Privacy Act
Annual Report to Parliament
2012
2013
CONTENTS
SECTION 1: Introduction
1.1 Departmental Overview
1.1.1 Raison d’être
1.1.2 Organization
1.1.3 Program Activity Architecture
1.2 Access to Information and Privacy Overview
1.3 Treasury Board of Canada Secretariat Requirements
1.3.1 Treasury Board of Canada Secretariat ATIP Policy Suite Renewal
1.3.2 Management Accountability Framework
SECTION 2: Report on the Administration of the Privacy Act
2.1 Overview of Privacy Activity Workload
2.2 Interpretation of the Statistical Report
2.2.1 Part 1 – Requests under the Privacy Act
2.2.2 Part 2 – Requests closed during the reporting period
2.2.3 Part 3 – Disclosures under Subsection 8(2)
2.2.4 Part 4 – Requests for correction of personal information and notations
2.2.5 Part 5 – Extensions
2.2.6 Part 6 – Consultations received from other institutions and organizations
2.2.7 Part 7 – Completion time of consultations on Cabinet confidences
2.2.8 Part 8 – Resources related to the Privacy Act
2.3 Informal Privacy Requests and Other 8(2) Disclosures
2.4 Complaints and Investigations
2.4.1 Privacy Breaches
2.5 Privacy Impact Assessments
2.5.1 PIA Backlog Project
SECTION 3: Report on Community and Client Service Accomplishments
3.1 Training Activities
3.1.1 Training for DFO Employees
3.1.2 Training for ATIP Staff
3.2 Mandatory ATIP Training for Executives
3.3 Capital Project
3.4 Policies, Directives and Procedures
3.5 Info Source Renewal Project
3.6 Information Management Strategy
3.7 ATIP Community Involvement and Development
APPENDIX A: 2012-2013 Statistical Report on the Privacy Act
APPENDIX B: Additional Reporting Requirements
APPENDIX C: 2012-13 Statistical Report on the Access to Information Act
APPENDIX D: Delegation Order
Annual Report on the Privacy Act2012-2013
SECTION 1: Introduction
The Privacy Act came into effect on July 1, 1983. The Actprotects the privacy of individuals with respect to their personal information that is held by government institutions, and provides these individuals with a right of access to this information. In addition, the PrivacyAct gives individuals substantial control over the collection, use and disclosure of their personal information.
Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament, detailing the administration of the Act within the institution for each fiscal year.
This annual report describes how Fisheries and Oceans Canada administered the PrivacyAct for the period from April 1, 2012, to March 31, 2013.
For further information or to make a request under this Act, please direct all inquiries to:
Director, Access to Information and Privacy Secretariat
Fisheries and Oceans Canada
Mail Station 4N193
Centennial Towers
200 Kent Street
Ottawa, Ontario K1A 0E6
E-mail:
Tel: 613-993-3115
Fax: 613-998-1173
1.1 Departmental Overview
1.1.1 Raison d’être
Fisheries and Oceans Canada supports strong economic growth in our marine and fisheries sectors and contributes to a prosperous economy through global commerce by supporting exports and advancing safe maritime trade. The Department supports the innovation needed for a knowledge-based economy through research in expanding sectors such as aquaculture and biotechnology. The Department contributes to a clean and healthy environment and sustainable aquatic ecosystems for Canadians through habitat protection, oceans management, and ecosystems research. A safe and secure Canada relies on the maritime security, safe navigation, presence on our waters, and effective search and rescue services that the Canadian Coast Guard provides.
Our Mission
Through sound science, forward-looking policy, and operational and service excellence, DFO employees work collaboratively toward the following strategic outcomes:
- Economically Prosperous Maritime Sectors and Fisheries;
- Sustainable Aquatic Ecosystems; and
- Safe and Secure Waters.
Our Vision
To advance sustainable aquatic ecosystems and support safe and secure Canadian waters while fostering economic prosperity across maritime sectors and fisheries.
The Department’s work is guided by three key pieces of legislation:
The Oceans Act entrusts the Minister with leading integrated oceans management and providing coast guard and hydrographic services.
The Fisheries Act gives the Minister responsibility for the management of fisheries, habitat, and aquaculture.
The Species at Risk Act gives the Minister responsibilities associated with the management of aquatic species at risk.
1.1.2 Organization
Fisheries and Oceans Canada has a presence across Canada with the majority of employees (about 85%) working outside national headquarters in one of the Department's six regions. National objectives, policies, procedures, and standards for the Department and the Canadian Coast Guard are established at national headquarters, in Ottawa. Regions are responsible for delivering programs and activities in accordance with national and regional priorities and within national performance parameters.
Information about Fisheries and Oceans Canada's regions and the Canadian Coast Guard is available at A diagram of the Department's organizational structure is available at
1.1.3 Program Activity Architecture
The Government of Canada’s Management, Resources and Results Structure (MRRS) is the foundation of a government-wide approach aimed at strengthening the management and accountability of public expenditures and clearly demonstrating results for Canadians. The Program Activity Architecture (PAA) is part of the MRRS. The PAA shows how DFO’s programs align with the Department’s three strategic outcomes. The PAA also includes a standalone program activity called Internal Services, defined as the activities and resources that support an organization’s program needs and other corporate obligations.
Fisheries and Oceans Canada sets its strategic direction and makes policy and program decisions based on Government of Canada priorities, its domestic and global operating environment, human and financial resource capacity, and existing or emerging corporate risks. The Department systematically identifies and manages the risks and challenges in its environment. Fisheries and Oceans Canada also pursues opportunities that will better enable it to deliver programs to support economically prosperous maritime sectors and fisheries, sustainable aquatic ecosystems, and safe and secure waters.
Fisheries and Oceans Canada took these considerations into account when it established the following priorities for 2012-2013:
- Renewing Canadian Coast Guard Capacity and Assets;
- Advancing Management and Operational Excellence;
- Reviewing Habitat Policy and Program; and
- Improving Fisheries Management.
1.2 Access to Information and Privacy Overview
The Access to Information and Privacy (ATIP) Director reports to the Director General, Executive Secretariat, who in turn reports to the Senior Assistant Deputy Minister of Strategic Policy. The ATIP Director is accountable for the development, coordination and implementation of effective ATIP-related policies, guidelines, systems and procedures. This accountability ensures that the Department’s responsibilities under the Access to Information Act and the Privacy Act are met, and enables appropriate processing and proper disclosure of information.
The ATIP Secretariat is currently made up of three streams. The largest of these streams is ATIP Operations, which manages the processing of access and privacy requests, consultations, and other informal requests. Along with the ATIP Director, the Deputy Director of ATIP Operations has full delegation authority under both the Access to Information Act and the Privacy Act. The Privacy Division is responsible for providing advice and guidance on privacy-related issues, including Privacy Impact Assessments (PIAs), Privacy Notices and privacy breaches. The Policy and Governance Unit addresses policy development, reporting, training, and issues management.
The average number of FTEs for the 2012-2013 fiscal year was 22.5. There is an ATIP contact located in each of DFO’s regions and sectors, and in certain branches, who assists the ATIP Secretariat by acting as a liaison for their respective parts of the Department.
The main activities of the ATIP Secretariat include:
Processing requests under the Access to Information Act and the Privacy Act;
Developing policies, procedures and guidelines in support of access and privacy legislation;
Promoting awareness of both Acts within the Department to ensure that employees understand their roles and responsibilities;
Monitoring departmental compliance with both Acts, and maintaining regulations and relevant procedures and policies;
Preparing annual reports to Parliament and other statutory reports, as well as other material that may be required by central agencies;
Responding to consultations from other government institutions regarding DFO documents under consideration for release;
Representing the Department in dealings with the Treasury Board of Canada Secretariat, and the Information and Privacy Commissioners regarding the application of both Acts as they relate to DFO; and
Supporting the Department in meeting its commitments to openness and transparency through proactive disclosure of information and the release of information via informal avenues.
1.3 Treasury Board of Canada Secretariat Requirements
1.3.1 Treasury Board of Canada Secretariat ATIP Policy Suite Renewal
In January 2012, the Treasury Board of Canada Secretariat (TBS) published an amended Directive on the Administration of the Access to Information Act, which outlines practices and procedures on the management of the Act. The two key amendments include:
A change to the wording with regard to inter-institutional consultations in order to help reduce unnecessary delays in the processing of Access to Information Act requests; and
The addition of a mandatory requirement that institutions post monthly summaries of completed Access to Information Act requests on their websites on an on-going basis to align with the commitments related to open information.
Summaries of completed Access to Information Act requests at DFO are available at Privacy requests, however, are not posted on the website as the information is not accessible to the general public and would only be released to the individual to whom the information pertains.
1.3.2 Management Accountability Framework
The Management Accountability Framework (MAF) sets out TBS’s expectations of senior public service managers for good public service management. MAF is structured around 10 key elements that collectively define management and establish the expectations for good management of a department or agency.
ATIP is included as part of the Stewardship element and is assessed as part of Area of Management (AoM) 12 – Effectiveness of Information Management. With regards to ATIP, the assessment examines reporting, governance and capacity. In April 2010, DFO received a rating of “Acceptable” for AoM 12 in MAF round VII. This AoM was scheduled to be assessed again in 2012-2013, however Treasury Board chose not to assess the AoM 12 element for the 2012-2013 fiscal year.
SECTION 2: Report on the Administration of the Privacy Act
2.1 Overview of Privacy Activity Workload
The following table provides an overview of the ATIP Secretariat’s workload with respect to Privacy activities in 2012-2013:
Type of Request / RequestsReceived / Requests
Completed / Pages
Processed
Privacy Act Requests / 33 / 27 / 9,311
Requests for Correction of Personal Information / 0 / 0 / 0
Privacy Consultation Requests / 3 / 3 / 55
Disclosures Pursuant to Subsection 8(2) (Excluding those made under paragraphs 8(2)(e) and 8(2)(m)) / 9 / 10 / 189
Informal Privacy Requests (External) / 21 / 17 / 210
Informal Privacy Requests (Internal) / 83 / 91 / 2012
Note that the total pages processed for informal requests is a rough estimate as it is often difficult to capture a page count when responding to questions or giving advice.
2.2 Interpretation of the Statistical Report
The statistical report prepared by government institutions provides aggregate data on the application of the Privacy Act, which enables TBS to analyze trends and exercise oversight.
DFO’s 2012-2013 statistical report on the Privacy Act is the source of the information provided in this section. Please reference Appendix A for the complete statistical report, including additional data not detailed here.
As a result of business processes in place during the last reporting period, the manner in which the ATIP Secretariat captured case management information made it difficult to extract some of the required statistics for this reporting period. Data is represented to the best extent possible; any variances are noted where applicable.
2.2.1 Part 1 – Requests under the Privacy Act
Requests
In 2012-2013, DFO received 33 requests under the Privacy Act and had 6requests outstanding from the previous reporting period. Of these 39 requests, DFO completed 27 and carried forward 12 into the next reporting period.
2.2.2 Part 2 – Requests closed during the reporting period
Disposition and completion time
Section 14 of the Act requires institutions to provide a response to the applicant within 30 days of receipt of the request, or to notify the applicant that an extension is required. Of the 27requests completed during the reporting period, 10 requests (37%) were completed in 30 days orless. Eight requests (30%) were completed in 31 to 60 days, eight requests (30%) were completed in 61 to 120 days and one request was completed in 181-365 days.
The requests completed by the Department in 2012-2013 were finalized in the following manner:
All disclosed – In four cases, all relevant information was released in full to the applicant.
Disclosed in part – In 19 instances, applicants were granted partial access to information.
All exempted - For one request all records were exempted from disclosure
No records exist – In twocases, no relevant records existed under the control of the Department.
Request abandoned – One request was abandoned by the applicant.
No requests were processed where all information was excluded from disclosure.
Exemptions
The Privacy Actprotects against unauthorized disclosure of personal information and controls how the government will collect, use, store, disclose and dispose of personal information. The Act also gives Canadian citizens and individuals present in Canadaa right of access to their personal information that is held by federal government institutions, subject to certain specific and limited exceptions. These exceptions are called exemptions and exclusions. For more information regarding exemptions and exclusions, please consult the official version of the Privacy Act on the Justice Canada website.[1]
Exemptions are provisions of the Act that allow or require the heads of federal government institutions to withhold information requested under the legislation. For requests completed during the reporting period, the Department invoked exemptions pursuant to sections 22, 26 and 27 of the Privacy Act. Section 26 was the most frequently invoked provision, cited in 19 requests, and was used to protect personal information about individuals other than the applicant.
Appendix A provides further detail regarding the number of requests in which other exemptions were invoked. If an exemption was claimed several times within the same request, it is reported only once in Appendix A.
Exclusions
Exclusions are provisions of the Act that remove certain records from the application of the legislation.
Records excluded from the requirements of the Privacy Act include publicly availableinformationand confidences of the Queen’s Privy Council (Cabinet confidences) pursuant to sections 69 and 70, respectively. No exclusions were cited under the Privacy Act in 2012-2013.
Format of information released
When a request is complete, the applicant may receive the information in paper or electronic form, or they may view the records at any DFO office. Access to relevant documents was given, in whole or in part, for 23 requests. Information was released in paper copy in all cases.
Complexity
The ATIP Secretariat receiveda total of 13,918 pages in 2012-2013, compared to 3,269 pages in 2011-2012. Of these, 9,311 pages (67%) were disclosed in whole or in part.
The number of pages processed means the number of pages that were analyzed to determine whether the information could be disclosed, exempted or excluded. It does not reflect the number of pages that were examined to determine relevancy or duplicates.
Ofthe 27requests completed during the reporting periodthe ATIP Secretariat processedninerequests or 33% withfewerthan 100 relevant pages, seven requests (26%) with 101-500 pages, three requests (11%) with 501-1000 pages and six requests (22%) with 1001-5000 pages. Two requests (7%) did not involve the processing of any relevant pages because no records existed.
The Department completed a number of requests that involved other factors that increased the complexity of those requests, including:
The requirement to consult with other institutions or organizations (four requests);
The review of records containing personal information about anotherindividual that is interwoven with the personal information of the requester (17 requests); and
Other factors, such as cases where records were located in a region outside of national headquarters (17 requests).
Deemed refusals
During the reporting period, the ATIP Secretariat closed eightrequests past the statutory deadline, equal to 30% of the total requests closed. The principal reason for the delay of all eight requests was workload. The ATIP Secretariat received 50 % more formal access requests than last fiscal year; there was anunusual volume of records involved in six of the Privacy requests and other ATIP-related tasks that tookaway from processing time, such as dealing with complaints and providing training; and it was also a transitional year for the entire department (work force adjustment) which had a major impact on program staff and the ability to retrieve records and provide sound recommendations on disclosure in a timely manner.
In threecases, DFO responded within 15 days past the deadline. One request required 16-30 days, two requests required 31-60 days, 1 request necessitated 61-120 days and one request required 121-180 days to respond to the applicant.
Requests for translation
The Department did not receive any requests from applicants to have the information responsive to their request translated into the other official language.
2.2.3 Part 3 – Disclosures under Subsection 8(2)
Subsection 8(2) of the Privacy Actdescribes certain instances in which personal information under the control of a federal government institution may be disclosed without the consent of the individual to whom the information relates.
Paragraph 8(2)(e) allows institutions to disclose personal information to an investigative body specified in the Privacy Regulations[2] for the purpose of enforcing any Canadian or provincial law, or carrying out a lawful investigation. During the reporting period, DFO processed eightdisclosures of personal information pursuant to paragraph 8(2)(e).
Paragraph 8(2)(m) allows institutions to disclose personal information in circumstances where the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or where disclosure would clearly benefit the individual to whom the information relates. DFO did not disclose information pursuant to paragraph 8(2)(m) in 2012-2013.