Pursuant to subsection 72(1) of the Privacy Act, this document contains the Annual Report to Parliament on the Administration of the Privacy Act for 2017-2018 as submitted by the Minister of National Defence.
Table of contents
- Introduction
- Key Activities and Accomplishments
- Statistical Report on the Administration of the Privacy Act
- Number of Formal Requests
- Disposition of Completed Requests
- Neither Confirm Nor Deny
- Completion Time
- Exemptions to the Release of Information
- Extension of the Time Limit
- Consultations
- Disclosure of Personal Information Under Paragraph 8(2)(m)
- Fees and Costs
- Complaints, Judicial Review and Audits
- Monitoring Compliance
- Material Privacy Breaches
- Appendix I: Delegation of Authority
- Appendix II: Statistical Report on the Privacy Act
Introduction
The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a federal government institution, and to provide individuals with a right of access to that information.
Canadians value their privacy and the protection of their personal information. They expect government institutions to respect the spirit and requirements of the Privacy Act. The Government of Canada is committed to protecting the privacy of individuals with respect to personal information that is under the control of government institutions. The government recognizes that this protection is an essential element in maintaining public trust.
This is the fifth annual report prepared by the Communications Security Establishment (CSE) and tabled in Parliament in accordance with section 72 of the Act. It presents an overview of the agency’s activities and describes how the Access to Information and Privacy (ATIP) Office carried out its responsibilities under the Privacy Act during the reporting period 1 April 2017 to 31 March 2018.
Mandate of the Communications Security Establishment
In accordance with subsection 273.64(1) of the National Defence Act, CSE has a three-part mandate:
- To acquire and use information from the global information infrastructure for the purpose of providing foreign intelligence, in accordance with Government of Canada intelligence priorities;
- To provide advice, guidance and services to help ensure the protection of electronic information and of information infrastructures of importance to the Government of Canada; and
- To provide technical and operational assistance to federal law enforcement and security agencies in the performance of their lawful duties.
The National Defence Act requires that CSE take appropriate measures to protect Canadians’ privacy. The independent CSE Commissioner reviews those measures to ensure they follow the requirements of the Act.
Structure of the Access to Information and Privacy Office
The ATIP Office is part of the Policy, Disclosure and Review group in CSE’s Policy and Communications Branch. The Minister of National Defence delegated all authorities under section 73 of the Privacy Act to the Deputy Chief, Policy and Communications; also the CSE ATIP Coordinator and Chief Privacy Officer for CSE, and most authorities to the Director, Disclosure, Policy and Review and to the Manager, Disclosure Management (previous Manager, ATIP). A copy of the Delegation Order setting out the responsibilities under the Act appears in Appendix I of this report.
The protection of privacy is a fundamental part of our organizational culture and remains of paramount importance in all functions across the organization. The ATIP Office includes a manager responsible for seven (7) full-time positions working in two distinct teams: ATIP Operations and Privacy Policy and Governance (PPG). The ATIP Operations team includes one (1) supervisor, two (2) analysts and one (1) support officer. The PPG consists of one (1) supervisor and two (2) analysts.
In addition to preparing reports for Parliament and Treasury Board Secretariat (TBS), the ATIP Office acts on behalf of CSE as the delegated authority in dealings with TBS, and representatives of the federal Information and Privacy Commissioners regarding CSE’s administration of legislation.
Specifically, the ATIP Operations team is responsible for the following activities:
- Processing requests under the Access to Information Act and Privacy Act;
- Responding to consultation requests from other government institutions;
- Providing advice and guidance to senior management and staff of CSE on ATIP legislation and policy-related matters;
- Supporting CSE’s legislative compliance obligations under the Acts, including the application of their associated regulations, policies and guidelines;
- Representing CSE in ATIP Communities of practice, such as the TBS ATIP Community meetings;
- Drafting and implementing internal ATIP procedures, guidance documents and working aids; and,
- Providing training to CSE staff on the administration of the Access to Information Act and the Privacy Act.
The Privacy Policy and Governance team is responsible for the following activities:
- Providing advice and guidance to senior management and staff of CSE on privacy legislation and policy-related matters;
- Providing expert privacy advice and assistance to business lines in the undertaking of Privacy Impact Assessments, privacy breach management, drafting of Privacy Notice Statements, and maintenance of Personal Information Banks;
- Supporting CSE’s legislative compliance obligations under the Privacy Act, including the application of their associated regulations, policies and guidelines;
- Representing CSE in privacy protection communities of practice;
- Coordinating the annual update of the institution’s Info Source publication, which includes a description of the agency’s organizational structure and record holdings;
- Drafting and implementing privacy-related internal procedures, guidance documents and working aids; and,
- Providing training to CSE staff on the administration of the Privacy Act focusing on the protection of personal information.
Key Activities and Accomplishments
Education and Training
Privacy training at CSE ensures all employees are informed of their responsibilities with regard to the management of personal information in both mission and non-mission related activities. In 2017-2018, the ATIP Office delivered 8 comprehensive privacy awareness training sessions, reaching a total of 170 personnel. CSE’s commitment to the learning and development of its employees will continue with additional sessions in 2018-2019.
Additional privacy educational initiatives in 2017-2018 included promoting privacy awareness through the presentation of Privacy Awareness Week at CSE from May 15, 2017 to May 21, 2017. The Privacy Awareness Week gave the ATIP office the opportunity to further educate employees of their responsibilities with personal information and of the various resources available to them, including the Privacy Policy and Governance Office and Privacy Awareness Training.
Collectively, these efforts have increased awareness across the organization, resulting in a greater number of program managers and stakeholders consulting with CSE’s ATIP Operations Office and Privacy Policy and Governance Office for guidance on CSE privacy policies, procedures, and best practices for personal information management. A number of new initiatives promoting privacy awareness are planned throughout 2018-2019.
Institutional Privacy Policies and Procedures
The CSE privacy policy suite includes a broad-scoped CSE Administrative Privacy Policy promulgated October 2016. It outlines CSE’s obligations to manage and protect personal information in the course of its corporate functions in accordance with the Privacy Act, its regulations and Treasury Board Secretariat (TBS) policies relating to privacy. The Policy on Privacy Breaches for Non-Mission Related Activities outlines CSE’s obligations in the event of a privacy breach relating to non-mission activities. CSE did not make any changes to the privacy policy suite during the reporting period.
The Privacy Policy and Governance Office implemented Access Pro Case Management as its case management system. This system allows the Privacy Policy and Governance team to create, track and complete ongoing cases including Privacy Needs Analysis (PNA), Privacy Impact Assessment (PIA), Privacy Queries, and other projects.
Most notably, the PPG team revamped its privacy breach documentation to streamline its internal privacy breach investigation process. In 2018-2019, PPG plans to update the PNA form based on CSE client feedback, in order to further enhance CSE’s privacy considerations.
Other Initiatives
Coinciding with Privacy Awareness Week, CSE officially launched the Privacy, Policy and Governance Office website. This website provides CSE employees with information on privacy accountabilities, responsibilities and activities. CSE employees can access important resources and tools via the website to support the development of Privacy Notice Statements, Privacy Needs Analysis, Privacy Impact Assessments, Privacy Breach investigations, Personal Information Banks and to request Privacy Awareness Training.
ATIP Operations implemented an initiative with its Offices of Primary Interest (OPIs) in order to increase efficiency and timeliness in the processing of requests by shifting the initial review of records to the ATIP Office. This initiative will continue to be monitored for effectiveness throughout the next fiscal year.
Privacy Impact Assessments
Privacy Policy and Governance is currently drafting summaries for Privacy Impact Assessment completed to date, with the intention of posting them in 2018-2019.
During the 2017-2018 reporting period, CSE completed one (1) Privacy Impact Assessment pertaining to CERRID2. CERRID2 is CSE’s corporate electronic document repository (EDRMS) for official unclassified and classified documents. CERRID2 allows authorized users to create, save, share, find and protect records through the application of business rules, roles and access-based authentication controls.
In addition to the Privacy Impact Assessments, Privacy Policy and Governance received forty-three (43) Privacy Needs Analyses, and completed forty-two (42), during the 2017-2018 reporting period of activities and systems that CSE is considering to implement to support its programs.
Statistical Report on the Administration of the Privacy Act
Number of Formal Requests
During this reporting period, CSE received 10 requests under the Privacy Act. In addition, five (5) requests outstanding from the previous reporting period were carried over, giving CSE a total of 15 requests to process. This is a decrease from the previous fiscal year, when 23 new requests were received. By the end of 2017-2018, CSE closed eight (8) requests and carried forward seven (7) into 2018-2019.
Disposition of Completed Requests
CSE closed 8 requests during this reporting period. Of these, four (4) were disclosed in part, one (1) resulted in no records and two (2) were abandoned by the applicant. There was also one (1) request where the existence of records was neither confirmed nor denied. This can be attributed to a request for records which, if they exist, would be located in CSE’s exempt personal information bank (CSE PPU 040) which contains records relating to CSE’s foreign intelligence files. No requests were disclosed in full.
Long description - Table: 1
| Disposition | Number of Requests | ||||
|---|---|---|---|---|---|
| 2013-2014 | 2014-2015 | 2015-2016 | 2016-2017 | 2017-2018 | |
| Disclosed in part | 10 | 7 | 7 | 6 | 4 |
| All Exempted | 8 | 0 | 0 | 0 | 0 |
| No records exist | 39 | 10 | 3 | 8 | 1 |
| Request abandoned | 10 | 5 | 5 | 2 | 2 |
| Neither confirm nor Deny | 2 | 1 | 6 | 1 | |
Neither Confirm Nor Deny
Section 16(2) of the Act states that institutions do not have to tell a requester whether a record exists. When notifying a requester that it is invoking this provision, institutions must also indicate the part of the Act on which a refusal could reasonably be expected to be based if the record existed. Section 16(2) was designed to address situations in which the mere confirmation of a record’s existence (or non-existence) would reveal information that could be protected under the Act. It is recommended that the application of section 16(2) be limited to circumstances where the confirmation or denial of the existence of a record would be injurious to Canada’s foreign relations, the defence of Canada, law enforcement activities and the safety of individuals, and the possible disclosure of personal information. The application of subsection 16(2) was used on one (1) occasion during the 2017-2018 fiscal year.
Completion Time
During the 2017-2018 Fiscal Year, seven (7) of the completed Privacy Requests were closed within the legislative timeframe. The efficiency of the processing of Privacy Act requests has increased since CSE received its delegation in 2013. In general, the requests received during 2017-2018 were also less complex than those received in previous years.
Long description - Table: 2
| Completion Time | Number of Requests | ||||
|---|---|---|---|---|---|
| 2013-2014 | 2014-2015 | 2015-2016 | 2016-2017 | 2017-2018 | |
| Closed within 30 days | 52 | 18 | 12 | 22 | 7 |
| 31 to 60 days | 5 | 1 | 0 | 0 | 0 |
| 61 to 120 days | 9 | 1 | 2 | 0 | 1 |
| 121 to 180 days | 1 | 0 | 0 | 0 | 0 |
| 181 to 365 days | 0 | 1 | 1 | 0 | 0 |
| More than 365 days | 0 | 3 | 1 | 0 | 0 |
Exemptions to the Release of Information
The most common exemptions applied at CSE were sections 21 and 26 of the Privacy Act. Of the four (4) requests that were disclosed in part, section 21 was applied in all cases to protect information which could be reasonably expected to be injurious to the defence of Canada. Section 26 was applied in three (3) requests to protect information about an individual other than the applicant. The application of these exemptions is consistent with previous reporting periods.
Extension of the Time Limit
One (1) extension, based on Section 15 (a)(i) of the Privacy Act relating to interference of operations, was taken on requests under the Privacy Act during the 2017-2018 fiscal year.
Consultations
CSE was consulted on two (2) requests during 2017-2018. These requests, received from another federal government institution, contained a total of 64 pages and were both closed during the reporting period. This number is consistent with consultations that were received in previous reporting periods.
Disclosure of Personal Information Under Paragraph 8(2)(m)
Subsection 8(2) of the Privacy Act describes the circumstances under which a government institution may disclose personal information under its control without the consent of the individual to whom the information relates. Such disclosures are discretionary and are subject to any other Act of Parliament.
Paragraph 8(2)(m) stipulates that an institution may disclose personal information for any purpose where, in the opinion of the head of the institution, the public interest in the disclosure clearly outweighs any invasion of privacy that could result from it or where the disclosure would clearly benefit the individual to whom the information relates.
CSE did not disclose any personal information pursuant to paragraph 8(2)(m) during the reporting period.
Fees and Costs
Total expenditures to administer the Privacy Act were $358,603. This represents the forecasted increase in expenditures from the previous fiscal year due to the establishment of the Privacy Policy and Governance team.
Complaints, Judicial Review and Audits
Individuals who are not satisfied with the processing of their privacy request or who feel that their personal information has been improperly collected, used or disclosed can file a complaint with the Office of the Privacy Commissioner of Canada.
CSE received two (2) complaints during the fiscal year. Two (2) previously-existing complaints were closed. One complaint was settled in the course of investigation, while the other was resolved, but is presently under judicial review in 2017-2018.
CSE’s Audit and Evaluation team continued their audit of CSE’s compliance with the Government of Canada Privacy Act and Privacy Regulations. The audit focuses on CSE’s compliance with the Privacy Act. It assess the extent to which CSE has developed and effectively uses its policy framework and administrative practices, ensuring sufficient governance, controls and risk management processes are in place to protect and manage personal information. The results and recommendations following this audit are expected in 2018-2019.
Monitoring Compliance
Using our case management software, the ATIP Office continued to produce reports on the time taken to process requests. These reports were shared with our ATIP Coordinator throughout the fiscal year. CSE’s Executive Committee (made up of DM and ADM level executives) is also informed of the status of Privacy Act requests on a weekly basis. CSE will continue to focus on improving our timeliness in 2018-2019.
Material Privacy Breaches
There were no material privacy breaches reported during the 2017-2018 fiscal year.
Appendix I: Delegation of Authority
Privacy Act Designation Order
The Minister of National Defence, pursuant to Sections 73 of the Privacy Act hereby designates the person holding the position of Director General, Policy and Communications to exercise the powers and perform the duties and functions of the Minister as head of a government institution under the Act. The Director, Disclosure, Policy and Review, the Manager, Disclosure Management and the Supervisor, ATIP Office will exercise all powers and duties under the Act, with the notable exception of the public interest override provision under paragraph 8(2)(m). The Chief, CSEC and Director General, Policy and Communications have the joint authority to invoke this provision.
The Minister also designates the following:
- the person holding the position of Supervisor, Access to Information and Privacy, to perform the functions pursuant to the Privacy Act under:
- section 15 (extensions to legislative deadlines);
- subsection 8(2) (use and disclosure) with the exception of paragraph 8(2)(m) (disclosures in the public interest)
- the person holding the position of Supervisor, Access to Information and Privacy, to respond to requests made under the Privacy Act if no records exist.
- the person holding the position of Supervisor, Access to Information and Privacy, to respond to consultation requests from other government departments regarding documents they are processing under the Privacy Act.
This Designation Order comes into effect on 1 April 2013 and supersedes all previous designation orders.
Dated at Ottawa, Ont this 26th day of March 2013.
Original signed by:
Honourable Peter Mackay, P.C.,M.P.
Minister of National Defence
Appendix II: Statistical Report on the Privacy Act
Name of institution: Communications Security Establishment
Reporting period: 2017-04-01 to 2018-03-31
| Number of Requests | |
|---|---|
| Received during reporting period | 10 |
| Outstanding from previous reporting period | 5 |
| Total | 15 |
| Closed during reporting period | 8 |
| Carried over to next reporting period | 7 |
Part 2: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 2 | 0 | 1 | 0 | 0 | 0 | 4 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
| Request abandoned | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
| Neither confirmed nor denied | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 1 |
| Total | 3 | 4 | 0 | 1 | 0 | 0 | 0 | 8 |
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 4 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 0 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 3 |
| 27 | 0 |
| 28 | 0 |
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
| Disposition | Paper | Electronic | Other formats |
|---|---|---|---|
| All disclosed | 0 | 0 | 0 |
| Disclosed in part | 3 | 1 | 0 |
| Total | 3 | 1 | 0 |
2.5 Complexity
| Disposition of requests | Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|---|
| All disclosed | 0 | 0 | 0 |
| Disclosed in part | 1514 | 1097 | 4 |
| All exempted | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 2 |
| Neither confirmed nor denied | 0 | 0 | 1 |
| Total | 1514 | 1097 | 7 |
| Disposition | Less than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 2 | 2 | 510 | 1 | 585 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 4 | 2 | 2 | 510 | 1 | 585 | 0 | 0 | 0 | 0 |
| Disposition | Consultation required | Assessment of fees | Legal advice sought | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 |
2.6 Deemed refusals
| Number of requests closed past the statutory deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External consultation | Internal consultation | Other | |
| 4 | 0 | 0 | 0 | 0 |
| Number of days past deadline | Number of requests past deadline where no extension was taken | Number of requests past deadline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Part 5: Extensions
| Disposition of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation or conversion | |
|---|---|---|---|---|
| Section 70 | Other | |||
| All disclosed | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 |
| No records exist | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 |
| Total | 1 | 0 | 0 | 0 |
| Length of extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes | |
|---|---|---|---|---|
| Section 70 | Other | |||
| 1 to 15 days | 0 | 0 | 0 | 0 |
| 16 to 30 days | 1 | 0 | 0 | 0 |
| Total | 1 | 0 | 0 | 0 |
Part 6: Consultations Received From Other Institutions and Organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 2 | 64 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 2 | 64 | 0 | 0 |
| Closed during the reporting period | 2 | 64 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 2 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 2 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Part 7: Completion Time of Consultations on Cabinet Confidences
| Number of days | Fewer than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of days | Fewer than 100 pages processed | 101-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 2 | 0 | 0 | 1 | 3 |
| Number of PIA(s) completed | 1 |
|---|
Part 10: Resources related to the Privacy Act
| Expenditures | Amount |
|---|---|
| Salaries | $353,949 |
| Overtime | $0 |
| Goods and Services | $4,654 |
| Professional services contracts | $0 |
| Other | $4,654 |
| Total | $358,603 |
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 3.97 |
| Part-time and casual employees | 0.00 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 0.00 |
| Students | 0.00 |
| Total | 3.97 |
