Annual Reports on the Access to Information Act and the Privacy Act

Government institutions are reminded that they must submit their 2004-2005 annual reports to Parliament, as required by sections 72 of the Access to Information Act and of the Privacy Act. Each annual report must be submitted "within three months after the financial year in respect of which it is made or, if the House is not then sitting, on any of the first fifteen days next thereafter that it is sitting". 

Annual Reports To Parliament

These instructions are intended to assist in the preparation and submission of annual reports to Parliament. Further information on this subject may be obtained by referring to the Treasury Board Manual, Access to Information and Privacy and Data Protection volumes. The general outline of the reports should conform to the following instructions. 

Detailed Instructions

Please refer to Appendix A for instructions on how to submit your report. In addition, Implementation Report No. 97 provides guidance on the preparation of the statistical reports to be included in the annual reports. 

New Reporting Requirements

The Privacy Impact Assessment Policy (PIA Policy), which came into effect on May 2, 2002, requires the Treasury Board Secretariat to monitor compliance through a variety of means. Given this responsibility, institutions are required to report the following information for fiscal year 2004-2005:

• the number of PIAs and Preliminary Privacy Impact Assessments (PPIA) initiated;

• the number of PIAs and PPIAs completed;

• a brief description of each PIA and PPIA completed and the link to its summary on your institution’s website;

• the number of PIAs and PPIAs forwarded to the Office of the Privacy Commissioner. 

This will be an annual reporting requirement. 

Institutions are also asked to include the following information in their annual reports for 2004-2005:

• an overview of the types of disclosures made pursuant to subsection 8(2) of the Privacy Act during the fiscal year; and 

• the number of new data matching and sharing activities undertaken and a short description of each activity. 

Please note that the reporting requirements for 8(2) disclosures, data matching and sharing activities will be mandatory in subsequent years. 

Content of 2004-2005 Annual Reports 

Annual reports are the means by which government institutions account for their efforts to administer access to information and privacy legislation. It is important to emphasize that reports should reflect the unique experiences of institutions and no single format can serve the needs of all departments and agencies. 

A sample “Table of Contents” listing elements that typically comprise annual reports is attached as Appendix A.

The reports should provide an overall view of institutions’ access to information and privacy policies and procedures. They should highlight recent developments and accomplishments, such as changes aimed at expediting processing activities and reducing turnaround times for requests. Reference should be made to any improvements to the provision of information through both formal and informal access channels.

Reports should also identify issues that have privacy implications, such as legislative, policy and service delivery initiatives, privacy impact assessments, data matching and data sharing agreements and the impact of new technologies. 

Statistical reports must be included. Any major trends, discrepancies or links pertaining to the statistics should be documented in the text. In addition, the reasons for complaints, the findings of the Commissioners, appeals to the Courts, and decisions and remedial actions implemented should be outlined to provide a balanced view of the institution’s performance. 

Reports should include references to organizational changes or changes to the decision-making process, notably to delegation orders. There is no need to repeat information provided in earlier reports. In making the distinction between repetition and cross-reference, institutions should be guided by convenience to the reader. 

Copies of recent annual reports are available in the Information, Privacy and Security Policy Division. Anyone who is interested in examining them should arrange to view them at the Treasury Board Secretariat. 

Authorization

Although annual reports must be approved by the Minister, they do not have to be signed by the Minister. Reports are to be accompanied by a letter of transmittal from the Minister to the Clerk of the House of Commons and to the Clerk of the Senate. 

Institutions subject to both the Access to Information Act and the Privacy Act must prepare separate annual reports for each Act, although they may be submitted under the same cover. 

In the letter of transmittal, the Minister must indicate that: 

• The reports are tabled in accordance with section 72 of the Access to Information Act and section 72 of the Privacy Act.

• The reports are to be referred to the Standing Committee on Justice and Human Rights. 

Submission

Copies of the annual reports to Parliament must be submitted to the following: 

Mr. William C. Corbett
Clerk of the House of Commons
Centre Block, Room 228-N
House of Commons
Parliament Buildings
Ottawa, Ontario  K1A 0A6

One copy 

Mr. Paul Bélisle 
Clerk of the Senate and Clerk of the Parliaments
Centre Block, Room 183-S
Senate of Canada
Parliament Buildings
Ottawa, Ontario  K1A 0A4

One copy 

The Information Commissioner of Canada
Place de Ville, Tower B 
112 Kent Street, 22nd Floor
Ottawa, Ontario K1A 1H3

One copy (access only) 

Privacy Commissioner of Canada
Place de Ville, Tower B
112 Kent Street, 3rd Floor
Ottawa, Ontario  K1A 1H3

One copy (privacy only) 

Colette Dubois
Information, Privacy and Security Policy Division
Treasury Board of Canada Secretariat
219 Laurier Avenue West, 14th Floor 
Ottawa, Ontario  K1A 0R5

Two copies 

Enquiries

Please direct any questions regarding these instructions to Information, Privacy and Security Policy Division at (613) 954-3720 or by e-mail to Olive.Nancy@tbs-sct.gc.ca. 

Donald Lemieux

Acting Senior Director
Information, Privacy and Security Policy Division
Chief Information Officer Branch

Appendix A

Annual Reports to Parliament 

Table of Contents

The following sections may be contained in individual reports: 

Access to Information

(a)    Introduction, including highlights and accomplishment

(b)    Statistical report 

(c)    Interpretation of the statistical report, such as the description of significant trends and details on the processing of requests, the application of exemptions and exclusions, completion times and extensions 

(d)    Institutional policies and procedures 

(e)    Organization of activities, including the delegation of authority 

(f)    Significant changes, such as a change from a formal to an informal access channel or the use of new technologies 

(g)    Education and training activities, including briefing and awareness sessions indicating the number of sessions and the number of participants 

(h)    Complaints and investigations 

(i)    Appeals to the Courts 

Privacy

In addition to (a) through (i):

(j)    Information on Privacy Impacts Assessments and Preliminary Privacy Impact Assessments

(k)    Overview of the types of disclosures made pursuant to paragraph 8(2) of the Privacy Act

(l)    The number of new data matching and sharing activities undertaken and a short description of each activity 

(m)    Privacy impact of any legislative, policy and service delivery initiatives or data matching and data sharing agreements

(n)    Improvements to privacy protection, such as the use of privacy enhancing technologies