Annual Report to Parliament 2014-2015
Privacy Act

Part II: Report on the Privacy Act

Requests Under the Privacy Act

I. Statistical Report

The annual statistical report for fiscal year 2014-2015 is included at the end of this chapter.

II. Interpretation of the Statistical Report

Overview of Requests Pursuant to the Privacy Act
Fiscal Year # of Requests Received # of Requests Completed # of Pages Processed # of Pages Released
2014-2015 189 192 47,053 14,908
2013-2014 177 181 46,471 20,207
2012-2013 89 88 38,888 14,170
Requests Received Pursuant to the Privacy Act

189 requests were received during the period under review. In addition, 19 requests were carried forward from previous years, for a total of 208 requests.

Request Completed Pursuant to the Privacy Act

192 requests were completed during the period under review. 16 requests were carried forward to be completed in fiscal year 2015-2016.

There was an increase in the number of requests completed and pages reviewed from those of the previous year. Responding to formal privacy requests involved the review of 47,053 pages, of which 14,908 pages were partially or entirely disclosed.

Disposition of Completed Requests

Of the 192 requests completed in fiscal year 2014-2015:

  • No relevant records existed under the control of the Department of Justice in 124 cases; and,
  • 28 requests were abandoned by the applicant. In the majority of cases, the applicant did not pursue the requests, either by withdrawing them or by not providing the clarification that was requested by the ATIP Office.

The remaining 40 requests were released in the following manner:

  • 6 were fully disclosed (15%);
  • 31  were partially disclosed (78%); and,
  • 3 were exempted in its entirety (7%).

Dispositions

Dispositions

Description

Completion Time and Extensions

Out of the 192 requests completed in 2014-2015, 175 (91%) were processed within 30 days or less.


Processing Timeframes

Processing Timeframes

Description

The ATIP Office routinely monitors the processing time for privacy requests. This routine monitoring is done through various statistical reports (weekly, monthly, quarterly, and yearly) and meetings with ATIP staff to ensure that requests are being processed in a most timely manner. All ATIP staff, portfolio contacts, and senior management are made aware of the performance metrics.

In some instances the Department found it necessary to seek extensions to the prescribed time limits due to the need to consult with other government institutions (2 times) and interference with operations (9 times).

Exemptions Invoked

The Department invoked exemptions under the PA for 33 requests. Section 26 was invoked the most (30 times), which exempts personal information relating to an individual other than the requesters’ information, followed by section 27 (21 times), which exempts information relating to solicitor-client privilege.

Exclusions Cited

The Department did not invoke any exclusion.

Method of Access

The Department offers the requesters the possibility of receiving the release package on CD-ROM at no charge, an option which tends to be more widely accepted.

A total of 11 requesters chose to receive information on CD-ROM, thus reducing the ATIP Office’s paper footprint.

III. Consultations by other Federal Institutions or Departments

Overview of Consultations Requests Received from Other Government Institutions
Fiscal Year # of Requests Received # of Pages Received # of Requests Completed # of Pages Reviewed
2014-2015 79 4,002 84 4,350
2013-2014 123 5,034 126 6,187
2012-2013 151 7,780 160 8,725

During the period under review, the Department received 79 requests from other government institutions and organizations requesting recommendations regarding records originating from, pertaining to, or of interest to the Department of Justice. In addition, 10 consultations were outstanding from previous years and carried over, for a total of 89. In total, the Department was asked to review 5,325 pages of information for these consultations.

Of the 89 consultations active throughout the reporting period, 84 (4,350 pages) were completed during the 2014-2015 fiscal year and the remaining amount, 5, was carried forward to be completed in fiscal year 2015-2016.

IV. Other Types of Requests

Advice

The ATIP Office also acted as a resource on several occasions for departmental officials, as well as those from other government institutions, offering advice and guidance on the provisions of the legislation as well as related policies. It was consulted on the disclosure and collection of information on a wide range of issues.

V. Complaints, Investigations and Federal Court Cases

Complaints Filed

6 complaints were filed with the Office of the Privacy Commissioner (OPC) during the reporting period. The reasons for the complaints were as follows:

  • 3 related to time limits;
  • 1 miscellaneous;
  • 1 concerned the exemption or exclusion of information; and,
  • 1 concerned the handling of the request.
Completed Investigations

Complaint findings are defined as follows:

  • Well founded: The OPC found evidence of the complainant’s rights being denied under the PA.
  • Not well founded: The investigation uncovered no evidence leading the OPC to conclude that the Government institution violated the complainant’s rights under the PA.
  • Well-founded/resolved: When the allegations are substantiated by the investigation and the Government institution has agreed to take corrective measures to rectify the problem.
  • Settled during course of investigation: This is not a formal finding, but an acceptable means to dispose of a complaint when the investigation has been completed, and the complainant is satisfied with the efforts of the OPC and does not wish to pursue the issue any further.
  • Discontinued: The complaint was withdrawn or abandoned by the complainant before allegations were fully investigated.

Thirteen investigations were completed during the reporting period, some of which had been carried forward from previous years. Out of the thirteen, 9 were not well founded and 4 were well founded. No key issues were raised as a result of these complaints.

At the end of the fiscal year, thirteen complaints were still under investigation by the OPC.

Review by the Federal Court of Canada

No applications were filed before the Federal Court pursuant to sections 41 and 42 of the PA.

VI. Request for Correction of Personal Information

Paragraph 12(2)(a) of the PA provides that every individual given access to personal information about himself or herself that has been used, is being used, or is available for use for an administrative purpose is entitled to request correction of such information where the individual believes there is an error or omission therein.

The Department of Justice has not received any request for correction of personal information during the reporting period.

VII. Use and Disclosure

It is the Department of Justice’s policy that personal information be used solely for the purpose for which it is collected or for a consistent use as described in the Info Source publication.

VIII. Disclosure under Paragraph 8(2)

Sub-paragraph 8(2)(m) permits the disclosure of personal information in situations where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure or when the disclosure would clearly benefit the individual to whom the information relates. The Privacy Commissioner must be informed of disclosures to be made under these provisions.

The Department did not disclose personal information pursuant to paragraph 8(2)(m) during the reporting period.

IX. Exempt Banks

The Department of Justice has no exempt banks under the PA.

X. Audits Conducted by the Privacy Commissioner

Pursuant to subsection 37(1) of the PA, the Privacy Commissioner may carry out investigations in respect of personal information under the control of government institutions to ensure compliance with paragraphs 4 to 8.

No formal investigations by the Commissioner were completed during the reporting period.

XI. Privacy Breaches

Files containing personal information of 5 family members was sent from the Department of Justice’s Quebec Regional Office to its client, Citizenship and Immigration Canada (CIC). CIC advised the Department of Justice that they did not have these files in their possession. Extensive efforts were undertaken by both the Department of Justice and CIC to find the missing files. Since the files were not found, the Department of Justice and CIC worked together to notify the affected individuals and the Privacy Commissioner. To date, there is no information that any of the personal information has been disclosed.

The Department of Justice informed the Privacy Commissioner of personal information that was sent from the Department of Justice’s secure server to an employee’s personal e-mail address. Extensive measures were undertaken to remove the information from the servers and steps were also taken to avoid future incidents of this nature. The Department of Justice notified the affected individuals. To date, there is no information that any of the personal information has been disclosed.

XII. Privacy Impact Assessments (PIA)

PIA are a means to ensure that privacy principles are taken into account during the design, implementation, and evolution of programs and services that involve personal information. Programs and services with potential privacy risks are required to undergo a PIA. Two PIAs were completed during this reporting period:

Central Registry of Divorce Proceedings (CRDP)

Changes were made to the CRDP to modernize the Regulations by streamlining the registration application form, making it available online and readable electronically as well as simplifying the Disposition Report. It now provides online access to the CRDP databank to provincial and territorial court officials and provides for the capacity of the electronic exchange of information through a secure file transfer protocol process between the CRDP and provincial and territorial courts.

These changes will provide more flexibility to the registration of divorce proceedings by reducing the amount of information required, bringing efficiencies to the process, and minimizing the risk of human-based error. Measures have been put in place with respect to online access and the secure file transfer protocol process to ensure the protection, security, and integrity of the CRDP process and the personal information that is maintained in the CRDP databank.

With enhanced safeguards and procedures put in place, the risks associated with the CRDP have been mitigated and are now minimal.

For more information about this PIA, please visit the website.

PeopleSoft Version 8.9 and Security Module

PeopleSoft GC HRMS is the Human Resources Management System endorsed by the Government of Canada. The Department of Justice implemented a new functionality to the Security Module which supports the surety screening processes for employees and employee applicants.

This PIA addresses the overall functionality of the PeopleSoft at the Department of Justice as well as detailed description of the security module and how it supports manual processes by security screening officers.

Date modified: