Annual Report Privacy Act April 1, 2015 – March 31, 2016

Chapter I – Report on the Privacy Act

1.0 Introduction

The Privacy Act protects the privacy of Canadian citizens and permanent residents against the unauthorized use and disclosure of personal information about themselves held by a government institution. It also provides individuals with a right of access to that information and the right to correct inaccurate personal information. In addition, the Privacy Act legislates how the government collects, stores, disposes, uses and discloses personal information.

Section 72 of the Privacy Act requires that the Head of every federal government institution submit an annual report to Parliament on the administration of this Act over the fiscal year. The Minister of Public Safety has delegated the administration of the Privacy Act, including the reporting of the Annual Report, to the Commissioner of CSC.

This report describes how the Correctional Service Canada (CSC) fulfilled its privacy responsibilities during the reporting period covering 2015-2016.

2.0 Organization

2.1 About Correctional Service Canada

Correctional Service Canada was formed in 1979 through the amalgamation of the Canadian Penitentiary Service and the Parole Board of Canada. CSC has the fundamental obligation to contribute to public safety by actively encouraging and assisting offenders to become law-abiding citizens, while exercising reasonable, safe, secure and humane control.

It does this by operating under the rule of law, in particular the Correctional and Conditional Release Act (CCRA), which provides its legislative framework. The Commissioner of CSC has the authority, extending from the CCRA, to issue directives, procedures and guidelines to carry out the agency’s operations.

CSC contributes to public safety by administering court-imposed sentences for offenders sentenced to two years or more. This involves managing institutions (penitentiaries) of various security levels and supervising offenders on different forms of conditional release, while assisting them in become law-abiding citizens. CSC also administers post-sentence supervision of offenders with Long Term Supervision Orders for up to 10 years.

CSC works closely with its Public Safety Portfolio partners, including the Royal Canadian Mounted Police (RCMP), the Parole Board of Canada (PBC), the Canada Border Services Agency (CBSA), the Canadian Security Intelligence Service (CSIS), and three review bodies, including the Office of the Correctional Investigator (OCI).

2.2 The Access to Information and Privacy (ATIP) Division

The ATIP Division is part of the Policy Sector and reports to the Director General of Rights, Redress and Resolution. The Division is responsible for the overall administration of the Access to Information Act and the Privacy Act. In addition, each sector, region, institution, district, parole office and community correctional centre has an Access to Information and Privacy liaison who assists the national ATIP Division in administering its overall responsibilities.

During the 2015-2016 fiscal year, the ATIP Division underwent a restructuring in order to improve and streamline workflow with the overall goal of increasing the efficiency of the office.

The Access to Information and Privacy Division (ATIP) is comprised of one Director, two Deputy Directors, five Team Leaders, one Senior Policy Advisor and seven teams: an Information Processing and Reporting Unit comprised of two teams, five teams of analysts who process both Access and Privacy requests, and a Policy and Training Unit. The Information Processing and Reporting Unit is responsible for processing incoming requests, generating routine correspondence, tasking the institutions in order to retrieve records for privacy requests, ensuring quality control, preparing final release packages for the mail, and providing general support to the ATIP office. The Access to Information and Privacy (ATIP) Teams review and analyze documents, provide guidance, conduct consultations, process complaints received about their files from the Offices of the Information and Privacy Commissioners, and provide guidance and support to program areas on the application of the Acts. In addition, the ATIP teams are responsible for tasking the branches and regions in order to retrieve records. The Policy and Training Unit develops reports, policies, guidelines, tools and procedures to support ATIP requirements within CSC, oversees the Privacy Impact Assessment process, manages privacy breaches, processes complaints on the use and disclosure of personal information from the Office of the Privacy Commissioner and acts as a complaints liaison for the ATIP Division, and provides training to CSC employees.

During the 2015-2016 fiscal year, there were 26 full-time equivalents (FTE), and five casual employees whose time was devoted to Privacy Act activities. In addition, there were seven FTEs on extended leave.

2.3 Privacy Governance at CSC

The Privacy Committee was created in 2008, providing CSC with an opportunity to fulfill its commitment to ensuring that privacy is a core consideration in its responsibilities for managing the personal information of its employees, of offenders and members of the public.

The Privacy Committee meets quarterly and its responsibilities are as follows:

  • establish processes and procedures to ensure that privacy principles are reflected in policy and program development;
  • examine the impact on CSC of privacy issues raised by research and by the privacy community, especially the Office of the Privacy Commissioner;
  • provide senior level review of privacy issues and challenges that arise at the operational level and rendering decisions where necessary; and
  • review particular risk issues escalated for its consideration (e.g. serious privacy breaches) and monitoring the implementation of Treasury Board’s policies.

While the ATIP Division acts as the privacy policy focal point for CSC by guiding the development of privacy policies and guidelines, the Privacy Committee is the key mechanism to ensure that CSC’s Privacy Management Framework (PMF) is implemented in a collaborative way with full cooperation from sectors and regions. CSC’s PMF represents its commitment to the protection of personal information, describes the processes in place to achieve sound privacy management practices, and establishes clear objectives and standards for the collection, accuracy, security, use, disclosure, transmission, access, retention and disposal of personal information at CSC.

2.4 Operational Challenges

Correctional Service Canada holds large amounts of personal information, and as a result the biggest challenges the ATIP Division continues to face are the volume of requests we receive under the Privacy Act, and trying to meet the legislated timelines. Examples include:

  • The ATIP Division continues to receive routine requests from offenders for their personal information held in the ten identified Personal Information Banks. Since the requesters do not narrow the scope of their requests and do not identify what information may be a priority for them to receive, ATIP continues to struggle with meeting the legislated timeframes while dealing with broad requests for extensive amounts of information. This contributes to a backlog of Privacy Act requests.
  • ATIP has seen a trend in offenders submitting multiple requests. Since the Privacy Act does not have a section dealing with frivolous and vexatious requests, ATIP is obligated to process these requests.
  • CSC ATIP continues to receive a number of employee requests. Many of these requests relate to discipline, harassment cases, grievances and terminations. As CSC deals with the backlog of PSLRB hearings, ATIP is impacted since employees who are appearing before the PSLRB typically submit requests in preparation for their hearings.
  • ATIP continues to receive large amounts of requests under sections 8(2)(e) and 8(2)(f) of the Privacy Act from the RCMP, Offices of the Attorney General, Canada Revenue Agency and police services. These requests are usually time sensitive, and therefore must be processed on an urgent basis.
  • The ATIP Division does vetting of disciplinary, harassment and fact-finding investigations for CSC. These also tend to be time sensitive and generally have a two-week turnaround time (sometimes they are required sooner).

3.0 Highlights & Accomplishments

3.1 Improved Efficiencies

During the 2015-2016 fiscal year, CSC ATIP identified and implemented new practices in an effort to make things more efficient. These include:

  • Building ATIP’s Human Resources component – during this past fiscal year, a number of staffing processes were launched in an effort to build ATIP’s staff complement including PM-04, PM-03 and PM-02 processes. This resulted in the hiring of five analysts (ranging from PM-02 to PM-04) whose work was dedicated to both ATI and Privacy. CSC ATIP continues to offer acting opportunities to staff when possible.
  • Regional sites, including institutions, are now scanning documents to ATIP through a secure drive which is making it possible for records to be provided to ATIP for processing in a more timely fashion while at the same time contributing to a paperless environment.
  • The use of encryption of emails allowing for the more timely exchange of Protected B information with our government partners, in particular the Offices of the Privacy and Information Commissioners.
  • The complaint management process continues to be a successful means of working closely with the OPC to develop action plans for completing requests.
  • The Administrative Unit (now known as the Information Processing and Reporting Unit) was re-structured and new processes have been implemented in an effort to improve the efficiency of the intake process. This has proven to be very successful.

3.2 Backlog

During the last fiscal year, CSC continued to make it a priority to address its backlog. The first half of the fiscal year saw three of our five teams of analysts working on all outstanding files with teams assigned to specific years of backlog – 2012, 2013, 2014. The remaining two teams continued to be responsible for the current files.

As a result of the volume of requests coming in and in an effort to prevent additional files from going late, the ATIP Division reorganized the teams in an effort to increase the number of analysts working on current files in the second half of the fiscal year – one team is now dedicated to the backlog files, while the remaining three teams are responsible for the current files.

3.3 Litigation Project

During this fiscal year, CSC ATIP worked with the Department of Justice (DOJ) on a Litigation project. The ATIP Division created a team to assist with the collection and indexing of documents in relation to an ongoing court case. The team indexed over 20,000 pages, and successfully completed the project before its official end date.

3.4 Consensus Rationale Team

As a result of staff recommendations, the ATIP Division created a Consensus Rationale Team (CRT) last reporting period. It is a forum for ATIP staff to discuss and share their views on the review of ATIP requests, i.e. the application of exemptions, in an effort to ensure consistency in our practices. The CRT meets on a bi-weekly basis, and is followed by a “Record of Decision” meeting with the Deputy Directors which further supports consistency in how analysts review privacy requests.

3.5 Policies, Guidelines, and Procedures

Over the past year, the Policy and Training Unit has continued to update internal policies and procedures as required, including a new ATIP Bulletin for employees explaining the protocol and tips for instant messaging and procedures on how to review Harassment Investigation Reports.

3.6 Training & Awareness

The Policy and Training Unit (PTU) plays a fundamental role in developing and delivering training to employees at National Headquarters, Regional Headquarters and at the institutional level across Canada, as well as the ATIP staff, on Access to Information and Privacy related matters.

During this reporting period, the ATIP Division continued delivering ATIP Awareness training to the sectors and the regions in order to ensure CSC employees have an understanding of ATIP and the importance of their role in the process. This fiscal year, the PTU also introduced question and answer sessions – a new approach designed to focus on the employee’s role in order to assist them in responding to requests and fulfilling their obligations.

Regional ATIP Liaisons also delivered training sessions within their regions.

Employees were trained from various areas of CSC, including:

  • Correctional Managers
  • Administrative Assistants
  • Chiefs of Administration
  • Managers of Assessment and Intervention
  • Parole Officers
  • Labour Relations
  • Staff Training Coordinators
  • Sentence Administration Staff
  • Case Management Staff
  • Health Services
  • Community Engagement
  • Strategic Policy
  • Chaplaincy
  • Wardens and Deputy Wardens
  • Evaluation
  • Performance Management
  • Security Intelligence Analysts
  • ATIP Liaisons

A total of 14 training sessions were delivered this reporting period – 118 employees received ATIP training at NHQ and in the regions.

The Policy and Training Unit continues to offer training to Regional ATIP Liaisons and provide advice and answer questions and concerns regarding training, policy and guidelines, interpretations of the Act, etc. through its GEN-NHQ Policy and Training email account. This continues to be a very useful tool.

3.7 Audit of Privacy of Offender Information at CSC

As stated in the 2014-2015 Annual Report, the Audit of Privacy of Offender Information was completed in the 2013-2014 fiscal year. The Audit was national in scope and focused on the overall privacy of offender information and the prevention and reporting of privacy breaches.

The Audit found that the privacy management framework needed to be strengthened in order to ensure that the privacy of offender information is maintained. Recommendations for CSC were identified and included in a Management Action Plan (MAP).

The ATIP Division has now implemented all of the recommendations that were identified in the MAP, including the creation of a series of “Pop-up” messages to CSC staff reminding them of their responsibilities to protect personal information. These messages will begin being used in the 2016-2017 fiscal year.

3.8 ATIP Website – Internal and External

CSC’s ATIP Division worked with its e-Communications colleagues on the Intranet Renewal Project during the last half of this fiscal year. The new site will continue to educate the wider CSC community on privacy related issues, including ATIP legislation, policies and procedures, directives, privacy breach prevention and reporting, Privacy Impact Assessment procedures, and a list of ATIP Tips and Bulletins.

CSC’s external website continues to be user-friendly and includes dedicated pages for instructions on submitting access and privacy requests and how to make a request for correction of personal information, the duty to assist, an up-to-date list of the completed Privacy Impact Assessments, and frequently asked questions. To view the ATIP Division’s Internet site, please visit:

http://www.csc-scc.gc.ca/text/atip/atip-eng.shtml

3.9 Info Source

CSC is responsible for providing comprehensive, accurate and up-to-date descriptions of its functions, programs, activities and Personal Information Banks (PIBs) that describe the collection, use, disclosure and retention of personal information in Info Source. CSC continues to be dedicated to updating its PIBs on an annual basis and ensuring they are aligned with the appropriate Class of Records.

CSC’s Info Source chapter can be found on its external website: http://www.csc-scc.gc.ca/info-source/index-eng.shtml

3.10 Ongoing Activities

Throughout the 2015-2016 fiscal year, officials of the ATIP Division supported the administration of the Privacy Act through many of its other activities, including:

  • Providing privacy advice to various program areas regarding new initiatives, for example:
    • Victim Services
    • Community Reintegration
    • Health Services
    • Community Engagement
    • Human Resources Management
    • Information Management
    • Learning and Development
    • Policy
    • Finance
    • Citizenship and Engagement
    • Corporate Services
    • Women Offender
    • Senior Deputy Commissioner
  • Reviewing CSC’s forms to ensure they contain the required privacy statements.
  • Participating as a member of GCconnex. The Forum serves as a direct link to the ATIP community where members discuss issues including PIAs, policy developments and training initiatives.
  • Attending networking functions with other ATIP colleagues such as the ATIP Community meetings presided by the Treasury Board Secretariat (TBS), as well as their workshops.
  • Maintaining our relationship with the Office of the Privacy Commissioner – CSC has ongoing meetings and discussions with the OPC in order to address any ongoing issues stemming from complaints in order to come to a timely resolution.
  • Assisting program areas with the completion of Privacy Impact Assessment (PIA) Checklists for new initiatives and projects, and reviewing them in order to determine if a full PIA is required.
  • Assisting with the drafting of Privacy Impact Assessments, Information Sharing Agreements, Privacy Notices and Memoranda of Understanding for new initiatives.
  • Providing advice to CSC employees on privacy matters, including how to report on and prevent breaches of personal information and ensure that corrective measures are implemented and responding to general ATIP questions from our colleagues in the sectors and regions.
  • Serving as the Secretariat for CSC’s Privacy Committee chaired by the Assistant Commissioner, Policy.

4.0 Privacy Impact Assessments

There were no Privacy Impact Assessments (PIA) completed during the 2015-2016 reporting period. At the end of the reporting period, there were four ongoing PIAs which are expected to be completed during the next reporting period.

5.0 Privacy Breaches

CSC is among the top 10 federal departments that collect and handle the largest amount of personal information. Over the 2015-2016 reporting period, the ATIP Division processed 158 privacy breaches which represent a slight decrease from the previous fiscal year (there were 170 breaches reported in 2014-2015). It should be noted that most of the privacy breaches are low risk.

CSC takes breaches of personal information seriously and continues to educate staff on the protection of personal information as follows:

  • An ongoing component of our training includes a comprehensive section on privacy breaches.
  • Staff is continuously reminded of their obligations to safeguard and protect personal information and adopt privacy sensitive approaches in the workplace.
  • The ATIP Division continues to work with all liaisons on how to report on privacy breaches, implement corrective measures and prevent further privacy breaches, in order to cultivate a culture of awareness regarding the importance of safeguarding personal information.
  • The ATIP Division continues to monitor the daily situation report (SITREP) of security incidents for breaches of personal information in order to ensure all breaches have been reported in accordance with the Breach Guidelines.

6.0 Delegation of Authority

The responsibilities associated with the administration of the Privacy Act, such as notifying applicants of extensions and transferring requests to other institutions, are delegated to the departmental ATIP Coordinator through a delegation instrument signed by the Minister of Public Safety. The approval of exemptions remains with the Director, the Deputy Directors as well as the Team Leaders. Delegation for public interest releases, as well as research and statistics, rests with the Commissioner, the Senior Deputy Commissioner and the Assistant Commissioner, Policy.

A detailed delegation instrument can be viewed in Appendix A.

Chapter II – Privacy Act Statistical Report and Supplementary Reporting Requirements for 2015-2016

7.0 Statistical Report

See Appendix B for CSC’s Statistical Report on the Privacy Act.

8.0 Interpretation of the 2015-2016 Statistical Report

8.1 Requests Received under the Privacy Act

In 2015-2016, CSC received 7,502 Privacy Act requests. A total of 6,912 requests were carried over from the previous reporting year, totaling 14,414 requests requiring processing in 2015-2016. Please refer to Appendix B for the Statistical Report.

Requests received under the Privacy Act

Details

8.1 This graph shows that in the 2013-2014 fiscal year, there were 13,368 requests that required processing. In 2014-2015, there were 12,489 requests and in 2015-2016 there were 14,414 requests.

8.2 Disposition of Requests

Of the 6,690 requests completed during the 2015-2016 reporting period, 1,177 requests were full disclosures; 3,528 were partial disclosure; 31 were withheld in their entirety; 843 were unable to process resulting from no records existing; 1,102 were abandoned by the applicant and nine were neither confirmed nor denied. In total, 753,577 pages were processed.

Disposition of Requests

Details

8.2 This graph shows that in 2015-2016 fiscal year, 1,177 requests were fully disclosed; 3,528 were partially disclosed; 31 were withheld in their entirety; 843 were unable to be processed; 1,102 were abandoned; and 9 were neither confirmed nor denied.

8.3 Exemptions

A breakdown of the exemptions applied during this reporting period is as follows:

Exemption Description Number of Times Applied
Obtained in Confidence 1230
Federal-Provincial Affairs 1
International Affairs and Defence 5
Law Enforcement & Investigation 2097
Security Clearances 2
Individuals Sentenced for an Offence 230
Safety of the Individuals 15
Information about another individual 3587
Solicitor-Client Privilege 38
Medical Record 2
Information to be published 2
Library/Museum Material 1

8.4 Completion Time

During the reporting period, CSC completed 1,660 requests in less than 30 days; 1,375 between 31 and 60 days; 877 requests between 61 to 120 days; and 2,778 were completed in over 121 days.

8.5 Informal Requests

During the reporting period CSC received 922 informal requests. A total of 385 requests were carried over from the previous reporting year, totaling 1,307 informal requests requiring processing in 2015-2016. These include:

  • Releasing information through informal means where possible.
  • Reviewing investigation reports, including fact-finding, harassment, disciplinary, and Board of Investigation reports.
  • Reviewing requests relating to the Indian Residential School Settlement claims.

A total of 902 informal requests were closed during 2015-2016.

8.6 Method of Access

Where information was available for release, copies were provided in 4,705 cases which included paper copies, electronic, CDs and examination.

8.7 Corrections and Notations

CSC received a total of two requests for correction of personal information. Notations were attached to the relevant documents.

8.8 Consultations from Other Institutions and Organizations

The ATIP Division’s workload involves responding to consultations in response to formal requests received by other institutions and organizations. CSC works closely with its partners under the Public Safety portfolio such as CBSA, RCMP, CSIS, PBC, OCI, as well as Citizenship and Immigration in order to respond to consultations in a timely fashion.

During the 2015-2016 reporting period, the ATIP Division received a total of 75 consultations from other institutions and organizations.

The following chart provides the type and number of consultations received over the 2015-2016 reporting year:

Type of Consultation Number of Consultations Received in 2015-2016
Other government institutions 71
Other organizations 4
Total 75

9.0 Supplementary Reporting Requirements

9.1 Complaints and Investigations

Applicants have the right of complaint to the Office of the Privacy Commissioner (OPC) pursuant to the Privacy Act and may exercise this right at any time during the processing of their request. At the end of this reporting period, CSC received a total of 241 complaints and 226 findings were issued. There is a slight increase in the number of complaints received this fiscal year (230 complaints were received in 2014-2015). This can be attributed to the fact CSC has been receiving complaints on specific issues, including the implementation of TBS’ Standard on Security Screening – to date CSC has received 16 complaints on this issue alone.

The majority of the privacy complaints received during this reporting period concern denial of access, use and disclosure, and delay/time limit complaints. CSC processed 6,690 requests and received 241 complaints representing less than four percent of the requests processed by CSC.

The following chart provides a breakdown of the complaints made to the OPC:

Type of Complaint Received Finding Active
Access 15 41 28
Delay/Time Limits 184 165 69
Collection 22 1 22
Use and Disclosure 13 12 14
Retention and Disposal 1 0 1
Correction/Notation 0 0 0
Exemptions 1 1 1
Extension 5 5 2
Language 0 1 3
Total 241 226 140

* Please note that some findings and active complaints have been carried over from previous years.

Some key issues raised and subsequent actions taken as a result of the privacy complaints CSC received and the OPC’s investigations and recommendations during this reporting period are:

  1. Timeliness of our responses to requests has remained an issue; however, as the backlog is reduced, it is expected that this will be resolved.
  2. Some complaints arise out of privacy breaches. The ATIP Division continues to place an emphasis on training our Regional ATIP Liaisons so that they in turn can train regional employees on the protection of personal information. CSC ATIP reports all medium and high level breaches to the OPC, and continues to address any follow-up questions in a timely manner.
  3. Over the past year, the OPC has provided our office with a number of recommendations concerning the management of privacy within the institutions. Subsequently, the basic handling procedures of personal information have been discussed with management at the institutions and new procedures have been implemented to ensure the proper handling of personal information.
  4. CSC has ongoing meetings and discussions with the OPC in order to address any ongoing issues stemming from complaints in order to come to a timely resolution.

9.2 Disclosure of Personal Information Pursuant to 8(2)

Subsection 8(2) of the Privacy Act states that “personal information under the control of a government institution may be disclosed” under certain specific circumstances without the consent of the individual.

The mandate of CSC requires that it routinely shares personal information with other areas of the Criminal Justice Community and Law Enforcement Agencies (which includes municipal, provincial, international, federal police forces or other law enforcement bodies) to ensure the offenders are appropriately managed in a safe, secure and humane environment and to ensure the safety of the offender, other offenders, staff and the community at large.

The following is a statistical breakdown of disclosures pursuant to 8(2) of the Privacy Act:

Paragraph Description Requests Received
8(2)(b) Personal information may be disclosed "in accordance with any Act of Parliament or any regulation…that authorizes its disclosure." 7
8(2)(c) Personal information may be disclosed to comply "with a subpoena or warrant issued or order made by a court, a person or body with jurisdiction to compel the production of information" or to comply "with rules of court relating to the production of information." 19
8(2)(d) Personal information may be disclosed "to the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada." 13
8(2)(e) Personal information may be disclosed "to an investigative body […] for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation…" 132
8(2)(f) Personal information may be disclosed "under an agreement or arrangement between the Government of Canada […] and the government of a province [or territory] […] for the purpose of administering or enforcing any law or carrying out a lawful investigation." 309
8(2)(l) Personal information may be disclosed "to any government institution for the purpose of locating an individual in order to collect a debt owing […] by that individual or make a payment owing to that individual…" 5
8(2)(m) Personal information may be disclosed when "…it is in the public interest or (when) disclosure would clearly benefit the individual to whom the information relates." 20
  Note: These arise out of Access to Information requests from family members seeking information to understand the circumstances surrounding the death of their relative while incarcerated. Note: The Privacy Commissioner was notified prior to disclosure in all cases.

9.3 Federal Court

There was no federal court cases filed against CSC in this reporting period.

9.4 Resources

The ATIP Division expended a total of $2,185,888.00 – $2,142,004.00 was in salary costs and $39,328.00 in overtime costs. There was $4,556.00 in operating costs.

Appendix A – Privacy Act Delegation

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto to exercise the powers and perform the duties and functions of the Minister as the head of a government institution, that is, the Correctional Service of Canada, under the sections of the Act set out in the schedule opposite each position. This designation replaces all previous delegation orders.

Section Action Commissioner Senior Deputy Commissioner Assistant Commissioner, Policy Director, ATIP Deputy Director, ATIP Team Leaders, ATIP Regional Deputy Commissioners Wardens & District Directors Regional Administrators, Communications and Executive Services
8(2)(e) Disclose personal information to an investigative body specified in the Regulations for enforcing any law of Canada or a province or carrying out a lawful investigation
8(2)(f) Disclose personal information under an agreement or arrangement for the purpose of administering or enforcing any law or carrying out a lawful investigation
8(2)(j) Disclosure for research purposes
8(2)(m) Disclosure in the public interest or in the interest of the individual
8(4) Copies of requests under 8(2)(e) to be retained
8(5) Notice of disclosure under 8(2)(m)
9(1) Record of disclosures to be retained
9(4) Consistent uses
10 Personal information to be included in personal information banks
14 Notice when access requested
15 Extension of time limits
17(2)(b) Language of access
17(3)(b) Access to personal information in alternative format
18(2) Exemption (exempt bank) - Disclosure may be refused
19(1) Exemption - Information obtained in confidence
19(2) Exemption - Where authorized to disclose
20 Exemption - Federal-Provincial Affairs
21 Exemption - International affairs and defence
22 Exemption - Law enforcement and investigation
22.3 Exemption - Public Servants Disclosure Protection Act
23 Exemption - Security clearances
24 Exemption - Individuals sentenced for an offence
25 Exemption - Safety of individuals
26 Exemption - Information about another individual
27 Exemption - Solicitor-client privilege
28 Exemption - Medical record
31 Notice of intention to investigate
35(1) Findings and recommendations of Privacy Commissioner
35(4) Access to be given
36(3) Report of findings and recommendations (exempt banks)
37(3) Report of findings and recommendations (compliance review)
51(2)(b) Special rules for hearings
51(3) Ex parte representations
72(1) Annual Report to Parliament
Privacy Regulations
9 Reasonable facilities and time provided to examine personal information
11(2) Notification that correction to personal information has been made
11(4) Notification that correction to personal information has been refused
13(1) Disclosure of personal information relating to physical or mental health may be made to a qualified medical practitioner or psychologist for an opinion on whether to release information to the requester
14 Disclosure of personal information relating to physical or mental health may be made to a requester in the presence of a qualified medical practitioner or psychologist

Dated, at the City of Ottawa, this  

_____th day of ______________, 2015  

__________________________________________
The Honourable Steven Blaney, P.C., M.P.

Minister of Public Safety and Emergency Preparedness

Appendix B - Statistical Report

Statistical Report on the Privacy Act

Name of institution:Correctional Service Canada

Reporting period:2015-04-01 to 2016-03-31

Part 1: Requests Under the Privacy Act

Number of Requests
Received during reporting period 7502
Outstanding from previous reporting period 6912
Total 14414
Closed during reporting period 6690
Carried over to next reporting period 7724

Part 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time
Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 45 241 353 196 84 159 99 1177
Disclosed in part 62 472 814 606 244 544 786 3528
All exempted 1 6 7 6 3 3 5 31
All excluded 0 0 0 0 0 0 0 0
No records exist 320 196 123 31 10 61 102 843
Request abandoned 256 60 76 38 18 103 551 1102
Neither confirmed nor denied 1 0 2 0 0 4 2 9
Total 685 975 1375 877 359 874 1545 6690
2.2 Exemptions
Section Number of Requests Section Number of Requests Section Number of Requests
18(2) 0 22(1)(a)(i) 485 23(a) 1
19(1)(a) 17 22(1)(a)(ii) 91 23(b) 1
19(1)(b) 2 22(1)(a)(iii) 20 24(a) 19
19(1)(c) 794 22(1)(b) 546 24(b) 211
19(1)(d) 391 22(1)(c) 952 25 15
19(1)(e) 25 22(2) 0 26 3587
19(1)(f) 1 22.1 1 27 38
20 1 22.2 1 28 2
21 5 22.3 1
2.3 Exclusions
Section Number of Requests Section Number of Requests Section Number of Requests
69(1)(a) 2 70(1) 0 70(1)(d) 0
69(1)(b) 1 70(1)(a) 0 70(1)(e) 0
69.1 0 70(1)(b) 0 70(1)(f) 0
70(1)(c) 0 70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 1157 19 1
Disclosed in part 3492 32 4
Total 4649 51 5
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
Disposition of Requests Number of Pages Processed Number of Pages Disclosed Number of Requests
All disclosed 41013 41266 1177
Disclosed in part 684542 568820 3528
All exempted 286 0 31
All excluded 0 0 0
Request abandoned 27736 0 1102
Neither confirmed nor denied 0 0 9
Total 753577 610086 5847
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 1081 23788 94 15019 1 543 1 1916 0 0
Disclosed in part 1992 68626 1262 225004 176 101741 92 137703 6 35746
All exempted 31 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 1031 0 61 0 7 0 3 0 0 0
Neither confirmed nor denied 9 0 0 0 0 0 0 0 0 0
Total 4144 92414 1417 240023 184 102284 96 139619 6 35746
2.5.3 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 18 18 36
Disclosed in part 30 0 476 476 982
All exempted 0 0 1 1 2
All excluded 0 0 0 0 0
Request abandoned 2 0 10 10 22
Neither confirmed nor denied 0 0 0 0 0
Total 32 0 505 505 1042
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed Past the Statutory Deadline Principal Reason
Workload External Consultation Internal Consultation Other
3878 3864 1 0 13
2.6.2 Number of days past deadline
Number of Days Past Deadline Number of Requests Past Deadline Where No Extension Was Taken Number of Requests Past Deadline Where An Extension Was Taken Total
1 to 15 days 204 239 443
16 to 30 days 118 77 195
31 to 60 days 147 150 297
61 to 120 days 302 139 441
121 to 180 days 209 89 298
181 to 365 days 570 269 839
More than 365 days 382 983 1365
Total 1932 1946 3878
2.7 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
132 20 20 172

Part 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 2
Requests for correction accepted 0
Total 2

Part 5: Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of Requests Where an Extension Was Taken 15(a)(i)
Interference With Operations
15(a)(ii)
Consultation
15(b)
Translation or Conversion
Section 70 Other
All disclosed 495 2 1 0
Disclosed in part 1904 3 2 1
All exempted 13 0 0 0
All excluded 0 0 0 0
No records exist 116 0 0 0
Request abandoned 506 2 3 0
Total 3034 7 6 1
5.2 Length of extensions
Length of Extensions 15(a)(i)
Interference with operations
15(a)(ii)
Consultation
15(b)
Translation purposes
Section 70 Other
1 to 15 days 1 0 0 0
16 to 30 days 3033 7 6 1
Total 3034 7 6 1

Part 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 71 2825 4 39
Outstanding from the previous reporting period 4 1269 0 0
Total 75 4094 4 39
Closed during the reporting period 72 3929 4 39
Pending at the end of the reporting period 3 165 0 0
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 9 1 0 0 0 0 0 10
Disclosed in part 28 18 5 1 0 0 0 52
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 3 1 1 0 0 0 0 5
Other 5 0 0 0 0 0 0 5
Total 45 20 6 1 0 0 0 72
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Ddays More Than 365 Days Total
All disclosed 2 0 0 0 0 0 0 2
Disclosed in part 2 0 0 0 0 0 0 2
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 4 0 0 0 0 0 0 4

Part 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services
Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000
Pages Processed
1001-5000
Pages Processed
More than 5000
Pages Processed
Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of Days Fewer Than 100 Pages Processed 101‒500 Pages Processed 501-1000
Pages Processed
1001-5000
Pages Processed
More than 5000
Pages Processed
Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
206 0 179 0 385

Part 9: Privacy Impact Assessments (PIAs)

Number of PIA(s) completed 0

Part 10: Resources Related to the Privacy Act

10.1 Costs
Expenditures Amount
Salaries $2,142,004
Overtime $39,328
Goods and Services $4,556
  • Professional services contracts
$0
  • Other
$4,556
Total $2,185,888
10.2 Human Resources
Resources Person Years Dedicated to Privacy Activities
Full-time employees 26.00
Part-time and casual employees 5.00
Regional staff 0.00
Consultants and agency personnel 0.00
Students 0.00
Total 31.00

Note: Enter values to two decimal places.