Treasury Board of Canada Secretariat - Government of Canada
Skip to Side MenuSkip to Content Area
Français Contact Us Help Search Canada Site
What's New About Us Policies Site Map Home

Estimates
About
Catalogue No. :
BT31-2/2006-III-76
ISBN:
0-660-62779-5
Alternate Format(s)
InstructionsPDF (756 Kb)
Printable Version

RPP 2005-2006
Offices of the Information and Privacy Commissioners

Previous Table of Contents  
Jennifer Stoddart
Privacy Commissioner of Canada		 The Honourable Irwin Cotler
Minister of Justice and Attorney General of Canada

Section I:

Privacy Commissioner's Message
Management Representation Statement

Section II:

Raison d'Être
Overview of Resources and Priorities
Operating Environment
Internal Factors Affecting Program Delivery
External Factors Affecting Privacy and the Office
OPC Priorities and Plans for 2005-2006

Section III:

Analysis of Program Activities by Strategic Outcome
Organizational Information
Resource Tables
Sources of Additional Information

SECTION I

Privacy Commissioner's Message

I am pleased to present this 2005-2006 Report on Plans and Priorities which sets out the strategic directions, priorities, expected results and spending estimates for the Office of the Privacy Commission of Canada to deliver on its mandate to protect and promote the privacy rights of Canadians.

Moving forward, our Office will stabilize its resource base, complete its institutional renewal strategy and submit a business plancase to Treasury Board Secretariat to address its financial and resource allocation needs. While we have made great progress to modernize our management processes and administrative procedures, further sustained efforts are required to enable to Office to fully operate as a well-managed and efficient Parliamentary agency.

This Report describes the environment in which we operate and the internal and external factors affecting our program delivery to deal with emerging privacy issues. For 2005-2006, the Office has identified six operational priorities, which are:

  • To ensure fair, effective and efficient handling of privacy inquiries and complaints;
  • To assess the privacy impacts of federal government initiatives;
  • To advise Parliament on privacy issues;
  • To identify and research privacy issues and develop policy positions affecting both the private and federal public sectors;
  • To develop a comprehensive communications and outreach strategy to raise the understanding of privacy rights and obligations; and
  • To develop and implement communications and public education programs.

I look forward to the challenges ahead, and to working with the dedicated staff of the OPC and with Parliament as we endeavour to deliver on our priorities.

Jennifer Stoddart
Privacy Commissioner of Canada

Management Representation Statement

I submit for tabling in Parliament, the 2005-2006 Report on Plans and Priorities (RPP) for the Office of the Privacy Commissioner of Canada.

This document has been prepared based on the reporting principles contained in the Guide to the preparation of Part III of the Estimates: Reports on Plans and Priorities .

  • It adheres to the specific reporting requirements outlined in the TBS guidance;
  • It uses an approved program activity architecture (PAA) structure;
  • It provides a basis of accountability for the results achieved with the resources and authorities entrusted to it; and
  • It reports finances based on approved planned spending numbers from the Treasury Board Secretariat.

Jennifer Stoddart
Privacy Commissioner of Canada

SECTION II

Raison d'Être 

Our mission is to protect and promote privacy rights of individuals.

Our mandate is to oversee the application of the Personal Information Protection and Electronic Documents Act ( PIPEDA ) and the Privacy Act and within that context to protect and promote privacy.

The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate. In addition to the Privacy Commissioner, the Office has two Assistant Privacy Commissioners. Raymond D'Aoust is responsible for the Privacy Act , which covers the personal information-handling practices of federal government departments and agencies, and Heather Black is responsible for PIPEDA , Canada's new private sector privacy law.

The Commissioner is an advocate for the privacy rights of Canadians whose powers include:

  • investigating complaints and conducting audits under two federal laws;
  • publishing information about personal information-handling practices in the public and private sector;
  • conducting research into privacy issues; and
  • promoting awareness and understanding of privacy issues by the Canadian public.

The Commissioner works independently from any other part of the government to investigate complaints from individuals with respect to the federal public sector and the private sector.

Individuals may complain to the Commissioner about any matter specified in Section 29 of the Privacy Act . This Act applies to personal information held by the Government of Canada.

For matters relating to personal information in the private sector, the Commissioner may investigate all complaints under Section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation. To date, Quebec, British Columbia, and Alberta are the only provinces with legislation deemed to be substantially similar. However even in these three provinces, PIPEDA continues to apply to personal information collected, used or disclosed by federal works, undertakings and businesses throughout Canada, and to all personal information in interprovincial and international transactions by all organizations subject to the Act in the course of their commercial activities. At the time of writing, Industry Canada had issued a proposal order that would declare Ontario's Personal Health Information Protection Act , 2004 to be substantially similar to PIPEDA , as it relates to personal health information.

Mediation and conciliation, with a view to corrective action if necessary, are the preferred approaches to complaint resolution. The Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence if voluntary co-operation is not forthcoming. In certain circumstances, the Commissioner may take cases to the Federal Court.

Overview of Resources and Priorities

Financial Resources (in $ thousands)

2005-2006 2006-2007 2007-2008
$11,313* Note Note

Human Resources

2005-2006
100 FTEs

*This figure includes main estimates of $4,653 and supplementary estimates for activities under PIPEDA of $6,660.

Note: The OPC like other federal organizations would normally present information on financial and human resources for the three years 2005-2006, 2006-2007 and 2007-2008 in line with Treasury Board approved three year reference levels. Unfortunately, the OPC cannot present meaningful multi-year resource information because at the time of writing the approved reference levels do not include funding for the activities under PIPEDA . The OPC is preparing a business case to document the financial and human resources required to fulfill its mandate under the Privacy Act and PIPEDA . It is expected that the Treasury Board will consider the OPC's business case by the end of September 2005.

Operating Environment

This section describes the operating environment of the OPC in three parts. The first part describes the major program delivery mechanisms; the second and third parts describe important internal and external factors affecting program delivery.

Major Program Delivery Mechanisms

Investigations and Inquiries

The OPC seeks to promote fair information management practices by both public and private sector organizations in Canada in accordance with two federal privacy laws — the Privacy Act , which was enacted in 1983, and PIPEDA , the first phase of which took effect on January 1, 2001. The principal means of doing this is through complaint investigations, which are conducted by OPC's Investigations and Inquiries Branch. The Branch investigates complaints from individuals alleging that their personal information has been mismanaged or that they have been denied access or correction rights accorded them under these Acts. In conducting this work, Investigations and Inquiries is supported by activities of other branches, such as the Legal Services and Research and Policy branches. The Legal Services Branch helps with the interpretation of the two Acts and is involved in litigation concerning the interpretation and application of these Acts and in cases relating to the jurisdiction and powers of the Commissioner.

The Research and Policy Branch works with the Investigations and Inquiries Branch in establishing the Office's position on policy matters and provides investigators with research material to assist with the development of needed expertise in such areas as newly emerging technologies, which are the subject of an increasing number of complaints to the Office.

The Investigations & Inquiries Branch also responds to inquiries from members of the general public, government institutions, private sector organizations, and the legal community, who contact the Office on a wide variety of privacy-related issues.

Audits and Reviews

To safeguard Canadians' right to privacy, the OPC's Audit and Review Branch conducts compliance reviews under Section 37 of the Privacy Act . These reviews assess systems and practices for managing personal information from collection to disposal by federal departments and agencies. These reviews are carried out with reference to sections 4 to 8 of the Privacy Act and government policies and standards. This work is intended to encourage the growth of fair information practices by government institutions. The OPC also has the mandate, under Section 18 of PIPEDA , to conduct audits of the personal information management practices in the Canadian private sector.

Privacy Impact Assessments

The Government of Canada's Policy on Privacy Impact Assessments (PIA) has added to the responsibilities of the OPC. Our role, as defined in the Policy, is to assess the extent to which a department's PIA has succeeded in identifying privacy risks associated with a project or initiative and to comment on the appropriateness of the measures proposed to mitigate identified risks.

Support to Parliament

The Commissioner acts as Parliament's window on privacy issues, bringing to the attention of Parliament, issues that have an impact on the privacy rights of Canadians. We do this by tabling an Annual Report to Parliament, by appearing before Committees of the House of Commons and the Senate to comment on the privacy implications of proposed legislation and government initiatives and by identifying and analyzing issues that we believe should be brought to Parliament's attention.

The Office also assists Parliament to become better informed about privacy, acting as a resource or centre of expertise on privacy issues. This includes responding to a significant number of inquiries and letters from Senators and Members of Parliament.

Public Education and Communications

The Privacy Commissioner is specifically mandated under PIPEDA to conduct public education activities to ensure that the business community in Canada is complying with its obligations, as well as to make individuals aware of their rights.

Contributions Program

The Contributions Program supports the development of national privacy research capacity in the voluntary, academic and not-for-profit sectors to generate and transfer knowledge on the privacy impact of emerging technologies.

Internal Factors Affecting Program Delivery

The 2003-2004 Performance Report to Parliament described the substantial progress made by the Office in meeting the challenges and correcting the problems which followed the resignation of the previous commissioner.

Two major internal challenges remain: the staffing of vacant positions and establishing the appropriate multi-year budget for the Office.

Staffing of Vacant Positions

The Office has established corrective measures in Human Resource management as a result of the series of audits, which have significantly increased the time it takes to fill vacancies. Expanding the area of selection to ensure an appropriate level of potential pool of candidates has resulted in a significant increase of candidates.

The vacancies in combination with increases in the number of complaints under PIPEDA and increases in the number of inquires have created backlogs.

Establishing the Appropriate Multi-year Budget for the Office

In accordance with decisions of the Treasury Board, the Office must present a business case containing long-term solutions and options for its multi-year budgets. The business case will be comprehensive, covering all of the operational activities and administrative services of the Office. As well, the business case will be supported by various analyses of business processes and workloads. A formal business process review of the Investigations and Inquiries Branch will be completed in March 2005. The purpose of this review is to assess the Branch's business processes to determine whether further efficiency can be achieved and to confirm performance standards. It is expected that the Treasury Board will consider the business case by the end of September.

External Factors Affecting Privacy and the Office

The societal, political, technological and economic environment in which we operate determines the strategic focus of our activities, and the demands and pressures on our resources. Some of the principal elements of this environment are the following:

National Security, Law Enforcement and Public Safety

In the last several years, we have seen a series of government initiatives related to national security, law enforcement and public safety. Some examples are the Anti-Terrorism Act , the Public Safety Act , the creation of databases on airline passengers, the national sex-offender registry, increasing video surveillance of public places, and proposals to introduce a national identity card. Although very different on the surface, these initiatives all share certain features:

  • they involve the collection, use and sharing of personal information;
  • they are based on a common assumption that if law enforcement and national security agencies have access to more personal information about more individuals we will have a safer society; and
  • they raise significant concerns from a privacy perspective.

Defending privacy in the face of apparent growing public concerns about public safety has been, and will continue to be, a challenge for this Office. We expect that there will be continuing domestic and international pressure to introduce new measures related to national security, law enforcement and public safety.

Proliferation of Surveillance Technologies

Technologies designed for, or capable of being used for, surveillance of individuals have occupied the attention of the Office since its inception. They are increasingly widespread, and easily available to government bodies, law enforcement and national security agencies, businesses, and even individuals. From video surveillance cameras, Internet-transmitted spy ware, and "black boxes" in cars to infrared heat sensors, radio-frequency identification tags, and data mining, the means by which personal information can be collected from individuals without their consent and often without their knowledge are rapidly expanding.

Many of these technologies have laudable uses, serving legitimate social, economic, and individual purposes. It is their abuse, and in particular their use without regard for fair information practices and fundamental privacy rights, that is of great concern. The OPC will address technologies generally through a fair information practices lens, but careful inquiry and analysis, and specific approaches, will be required for specific technologies and applications.

Identification and Authentication

Governments and the private sector share a common belief that they need faster, more reliable and more secure methods to identify and authenticate individuals. In both sectors we are seeing a growing interest in biometrics, smart cards, "e-identities" and other identifiers. These are viewed as the enablers of e-government and e-commerce, and as a solution to such diverse problems as money-laundering, terrorism, credit fraud, identity theft, and benefit entitlement fraud.

The OPC supports legitimate efforts to combat these problems, but is concerned about the risks that personal identifiers present for privacy. Identifiers, especially the same identifier used by different organizations for various transactions, can link individuals' transactions, revealing information about them to the point that profiles can be constructed.

The pressure for high-integrity identification is intense, particularly from government, notwithstanding the abandonment of proposals for a national identity card. Authentication (which is not necessarily the same as identification) is central to the federal government's Government On-Line initiatives. Citizenship and Immigration has introduced a new, more secure, Permanent Resident Card, and the Canadian Passport Office is now developing a biometrically-enhanced passport. The federal, provincial and territorial governments are working together to create a coherent identity policy and uniform standards across programs and jurisdictions to improve the security of documents such as birth certificates.

We expect continuing pressure and new initiatives to improve identification and authentication of citizens in both the public sector and in the private sector. The Office, in line with its general position on technology, will continue to address identification initiatives by applying the principles of fair information practices. We will also examine alternatives, such as "anonymizing" technologies, to the widespread use of identifiers.

Transborder Flows of Personal Information

Personal information in Canada is well protected by federal and provincial privacy legislation, but information in a globalized economy travels readily across jurisdictional boundaries, and personal information may find its way to jurisdictions that do not provide the protections that Canadians expect. This can occur through transfers of personal information from one government to another, from private companies directly to foreign governments, or from private companies to other private companies. Outsourcing of information processing operations by government or private sector organizations has become commonplace. However, this outsourcing can put personal information at risk.

This issue will put significant demands on the OPC in the coming planning period. Canadians have indicated a growing unease with their personal information escaping their control and the means of recourse available to them under Canadian legislation. Similarly, residents of other countries have legitimate concerns about what happens to their personal information when it is collected by a Canadian governmental or private sector organization. While PIPEDA provides protections in both these cases, the older Privacy Act is less adequate, and addressing this will occupy the OPC's attention.

E-government, E-commerce and E-health

Governments, businesses, and health systems are increasingly moving away from paper-based systems towards electronic transactions. This phenomenon is not new but it is increasing in importance. Electronic service delivery and record-keeping have significant advantages and the public, on the whole, is supportive of the convenience and swiftness of electronic transactions. This promises economic benefits for businesses and cost savings for government and health systems.

Full acceptance of these systems, however, will depend on their privacy implications being addressed. These implications include the development and merging of ever-larger databases of personal information drawn from transactions, the difficulty of limiting information collection, use and disclosure to what is necessary for reasonable purposes, and the challenge of ensuring on-line security and confidentiality of personal information. The OPC is engaged at a multitude of levels by this phenomenon: as a guardian of individuals' rights as set out in federal privacy laws, as a public educator, and as an adviser to individuals, government, businesses, and Parliament.

OPC Priorities and Plans for 2005-2006

In the context of our internal and external environment, the Office has identified the following six highest priorities for our program during the 2005-2006 fiscal year. We will report to Parliament in the fall of 2006 on our performance in these areas.

Priorities Type
1. Ensure fair, effective and efficient handling of privacy inquiries and complaints. Ongoing
2. Assess the privacy impacts of federal government initiatives. Ongoing
3. Advise Parliament on privacy issues. Ongoing
4. Identify and research privacy issues, and develop policy positions affecting both the private and federal public sectors. Ongoing
5. Develop a comprehensive communications and outreach strategy to raise the understanding of privacy rights and obligations. New
6. Develop and implement communications and public education programs. Ongoing

Priority 1: Ensure fair, effective and efficient handling of privacy inquiries and complaints

  1. Conduct investigations and respond to inquiries

    The Investigations and Inquiries Branch will continue to respond to inquiries and conduct thorough investigations in as timely a manner as possible.

  2. Streamline the handling of investigations and inquiries

    In response to increasing workloads, we have placed a greater emphasis on dealing with complaints through alternative dispute resolution as a means of resolving complaints more quickly and efficiently. We have also decentralized case handling in order to reduce processing time. We will continue with this approach, as well as working with member associations (groups that represent certain sectors of private industry) to address systemic issues raised by the public through inquiries and complaints.

    In late 2004, the Office initiated a thorough business process review of our core business, i.e. Investigations and Inquiries. The review will be completed by March 31, 2005.

    The review will also provide the basis for determining appropriate resource levels, given the workload.

  3. Implement process to follow-up on recommendations resulting from the investigation of complaints

    A complaint investigation may result in a letter of findings with recommendations aimed at improving the practices of the respondent organization to prevent any recurrence of a breach of privacy rights. In 2004-2005, the Office completed a survey of a sample of PIPEDA cases to determine the status of the implementation of recommendations.

    Since the fall of 2004, we have been following up on the implementation status of all recommendations made under both the Privacy Act and PIPEDA . Investigations and Inquiries with Legal Services and Audit and Review, will continue this follow-up. This measure will ensure compliance with recommendations.

  4. Identify solutions to address growing caseloads in Privacy Act and PIPEDA complaints

    Between January 1, 2003 and January 1, 2005, the number of open files of complaints has grown under the Privacy Act by 21% from 929 to 1128 and under PIPEDA by 144% from 235 to 570. This growth is attributable to a number of causes, for example the number and complexity of cases resulting from the implementation of the final phase of PIPEDA , on January 1, 2004. In addition, PIPEDA stipulates that a report of findings must be prepared within one year of the complaint being filed; to respect this time limit under PIPEDA , we reassigned three investigators from Privacy Act cases to PIPEDA cases. Consequently, there are fewer investigators to handle complaints under the Privacy Act . We will continue to identify and implement solutions to address the backlog such as more staff training and development and simplified standard responses.

  5. Improve the Software Systems Supporting Inquiries and Investigations

    In 2004-2005, we rolled-out a new caseload management system called IIA (Integrated Investigation Application) that has facilitated caseload tracking and reporting, and given us better tools for managing PIPEDA -related investigations. In 2005-2006, we will improve the software systems supporting inquiries and investigations by integrating the investigations case-load management system IIA with the inquiries management system called CCM (Correspondence and Case Management) and our electronic records management system called RDIMS (Records Document and Information Management System).

  6. Harmonize OPC's procedures for handling PIPEDA complaints with Provincial Commissioners and provincial legislation

    Some investigations involve federal-provincial cross-jurisdictional issues. In order to minimize duplication of efforts and maximize benefits for all Canadians, the OPC held discussions with its provincial counterparts in British Columbia and Alberta (both provinces have personal information protection legislation that was deemed substantially similar to PIPEDA in 2004) about a harmonized approach to the handling of complaints where the complaint is against an organization in either of these provinces. We have a well established consultation process that includes monthly conference calls between the OPC and British Columbia and Alberta's Information and Privacy Commissioners' Offices. OPC is also discussing harmonization approaches with Ontario's Information and Privacy Commissioner's Office as a result of the issuing of a proposed order that would declare Ontario's Personal Health Information Protection Act substantially similar to PIPEDA with regard to personal health information.

    The Investigations and Inquiries Branch, in consultation with Legal Services, will continue to fine tune established approaches and procedures to deal with cross-jurisdictional complaints.

Priority 2: Assess the Privacy Impacts of Federal Government Initiatives

  1. Develop capacity to process and reduce backlogs and promote PIA best practices

    In 2002, Canada became the first country in the world to make PIAs mandatory for all federal departments and agencies. The Treasury Board's PIA Policy is intended to protect the privacy of Canadians in all transactions with the government by ensuring that privacy considerations are built into government projects at the outset. Assessing the privacy impact up-front helps managers and decision-makers avoid or mitigate privacy risks and promote fully informed policy, program and system design choices.

    While the OPC supports the goals and objectives of the PIA Policy, there are significant resource implications which need to be addressed. The Office requires permanent funding by the Treasury Board in order to provide expert advice to government departments as they seek to comply with the Policy. Discussions will be undertaken with the TBS to discuss service expectations and resource requirements.

Priority 3: Advise Parliament on Privacy Issues

In order to improve our ability to advise Parliamentary committees, we will focus on strengthening and systematizing our procedures by:

  • assessing, monitoring and forecasting Parliamentary activity;
  • improving our liaison with Senators, MPs and Parliamentary staff;
  • analyzing the legal and policy implications of bills and government proposals; and
  • providing the Commissioner with support to advise Parliamentarians.

We will develop a strategy to improve our ongoing communications with Parliamentarians by means of information packages, special reports and the annual reports on the Privacy Act and PIPEDA . As well, we will put in place a system to track communications with individual Senators and MPs to ensure useful, timely, and consistent responses.

Priority 4: Identify, Research and Develop Policy Positions on Privacy Issues Affecting both the Private and Public Sectors

  1. Develop content expertise

    We plan to enhance and focus our policy expertise especially on the impacts of technology on privacy. We will identify potential partners and sources of external expertise to augment our internal policy and research capabilities. In addition, we will strengthen our own internal research capacity through continuous staff learning and development.

  2. Focus policy research function

    We intend to focus our policy research on those areas where we can have impact. We will review current research activities and proposed activities and set priorities based on the following criteria:

    • meeting larger OPC objectives,
    • supporting investigative and audit functions,
    • addressing legislative and regulatory initiatives, and
    • coordinating with provincial commissioners, advocacy groups, private sector associations, academics, etc.
  1. Conduct systematic monitoring of the "privacy environment"

    Our monitoring of the "privacy environment" of both the private and public sectors will become more systematic in identifying and tracking issues and in identifying responsibilities and strategies for addressing issues.

  2. Strengthen relationships with federal entities

    We will strengthen our working relationships with federal departments and agencies to ensure early consultation, and identification of privacy concerns, on legislative, regulatory and program initiatives.

  3. Contribution Program

    The Contribution Program will capitalize on existing research expertise and capability; build links with researchers, voluntary organizations, academics and our provincial counterparts; and encourage the development of privacy expertise on emerging technologies.

Priority 5: Develop a Comprehensive Communications and Outreach Strategy to Raise the Understanding of Privacy Rights and Obligations

  1. Establish baseline measures of stakeholder knowledge

    We plan to take a more strategic and focused approach to our communications and public education activities. We will first clearly identify who our target audiences are and gauge their knowledge of privacy issues through public opinion research and other communications evaluation and monitoring mechanisms. This will enable the Office to establish a benchmark for measuring stakeholder knowledge and perceptions of privacy rights and obligations under the two Acts.

  2. Engage in collaborative partnership with stakeholders and harness external knowledge

    We will engage in proactive efforts to work collaboratively with other key privacy stakeholders to better inform and engage the public on privacy issues, as part of a more robust outreach strategy. Public education is a shared responsibility among jurisdictions and key stakeholders. By harnessing the knowledge of stakeholders on the privacy perceptions and needs of Canadians, we will play a national leadership role in encouraging a more seamless approach to privacy protection and promotion.

Priority 6: Develop and Implement Communications and Public Education Programs

  1. Identify, document and communicate privacy "best practices" in both the public and private sectors

    Pulling together expert advice from those who have implemented best practices and seen the results will be a valuable asset to Canada's privacy protection and promotion efforts. We hope through our communications and outreach to identify, document and communicate examples of best practices in protection of personal information to create a greater awareness of privacy as a fundamental social value.

  2. Create opportunities to engage citizens in public dialogue on key privacy issues

    By encouraging citizens to participate in dialogue on key privacy issues and policies that affect their day-to-day lives, we may foster greater awareness and understanding of the shared responsibility for the protection and promotion of privacy rights and obligations. We plan on engaging citizens in dialogue on the privacy impact of key issues such as video surveillance, RFIDs, identity theft and protection of health information.

  3. Evaluate the impacts of the communications and outreach strategy and adjust accordingly

    We plan to evaluate the impact of our communications and outreach programs and initiatives, so we can assess our effectiveness in delivering on our public education mandate.

SECTION III

Analysis of Program Activities by Strategic Outcome

This section provides information on the basis of the Office's program activity architecture (PAA). The PAA, approved by Treasury Board, provides the structure for planning and reporting the Office's activities.

Our program has three operational activities aimed at achieving one strategic outcome on behalf of Canadians. The administrative costs are allocated to the operational activities.

Strategic Outcome Protection of the Privacy Rights of Canadians
Activities 1. Assess and investigate compliance with privacy obligations 2. Privacy Issues: research and policy 3. Privacy Education — promotion and protection of privacy

Program Activity 1: Assess and investigate compliance with privacy obligations

Resources:

  2004-2005 2005-2006
Financial Resources - $000 7,732 7,696
Human Resources - FTEs 76 76

Activity Description

The OPC is responsible for investigating complaints and responding to inquiries received from individuals and organizations who contact the Office for advice and assistance on a wide range of privacy-related issues. The OPC also assesses how well organizations are complying with requirements set out in the two federal laws and provides recommendations on PIAs pursuant to the Treasury Board of Canada policy. This activity is supported by a legal team that provides specialized legal advice and litigation support.

Organizational Responsibilities

The Investigations and Inquiries Branch is responsible for investigating complaints received from individuals. The Branch's Inquiries Division responds to thousands of inquiries annually from the general public and organizations who contact the Office for advice and assistance on a wide range of privacy-related issues.

The Audit and Review Branch assesses how well organizations are complying with the requirements set out in the two federal laws. The Branch also receives analyses and provides recommendations on PIA Reports pursuant to the Treasury Board's PIA Policy.

Legal Services provides the necessary specialized legal advice and litigation support.

Priorities for this activity

The operations under this activity will lead to the achievement of two of our six highest priorities described in Section II.

Priorities Type
1. Ensure fair, effective and efficient handling of privacy inquiries and complaints. Ongoing
2. Assess the privacy impacts of federal government initiatives. Ongoing

Performance Measurement and Reporting

We will report on our performance under this activity using indicators that measure workload and output such as:

  • the number of inquiries, investigations and PIA's received, in process and closed
  • the volume of litigation actions
  • the percentage completion of the audit and review plan
  • the percentage of complaints resolved to the satisfaction for both the complainant and the respondent using alternate dispute resolution methods

We will also measure results for example on the implementation of recommendations made as a result of investigations, reviews of PIAs, and audits and reviews.

Program Activity 2: Privacy Issues: research and policy

Resources: 2004-2005 2005-2006
Financial Resources - $000 2,045 2,003
Human Resources - FTEs 14 14

Activity Description

The OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends, monitoring legislative and regulatory initiatives, providing analysis on key issues, and developing policy positions that advance the protection of privacy rights. An important part of the work done involves supporting the Commissioner and Assistant Commissioners in providing advice to Parliament on legislation and on government program initiatives that may impact on privacy.

Organizational Responsibilities

The Research and Policy Branch is responsible for researching privacy issues, and developing and advising on policy positions. The Branch supports the Commissioner and Assistant Commissioners by identifying legislation; new programs and emerging technologies that raise privacy concerns; providing advice and policy options; drafting discussion and position papers for public consumption on issues affecting privacy; and preparing briefing material for public appearances by the Commissioner and other staff.

In this role the Office responds to a significant number of inquiries from Senators and Members of Parliament.

Priorities for this activity

The operations under this activity will lead to the achievement of the following two priorities described in Section II.

Priorities Type
Identify and research privacy issues, and develop policy positions affecting both the private and federal public sectors. Ongoing
Advise Parliament on privacy issues. Ongoing

Performance Measurement

The Office will report in the 2005-2006 Departmental Performance Report and/or in the Annual Report on the outputs of this activity using indicators such as the appearances before Parliamentary committees (number, purpose and result); the support provided to individual Parliamentarians (number of inquiries, meetings, requests for information, etc.); and the major research and policy documents produced (number and issues addressed). For the Contribution Program, we will report for each contribution project, the name of the recipient, the amount of the contribution, the purpose, output and result.

Program Activity 3: Privacy Education — promotion and protection of privacy.

Resources:

  2004-2005 2005-2006
Financial Resources - $000 1,619 1,614
Human Resources - FTEs 10 10

Activity Description

The OPC plans and implements a number of public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material.

Organizational Responsibilities

The Public Education and Communications Branch focuses on providing strategic advice on outreach and public education issues to the Commissioner and Assistant Commissioners. In addition, the Branch plans and implements a number of public education and communications activities, including the issuing of news releases, conducting media interviews, developing speeches for conferences and special events and analyzing public perceptions of privacy issues through environmental monitoring for the Commissioner and senior staff .

The Branch develops communications tools to address privacy issues of concern to Canadians, maintains the OPC Web site, develops and publishes material for a variety of audiences, including the annual reports to Parliament and numerous guides for businesses and individuals.

Priorities for this activity

This activity will lead to the achievement of the following two priorities described in Section II.

Priorities Type
Develop a comprehensive communication and outreach strategy to raise the understanding of privacy rights and obligations. New
Develop and implement communications/public education programs. Ongoing

Performance Measurement

We will report on the outputs and results of this activity using indicators such as the volume of inquiries handled, the use of our Web site, the number of publications distributed, the number of presentations made to key target audiences. We will also wherever possible, evaluate the impact or outcome of our proactive outreach efforts through anecdotal and quantitative and qualitative research.

Organizational Information

Organizational Information

The Privacy Commissioner is an Officer of Parliament appointed by the Governor-in-Council following approval of her nomination by resolution of the Senate and the House of Commons. The OPC is designated by Order-in-Council as a department for the purposes of the Financial Administration Act . As such, it is established under the authority of schedule 1.1 of the Financial Administration Act and reports to Parliament for financial administration purposes through the Minister of Justice. The Privacy Commissioner is accountable to and reports directly to Parliament on all achieved results.

The roles of the Research and Policy, Public Education and Communications, Legal Services, Investigations and Inquiries, and Audit and Review Branches are described in the preceding sections. The roles of the administrative branches, Corporate Services and Human Resources, are set out below.

Corporate Services

The Corporate Services Branch, headed by the Office's Chief Financial Officer provides advice and integrated administrative services (finance, information technology and general administration) to managers and staff.

The Branch's most important priority will be to lead the development of a comprehensive business case which will identify the appropriate level of financial and human resources to enable the Office to fulfil its mandate efficiently and effectively. The business case will support a submission to the Treasury Board to seek its approval of multi-year budgets.

The Corporate Services Branch will also lead a number of important initiatives linked to the OPC's goal of becoming a well-managed, effective and efficient Parliamentary agency. These initiatives focus on developing and implementing the Office's management accountability framework and integrated information management architecture.

Human Resources

Human Resources is responsible for the management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation.

The priorities for the HR Branch in the 2005-2006 fiscal year include:

  • implementing the human resource strategy that addresses the Office's staff recruitment, retention and development needs
  • creating a learning environment

Resource Tables

Table 1: Departmental Planned Spending and Full Time Equivalents

($ thousands) Forecast Spending
2004-2005 		Planned Spending
2005-2006
Vote 45 - Operating expenditures 3,918 3,925
Statutory - Contributions to employee benefit plans 781 728
Total Main Estimates 4,699 4,653
Adjustments:    
Supplementary Estimates for activities under PIPEDA 6,664 6,660
Total Planned Spending 11,363 11,313
Plus: Cost of services received without charge    
Accommodation provided by Public Works and Government Services Canada (PWGSC) 647 647
Contributions covering employers' share of employees' insurance premiums and expenditures paid by TBS (excluding revolving funds) 571 572
Audit of the financial statements by the Office of the Auditor General of Canada 150 135
Cost of Program 12,731 12,667

Full Time Equivalents 100 100

Supplementary Estimates : Funding for PIPEDA was originally approved on its coming into force for three years starting in 2000-2001. At that time, the true resource requirements could not be satisfactorily determined because of the uncertainty of the impact of PIPEDA on the Office's activities. It was intended that a review of funding requirements be completed in 2003-2004 but the review was postponed due to the institutional renewal which was required following problems highlighted in the Auditor General's September 2003 report regarding the OPC. With the concurrence of the TBS, the review was postponed for one more year due to continuing uncertainty regarding the future workloads. The Office will present a business case reviewing the complete operations and resource requirements to Treasury Board for its consideration. A final decision on funding is expected by the end of September 2005.

Comparative Resource Information : The OPC like other federal organizations would normally present information on financial and human resources for the four years 2004-2005 to 2007-2008 in line with Treasury Board approved multi-year resource reference levels. Unfortunately, the OPC cannot present comparative multi-year resource information for 2006-2007 and 2007-2008 until Treasury Board considers the business case described above.

Table 2: Program by Activity 2005-2006 ($ thousands)

Program Activity Operating Capital Contributions Planned Spending
Assess and investigate compliance with privacy obligations 7,620 76 7,696
Privacy Issues: research and policy 1,789 14 200 2,003
Privacy Education — promotion and protection of privacy 1,604 10 1,614
Total 11,013 100 200 11,313

Sources of Additional Information

Legislation Administered by the Privacy Commissioner

Privacy Act R.S.C. 1985, ch. P21, amended 1997, c.20, s. 55
Personal Information Protection and Electronic Documents Act 2000, c.5

Statutory Annual Reports, Other Publications and Information

Statutory reports, publications and other information are available from the Office of the Privacy Commissioner of Canada, Ottawa, Canada K1A 1H3; tel.: (613) 995-8210 and on the Office's Web site at www.privcom.gc.ca

  • Privacy Commissioner's Annual Report .
  • Performance Report to Parliament, for the period ending March 31, 2004 . Available through local booksellers or by mail from Public Works and Government Services — Publishing, Ottawa, Canada K1A 0S9.
  • Your Privacy Rights: A Guide for Individuals to the Personal Information Protection and Electronic Documents Act .
  • Your Privacy Responsibilities: A Guide for Businesses and Organizations to the Personal Information Protection and Electronic Documents Act .

Contact for Further Information on the Report on Plans and Priorities

Mr. Tom Pulcine
Chief Financial Officer
Office of the Privacy Commissioner of Canada
Place de Ville, Tower B
112, Kent St., Suite 300
Ottawa, Ontario K1A 1H3

Telephone: (613) 996-5336
Facsimile: (613) 947-6850


 
Previous Table of Contents  
Date Modified:  2005-03-24 Top of Page Important Notices