Access to Information and Privacy
2008-2009 Annual Report to Parliament on the Access to Information Act
August 2009
Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, Ontario
K1A 1H3
(613) 995-8210, 1-800-282-1376
Fax (613) 947-6850
TDD (613) 992-9190
This publication is also available on our Web site at www.priv.gc.ca.
Table of contents
Top of Page Table of Contents Introduction
The Access to Information Act (ATIA) came into effect on July 1, 1983. It provides Canadian citizens, permanent residents and any person and corporation present in Canada a right of access to information contained in government records, subject to certain specific and limited exceptions.
When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) was added to Schedule I of the ATIA along with other Agents of Parliament. So, while not initially subject to the ATIA, the OPC became so on April 1, 2007.
Section 72 of the ATIA requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institutions during the fiscal year.
The OPC is pleased to submit our second Annual Report which describes how we fulfilled our responsibilities under the ATIA during the fiscal year 2008-2009.
Top of Page Table of Contents Mandate / Mission of the OPC
The mandate of the OPC is to oversee compliance with both the Privacy Act (PA) which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.
The OPC’s mission is to protect and promote the privacy rights of individuals.
The Commissioner works independently from any other part of the government to investigate complaints from individuals with respect to the federal public sector and the private sector. In public sector matters, individuals may complain to the Commissioner about any matter specified in Section 29 of the PA.
For matters relating to personal information in the private sector, the Commissioner may investigate complaints under Section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Québec, British Columbia, and Alberta. Ontario now falls into this category with respect to personal health information held by health information custodians under its health sector privacy law. However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees. PIPEDA also applies to all personal data that flows across provincial or national borders, in the course of commercial transactions involving organizations subject to PIPEDA or to substantially similar legislation.
The Commissioner focuses on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.
As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:
- Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
- Pursuing legal action before Federal Courts where matters remain unresolved;
- Assessing compliance with obligations contained in the PA and PIPEDA through the conduct of independent audit and review activities, and publicly report on findings;
- Advising on, and review, Privacy Impact Assessments (PIAs) of new and existing government initiatives;
- Providing legal and policy analyses and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
- Responding to inquiries of Parliamentarians, individual Canadians and organizations seeking information and guidance and taking proactive steps to inform them of emerging privacy issues;
- Promoting public awareness and compliance, and fostering understanding of privacy rights and obligations through: proactive engagement with federal government institutions, industry associations, legal community, academia, professional associations, and other stakeholders; preparation and dissemination of public education materials, positions on evolving legislation, regulations and policies, guidance documents and research findings for use by the general public, federal government institutions and private sector organizations;
- Providing legal opinions and litigate court cases to advance the interpretation and application of federal privacy laws;
- Monitoring trends in privacy practices, identify systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
- Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever-increasing trans-border data flows.
Top of Page Table of Contents Organizational Structure
The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner is assisted by two Assistant Privacy Commissioners, one responsible for matters related to the PA and the other responsible for those related to PIPEDA.
The OPC is comprised of seven distinct branches:
Investigations and Inquiries Branch
The Investigations and Inquiries (I&I) Branch investigates complaints received from individuals under Section 29 of the PA and Section 11 of PIPEDA which may include allegations of the mismanagement of personal information but which are different from incident investigations. The Branch also investigates incidents that are different from individual complaints and not filed under those provisions. These incidents come to the Branch’s attention through various sources, including federal government institutions subject to the PA and entities subject to PIPEDA. The Branch also examines these occurrences in an effort to assist federal government institutions PA and organizations PIPEDA in ensuring that such incidents do not recur. The Branch is headed by Mr. Art Dunfee, Director General.
Audit and Review Branch
The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws. The Branch also analyses and provides recommendations on PIAs submitted to the OPC pursuant to the Treasury Board Secretariat Policy on PIAs. The Branch is headed by Mr. Steven Morgan, Director General.
Research, Education and Outreach Branch
The Research, Education and Outreach Branch is responsible for researching privacy and technology issues to support policy development, investigation and audit, and the public education program. The Branch administers the research program, which was launched in 2004 to support research into, and the promotion of, the protection of personal information. The Branch supports international outreach activities and stakeholder engagement activities. The Branch is headed by Mr. Colin McKay, Director.
Communications Branch
The Communications Branch focuses on providing strategic advice and support for communications and public education activities for the OPC. In addition, the Branch plans and implements public education and communications activities through media monitoring and analysis, public opinion polling, media relations, publications, special events and the OPC web site. The Branch is headed by Ms. Anne-Marie Hayden, Director.
Legal Services, Policy and Parliamentary Affairs Branch
The Legal Services, Policy and Parliamentary Affairs Branch provides strategic legal and policy expertise to the OPC on emerging privacy issues in Canada and internationally. It represents the OPC in litigation before the courts both in Canada and internationally, and provides advice to the Commissioners on the interpretation and application of the PA and PIPEDA. The Branch provides expert legal support to the operational Branches of OPC, including Inquiries & Investigations and Audit & Review, as well as general legal counsel on a variety of corporate matters. It is responsible for monitoring legislative and government program initiatives, analyzing them and advising the Commissioners on appropriate policy positions to protect and advance privacy rights in Canada. The Branch prepares for and supports the office in appearances before Parliament and in relations with Parliamentarians. The Branch is headed by Ms. Lisa Campbell, Acting General Counsel.
Human Resources
Human Resources is responsible for the provision of strategic advice, management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation. The Branch is headed by Ms. Maureen Munhall, Director.
Corporate Services
The Corporate Services Branch provides advice and integrated administrative services such as corporate planning, resource management, financial management, information management/technology and general administration to managers and staff. The Branch is headed by Mr. Tom Pulcine, Director General and Chief Financial Officer.
The Access to Information and Privacy (ATIP) Unit falls under the Corporate Services Branch. ATIP is headed by a Director who is supported by one Senior Analyst.
Under section 73 of the ATIA the Privacy Commissioner, as the head of the OPC, delegated her authority to the Director General of Corporate Services and to the ATIP Director with respect to the application of the ATIA and its Regulations. A copy of that Delegation Order is attached as Appendix A.
The ATIP Director also serves as the OPC’s Chief Privacy Officer.
ATIP Unit Activities
In the reporting fiscal year, 1 ATIA Awareness Session was given to all new OPC employees at the same time in January 2009. In all, 67 employees received the training which the Privacy Commissioner has directed be mandatory for all staff, including those working with the OPC on contract or on a temporary basis. As the OPC is a relatively small organization, additional sessions will be given on an as-needed basis, but certainly at least once a year.
In 2007 the Information and Privacy Policy Division of the Chief Information Officer Branch of the Treasury Board Secretariat began the process of renewing the Access to Information and Privacy policies and guidelines. The OPC’s ATIP Director is part of the Secretariat’s Policy Renewal Working Group and, as such, has continued to participate in working group meetings.
Throughout the year the ATIP Unit has been active in providing advice to all OPC staff with respect to informal requests for access to information. ATIP has also continued to support the Information Management function by providing input concerning proper information handling practices.
The ATIP section on the OPC website has been updated to include the OPC’s “Principles on Assistance to Applicants” concerning the processing of requests under the PA and the ATIA:
In processing your access request under the Access to Information Act or the Privacy Act we will:
- Process the request without regard to your identity.
- Offer reasonable assistance throughout the request process.
- Provide information on the Acts including information on the processing of your request and your right to complain to the Information Commissioner of Canada or to the Privacy Commissioner ad hoc.
- Inform you as appropriate and without undue delay when your request needs to be clarified.
- Make every reasonable effort to locate and retrieve the requested records under the control of the government institution.
- Apply limited and specific exemptions to the requested records.
- Provide accurate and complete responses.
- Provide timely access to the requested information.
- Provide records in the format and official language requested as appropriate.
- Provide an appropriate location within the government institution to examine the requested information.
The ATIP Director sits on the OPC’s Policy Development Committee and has played a collaborative role in the planning, development and updating of OPC policies, procedures and directives in order to ensure that the ATIA is respected. In last year’s Annual Report we advised that the ATIP Director had drafted a “Directive Concerning Section 67.1 of the Access to Information Act” which had just been presented to the Committee for first review.
Through Bill C-208, which was proclaimed on March 25, 1999, section 67.1 was added to the ATIA to provide sanctions for any person who destroys, alters, falsifies or conceals a record, or directs anyone to do so, with the intent of obstructing the right of access that is provided by the ATIA.
On March 25, 1999 the Treasury Board Secretariat issued Implementation Report Number 65 to all Access to Information and Privacy Coordinators by which government institutions were instructed to immediately notify their employees of section 67.1 and of their responsibilities in relation to it.
Following notification to employees, government institutions were then required to develop, implement and communicate policies and procedures that their employees were to follow in the case of a suspected violation of section 67.1.
When the OPC became subject to the ATIA on April 1, 2007 all policies, guidelines and directives issued by the Treasury Board Secretariat with respect to the ATIA applied to the OPC—including those with respect to section 67.1 of the ATIA.
The OPC’s “Directive Concerning Section 67.1 of the Access to Information Act” has now been approved by the OPC’s Senior Management Committee and is publicly available on the OPC website and on its intranet site.
Top of Page Table of Contents Access to Information Act Statistical Report and Interpretation
The OPC’s statistical Report on the Access to Information Act is attached at Appendix B.
The OPC received 76 formal requests under the ATIA during the fiscal year—almost double that of the previous year. Of those, 48 sought access to records which were not under the control of the OPC and they were therefore transferred to 19 different federal institutions for processing. The majority of transfers were to the Canada Revenue Agency, the RCMP, the Department of National Defence and Correctional Service Canada.
Of the 28 requests for records under the OPC’s control (a drop of 2 from the previous year), the ATIP Unit had responded to 23 by the end of the fiscal year—6 were carried forward. The 23 completed requests constituted 3,430 pages of information which is roughly 6,000 less than were processed in the 2007-2008 fiscal year.
Extensions were claimed with respect to only 2 requests, neither of which were for more than 30 days. In all, the OPC responded to 21 requests within the first 30 days and 2 requests within the extended time period. The 1 request carried over from the 2007-2008 reporting year was also processed within the extended time frame.
Of the 23 requests completed during the fiscal year, 6 were for the contents of Privacy Act or PIPEDA investigation files (the same number of requests received last year for such files), 7 were for copies of OPC Briefing Notes, 4 were for contract and call-up information, 3 were for Public Policy Forum documents and the remainder were for miscellaneous information.
The OPC released all of the requested documents in 7 cases and made partial releases in 16 cases.
Section 16.1 was added to the ATIA as a result of the Federal Accountability Act. This provision requires that the OPC protect the information obtained during the course of its investigations or audits even once the matter and all related proceedings have been concluded. So, with respect to requests for access to PA and PIPEDA investigation files, none were released in their entirety—all had some information withheld under section 16.1 and, in some cases, information was withheld under one or more of sections 19(1), 21(1)(a) and 23 as well.
As was the case in the last reporting year, the exemption provision invoked most often was section 19(1) concerning the personal information of others, followed closely by section 16.1 with respect to information the OPC received or created during the course of an investigation and section 23 with respect to solicitor-client information. However, in 3 cases this year the OPC also withheld information under one or more of sections 20(1)(b)(c) or (d) of the ATIA.
Of the 76 requests received this fiscal year (which includes the 6 requests carried over to the next fiscal year), 8 were submitted by media (10.526%), 9 by businesses (11.842%) and 59 by the public (77.631%). None were received from academia or organizations.
The OPC did not receive any complaints against it under the Access to Information Act during the fiscal year. However, findings were issued by the Information Commissioner’s Office with respect to 2 complaints that had been carried forward from the previous fiscal year—one was concluded as “not substantiated” and the other was “resolved”.
No applications have been submitted to the Federal Court following the Information Commissioner’s findings.
In addition to processing its own ATIA requests, the OPC was consulted by government institutions almost twice as many times this year as last—13 times by 7 government institutions with respect to 507 pages of records. The OPC was consulted most often by the Office of the Information Commissioner (4 times) followed by the Public Service Commission (3 times) and the Department of Foreign Affairs and International Trade (twice). In the vast majority of cases, the ATIP recommended full disclosure of the requested records.
With respect to fees, we collected the mandatory $5.00 application fee from all but 1 requester who was requesting personal information about another individual. In that case, ATIP contacted the requester, explained section 19(1) of the ATIA and returned the application fee. None of the requests required the assessment of search, preparation or computer processing time. As for reproduction costs, federal government institutions generally waive reproduction costs for the first 125 pages of records—this amounts to $25.00. Of the 23 requests to which we responded with copies, only 4 of those were over 125 pages.
In all cases where records were provided, paper copies were given to the individuals. No one asked to be given access by viewing the records nor did any applicants ask to receive the records in a different format i.e. CD-ROM.
For additional information on the OPC’s activities, please visit www.priv.gc.ca.
Additional copies of this report may be obtained from:
Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, ON K1A 1H3
Top of Page Table of Contents Appendix A – Access to Information Act
Delegation Order
The Privacy Commissioner of Canada, as the head of the government institution, herby designates pursurant to section 73 of the Access to Information Act, the persons holding the positions set out below, or the persons occupying on an acting basis those positions, the exercise the powers, duties or functions of the Privacy Commissioner as specified below and as more fully described in Annex A:
| Position | Sections of Access to Information Act |
|---|---|
| Director General, Corporate Services and Chief Financial Officer Director, ATIP |
Act: 7(a), 8(1), 9, 11(2) to (6), 12(2) and (3), 13 to 24, 25, 26, 27(1) and (4), 28(1), (2) and (4), 29(1), 33, 35(2), 37(1) and (4), 43(1), 44(2), 52(2) and (3), 71(2), 72(1); and Regulations: 6(1) and 8. |
Dated at the City of Ottawa, this 1st day of October, 2008
(Original signed by)
Jennifer Stoddart
Privacy Commissioner of Canada
Access to Information Act
| 7(a) | Respond to request for access within 30 days; give access or give notice |
|---|---|
| 8(1) | Transfer of Request to government institution with greater interest |
| 9 | Extend time limit for responding to request for access |
| 11(2), (3), (4), (5), (6) | Additional fees |
| 12(2)(b) | Decide whether to translate requested record |
| 12(3) | Decide whether to give access in an alternative format |
| 13(1) | Shall refuse to disclose information obtained in confidence from another government |
| 13(2) | May disclose any information referred to in 13(1) if the other government consents to the disclosure or makes the information public |
| 14 | May refuse to disclose information injurious to the conduct of federal-provincial affairs |
| 15 | May refuse to disclose information injurious to international affairs or defence |
| 16 | Series of discretionary exemptions related to law enforcement and investigations; security; and policing services for provinces or municipalities. |
| 16.1(1) | In force April 1, 2007 - Specific to four named Officers of Parliament - Auditor General, Commissioner of Official Languages, Information Commissioner and Privacy Commissioner - shall refuse to disclose information obtained or created by them in the course of an investigation or audit |
| 16.1(2) | In force April 1, 2007 - Specific to two named Officers of Parliament – Information and Privacy Commissioner - shall not refuse under 16.1(1) to disclose any information created by the Commissioner in the course of an investigation or audit once the investigation or audit and related proceedings are concluded |
| 17 | May refuse to disclose information which could threaten the safety of individuals |
| 18 | May refuse to disclose information related to economic interests of Canada |
| 18.1(1) | (Not yet in force) May refuse to disclose confidential commercial information of Canada Post Corporation, Export Development Canada, Public Sector Pension Investment Board, or VIA Rail Inc. |
| 18.1(2) | (Not yet in force) Shall not refuse under 18.1(1) to disclose information relating to general administration of the institution |
| 19 | Shall refuse to disclose personal information as defined in section 3 of the Privacy Act, but may disclose if individual consents, if information is publicly available, or disclosure is in accordance with section 8 of Privacy Act |
| 20 | Shall refuse to disclose third party information, subject to exceptions |
| 21 | May refuse to disclose records containing advice or recommendations |
| 22 | May refuse to disclose information relating to testing or auditing procedures |
| 22.1 | (Not yet in force) May refuse to disclose draft report of an internal audit |
| 23 | May refuse to disclose information subject to solicitor/client privilege |
| 24 | Shall refuse to disclose information where statutory prohibition (Schedule II) |
| 25 | Shall disclose any part of record that can reasonably be severed |
| 26 | May refuse to disclose where information to be published |
| 27(1),(4) | Third party notification |
| 28(1),(2),(4) | Receive representations of third party |
| 29(1) | Disclosure on recommendation of Information Commissioner |
| 33 | Advise Information Commissioner of third party involvement |
| 35(2) | Right to make representations to the Information Commissioner during an investigation |
| 37(1) | Receive Information Commissioner’s report of findings of the investigation and give notice of action taken |
| 37(4) | Give complainant access to information after 37(1)(b) notice |
| 43(1) | Notice to third party (application to Federal court for review) |
| 44(2) | Notice to applicant (application to federal Court by third party) |
| 52(2)(b) | Request that section 52 hearing be held in the National Capital Region |
| 52(3) | Request and be given right to make representations in section 51 hearings |
| 71(2) | Exempt information may be severed from manuals |
| 72(1) | Prepare annual report to Parliament |
Access to Information Regulations
| 6(1) | Procedures relating to transfer of access request to another government institution under 8(1) of the Act |
|---|---|
| 8 | Form of Access |
Top of Page Table of Contents Appendix B – Statistical Report on the Access to Information Act
| Institution Office of the Privacy Commissioner of Canada |
Reporting period / Période visée par le rapport April 1, 2008 to March 31, 2009 |
||||
| Source | Media / Médias 8 |
Academia / Secteur universitatire | Business / Secteur commercial 9 |
Organization / Organisme | Public 59 |
| I | Requests under the Access to Information Act / Demandes en vertu de la Loi sur l’accès à l’information |
|---|
| Received during reporting period / Reçues pendant la période visée par le rapport |
76 | |
|---|---|---|
| Outstanding from previous period / En suspens depuis la période antérieure |
1 | |
| TOTAL | 77 | |
| Completed during reporting period / Traitées pendant la période visées par le rapport |
71 | |
| Carried forward / Reportées | 6 | |
| II | Dispositon of requests completed / Disposition à l’égard des demandes traitées |
|---|
| 1. | All disclosed / Communication totale | 7 | 6. | Unable to process / Traitement impossible | |
|---|---|---|---|---|---|
| 2. | Disclosed in part / Communication partielle | 16 | 7. | Abandoned by applicant / Abandon de la demande | |
| 3. | Nothing disclosed (excluded) / Aucune communication (exclusion) |
8. | Treated informally / Traitement non officiel | ||
| 4. | Nothing disclosed (exempt) / Aucune communication (exemption) |
TOTAL | 71 | ||
| 5. | Transferred / Transmission | 48 | |||
| III | Exemptions invoked / Exceptions invoquées |
|---|
| S. Art. 13(1)(a) |
S. Art 16(1)(a) |
S. Art. 18(b) |
S. Art. 21(1)(a) |
3 | |||
|---|---|---|---|---|---|---|---|
| (b) | (b) | (c) | (b) | 1 | |||
| (c) | (c) | (d) | (c) | ||||
| (d) | (d) | S. Art. 19(1) |
10 | (d) | |||
| S. Art. 14 |
S. Art. 16(2) |
S. Art. 20(1)(a) |
S. Art.22 |
||||
| S. 15(1) International rel. / Art. Relations interm. |
S. Art. 16(3) |
(b) | 3 | S. Art 23 |
5 | ||
| Defence / Défense |
S. Art. 17 |
(c) | 3 | S. Art. 24 |
|||
| Subversive activities / Activités subversives |
S. Art. 18(a) |
(d) | 1 | S. Art 26 |
| IV | Exclusions cited / Exclusions citées |
|---|
| S. / Art. 68(a) |
S. / Art. 69(1)(c) | ||
|---|---|---|---|
| (b) | (d) | ||
| (c) | (e) | ||
| S. / Art. 69(1)(a) | (f) | ||
| (b) | (g) |
| V | Completion time / Délai de traitement |
|---|
| 30 days or under / 30 jours ou moins | 69 |
|---|---|
| 31 to 60 days / De 31 à 60 jours | 2 |
| 61 to 120 days / De 61 à 120 jours | |
| 121 days or over / 121 jours ou plus |
| VI | Extensions / Prorogations des délais |
|---|
| 30 days or under / 30 jours ou moins |
31 days or over / 31 jours ou plus |
|
|---|---|---|
| Searching / Recherche |
||
| Consultation | ||
| Third party / Tiers |
2 | |
| TOTAL | 2 |
| VII | Translations / Traduction |
|---|
| Translations requested / Traductions demandées |
||
|---|---|---|
| Translations prepared / | English to French / De l’anglais au français |
|
| Traductions préparées | French to English / Du français à l’anglais |
|
| VIII | Method of access / Méthode de consultation |
|---|
| Copies given / Copies de l’original |
23 |
|---|---|
| Examination / Examen de l’original |
|
| Copies and examination / Copies et examen |
| IX | Fees / Frais |
|---|
| Net fees collected / Frais net perçus |
||||
|---|---|---|---|---|
| Application fees / Frais de la demande |
$135.00 | Preparation / Préparation |
||
| Reproduction | Computer processing / Traitement informatique |
|||
| Searching / Recherche | TOTAL | $135.00 | ||
| Fees waived / Dispense de frais |
No. of times / Nombre de fois |
$ | ||
| $25.00 or under / 25 $ ou moins |
19 | $83.20 | ||
| Over $25.00 / De plus de 25 $ | 4 | $602.80 | ||
| X | Costs / Coûts |
|---|
| Financial (all reasons) / Financiers (raisons) |
|
|---|---|
| Salary / Traitement |
$77,189.78 |
| Administration (O and M) / Administration (fonctionnement et maintien) |
$ |
| TOTAL | $77,189.78 |
| Person year utilization (all reasons) / Années-personnes utilisées (raison) |
|
| Person year (decimal format) / Années-personnes (nombre décimal) |
.9102 |
TBS/SCT 350-62 (Rev. 1999/03)
| Discrepancies |
|---|
| Source of requests OPC included in the source the transferred requests. III – Exemptions invoked Section 16.1 was invoked on 10 requests. IX – Fees OPC waived the $5.00 application fee in one instance. The application fee was waived because of the specific nature of the information requested. X – Costs All operating and maintenance costs are borne by other OPC Branches, eg: Human Resources (training), Information Technology (computers, printouts, etc.), Corporate Services (supplies, mailing, etc.). Other The OPC received and responded to 13 consultations from other government institutions. |
Supplemental Reporting Requirements for 2008-2009
Access to Information Act
In addition to the reporting requirements addressed in form TBS/SCT 350-62 "Report on the Access to Information Act", institutions are required to report on the following using this form:
Part III – Exemptions invoked
Section 13
Section 14
| Subsections 14(a) | N/A |
|---|---|
| 14(b) | N/A |
Part IV – Exclusions cited: