delivered by Canada School Public Service. CSC participated in the development of this training and CSC ATIP provided material for the ATIP component.

During the latter part of this reporting period, mandatory ATIP 101 training sessions were introduced to provide staff with training on ATIP legislation and the application of exemptions at CSC. This will continue in the new fiscal year.

3.6 Audit of Privacy of Offender Information at CSC

As stated in the 2013-2014 Annual Report, the Audit of Privacy of Offender Information was completed last fiscal year. The Audit was national in scope and focused on the overall privacy of offender information and the prevention and reporting of privacy breaches.

The Audit found that the privacy management framework needed to be strengthened in order to ensure that the privacy of offender information is maintained. Recommendations for CSC were identified and included in a Management Action Plan (MAP). The ATIP Division has spent the last fiscal year working closely with senior management at National Headquarters and in the regions developing and implementing actions in order to address these recommendations, including, but not limited to,

  • creation of a quarterly report to provide trends analysis to senior management at National Headquarters and in the regions;
  • updating of the Privacy Committee’s Terms of Reference and Privacy Management Framework;
  • provision of “train the trainers” sessions; and
  • identification of breach contacts at every institution, parole and district office in order to ensure a consistent approach for reporting and handling of privacy breaches.

3.7 ATIP Website – Internal and External

CSC’s ATIP Division continues to ensure its internal ATIP website is kept updated with the most current information in order to educate the wider CSC community on privacy related issues. The site includes information regarding policies and procedures, directives, privacy breach prevention and reporting, Privacy Impact Assessment procedures, and a list of ATIP Tips and Bulletins.

CSC’s website continues to be user-friendly and includes dedicated pages for instructions on submitting access and privacy requests and how to make a request for correction of personal information, the duty to assist, an up-to-date list of the completed Privacy Impact Assessments, and frequently asked questions. To view the ATIP Division’s Internet site, please visit:

3.8 Info Source

CSC is responsible for providing comprehensive, accurate and up-to-date descriptions of its functions, programs, activities and Personal Information Banks (PIBs) that describe the collection, use, disclosure and retention of personal information in Info Source. CSC continues to be dedicated to updating its PIBs on an annual basis and ensuring they are aligned with the appropriate Class of Records.

During the 2014-2015 fiscal year, CSC ATIP worked closely with its Information Management Division on an Info Source Realignment Project to ensure that records held by CSC are properly identified. This is an ongoing project that will result in a more accurate reporting of program records in Info Source.

CSC’s Info Source chapter can be found on its external website:

3.9 Ongoing Activities

Throughout the 2014-2015 fiscal year, officials of the ATIP Division supported the administration of the Privacy Act through many of its other activities, including:

  • Providing privacy advice to various program areas regarding new initiatives, for example:
    • Victim Services
    • Community Reintegration
    • Human Resources Management
    • Information Management
    • Engineering and Maintenance
    • Women Offender Sector
    • Clinical Services and Public Health
  • Reviewing CSC’s forms to ensure they contain the required privacy statements.
  • Participating as a member of the Government of Canada (GC) Forum on ATIP. The Forum serves as a direct link to the ATIP community where members discuss issues including PIAs, policy developments and training initiatives.
  • Attending networking functions with other ATIP colleagues such as the ATIP Community meetings presided by the Treasury Board, the annual Canadian Access and Privacy Association (CAPA) conference, and the annual PIA information session held by the Office of the Privacy Commissioner.
  • Maintaining our relationship with the Office of the Privacy Commissioner – CSC has monthly meetings with the OPC in order to address any ongoing issues stemming from complaints in order to come to a timely resolution. These meetings include the ATIP Director, Deputy Directors and the Complaints Coordinator.
  • Participating in a Treasury Board Working Group on Privacy Breach Prevention, Management and Reporting created by the DG Steering Committee on a Modernized Vision of the ATIP Training Program in the Government of Canada in an effort to create a training module that can be accessed via an online platform on the prevention, management and reporting of privacy breaches.
  • Assisting program areas with the completion of Privacy Impact Assessment (PIA) Checklists for new initiatives and projects, and reviewing them in order to determine if a full PIA is required.
  • Assisting with the drafting of Privacy Impact Assessments, Information Sharing Agreements, Privacy Notices and Memoranda of Understanding for new initiatives.
  • Providing advice to CSC employees on privacy matters, including how to report on and prevent breaches of personal information and ensure that corrective measures are implemented and responding to general ATIP questions from our colleagues in the sectors and regions.
  • Serving as the Secretariat for CSC’s Privacy Committee chaired by the Assistant Commissioner, Policy.

4.0 Privacy Impact Assessments

At the end of the reporting period, there were six ongoing PIAs which are expected to be completed during the next reporting period.

5.0 Privacy Breaches

CSC is among the top 10 federal departments that collect and handle the largest amount of personal information. Over the 2014-2015 reporting period, the ATIP Division processed 170 privacy breaches which represent a slight increase from the previous fiscal year (there were 156 breaches reported in 2013-2014). This can be attributed to the ongoing education regarding the importance of reporting privacy breaches. It should be noted that most of the privacy breaches are low risk.

CSC takes breaches of personal information seriously and continues to educate staff on the protection of personal information as follows:

  • An ongoing component of our training includes a comprehensive section on privacy breaches.
  • Staff is continuously reminded of their obligations to safeguard and protect personal information and adopt privacy sensitive approaches in the workplace.
  • The ATIP Division continues to work with all liaisons on how to report on privacy breaches, implement corrective measures and prevent further privacy breaches, in order to cultivate a culture of awareness regarding the importance of safeguarding personal information.
  • As stated previously, CSC’s Privacy Breach Guidelines were updated again this fiscal year in order to ensure compliance with CSC’s Commissioner’s Directive 568-1 – Recording and Reporting on Security Incidents and the PRA was converted into a standard form in order to make it more accessible to staff. The PRA was also revised to include additional information following consultations with the Office of the Privacy Commissioner. CSC continues to report all moderate and high-level breaches to the OPC and Treasury Board.
  • The ATIP Division continues to monitor the daily situation report (SITREP) of security incidents for breaches of personal information in order to ensure all breaches have been reported in accordance with the Breach Guidelines.

6.0 Delegation of Authority

The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to the departmental ATIP Coordinator through a delegation instrument signed by the Minister of Public Safety. The approval of exemptions remains with the Director, the Deputy Directors as well as the Team Leaders. Delegation for public interest releases, as well as research and statistics, rests with the Commissioner, the Senior Deputy Commissioner and the Assistant Commissioner, Policy. The Privacy Delegation Orders were updated this fiscal year to properly reflect the regional delegation and to include the Regulations.

A detailed delegation instrument can be viewed in Appendix A.

Chapter II – Privacy Act Statistical Report and Supplementary Reporting Requirements for 2013-2014

7.0 Statistical Report

See Appendix B for CSC’s Statistical Report on the Privacy Act.

8.0 Interpretation of the 2014-2015 Statistical Report

8.1 Requests received under the Privacy Act

In 2014-2015, CSC received 7,376 Privacy Act requests. A total of 5,113 requests were carried over from the previous reporting year, totaling 12,489 requests requiring processing in 2014-2015. Please refer to Appendix B for the Statistical Report.

Requests received under the Privacy Act

Details

8.1 This graph shows that in the 2012-2013 fiscal year there were 15,117 requests that required processing. In 2013-2014, there were 13,368 requests, and in 2014-2015 there were 12,489 requests.

8.2 Disposition of Requests

Of the 5,524 requests completed during the 2014-2015 reporting period, 847 requests were full disclosures, 3,027 were partial disclosures, 50 were withheld in their entirety, 721 were unable to process resulting from no records existing, and 878 were abandoned by the applicant. In total, 815,101 pages were processed.

Disposition of Requests

Details

8.2 This graph shows that in the 2014-2015 fiscal year, 847 requests were fully disclosed; 3,027 were partially disclosed; 50 were withheld in their entirety; 721 were unable to be processed; and 878 were abandoned.

8.3 Exemptions

A breakdown of the exemptions applied during this reporting period is as follows:

Exemption Description Number of Times Applied
Obtained in Confidence 1,275
Federal-Provincial Affairs 0
International Affairs and Defence 6
Law Enforcement & Investigation 2,405
Security Clearances 1
Individuals Sentenced for an Offence 337
Safety of the Individuals 2
Information about another individual 2,959
Solicitor-Client Privilege 49
Medical Record 1
Information to be published 0
Library/Museum Material 0

8.4 Completion Time

During the reporting period, CSC completed 1,392 requests in less than 30 days; 1,052 between 31 and 60 days; 882 requests between 61 to 120 days; and 2,198 were completed in over 121 days.

8.5 Informal Requests

During the reporting period CSC received 1,225 informal requests. A total of 495 requests were carried over from the previous reporting year, totaling 1,720 informal requests requiring processing in 2014-2015. These include:

  • Releasing information through informal means where possible.
  • Reviewing investigation reports, including fact-finding, harassment, disciplinary, and Board of Investigation reports.
  • Reviewing requests relating to the Indian Residential School Settlement claims.

A total of 1,366 informal requests were closed during 2014-2015.

8.6 Method of Access

Where information was available for release, copies were provided in 3,874 cases which included paper copies, electronic, CDs and examination.

8.7 Corrections and Notations

CSC received a total of three requests for correction of personal information. Notations were attached to the relevant documents.

8.8 Consultations from Other Institutions and Organizations

The ATIP Division’s workload involves responding to consultations in response to formal requests received by other institutions and organizations. CSC works closely with its partners under the Public Safety portfolio such as CBSA, RCMP, CSIS, PBC, OCI, as well as Citizenship and Immigration in order to respond to consultations in a timely fashion.

During the 2014-2015 reporting period, the ATIP Division received a total of 84 consultations from other institutions and organizations.

The following chart provides the type and number of consultations received over the 2014-2015 reporting year:

Type of Consultation Number of Consultations Received in 2014-2015
Other government institutions 73
Other organizations 11
Total 84

9.0 Supplementary Reporting Requirements

9.1 Complaints and Investigations

Applicants have the right of complaint to the Office of the Privacy Commissioner (OPC) pursuant to the Privacy Act and may exercise this right at any time during the processing of their request. At the end of this reporting period, CSC received a total of 230 complaints and 330 findings were issued. This is a marked decrease in the number of requests that our office received in 2013-2014 which totaled 314, and can be attributed to the OPC early resolving complaint files prior to any official notification being sent to government departments.

The majority of the privacy complaints received during this reporting period concern denial of access, use and disclosure, and delay/time limit complaints. CSC processed 5,524 requests and received 230 complaints representing four percent of the requests processed by CSC.

The following chart provides a breakdown of the complaints made to the OPC:

Type of Complaint Received Finding Active
Access 46 76 55
Delay/Time Limits 170 233 48
Collection 2 0 4
Use and Disclosure 8 7 19
Retention and Disposal 0 4 0
Correction/Notation 0 0 0
Exemptions 0 4 1
Extension 3 5 0
Language 1 1 4
Total 230 330 131

* Please note that some findings and active complaints have been carried over from previous years.

Some key issues raised and subsequent actions taken as a result of the privacy complaints CSC received and the OPC’s investigations and recommendations during this reporting period are:

  1. Timeliness of our responses to requests has remained an issue; however, as the backlog is reduced, it is expected that this will be resolved.
  2. Some complaints arise out of privacy breaches. The ATIP Division has made a concerted effort to update its training material during the last fiscal year and placed an emphasis on training our Regional ATIP Liaisons so that they in turn can train regional employees on the protection of personal information.
  3. Over the past year, the OPC has provided our office with a number of recommendations concerning the management of privacy within the institutions. Subsequently, the basic handling procedures of personal information have been discussed with management at the institutions and new procedures have been implemented to ensure the proper handling of personal information.
  4. The creation of a Complaint’s Coordinator who serves as a point of contact within the Division for complaints received from the Office of the Privacy Commissioner.
  5. CSC has monthly meetings with the OPC in order to address any ongoing issues stemming from complaints in order to come to a timely resolution. These meetings include the ATIP Director, Deputy Directors and the Complaints Coordinator.

The ATIP Division continues to deliver training and develop tools to educate staff on the protection of personal information. It is CSC’s vision that the deliverables identified in the Management Action Plan from the Audit of Privacy of Offender Information will also help raise awareness and strengthen the privacy management framework to work towards the common goal of reducing breaches of personal information.

9.2 Disclosure of Personal Information Pursuant to 8(2)

Subsection 8(2) of the Privacy Act states that “personal information under the control of a government institution may be disclosed” under certain specific circumstances without the consent of the individual.

The mandate of CSC requires that it routinely shares personal information with other areas of the Criminal Justice Community and Law Enforcement Agencies (which includes municipal, provincial, international, federal police forces or other law enforcement bodies) to ensure the offenders are appropriately managed in a safe, secure and humane environment and to ensure the safety of the offender, other offenders, staff and the community at large.

The following is a statistical breakdown of disclosures pursuant to 8(2) of the Privacy Act:

Paragraph Description Requests Received
8(2)(b) Personal information may be disclosed "in accordance with any Act of Parliament or any regulation…that authorizes its disclosure." 3
8(2)(c) Personal information may be disclosed to comply "with a subpoena or warrant issued or order made by a court, a person or body with jurisdiction to compel the production of information" or to comply "with rules of court relating to the production of information." 1
8(2)(d) Personal information may be disclosed "to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada." 16
8(2)(e) Personal information may be disclosed "to an investigative body […] for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation…" 91
8(2)(f) Personal information may be disclosed "under an agreement or arrangement between the Government of Canada [...] and the government of a province [or territory] [...] for the purpose of administering or enforcing any law or carrying out a lawful investigation." 404
8(2)(l) Personal information may be disclosed "to any government institution for the purpose of locating an individual in order to collect a debt owing […] by that individual or make a payment owing to that individual…" 5
8(2)(m) Personal information may be disclosed when "…it is in the public interest or (when) disclosure would clearly benefit the individual to whom the information relates."

Note: These arise out of Access to Information requests from family members seeking information to understand the circumstances surrounding the death of their relative while incarcerated. During this fiscal year, these releases included a mortality review and an investigation report into an inmate's suicide.
2


Note: The Privacy Commissioner was notified prior to disclosure in all cases.

9.3 Federal Court

There was no federal court cases filed against CSC in this reporting period.

9.4 Resources

The ATIP Division expended a total of $2,304,876.00 – $2,265,908.00 was in salary costs and $38,968.00 in overtime costs. There were no operating costs.

Appendix A – Privacy Act Delegation

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Correctional Service of Canada, under the sections of the Act set out in the schedule opposite each position. This designation replaces all previous delegation orders.

Section Action Commissioner Senior Deputy Commissioner Assistant Commissioner, Policy Director, ATIP Deputy Director, ATIP Team Leaders, ATIP Regional Deputy Commissioners Wardens & District Directors Regional Administrators, Communications and Executive Services
8(2)(e) Disclose personal information to an investigative body specified in the Regulations for enforcing any law of Canada or a province or carrying out a lawful investigation
8(2)(f) Disclose personal information under an agreement or arrangement for the purpose of administering or enforcing any law or carrying out a lawful investigation
8(2)(j) Disclosure for research purposes            
8(2)(m) Disclosure in the public interest or in the interest of the individual            
8(4) Copies of requests under 8(2)(e) to be retained
8(5) Notice of disclosure under 8(2)(m)            
9(1) Record of disclosures to be retained
9(4) Consistent uses        
10 Personal information to be included in personal information banks      
14 Notice when access requested      
15 Extension of time limits      
17(2)(b) Language of access      
17(3)(b) Access to personal information in alternative format      
18(2) Exemption (exempt bank) - Disclosure may be refused        
19(1) Exemption - Information obtained in confidence      
19(2) Exemption - Where authorized to disclose      
20 Exemption - Federal-Provincial Affairs      
21 Exemption - International affairs and defence      
22 Exemption - Law enforcement and investigation      
22.3 Exemption - Public Servants Disclosure Protection Act      
23 Exemption - Security clearances      
24 Exemption - Individuals sentenced for an offence      
25 Exemption - Safety of individuals      
26 Exemption - Information about another individual      
27 Exemption - Solicitor-client privilege      
28 Exemption - Medical record      
31 Notice of intention to investigate
35(1) Findings and recommendations of Privacy Commissioner
35(4) Access to be given
36(3) Report of findings and recommendations (exempt banks)
37(3) Report of findings and recommendations (compliance review)
51(2)(b) Special rules for hearings        
51(3) Ex parte representations
72(1) Annual Report to Parliament              
Privacy Regulations
9 Reasonable facilities and time provided to examine personal information            
11(2) Notification that correction to personal information has been made            
11(4) Notification that correction to personal information has been refused            
13(1) Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requester            
14 Disclosure of personal information relating to physical or mental health may be made to a requester in the presence of a qualified medical practitioner or psychologist            

Dated, at the City of Ottawa, this  

_____th day of ______________, 2015  

__________________________________________
The Honourable Steven Blaney, P.C., M.P.

Minister of Public Safety and Emergency Preparedness

Appendix B - Statistical Report

Statistical Report on the Privacy Act

Name of institution: Correctional Service Canada

Reporting period: 2014-04-01 to 2015-03-31

Part 1: Requests Under the Privacy Act

Requests Number of Requests
Received during reporting period 7376
Outstanding from previous reporting period 5113
Total 12489
Closed during reporting period 5524
Carried over to next reporting period 6965

Part 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 21 144 249 216 68 84 65 847
Disclosed in part 67 381 575 586 275 454 689 3027
All exempted 3 15 14 7 3 4 4 50
All excluded 0 0 0 0 0 0 0 0
No records exist 250 198 149 43 9 35 37 721
Request abandoned 224 89 65 30 34 34 402 878
Neither confirmed nor denied 0 0 0 0 0 0 1 1
Total 565 827 1052 882 389 611 1198 5524

2.2 Exemptions 

Section Number of Requests Section Number of Requests Section Number of Requests
18(2) 0 22(1)(a)(i) 640 23(a) 1
19(1)(a) 26 22(1)(a)(ii) 52 23(b) 0
19(1)(b) 4 22(1)(a)(iii) 12 24(a) 14
19(1)(c) 756 22(1)(b) 622 24(b) 323
19(1)(d) 488 22(1)(c) 1079 25 2
19(1)(e) 0 22(2) 1 26 2959
19(1)(f) 1 22.1 0 27 49
20 0 22.2 0 28 1
21 6 22.3 0

2.3 Exclusions

Section Number of Requests Section Number of Requests Section Number of Requests
69(1)(a) 0 70(1) 0 70(1)(d) 0
69(1)(b) 0 70(1)(a) 0 70(1)(e) 0
69.1 0 70(1)(b) 0 70(1)(f) 0
70(1)(c) 0 70.1 0

2.4 Format of information released

Disposition Paper Electronic Other formats
All disclosed 831 14 2
Disclosed in part 3020 6 1
Total 3851 20 3

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of Requests Number of Pages Processed Number of Pages Disclosed Number of Requests
All disclosed 30055 28738 847
Disclosed in part 755516 647019 3027
All exempted 2542 0 50
All excluded 0 0 0
Request abandoned 26988 7020 878
Neither confirmed nor denied 0 0 1
Total 815101 682777 4803
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 786 16380 56 9168 5 3190 0 0 0 0
Disclosed in part 1583 56917 1113 214461 178 107241 149 225364 4 43036
All exempted 44 0 4 0 2 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 816 315 53 3925 6 1671 2 1109 1 0
Neither confirmed nor denied 1 0 0 0 0 0 0 0 0 0
Total 3230 73612 1226 227554 191 112102 151 226473 5 43036
2.5.3 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 12 12 24
Disclosed in part 2 3 363 363 731
All exempted 1 0 4 4 9
All excluded 0 0 0 0 0
Request abandoned 0 0 7 7 14
Neither confirmed nor denied 0 0 0 0 0
Total 3 3 386 386 778

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed Past the Statutory Deadline Principal Reason
Workload External Consultation Internal Consultation Other
3353 3214 7 2 130
2.6.2 Number of days past deadline
Number of Days Past Deadline Number of Requests Past Deadline Where No Extension Was Taken Number of Requests Past Deadline Where An Extension Was Taken Total
1 to 15 days 145 197 342
16 to 30 days 125 118 243
31 to 60 days 259 171 430
61 to 120 days 210 229 439
121 to 180 days 107 211 318
181 to 365 days 73 390 463
More than 365 days 410 708 1118
Total 1329 2024 3353

2.7 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
91 2 2 95

Part 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 3
Requests for correction accepted 0
Total 3

Part 5: Extensions

5.1 Reasons for extensions and disposition of requests

Disposition of Requests Where an Extension Was Taken 15(a)(i) Interference With Operations 15(a)(ii) Consultation 15(b) Translation or Conversion
Section 70 Other
All disclosed 471 1 3 1
Disclosed in part 1855 7 9 3
All exempted 23 0 0 0
All excluded 0 0 0 0
No records exist 127 0 1 0
Request abandoned 343 0 2 0
Total 2819 8 15 4

5.2 Length of extensions

Length of Extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation purposes
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 2819 8 15 4
Total 2819 8 15 4

Part 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 73 5370 11 110
Outstanding from the previous reporting period 2 43 0 0
Total 75 5413 11 110
Closed during the reporting period 70 4152 11 110
Pending at the end of the reporting period 5 1261 0 0

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 8 5 0 0 0 0 0 13
Disclosed in part 29 14 5 1 0 0 0 49
All exempted 1 0 0 0 0 0 0 1
All excluded 0 0 0 0 0 0 0 0
Consult other institution 2 3 1 1 0 0 0 7
Other 0 0 0 0 0 0 0 0
Total 40 22 6 2 0 0 0 70

6.3 Recommendations and completion time for consultations received from other organizations

Recommendation Number of days required to complete consultation requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Ddays More Than 365 Days Total
All disclosed 1 1 1 1 0 0 0 4
Disclosed in part 2 1 0 0 0 0 0 3
All exempted 0 0 0 0 0 0 4 4
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 3 2 1 1 0 0 4 11

Part 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

7.2 Requests with Privy Council Office

Number of Days Fewer Than 100 Pages Processed 101‒500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
230 39 330 0 599

Part 9: Privacy Impact Assessments (PIAs)

Number of PIA(s)completed 0

Part 10: Resources Related to the Privacy Act

10.1 Costs

Expenditures Amount
Salaries $2,265,908
Overtime $38,968
Goods and Services $0
  • Professional services contracts
   
  • Other
 
Total $2,304,876

10.2 Human Resources

Resources Person Years Dedicated to Privacy Activities
Full-time employees 38.00
Part-time and casual employees 2.00
Regional staff 4.00
Consultants and agency personnel 1.50
Students 0.00
Total 45.50

Note: Enter values to two decimal places.