|
|
|
| The Honorable John M. Reid, P.C Information Commissioner of Canada |
The Honourable Irwin Cotler Minister of Justice and Attorney General of Canada |
SECTION I – OVERVIEW
Commissioner's Message
Summary Information
Departmental Plans and Priorities
SECTION II – ANALYSIS OF PROGRAM ACTIVITIES BY STRATEGIC OUTCOME
SECTION III – SUPPLEMENTARY INFORMATION
Management Representation Statement
Organizational Information
Table 1: Departmental Planned Spending and Full Time Equivalents
Table 2: Program by Activity
Table 3: Voted and Statutory Items listed in Main Estimates
Table 4: Net Cost of Department for the Estimates Year
SECTION IV – OTHER ITEMS OF INTEREST
Corporate Services 17
Crown Corporations Subject to the Act 17
Creation of a new Parliamentary Committee 18
Inadequate Resources 18
OFFICE OF THE INFORMATION COMMISSIONER'S
REPORT ON PLANS AND PRIORITIES
I am pleased to submit my Report on Plans and Priorities for the fiscal period April 1 st , 2005 to March 31 st , 2006.
_____________________________________
The Honourable John M. Reid, P.C.
Information Commissioner of Canada
As July 1 st, 2005 marks the end of my seven-year term as Information Commissioner of Canada, I cannot help but reflect back on my initial impressions and concerns.
For example, in 1998, as a new Commissioner, my first impressions included the following:
Seven years of experience has reinforced those initial impressions; indeed, those concerns remain at the forefront of the challenges for the coming seven years. That is not to say that there has been no progress; there have been improvements, accomplishments and positive developments on many fronts. Yet, the clear lesson of these seven years is that governments continue to distrust and resist the Access to Information Act and the oversight of the Information Commissioner. Vigilance, by users, the media, academics, the judiciary, Information Commissioners and Members of Parliament, must be maintained against the very real pressures in the system to shift back to government, the power to control what, and when, information will be disclosed to the public.
|
Reason for Existence – To ensure that the rights conferred by the Access to Information Act are respected; that complainants, heads of federal government institutions and all third parties affected by complaints are given a reasonable opportunity to make representations to the Information Commissioner; to persuade federal government institutions to adopt information practices consistent with the objectives of the Access to Information Act ; to bring appropriate issues of interpretation of the Access to Information Act before the Federal Court. |
Financial Resources ($ thousands)
|
2005-2006 |
2006-2007 |
2007-2008 |
|
$5 556 |
$5 122 |
$5 122 |
Human Resources
|
2005-2006 |
2006-2007 |
2007-2008 |
|
61 |
56 |
56 |
Departmental Priorities
|
|
Type |
Planned Spending ($ thousands) |
||
|
2005-2006 |
2006-2007 |
2007-2008 |
||
|
Ensure that federal institutions subject to the Access to Information Act comply with it by investigating and mediating an estimated 1 200 complaints and responding to an estimated 1 220 enquiries. |
Ongoing |
$3 334 |
$3 074 |
$3 074 |
|
Conducting Federal Court Litigation |
Ongoing |
1 111 |
1 024 |
1 024 |
|
Fewer Delays in the System |
Ongoing |
1 111 |
1 024 |
1 024 |
|
Total |
$5 556 |
$5 122 |
$5 122 |
|
Departmental Plans and Priorities
Highlights
During the 2005-2006 fiscal year, the Information Commissioner expects to:
Plans and Priorities
Financial Resources ($ thousands)
|
2005-2006 |
2006-2007 |
2007-2008 |
|
$3 334 |
$3 074 |
$3 074 |
Human Resources
|
2005-2006 |
2006-2007 |
2007-2008 |
|
37 |
34 |
34 |
The primary products of this activity are completed complaint investigations, settlement negotiations, departmental reviews, and enquiries.
The 2005-2006 estimate of resources needed to further the Commissioner's objectives is largely derived from a forecast of the number and complexity of complaints, settlement negotiations and enquiries (based on previous years' experience) as well as the litigation before the courts. The volume of work is dependent almost entirely on public demand and this, in turn, is influenced by such factors outside the Commissioner's control as the varied level of performance by government institutions in responding to access requests and the awareness of the public that information is accessible under the Act.
Figure 1 shows the number of complaints the Information Commissioner received, investigated and rendered a decision on during the periods 2001-2002 through 2002-2003 and a forecast of workload expectations for 2004-2005 and 2005-2006. The total number of complaints the Office receives is roughly in the order of one complainant for every 10 ATIP requests filled.
The telephone continues to be the most direct and most used means of communication with the public: this year, 1 450 calls consuming 685 hours were received on the office's "800" number.
Figure 1: Complaints
* The 2002-03 numbers have been adjusted to exclude 208 cases that were cancelled.
Financial Resources ($ thousands)
|
2005-2006 |
2006-2007 |
2007-2008 |
|
$1 111 |
$1 024 |
$1 024 |
Human Resources
|
2005-2006 |
2006-2007 |
2007-2008 |
|
12 |
11 |
11 |
The budget estimates for the legal services necessary to further the objectives of the Office of the Information Commissioner are based on the complexity of the legal problems encountered in the administration of the Act in the course of investigations, litigation, legislative and parliamentary activities or other matters of internal or governmental administration. In each case, it is necessary to obtain the assistance of legal staff to interpret federal statutes, to formulate legal opinions, to explain or elaborate on policies on access to information, to conduct litigation, and to represent the Commissioner before the Federal Court, Federal Court of Appeal and the Supreme Court of Canada.
According to section 41 of the Act, persons who are denied access to information may, after receiving the results of the Commissioner's investigation, apply for review of the federal institution's decision. Section 42 provides that the Information Commissioner may initiate a review before the court provided he obtains the consent of the access requester.
Section 44 of the Act protects the commercial interests of third parties in that it allows them to apply for a judicial review of the federal institution's decision to disclose records which may contain their confidential business information. Under the Federal Courts Act , the Attorney General of Canada and other applicants may initiate legal proceedings against the Information Commissioner regarding the lawfulness of the Commissioner's investigative process. Decisions rendered by the Federal Court may be appealed before the Federal Court of Appeal and before the Supreme Court of Canada.
The Information Commissioner is mandated to monitor any issue relating to the interpretation and application of the Access to Information Act . The Commissioner has always supported the activities of the Federal Court with a view to ensuring that the public has fair and effective access to the legal process to determine the legality of government decisions on access. Following the Commissioner's suggestion to reduce delays and backlogs in access to information and privacy litigation, the Federal Court chose, in 1992, access to information and privacy litigation as a first area to implement a judicial case management project. The Office had some involvement, in 1997, in the complete overhaul of the Federal Court Rules. The Office made a significant contribution to the development of the case law in access to information and privacy matters before the Federal Court, the Federal Court of Appeal and the Supreme Court of Canada. The Office's participation was noticed and considered useful and valuable. Unfortunately, the lack of financial resources jeopardizes the role the Information Commissioner is called upon to play before the judiciary. For instance, the Commissioner is no longer able to monitor all legal proceedings undertaken under sections 41 and 44 of the Access to Information Act.
Between April 1, 2000 and March 31, 2005, the Information Commissioner was involved in 11 judicial reviews before the Federal Court initiated pursuant to s. 42. During the same period, the Attorney General of Canada initiated most of the 54 judicial review proceedings taken against the Information Commissioner by the Attorney General or others under s. 18 of the Federal Courts Act . These proceedings have had the effect of delaying the Commissioner's investigations in these related cases and forcing the Commissioner to devote some of his scarce resources to defending his position before the courts. During this same time period, access requesters undertook 47 judicial reviews under section 41, while third parties undertook 114 reviews of government institutions' decisions to disclose third-party information. The Office of the Information Commissioner also participated in 15 appeals before the Federal Court and 9 cases before the Supreme Court of Canada.
Financial Resources ($ thousands)
|
2005-2006 |
2006-2007 |
2007-2008 |
|
$1 111 |
$1 024 |
$1 024 |
Human Resources
|
2005-2006 |
2006-2007 |
2007-2008 |
|
12 |
11 |
11 |
Early in this Commissioner's term, the persistent, widespread problem of delay in answering access requests became the Commissioner's top priority. Through special reports (report cards) to Parliament on the performance of individual departments and the use of order powers to compel ministers and deputy ministers to explain why mandatory, statutory response deadlines were being ignored, the Commissioner sought to bring the government's attention to bear on solving the delay problem.
Many departments took up the challenge, made timeliness a priority, devoted the resources necessary and instituted streamlined processes for answering access requests. In year one (1998), all six institutions reviewed, received a grade of "F". In those six institutions, from 35 percent to 86 percent of answers to access requests were late. Last year, in those same institutions, the percentage of responses, which were late, ranged from a high of 17 percent in Foreign Affairs and International Trade to 3.8 percent in the Privacy Council Office.
This dramatic improvement in the delay situation is also reflected in the profile of complaints to the Information Commissioner. In 1998-99, 49.5 percent of the 1 351 complaints which were investigated, related to failure to meet response deadlines. Last year, delay complaints represented 23.5 percent of the office's workload. This year, that percentage continues to fall: it is currently at 19.0 percent.
SECTION II – ANALYSIS OF PROGRAM ACTIVITIES BY STRATEGIC OUTCOMEIndividuals' rights under the Access to Information Act are safeguarded.
Program Activity Name: Assess, investigate, review, pursue judicial enforcement, and provide advice.
|
Program Activity Objectives: |
Program Activity Performance Indicators: |
Program Activity Expected Results: |
|
To ensure that the rights and obligations of complainants under the Access to Information Act are respected; complainants, heads of federal government institutions and all third parties affected by complaints are given a reasonable opportunity to make representations to the Information Commissioner and investigations are thorough and timely |
Number of complaints received Turnaround time |
Number of complaints received are greater than or equal to ten percent of the total number of access to information requests made Service Standards (for a description of the service standards, please refer to page 21 of the Information Commissioner's 2003-2004 Annual Report, at www.infocom.gc.ca) |
|
To persuade federal government institutions to adopt information practices in keeping with the Access to Information Act ; and |
Report cards
|
Institutions receive a grade of satisfactory or better |
|
To bring appropriate issues of interpretations of the Access to Information Act before the Federal Court |
Number of cases brought before the Courts |
Number of cases brought before the Courts is less than one percent |
Program Activity Description:
Assess, investigate, review, pursue judicial enforcement, and provide advice.
The Access to Information Act is the legislative authority for the activities of the Information Commissioner and his office. The objectives of the activity are:
This activity represents 100 percent of program expenditures.
SECTION III – SUPPLEMENTARY INFORMATION
Management Representation Statement
I submit for tabling in Parliament, the 2005-2006 Report on Plans and Priorities (RPP) for the Office of the Information Commissioner of Canada.
This document has been prepared based on the reporting principles contained in the Guide to the preparation of Part III of the Estimates: Reports on Plans and Priorities .
John M. Reid
Information Commissioner of Canada
The Information Commissioner is an ombudsman, appointed by Parliament, to investigate complaints that the government has denied rights under the Access to Information Act – Canada's freedom of information legislation.
The Access to Information Act came into force in 1983 and gave Canadians the broad legal right to information recorded in any form and controlled by most federal government institutions.
The Access to Information Act provides government institutions with 30 days to respond to access requests.
Extended time may be claimed if there are many records to examine, other government agencies to be consulted or third parties to be notified. The requester must be notified of these extensions within the time frame.
Access rights are not absolute. They are subject to specific and limited exemptions, balancing freedom of information against individual privacy, commercial confidentiality, national security and the frank communications needed for effective policy-making. These exemptions permit government agencies to withhold material, often prompting disputes between applicants, departments and agencies.
Dissatisfied applicants may turn to the Office of the Information Commissioner. The Office investigates complaints from applicants:
The Commissioner has strong investigative powers, which are strong incentives for government institutions to adhere to the Access to Information Act and to respect applicant's rights.
Since he is an ombudsman, the Commissioner may not order a complaint to be resolved in a particular way. He relies upon persuasion to resolve disputes and asks for a Federal Court review only if the believes that an individual has been denied access improperly and that a negotiated solution is not possible. This dispute resolution process has been successful in all complaints but two of this type.
Complaints received by the Commissioner are handled as follows:
The Commissioner is not involved with the fact-gathering proves of investigations thus ensuring that he comes to the deliberation phase with an open mind. During the deliberation phase, he reviews the evidence and representations, and, if he considers the complaint to be well founded, recommends remedial action. His findings and recommendations are communicated to the complainant and the head of the institution. He also informs the complainant that, if access to the requested records has not, or will not be given, the complainant has the right to apply to the Federal Court for a review of the institution's decision to refuse access.
The Commissioner has the authority, with the consent of the complainant, to ask the Federal Court to order disclosure of the government-held records. This authority is only exercised in the less than one percent of cases where the Commissioner is unable to resolve the matter during the investigative process.
Table 1: Departmental Planned Spending and Full Time Equivalents
* A procurement savings of $16,000 has been identified as part of the Expenditure Review Committee (ERC) but not included as it is disputed by the Office of the Information Commissioner of Canada (OIC).
Table 3: Voted and Statutory Items listed in Main Estimates
The primary difference between the current and previous year is the one-time funding of $ 434K received to eliminate the projected backlog of overdue complaints.
Table 4: Net Cost of Department for the Estimates Year
SECTION IV – OTHER ITEMS OF INTEREST
Other Items of Interest
Corporate Services provides administrative services (financial, human resources, information technology, and general administrative) to the Information Commissioner's office. Its objective is to support those who administer the program.
Since fiscal year 2002-2003, the Office of the Information Commissioner of Canada has had to provide its corporate services independently, after the former Privacy Commissioner's unilateral decision to terminate the shared service model based on service usage.
To compensate for the increased workload and reduced economies of scale, Corporate Services had no choice but to close its library and reallocate the resulting funds to greater priority areas.
In 2005-2006, the main goals for this directorate will be to fully implement the Management Accountability Framework as well as the Public Service Modernization Act.
Crown Corporations Subject to the Act
The Access to Information Act is built on the principle that Canadians have a right of access to government information. Access to information provides Canadians with a mechanism to scrutinize the activities of government. Currently 28 out of 46 Crown corporations are subject to the Access to Information Act .
In line with the Task Force report entitled, Access to Information: Making it Work for Canadians released in June 2002, the government recommends that the Act not apply to information relating to critical interests of organizations such as journalistic sources and competitive commercial activities, where the current exemptions would not adequately protect this information. Two examples are the competitive commercial activities of the Canada Post Corporation relating to its courier business and program development at the Canadian Broadcasting Corporation.
The government will extend the Act to 10 of the 18 Crown corporations currently not covered by Order in Council. The other Crown corporations are of a commercial nature and will remain outside the legislation until legal instruments can be designed to protect their commercially sensitive information holdings. The government will develop these instruments in the context of overall review of the Act.
Creation of a new Parliamentary Committee
In his first Annual Report to Parliament (1998-1999) this Commissioner suggested that the responsibility for overseeing his office should be moved from the busy Standing Committee on Justice and the Solicitor General to a committee more able to concern itself with access to information matters. After the election of a minority Liberal government in 2004, a new committee was formed and named: the Standing Committee on Access to Information, Privacy and Ethics. Already, since that committee's creation, the Information Commissioner has appeared three times to give evidence with respect to his 2004-05 spending estimates, his 2003-04 Annual Report, and on this issue of new funding mechanisms for officers of Parliament. This increased level of parliamentary interest in, and scrutiny of, of the operations of the Access to Information Act , is a very positive development.
Year after year, Information Commissioners have asked Treasury Board ministers to provide adequate (not extravagant) funds to enable them to effectively discharge the duties Parliament gave them. The requests are routinely denied or pared down to bare bones.
Year after year, the workload of complaints increases and, without adequate resources, the backlog of incomplete investigations, also increases. Now it ranks at an all time high; it represents a full year of work for every one of the Commissioner's 23 investigators.
Again, this year, the Commissioner put forward a request for seven additional investigators for 3 years, to clear the backlog, and eight additional investigators for the long-term to ensure that the backlog did not redevelop. Treasury Board ministers agreed to give the Commissioner five additional investigators for fifteen months and none for the long-term. Resources for such a short-term would, for all practical purposes be wasted. In one year the Commissioner could not recruit for only one year, train, security clear and deploy five new investigators to accomplish any appreciable reduction of the backlog. Moreover, with no permanent increase to the number of investigators, the incoming workload will still outstrip the resources available, contributing to more backlogged investigations. The Commissioner told the President of Treasury Board that the Board's response to the Commissioner's request was a recipe for failure and a waste of taxpayer funds. The Minister's response: Try again next year.
And that, of course, is the deep flaw in the manner in which the Commissioner's office is funded – due to its control of the purse strings, the government has control over the effectiveness of Parliament's officer. So much for independence!
It is vital that Parliament take over the role of ensuring the Commissioner get adequate resources to do the job and, of course, holds him or her accountable for how resources are utilized. Parliament took such a step with one of its officers, the Ethics Commissioner. It is equally important that it do so for the Information Commissioner and the other officers of Parliament who are mandated to investigate government actions and decisions.
In February of 2005, the Standing Committee on Access to Information, Privacy and Ethics launched a study into this issue. The government, too, is considering proposals for a new funding mechanism for Officers of Parliament.
For other items of interest, please refer to the Information Commissioner's 2004-2005 Annual Report, which will be published, by mid-June 2005, at: www.infocom.gc.ca .
| Jennifer Stoddart Privacy Commissioner of Canada |
The Honourable Irwin Cotler Minister of Justice and Attorney General of Canada |
Section I:
Privacy Commissioner's Message
Management Representation Statement
Section II:
Raison d'Être
Overview of Resources and Priorities
Operating Environment
Internal Factors Affecting Program Delivery
External Factors Affecting Privacy and the Office
OPC Priorities and Plans for 2005-2006
Section III:
Analysis of Program Activities by Strategic Outcome
Organizational Information
Resource Tables
Sources of Additional Information
I am pleased to present this 2005-2006 Report on Plans and Priorities which sets out the strategic directions, priorities, expected results and spending estimates for the Office of the Privacy Commission of Canada to deliver on its mandate to protect and promote the privacy rights of Canadians.
Moving forward, our Office will stabilize its resource base, complete its institutional renewal strategy and submit a business plancase to Treasury Board Secretariat to address its financial and resource allocation needs. While we have made great progress to modernize our management processes and administrative procedures, further sustained efforts are required to enable to Office to fully operate as a well-managed and efficient Parliamentary agency.
This Report describes the environment in which we operate and the internal and external factors affecting our program delivery to deal with emerging privacy issues. For 2005-2006, the Office has identified six operational priorities, which are:
I look forward to the challenges ahead, and to working with the dedicated staff of the OPC and with Parliament as we endeavour to deliver on our priorities.
Jennifer Stoddart
Privacy Commissioner of Canada
I submit for tabling in Parliament, the 2005-2006 Report on Plans and Priorities (RPP) for the Office of the Privacy Commissioner of Canada.
This document has been prepared based on the reporting principles contained in the Guide to the preparation of Part III of the Estimates: Reports on Plans and Priorities .
Jennifer Stoddart
Privacy Commissioner of Canada
Our mission is to protect and promote privacy rights of individuals.
Our mandate is to oversee the application of the Personal Information Protection and Electronic Documents Act ( PIPEDA ) and the Privacy Act and within that context to protect and promote privacy.
The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate. In addition to the Privacy Commissioner, the Office has two Assistant Privacy Commissioners. Raymond D'Aoust is responsible for the Privacy Act , which covers the personal information-handling practices of federal government departments and agencies, and Heather Black is responsible for PIPEDA , Canada's new private sector privacy law.
The Commissioner is an advocate for the privacy rights of Canadians whose powers include:
The Commissioner works independently from any other part of the government to investigate complaints from individuals with respect to the federal public sector and the private sector.
Individuals may complain to the Commissioner about any matter specified in Section 29 of the Privacy Act . This Act applies to personal information held by the Government of Canada.
For matters relating to personal information in the private sector, the Commissioner may investigate all complaints under Section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation. To date, Quebec, British Columbia, and Alberta are the only provinces with legislation deemed to be substantially similar. However even in these three provinces, PIPEDA continues to apply to personal information collected, used or disclosed by federal works, undertakings and businesses throughout Canada, and to all personal information in interprovincial and international transactions by all organizations subject to the Act in the course of their commercial activities. At the time of writing, Industry Canada had issued a proposal order that would declare Ontario's Personal Health Information Protection Act , 2004 to be substantially similar to PIPEDA , as it relates to personal health information.
Mediation and conciliation, with a view to corrective action if necessary, are the preferred approaches to complaint resolution. The Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence if voluntary co-operation is not forthcoming. In certain circumstances, the Commissioner may take cases to the Federal Court.
Financial Resources (in $ thousands)
| 2005-2006 | 2006-2007 | 2007-2008 |
| $11,313* | Note | Note |
Human Resources
| 2005-2006 |
| 100 FTEs |
*This figure includes main estimates of $4,653 and supplementary estimates for activities under PIPEDA of $6,660.
Note: The OPC like other federal organizations would normally present information on financial and human resources for the three years 2005-2006, 2006-2007 and 2007-2008 in line with Treasury Board approved three year reference levels. Unfortunately, the OPC cannot present meaningful multi-year resource information because at the time of writing the approved reference levels do not include funding for the activities under PIPEDA . The OPC is preparing a business case to document the financial and human resources required to fulfill its mandate under the Privacy Act and PIPEDA . It is expected that the Treasury Board will consider the OPC's business case by the end of September 2005.
This section describes the operating environment of the OPC in three parts. The first part describes the major program delivery mechanisms; the second and third parts describe important internal and external factors affecting program delivery.
Investigations and Inquiries
The OPC seeks to promote fair information management practices by both public and private sector organizations in Canada in accordance with two federal privacy laws — the Privacy Act , which was enacted in 1983, and PIPEDA , the first phase of which took effect on January 1, 2001. The principal means of doing this is through complaint investigations, which are conducted by OPC's Investigations and Inquiries Branch. The Branch investigates complaints from individuals alleging that their personal information has been mismanaged or that they have been denied access or correction rights accorded them under these Acts. In conducting this work, Investigations and Inquiries is supported by activities of other branches, such as the Legal Services and Research and Policy branches. The Legal Services Branch helps with the interpretation of the two Acts and is involved in litigation concerning the interpretation and application of these Acts and in cases relating to the jurisdiction and powers of the Commissioner.
The Research and Policy Branch works with the Investigations and Inquiries Branch in establishing the Office's position on policy matters and provides investigators with research material to assist with the development of needed expertise in such areas as newly emerging technologies, which are the subject of an increasing number of complaints to the Office.
The Investigations & Inquiries Branch also responds to inquiries from members of the general public, government institutions, private sector organizations, and the legal community, who contact the Office on a wide variety of privacy-related issues.
Audits and Reviews
To safeguard Canadians' right to privacy, the OPC's Audit and Review Branch conducts compliance reviews under Section 37 of the Privacy Act . These reviews assess systems and practices for managing personal information from collection to disposal by federal departments and agencies. These reviews are carried out with reference to sections 4 to 8 of the Privacy Act and government policies and standards. This work is intended to encourage the growth of fair information practices by government institutions. The OPC also has the mandate, under Section 18 of PIPEDA , to conduct audits of the personal information management practices in the Canadian private sector.
Privacy Impact Assessments
The Government of Canada's Policy on Privacy Impact Assessments (PIA) has added to the responsibilities of the OPC. Our role, as defined in the Policy, is to assess the extent to which a department's PIA has succeeded in identifying privacy risks associated with a project or initiative and to comment on the appropriateness of the measures proposed to mitigate identified risks.
Support to Parliament
The Commissioner acts as Parliament's window on privacy issues, bringing to the attention of Parliament, issues that have an impact on the privacy rights of Canadians. We do this by tabling an Annual Report to Parliament, by appearing before Committees of the House of Commons and the Senate to comment on the privacy implications of proposed legislation and government initiatives and by identifying and analyzing issues that we believe should be brought to Parliament's attention.
The Office also assists Parliament to become better informed about privacy, acting as a resource or centre of expertise on privacy issues. This includes responding to a significant number of inquiries and letters from Senators and Members of Parliament.
Public Education and Communications
The Privacy Commissioner is specifically mandated under PIPEDA to conduct public education activities to ensure that the business community in Canada is complying with its obligations, as well as to make individuals aware of their rights.
Contributions Program
The Contributions Program supports the development of national privacy research capacity in the voluntary, academic and not-for-profit sectors to generate and transfer knowledge on the privacy impact of emerging technologies.
The 2003-2004 Performance Report to Parliament described the substantial progress made by the Office in meeting the challenges and correcting the problems which followed the resignation of the previous commissioner.
Two major internal challenges remain: the staffing of vacant positions and establishing the appropriate multi-year budget for the Office.
Staffing of Vacant Positions
The Office has established corrective measures in Human Resource management as a result of the series of audits, which have significantly increased the time it takes to fill vacancies. Expanding the area of selection to ensure an appropriate level of potential pool of candidates has resulted in a significant increase of candidates.
The vacancies in combination with increases in the number of complaints under PIPEDA and increases in the number of inquires have created backlogs.
Establishing the Appropriate Multi-year Budget for the Office
In accordance with decisions of the Treasury Board, the Office must present a business case containing long-term solutions and options for its multi-year budgets. The business case will be comprehensive, covering all of the operational activities and administrative services of the Office. As well, the business case will be supported by various analyses of business processes and workloads. A formal business process review of the Investigations and Inquiries Branch will be completed in March 2005. The purpose of this review is to assess the Branch's business processes to determine whether further efficiency can be achieved and to confirm performance standards. It is expected that the Treasury Board will consider the business case by the end of September.
The societal, political, technological and economic environment in which we operate determines the strategic focus of our activities, and the demands and pressures on our resources. Some of the principal elements of this environment are the following:
National Security, Law Enforcement and Public Safety
In the last several years, we have seen a series of government initiatives related to national security, law enforcement and public safety. Some examples are the Anti-Terrorism Act , the Public Safety Act , the creation of databases on airline passengers, the national sex-offender registry, increasing video surveillance of public places, and proposals to introduce a national identity card. Although very different on the surface, these initiatives all share certain features:
Defending privacy in the face of apparent growing public concerns about public safety has been, and will continue to be, a challenge for this Office. We expect that there will be continuing domestic and international pressure to introduce new measures related to national security, law enforcement and public safety.
Proliferation of Surveillance Technologies
Technologies designed for, or capable of being used for, surveillance of individuals have occupied the attention of the Office since its inception. They are increasingly widespread, and easily available to government bodies, law enforcement and national security agencies, businesses, and even individuals. From video surveillance cameras, Internet-transmitted spy ware, and "black boxes" in cars to infrared heat sensors, radio-frequency identification tags, and data mining, the means by which personal information can be collected from individuals without their consent and often without their knowledge are rapidly expanding.
Many of these technologies have laudable uses, serving legitimate social, economic, and individual purposes. It is their abuse, and in particular their use without regard for fair information practices and fundamental privacy rights, that is of great concern. The OPC will address technologies generally through a fair information practices lens, but careful inquiry and analysis, and specific approaches, will be required for specific technologies and applications.
Identification and Authentication
Governments and the private sector share a common belief that they need faster, more reliable and more secure methods to identify and authenticate individuals. In both sectors we are seeing a growing interest in biometrics, smart cards, "e-identities" and other identifiers. These are viewed as the enablers of e-government and e-commerce, and as a solution to such diverse problems as money-laundering, terrorism, credit fraud, identity theft, and benefit entitlement fraud.
The OPC supports legitimate efforts to combat these problems, but is concerned about the risks that personal identifiers present for privacy. Identifiers, especially the same identifier used by different organizations for various transactions, can link individuals' transactions, revealing information about them to the point that profiles can be constructed.
The pressure for high-integrity identification is intense, particularly from government, notwithstanding the abandonment of proposals for a national identity card. Authentication (which is not necessarily the same as identification) is central to the federal government's Government On-Line initiatives. Citizenship and Immigration has introduced a new, more secure, Permanent Resident Card, and the Canadian Passport Office is now developing a biometrically-enhanced passport. The federal, provincial and territorial governments are working together to create a coherent identity policy and uniform standards across programs and jurisdictions to improve the security of documents such as birth certificates.
We expect continuing pressure and new initiatives to improve identification and authentication of citizens in both the public sector and in the private sector. The Office, in line with its general position on technology, will continue to address identification initiatives by applying the principles of fair information practices. We will also examine alternatives, such as "anonymizing" technologies, to the widespread use of identifiers.
Transborder Flows of Personal Information
Personal information in Canada is well protected by federal and provincial privacy legislation, but information in a globalized economy travels readily across jurisdictional boundaries, and personal information may find its way to jurisdictions that do not provide the protections that Canadians expect. This can occur through transfers of personal information from one government to another, from private companies directly to foreign governments, or from private companies to other private companies. Outsourcing of information processing operations by government or private sector organizations has become commonplace. However, this outsourcing can put personal information at risk.
This issue will put significant demands on the OPC in the coming planning period. Canadians have indicated a growing unease with their personal information escaping their control and the means of recourse available to them under Canadian legislation. Similarly, residents of other countries have legitimate concerns about what happens to their personal information when it is collected by a Canadian governmental or private sector organization. While PIPEDA provides protections in both these cases, the older Privacy Act is less adequate, and addressing this will occupy the OPC's attention.
E-government, E-commerce and E-health
Governments, businesses, and health systems are increasingly moving away from paper-based systems towards electronic transactions. This phenomenon is not new but it is increasing in importance. Electronic service delivery and record-keeping have significant advantages and the public, on the whole, is supportive of the convenience and swiftness of electronic transactions. This promises economic benefits for businesses and cost savings for government and health systems.
Full acceptance of these systems, however, will depend on their privacy implications being addressed. These implications include the development and merging of ever-larger databases of personal information drawn from transactions, the difficulty of limiting information collection, use and disclosure to what is necessary for reasonable purposes, and the challenge of ensuring on-line security and confidentiality of personal information. The OPC is engaged at a multitude of levels by this phenomenon: as a guardian of individuals' rights as set out in federal privacy laws, as a public educator, and as an adviser to individuals, government, businesses, and Parliament.
In the context of our internal and external environment, the Office has identified the following six highest priorities for our program during the 2005-2006 fiscal year. We will report to Parliament in the fall of 2006 on our performance in these areas.
| Priorities | Type |
| 1. Ensure fair, effective and efficient handling of privacy inquiries and complaints. | Ongoing |
| 2. Assess the privacy impacts of federal government initiatives. | Ongoing |
| 3. Advise Parliament on privacy issues. | Ongoing |
| 4. Identify and research privacy issues, and develop policy positions affecting both the private and federal public sectors. | Ongoing |
| 5. Develop a comprehensive communications and outreach strategy to raise the understanding of privacy rights and obligations. | New |
| 6. Develop and implement communications and public education programs. | Ongoing |
The Investigations and Inquiries Branch will continue to respond to inquiries and conduct thorough investigations in as timely a manner as possible.
In response to increasing workloads, we have placed a greater emphasis on dealing with complaints through alternative dispute resolution as a means of resolving complaints more quickly and efficiently. We have also decentralized case handling in order to reduce processing time. We will continue with this approach, as well as working with member associations (groups that represent certain sectors of private industry) to address systemic issues raised by the public through inquiries and complaints.
In late 2004, the Office initiated a thorough business process review of our core business, i.e. Investigations and Inquiries. The review will be completed by March 31, 2005.
The review will also provide the basis for determining appropriate resource levels, given the workload.
A complaint investigation may result in a letter of findings with recommendations aimed at improving the practices of the respondent organization to prevent any recurrence of a breach of privacy rights. In 2004-2005, the Office completed a survey of a sample of PIPEDA cases to determine the status of the implementation of recommendations.
Since the fall of 2004, we have been following up on the implementation status of all recommendations made under both the Privacy Act and PIPEDA . Investigations and Inquiries with Legal Services and Audit and Review, will continue this follow-up. This measure will ensure compliance with recommendations.
Between January 1, 2003 and January 1, 2005, the number of open files of complaints has grown under the Privacy Act by 21% from 929 to 1128 and under PIPEDA by 144% from 235 to 570. This growth is attributable to a number of causes, for example the number and complexity of cases resulting from the implementation of the final phase of PIPEDA , on January 1, 2004. In addition, PIPEDA stipulates that a report of findings must be prepared within one year of the complaint being filed; to respect this time limit under PIPEDA , we reassigned three investigators from Privacy Act cases to PIPEDA cases. Consequently, there are fewer investigators to handle complaints under the Privacy Act . We will continue to identify and implement solutions to address the backlog such as more staff training and development and simplified standard responses.
In 2004-2005, we rolled-out a new caseload management system called IIA (Integrated Investigation Application) that has facilitated caseload tracking and reporting, and given us better tools for managing PIPEDA -related investigations. In 2005-2006, we will improve the software systems supporting inquiries and investigations by integrating the investigations case-load management system IIA with the inquiries management system called CCM (Correspondence and Case Management) and our electronic records management system called RDIMS (Records Document and Information Management System).
Some investigations involve federal-provincial cross-jurisdictional issues. In order to minimize duplication of efforts and maximize benefits for all Canadians, the OPC held discussions with its provincial counterparts in British Columbia and Alberta (both provinces have personal information protection legislation that was deemed substantially similar to PIPEDA in 2004) about a harmonized approach to the handling of complaints where the complaint is against an organization in either of these provinces. We have a well established consultation process that includes monthly conference calls between the OPC and British Columbia and Alberta's Information and Privacy Commissioners' Offices. OPC is also discussing harmonization approaches with Ontario's Information and Privacy Commissioner's Office as a result of the issuing of a proposed order that would declare Ontario's Personal Health Information Protection Act substantially similar to PIPEDA with regard to personal health information.
The Investigations and Inquiries Branch, in consultation with Legal Services, will continue to fine tune established approaches and procedures to deal with cross-jurisdictional complaints.
In 2002, Canada became the first country in the world to make PIAs mandatory for all federal departments and agencies. The Treasury Board's PIA Policy is intended to protect the privacy of Canadians in all transactions with the government by ensuring that privacy considerations are built into government projects at the outset. Assessing the privacy impact up-front helps managers and decision-makers avoid or mitigate privacy risks and promote fully informed policy, program and system design choices.
While the OPC supports the goals and objectives of the PIA Policy, there are significant resource implications which need to be addressed. The Office requires permanent funding by the Treasury Board in order to provide expert advice to government departments as they seek to comply with the Policy. Discussions will be undertaken with the TBS to discuss service expectations and resource requirements.
In order to improve our ability to advise Parliamentary committees, we will focus on strengthening and systematizing our procedures by:
We will develop a strategy to improve our ongoing communications with Parliamentarians by means of information packages, special reports and the annual reports on the Privacy Act and PIPEDA . As well, we will put in place a system to track communications with individual Senators and MPs to ensure useful, timely, and consistent responses.
We plan to enhance and focus our policy expertise especially on the impacts of technology on privacy. We will identify potential partners and sources of external expertise to augment our internal policy and research capabilities. In addition, we will strengthen our own internal research capacity through continuous staff learning and development.
We intend to focus our policy research on those areas where we can have impact. We will review current research activities and proposed activities and set priorities based on the following criteria:
Our monitoring of the "privacy environment" of both the private and public sectors will become more systematic in identifying and tracking issues and in identifying responsibilities and strategies for addressing issues.
We will strengthen our working relationships with federal departments and agencies to ensure early consultation, and identification of privacy concerns, on legislative, regulatory and program initiatives.
The Contribution Program will capitalize on existing research expertise and capability; build links with researchers, voluntary organizations, academics and our provincial counterparts; and encourage the development of privacy expertise on emerging technologies.
We plan to take a more strategic and focused approach to our communications and public education activities. We will first clearly identify who our target audiences are and gauge their knowledge of privacy issues through public opinion research and other communications evaluation and monitoring mechanisms. This will enable the Office to establish a benchmark for measuring stakeholder knowledge and perceptions of privacy rights and obligations under the two Acts.
We will engage in proactive efforts to work collaboratively with other key privacy stakeholders to better inform and engage the public on privacy issues, as part of a more robust outreach strategy. Public education is a shared responsibility among jurisdictions and key stakeholders. By harnessing the knowledge of stakeholders on the privacy perceptions and needs of Canadians, we will play a national leadership role in encouraging a more seamless approach to privacy protection and promotion.
Pulling together expert advice from those who have implemented best practices and seen the results will be a valuable asset to Canada's privacy protection and promotion efforts. We hope through our communications and outreach to identify, document and communicate examples of best practices in protection of personal information to create a greater awareness of privacy as a fundamental social value.
By encouraging citizens to participate in dialogue on key privacy issues and policies that affect their day-to-day lives, we may foster greater awareness and understanding of the shared responsibility for the protection and promotion of privacy rights and obligations. We plan on engaging citizens in dialogue on the privacy impact of key issues such as video surveillance, RFIDs, identity theft and protection of health information.
We plan to evaluate the impact of our communications and outreach programs and initiatives, so we can assess our effectiveness in delivering on our public education mandate.
This section provides information on the basis of the Office's program activity architecture (PAA). The PAA, approved by Treasury Board, provides the structure for planning and reporting the Office's activities.
Our program has three operational activities aimed at achieving one strategic outcome on behalf of Canadians. The administrative costs are allocated to the operational activities.
| Strategic Outcome | Protection of the Privacy Rights of Canadians | ||
| Activities | 1. Assess and investigate compliance with privacy obligations | 2. Privacy Issues: research and policy | 3. Privacy Education — promotion and protection of privacy |
Resources:
| 2004-2005 | 2005-2006 | |
| Financial Resources - $000 | 7,732 | 7,696 |
| Human Resources - FTEs | 76 | 76 |
Activity Description
The OPC is responsible for investigating complaints and responding to inquiries received from individuals and organizations who contact the Office for advice and assistance on a wide range of privacy-related issues. The OPC also assesses how well organizations are complying with requirements set out in the two federal laws and provides recommendations on PIAs pursuant to the Treasury Board of Canada policy. This activity is supported by a legal team that provides specialized legal advice and litigation support.
Organizational Responsibilities
The Investigations and Inquiries Branch is responsible for investigating complaints received from individuals. The Branch's Inquiries Division responds to thousands of inquiries annually from the general public and organizations who contact the Office for advice and assistance on a wide range of privacy-related issues.
The Audit and Review Branch assesses how well organizations are complying with the requirements set out in the two federal laws. The Branch also receives analyses and provides recommendations on PIA Reports pursuant to the Treasury Board's PIA Policy.
Legal Services provides the necessary specialized legal advice and litigation support.
Priorities for this activity
The operations under this activity will lead to the achievement of two of our six highest priorities described in Section II.
| Priorities | Type |
| 1. Ensure fair, effective and efficient handling of privacy inquiries and complaints. | Ongoing |
| 2. Assess the privacy impacts of federal government initiatives. | Ongoing |
Performance Measurement and Reporting
We will report on our performance under this activity using indicators that measure workload and output such as:
We will also measure results for example on the implementation of recommendations made as a result of investigations, reviews of PIAs, and audits and reviews.
| Resources: | 2004-2005 | 2005-2006 |
| Financial Resources - $000 | 2,045 | 2,003 |
| Human Resources - FTEs | 14 | 14 |
Activity Description
The OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends, monitoring legislative and regulatory initiatives, providing analysis on key issues, and developing policy positions that advance the protection of privacy rights. An important part of the work done involves supporting the Commissioner and Assistant Commissioners in providing advice to Parliament on legislation and on government program initiatives that may impact on privacy.
Organizational Responsibilities
The Research and Policy Branch is responsible for researching privacy issues, and developing and advising on policy positions. The Branch supports the Commissioner and Assistant Commissioners by identifying legislation; new programs and emerging technologies that raise privacy concerns; providing advice and policy options; drafting discussion and position papers for public consumption on issues affecting privacy; and preparing briefing material for public appearances by the Commissioner and other staff.
In this role the Office responds to a significant number of inquiries from Senators and Members of Parliament.
Priorities for this activity
The operations under this activity will lead to the achievement of the following two priorities described in Section II.
| Priorities | Type |
| Identify and research privacy issues, and develop policy positions affecting both the private and federal public sectors. | Ongoing |
| Advise Parliament on privacy issues. | Ongoing |
Performance Measurement
The Office will report in the 2005-2006 Departmental Performance Report and/or in the Annual Report on the outputs of this activity using indicators such as the appearances before Parliamentary committees (number, purpose and result); the support provided to individual Parliamentarians (number of inquiries, meetings, requests for information, etc.); and the major research and policy documents produced (number and issues addressed). For the Contribution Program, we will report for each contribution project, the name of the recipient, the amount of the contribution, the purpose, output and result.
Resources:
| 2004-2005 | 2005-2006 | |
| Financial Resources - $000 | 1,619 | 1,614 |
| Human Resources - FTEs | 10 | 10 |
Activity Description
The OPC plans and implements a number of public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material.
Organizational Responsibilities
The Public Education and Communications Branch focuses on providing strategic advice on outreach and public education issues to the Commissioner and Assistant Commissioners. In addition, the Branch plans and implements a number of public education and communications activities, including the issuing of news releases, conducting media interviews, developing speeches for conferences and special events and analyzing public perceptions of privacy issues through environmental monitoring for the Commissioner and senior staff .
The Branch develops communications tools to address privacy issues of concern to Canadians, maintains the OPC Web site, develops and publishes material for a variety of audiences, including the annual reports to Parliament and numerous guides for businesses and individuals.
Priorities for this activity
This activity will lead to the achievement of the following two priorities described in Section II.
| Priorities | Type |
| Develop a comprehensive communication and outreach strategy to raise the understanding of privacy rights and obligations. | New |
| Develop and implement communications/public education programs. | Ongoing |
Performance Measurement
We will report on the outputs and results of this activity using indicators such as the volume of inquiries handled, the use of our Web site, the number of publications distributed, the number of presentations made to key target audiences. We will also wherever possible, evaluate the impact or outcome of our proactive outreach efforts through anecdotal and quantitative and qualitative research.
The Privacy Commissioner is an Officer of Parliament appointed by the Governor-in-Council following approval of her nomination by resolution of the Senate and the House of Commons. The OPC is designated by Order-in-Council as a department for the purposes of the Financial Administration Act . As such, it is established under the authority of schedule 1.1 of the Financial Administration Act and reports to Parliament for financial administration purposes through the Minister of Justice. The Privacy Commissioner is accountable to and reports directly to Parliament on all achieved results.
The roles of the Research and Policy, Public Education and Communications, Legal Services, Investigations and Inquiries, and Audit and Review Branches are described in the preceding sections. The roles of the administrative branches, Corporate Services and Human Resources, are set out below.
The Corporate Services Branch, headed by the Office's Chief Financial Officer provides advice and integrated administrative services (finance, information technology and general administration) to managers and staff.
The Branch's most important priority will be to lead the development of a comprehensive business case which will identify the appropriate level of financial and human resources to enable the Office to fulfil its mandate efficiently and effectively. The business case will support a submission to the Treasury Board to seek its approval of multi-year budgets.
The Corporate Services Branch will also lead a number of important initiatives linked to the OPC's goal of becoming a well-managed, effective and efficient Parliamentary agency. These initiatives focus on developing and implementing the Office's management accountability framework and integrated information management architecture.
Human Resources is responsible for the management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation.
The priorities for the HR Branch in the 2005-2006 fiscal year include:
| ($ thousands) |
Forecast Spending
2004-2005 |
Planned Spending
2005-2006 |
| Vote 45 - Operating expenditures | 3,918 | 3,925 |
| Statutory - Contributions to employee benefit plans | 781 | 728 |
|
|
||
| Total Main Estimates | 4,699 | 4,653 |
| Adjustments: | ||
| Supplementary Estimates for activities under PIPEDA | 6,664 | 6,660 |
|
|
||
| Total Planned Spending | 11,363 | 11,313 |
| Plus: Cost of services received without charge | ||
| Accommodation provided by Public Works and Government Services Canada (PWGSC) | 647 | 647 |
| Contributions covering employers' share of employees' insurance premiums and expenditures paid by TBS (excluding revolving funds) | 571 | 572 |
| Audit of the financial statements by the Office of the Auditor General of Canada | 150 | 135 |
|
|
||
| Cost of Program | 12,731 | 12,667 |
|
|
||
|
|
||
| Full Time Equivalents | 100 | 100 |
|
|
||
Supplementary Estimates : Funding for PIPEDA was originally approved on its coming into force for three years starting in 2000-2001. At that time, the true resource requirements could not be satisfactorily determined because of the uncertainty of the impact of PIPEDA on the Office's activities. It was intended that a review of funding requirements be completed in 2003-2004 but the review was postponed due to the institutional renewal which was required following problems highlighted in the Auditor General's September 2003 report regarding the OPC. With the concurrence of the TBS, the review was postponed for one more year due to continuing uncertainty regarding the future workloads. The Office will present a business case reviewing the complete operations and resource requirements to Treasury Board for its consideration. A final decision on funding is expected by the end of September 2005.
Comparative Resource Information : The OPC like other federal organizations would normally present information on financial and human resources for the four years 2004-2005 to 2007-2008 in line with Treasury Board approved multi-year resource reference levels. Unfortunately, the OPC cannot present comparative multi-year resource information for 2006-2007 and 2007-2008 until Treasury Board considers the business case described above.
| Program Activity | Operating | Capital | Contributions | Planned Spending |
| Assess and investigate compliance with privacy obligations | 7,620 | 76 | — | 7,696 |
| Privacy Issues: research and policy | 1,789 | 14 | 200 | 2,003 |
| Privacy Education — promotion and protection of privacy | 1,604 | 10 | — | 1,614 |
| Total | 11,013 | 100 | 200 | 11,313 |
| Privacy Act | R.S.C. 1985, ch. P21, amended 1997, c.20, s. 55 |
| Personal Information Protection and Electronic Documents Act | 2000, c.5 |
Statutory reports, publications and other information are available from the Office of the Privacy Commissioner of Canada, Ottawa, Canada K1A 1H3; tel.: (613) 995-8210 and on the Office's Web site at www.privcom.gc.ca
Mr. Tom Pulcine
Chief Financial Officer
Office of the Privacy Commissioner of Canada
Place
de Ville, Tower B
112, Kent St., Suite 300
Ottawa, Ontario K1A 1H3
Telephone: (613) 996-5336
Facsimile: (613) 947-6850
