|
|
Annual Reports on the Access to Information Act and the Privacy Act
Implementation Report No. 107
May 30, 2007
To: Access to Information and Privacy Coordinators
Government institutions are reminded that they must submit their 2006-2007
annual reports to Parliament, as required by sections 72 of the Access to
Information Act and of the Privacy Act.
This applies only to those institutions that were subject to the ATIA and/or
the PA prior to April 1, 2007.
Each annual report must be submitted "within three months after the
financial year in respect of which it is made or, if the House is not then
sitting, on any of the first fifteen calendar days next thereafter that it is
sitting".
Annual Reports To Parliament
These instructions are intended to assist in the preparation and submission
of annual reports to Parliament. Further information on this subject may be
obtained by referring to the Treasury Board Manual, Access to
Information and Privacy and Data Protection volumes.
Reporting Requirements
Annual reports are the means by which government institutions account for
their efforts to administer access to information and privacy legislation. It is
important to emphasize that reports should reflect the unique experiences of
institutions and no single format can serve the needs of all departments and
agencies.
Please refer to Appendix A for detailed instructions about what mandatory
elements must be contained in your report and what elements must be included if
they apply for this reporting period. Reporting elements that have been
identified as mandatory shall be reviewed as part of the Management of
Accountability Framework (MAF) exercise. The other reporting elements will also
be taken into consideration. Implementation Report No. 106 provides guidance on
the preparation of the statistical reports to be included in the annual reports.
Institutions subject to both the Access to Information Act and the Privacy
Act must prepare separate annual reports for each Act, although they may be
submitted under the same cover.
Copies of recent institutional annual reports are available in the
Information and Privacy Policy Division. Anyone who is interested in examining
them should arrange to view them at the Treasury Board Secretariat. Please
contract Colette Dubois at 613-957-2455 or by e-mail to
Dubois.Colette@tbs-sct.gc.ca.
Authorization
Although annual reports must be approved by the Minister, they do not have to
be signed by the Minister. However, reports must be accompanied by a letter of
transmittal from the Minister to the Clerk of the House of Commons and to the
Clerk of the Senate.
In the letter of transmittal, the Minister must indicate that:
- The reports are tabled in
accordance with section 72 of the Access to Information Act and
section 72 of the Privacy Act.
- The reports are to be referred
to the Standing Committee on Access to Information, Privacy and Ethics.
Submission
Copies of the annual reports to Parliament must be submitted to the
following:
Ms. Audrey O'Brien
Clerk of the House of Commons
Centre Block, Room 228-N
House of Commons
Parliament Buildings
Ottawa, Ontario K1A 0A6
One copy
Mr. Paul C. Bélisle
Clerk of the Senate and Clerk of the Parliaments
Centre Block, Room 183-S
Senate of Canada
Parliament Buildings
Ottawa, Ontario K1A 0A4
One copy
The Information Commissioner of Canada
Place de Ville, Tower B
112 Kent Street, 22nd Floor
Ottawa, Ontario K1A 1H3
One copy (access only)
The Privacy Commissioner of Canada
Place de Ville, Tower B
112 Kent Street, 3rd Floor
Ottawa, Ontario K1A 1H3
One copy (privacy only)
Colette Dubois
Information and Privacy Policy Division
Treasury Board of Canada Secretariat
219 Laurier Avenue West, 14th Floor
Ottawa, Ontario K1A 0R5
Two copies
Enquiries
Please direct any questions regarding these instructions to the Information
and Privacy Policy Division at 613-957-2455 or by e-mail to Dubois.Colette@tbs-sct.gc.ca.
Donald Lemieux
Executive Director
Information and Privacy Policy Division
Chief Information Officer Branch
Attachment (Appendix A)
Appendix A – Annual Reports to Parliament
Access to Information
Please note which of the following elements must be contained in your
institution's Annual Report on the Access to Information Act. If your
institution does not have anything to report against each of the mandatory
elements – it must be explicitly stated. The other reporting elements
must be included in the Annual Report if your institution did anything in
relation to what has been specified. There is no specific order as to how this
information must be presented.
Reporting Elements
|
Reporting Requirement
|
Introduction, including the mandate of your institution and a summary
of your institution's access to information activities during the fiscal
year, i.e. your institution did not process any requests or other
undertakings that you would like to highlight.
|
Mandatory – although you may not have any specific aspects that you
wish to highlight.
|
Description of how the institution is structured to fulfil Access
to Information Act responsibilities.
|
Mandatory
|
A copy of the Delegation Order indicating what powers, duties and
functions have been delegated by the head of the institution and to whom,
or a statement that there has been no delegation.
|
Mandatory
|
Statistical Report
|
Mandatory
|
Interpretation of the statistical report, such as the description of
significant trends and details on the processing of requests, the
application of exemptions and exclusions, completion times and extensions.
|
Mandatory
|
A summary of significant changes to operations, policy, procedures,
tools, etc.
|
This must be included in the Annual Report if your institution
implemented any changes during the fiscal year.
|
Overview of institutional Access to Information Act related
policies and procedures implemented or revised during the fiscal year.
|
This must be included in the Annual Report if your institution
implemented any new or revised any existing policies or procedures.
|
Description of access-related education and training activities during
the fiscal year, including briefing and awareness sessions. Indicate the
number of sessions and the number of participants.
|
This must be included in the Annual Report if you delivered any of this
type of activity during the fiscal year.
|
Description of major changes implemented (if any) as a result of
concerns or issues raised by the Office of the Information Commissioner
(OIC), i.e. in his Annual Report to Parliament, in institutional report
cards, etc. or in other reviews/evaluations of how your institution
administers the Access to Information Act.
|
This must be included in the Annual Report if your institution
implemented any changes as a result of this type of activity.
|
Indicate if your institution had any Access complaints and summarize
key issues arising from complaints and/or investigations during the fiscal
year.
|
This must be included in the Annual Report if your institution was
involved in this type of activity during the fiscal year.
|
Enumeration of the number of appeals to the Courts during the fiscal
year, i.e. applications submitted to the Federal Court – Trial Division,
or the Federal Court of Appeal.
|
This must be included in the Annual Report if your institution was
involved in this type of activity during the fiscal year.
|
Privacy
Please note which of the following elements must be contained in your
institution's Annual Report on the Privacy Act. If your institution
does not have anything to report against each of the mandatory elements – it
must be explicitly stated. The other reporting elements must be included in the
Annual Report if your institution did anything in relation to what has been
specified. There is no specific order as to how this information must be
presented.
Reporting Elements
|
Reporting Requirement
|
Introduction, including the mandate of your institution and a summary
of your institution's privacy activities during the fiscal year, i.e. your
institution did not process any requests or other undertakings that you
would like to highlight.
|
Mandatory – although you may not have any specific aspects that you
wish to highlight.
|
Description of how the institution is structured to fulfil Privacy
Act responsibilities.
|
Mandatory
|
A copy of the Delegation Order indicating what powers, duties and
functions have been delegated by the head of the institution and to whom,
or a statement that there has been no delegation.
|
Mandatory
|
Statistical Report.
|
Mandatory
|
Interpretation of the statistical report, such as the description of
significant trends and details on the processing of requests, the
application of exemptions and exclusions, completion times and extensions.
|
Mandatory
|
A summary of significant changes/improvements to operations, policy,
procedures, privacy protection, etc.
|
This must be included in the Annual Report if your institution
implemented any changes during the fiscal year.
|
Overview of institutional Privacy Act-related policies and
procedures implemented or revised during fiscal year.
|
This must be included in the Annual Report if your institution
implemented any new or revised any existing policies or procedures.
|
Description of privacy related education and training activities,
including briefing and awareness sessions. Indicate the number of sessions
and the number of participants.
|
This must be included in the Annual Report if you delivered any of this
type of activity during the fiscal year.
|
Information on Privacy Impacts Assessments (PIA) and Preliminary
Privacy Impact Assessments (PPIA):
- the number of PIAs
and PPIAs initiated
- the number of PIAs
and PPIAs completed
- brief description of
each PIA completed and the link to its summary on your institution's
website
- the number of PIAs
forwarded to the OPC.
|
Mandatory
|
An overview of the types of disclosures made pursuant to subsections
8(2)(a) to 8(2)(m) of the Privacy Act during the fiscal year.
Note: this relates to disclosures made to entities external to your
institution and that resulted from requests from individuals/entities
outside of the institution. Statistical information is not required –
just a brief summary of all of the types of 8(2) disclosures made during
the reporting year; i.e. during this reporting year, the majority of
Institution X's 8(2) disclosures were made pursuant to 8(2)(a). Other
disclosures were made pursuant to 8(2)(e), 8(2)(i) and 8(2)(m). There were
no other types of 8(2) disclosures made during 2006-2007.
|
Mandatory
|
The number of new data matching and sharing activities undertaken (this
includes new internal data matching and sharing activities between
different sections of the institution) and a short description of each
activity.
|
Mandatory
|
Privacy impact of any legislative, policy and service delivery
initiatives or data matching or data sharing agreements.
|
This must be included in the Annual Report if your institution was
involved in this type of activity during the fiscal year.
|
Description of major changes implemented (if any) as a result of
concerns raised by the Office of the Privacy Commissioner (OPC), i.e. in
her Annual Report to Parliament, reviews of PIAs, or other
reviews/evaluations of how your institution administers the Privacy
Act.
|
This must be included in the Annual Report if your institution
implemented any changes as a result of this type of activity.
|
Indicate if your institution had any Privacy complaints and summarize
key issues arising from complaints and/or investigations during the fiscal
year.
|
This must be included in the Annual Report if your institution was
involved in this type of activity during the fiscal year.
|
Enumeration of the number of Appeals to the Courts during the fiscal
year, i.e. applications submitted to the Federal Court – Trial Division,
or the Federal Court of Appeal.
|
This must be included in the Annual Report if your institution was
involved in this type of activity during the fiscal year.
|
|