Annual Report to Parliament on the Administration of the Privacy Act 2019-2020

Pursuant to subsection 72(1) of the Privacy Act, this document contains the Annual Report to Parliament on the Administration of the Privacy Act for 2019-2020 as submitted by the Minister of National Defence.

Table of contents

Introduction

The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a federal government institution, and to provide individuals with a right of access to that information.

Canadians value their privacy and the protection of their personal information. They expect government institutions to respect the spirit and requirements of the Privacy Act. The Government of Canada is committed to protecting the privacy of individuals with respect to personal information that is under the control of government institutions. The government recognizes that this protection is an essential element in maintaining public trust.

This is the seventh annual report prepared by the Communications Security Establishment (CSE) and tabled in Parliament in accordance with section 72 of the Act. It presents an overview of the agency’s activities and describes how the Access to Information and Privacy (ATIP) Office carried out its responsibilities under the Privacy Act during the reporting period 1 April 2019 to 31 March 2020.

Mandate of the Communications Security Establishment

On August 1st, 2019 the Communications Security Establishment Act (CSE Act) entered into force as part of Bill C-59 (An Act respecting national security matters). The CSE Act sets out the five aspects of CSE’s mandate:

  • helping to protect and defend Canada’s most important cyber systems;
  • acquiring foreign intelligence in support of the Government of Canada’s intelligence priorities;
  • conducting defensive foreign cyber operations;
  • conducting active foreign cyber operations; and
  • assisting federal law enforcement and security agencies, the Canadian Forces and the Department of National Defence to carry out their lawful mandates.

The CSE Act provides CSE with a modern set of authorities and also enhances the accountability framework with new oversight and review functions.

Structure of the Access to Information and Privacy Office

The ATIP Office is part of the Policy, Disclosure and Review group in CSE’s Policy and Communications Branch. The Minister of National Defence delegated all authorities under section 73 of the Privacy Act to the Deputy Chief, Policy and Communications, the Director General, Policy, Disclosure and Review, the Director, Disclosures and Information Sharing, and to the Manager, Disclosures. He also delegated authorities to the Supervisor, Access to Information and Privacy Operations and the Supervisor, Privacy, Policy and Governance. A copy of the Delegation Order setting out the responsibilities under the Act appears in Appendix I of this report.

The protection of privacy is a fundamental part of our organizational culture and remains of paramount importance in all functions across the organization. The Access to Information and Privacy Office includes a manager responsible for twelve (12) mandated full-time positions working in two distinct teams: ATIP Operations and, Privacy Policy and Governance. At the end of the reporting period, the ATIP Operations team consisted of one (1) supervisor, and seven (7) analysts, while the Privacy Policy and Governance team consisted of one (1) supervisor and three (3) analysts.

In addition to preparing reports for Parliament and Treasury Board Secretariat (TBS), the ATIP Office acts on behalf of CSE as the delegated authority in dealings with TBS, and representatives of the federal Information and Privacy Commissioners regarding CSE’s administration of the Access to Information Act and Privacy Act.

Specifically, the ATIP Operations team is responsible for the following activities:

  • Processing requests under the Access to Information Act and Privacy Act;
  • Responding to consultation requests from other government institutions;
  • Providing advice and guidance to senior management and staff of CSE on ATIP legislation and policy-related matters;
  • Supporting CSE’s legislative compliance obligations under the Acts, including the application of their associated regulations, policies and guidelines;
  • Representing CSE in ATIP Communities of practice, such as the TBS ATIP Community meetings;
  • Drafting and implementing internal ATIP procedures, guidance documents and working aids; and,
  • Providing training to CSE staff on the administration of the Access to Information Act and the Privacy Act.

The Privacy Policy and Governance team is responsible for the following activities:

  • Providing advice and guidance to senior management and staff of CSE on privacy legislation and policy-related matters;
  • Providing expert privacy advice and assistance to business lines in the undertaking of Privacy Impact Assessments, privacy breach management, drafting of Privacy Notice Statements, and maintenance of Personal Information Banks;
  • Supporting CSE’s legislative compliance obligations under the Privacy Act, including the application of associated regulations, policies and guidelines;
  • Representing CSE in privacy protection communities of practice;
  • Coordinating the annual update of the institution’s Info Source publication, which includes a description of the agency’s organizational structure and record holdings;
  • Drafting and implementing privacy-related policies, internal procedures, guidance documents and working aids; and,
  • Providing training to CSE staff on the administration of the Privacy Act focusing on the protection of personal information.

Key Activities and Accomplishments

Education and Training

CSE continues its commitment to the learning and development of its employees, and provides comprehensive privacy awareness training sessions to ensure all employees are up to date on their responsibilities with regard to the management of personal information in both mission and non-mission related activities. These training sessions were delivered to specific audience groups such as operational units, new staff and coop students on a regular and ad hoc basis, reaching 201 employees. This year, CSE also deployed an online privacy awareness training module to improve the availability of the training to its employees which was completed by an additional 103 employees.

Additional privacy educational initiatives in 2019-2020 included promoting privacy awareness through the organization of Privacy Awareness Week at CSE from May 27, 2019 to May 31, 2019. Privacy Awareness Week is an event that provides CSE’s Privacy Policy and Governance team with the opportunity to educate and raise employee awareness of their responsibilities with regard to personal information and of the various resources available to them, including the Privacy Policy and Governance team and privacy awareness training.

Collectively, these efforts provided opportunities to showcase privacy across the organization, resulting in a greater number of program managers and stakeholders consulting with CSE’s ATIP Operations Office and Privacy Policy and Governance team for guidance on CSE privacy policies, procedures, and best practices for personal information management.  

Institutional Privacy Policies and Procedures

The CSE privacy policy suite includes a broad-scoped CSE Administrative Privacy Policy which outlines CSE’s obligations to manage and protect personal information in the course of its corporate functions in accordance with the Privacy Act, its regulations and Treasury Board Secretariat (TBS) policies relating to privacy. The Policy on Privacy Breaches for Non-Mission Related Activities outlines CSE’s obligations in the event of a privacy breach relating to non-mission activities. CSE did not make any changes to the privacy policy suite during the reporting period.

In 2019-2020, the Privacy Policy and Governance team updated the Privacy Needs Analysis form based on CSE client feedback, to further streamline CSE’s privacy compliance assessment process in the development of new services and programs.  The Privacy Needs Assessment form examines how a program or activity may affect the privacy of an individual and helps identify appropriate measures to mitigate the impact where necessary.

In addition, CSE was onboarded into the ATIP Online Request Service (AORS) late in FY2018-19, giving CSE the ability to receive requests under section 12(1) directly online from the requestor. The AORS is a centralized website developed by TBS that enables users to complete access to information and privacy requests and submit them to any of the institutions that are subject to the Government of Canada’s Privacy Act. The current reporting period includes the first full year CSE has accepted the requests through AORS system. CSE received twenty (20) requests in this manner, representing 56% of the total requests received.

Other Initiatives

The Privacy Policy and Governance internal website provides CSE employees with information on privacy accountabilities, responsibilities and activities. CSE employees can access important resources and tools via the website to support the development of Privacy Notice Statements, Privacy Needs Analysis, Privacy Impact Assessments, Privacy Breach investigations, Personal Information Banks and to request Privacy Awareness Training.

In 2019-2020, the ATIP Operations team continued to streamline its procedures through an initiative with its Offices of Primary Interest (OPIs) to increase efficiency and timeliness in the processing of requests by maintaining the initial review of records by the ATIP Office. This initiative will continue to be monitored while exploring new opportunities for increased efficiency.

Privacy Impact Assessments

During the 2019-2020 reporting period, CSE completed two (2) Privacy Impact Assessments and continued work on four (4). Privacy Policy and Governance is currently drafting summaries for Privacy Impact Assessments completed to date, with the intention of posting unclassified summaries of them online.

Statistical Report on the Administration of the Privacy Act

Number of Formal Requests

During this reporting period, CSE received 36 requests under section 12(1) the Privacy Act. In addition, eleven (11) requests outstanding from the previous reporting period were carried over, giving CSE a total of 47 requests to process. This is a significant increase from the previous fiscal year when 12 new requests were received, although it seems this is simply year-to-year fluctuation. By the end of 2019-2020, CSE closed 28 requests and carried forward 19 into 2020-2021.

Table: Received Requests - Long description follows
Long description - Table: 1
Table: Received Requests
  Number of Received Requests
2015-2016 2016-2017 2017-2018 2018-2019 2019-2020
Privacy 10 23 10 12 36
Privacy Consultations 2 1 2 1 1
 

Disposition of Completed Requests

CSE closed 28 requests during this reporting period. Of these, 17 were disclosed in part, one (1) was fully exempted, two (2) resulted in no records and three (3) were abandoned by the applicant. There were also five (5) requests where the existence of records was neither confirmed nor denied. This can be attributed to requests for records which, if they exist, would be located in CSE’s exempt personal information bank (CSE PPU 040) which contains records relating to CSE’s foreign intelligence files. No requests were disclosed in full.

Table: Closed Requests - Long description follows
Long description - Table: 2
Table: Closed Requests
  Number of Closed Requests
2015-2016 2016-2017 2017-2018 2018-2019 2019-2020
Privacy 16 22 8 8 28
Privacy Consultations 2 1 2 1 1
 
Table: Disposition of Completed Requests - Long description follows
Long description - Table: 3
Table: Disposition of Completed Requests
Disposition Number of Requests
2015-2016 2016-2017 2017-2018 2018-2019 2019-2020
All disclosed 0% 0% 0% 0% 0%
Disclosed in part 44% 27% 50% 50% 61%
All Exempted 0% 0% 0% 0% 4%
All Excluded 0% 0% 0% 0% 0%
No records exist 19% 36% 13% 0% 7%
Request abandoned 31% 9% 25% 25% 11%
Neither confirm nor Deny 6% 27% 13% 25% 18%
 

Neither Confirm Nor Deny

Section 16(2) of the Act states that institutions do not have to tell a requester whether a record exists. Section 16(2) was designed to address situations in which the mere confirmation of a record’s existence (or non-existence) would reveal information that could be protected under the Act. It is recommended that the application of section 16(2) be limited to circumstances where the confirmation or denial of the existence of a record would be injurious to Canada’s foreign relations, the defence of Canada, law enforcement activities and the safety of individuals, and the possible disclosure of personal information. When notifying a requester that it is invoking this provision, institutions must also indicate the part of the Act on which a refusal could reasonably be expected to be based if the record existed. The application of subsection 16(2) was used on five (5) occasions during the 2019-2020 fiscal year.

Completion Time

During the 2019-2020 fiscal year, 14 of the completed Privacy Requests were closed within the 30 day legislative timeframe. In general, the requests received during 2019-2020 involved information of a more sensitive nature and encompassed a greater volume of records than requests received in previous years, resulting in greater complexity in fulfilling them. CSE processed a total of 5,845 pages in 2019-2020 compared to 1,355 pages in the previous reporting period. Although the proportion of requests closed within legislative timelines decreased, the number of requests closed has increased to 28 from 8 in 2018-2019.

Table: Completion Time - Long description follows
Long description - Table: 4
Table: Completion Time
Completion Time Number of Requests
2015-2016 2016-2017 2017-2018 2018-2018 2018-2020
Closed within 30 days 75% 100% 88% 75% 50%
31 to 60 days 0% 0% 0% 13% 18%
61 to 120 days 13% 0% 13% 0% 14%
121 to 180 days 0% 0% 0% 0% 18%
181 to 365 days 6% 0% 0% 13% 0%
More than 365 days 6% 0% 0% 0% 0%
 

Exemptions to the Release of Information

The most common exemptions applied at CSE were sections 21 and 26 of the Privacy Act. Of the 17 requests that were disclosed in part, section 21 was applied in all cases to protect information which could be reasonably expected to be injurious to the defence of Canada. Section 26 was applied in 16 requests to protect information about an individual other than the applicant. The application of these exemptions is consistent with previous reporting periods.

Extension of the Time Limit

Two (2) extensions, based on Section 15 (a)(i) of the Privacy Act relating to interference of operations, was taken on requests under the Privacy Act during the 2019-2020 fiscal year. Extensions were taken on two (2) additional requests under Section 15(a)(ii) due to the need for external consultations.

Consultations

CSE was consulted on one (1) request during 2019-2020. This request was received from another federal government institution, contained a total of 3 pages and was closed during the reporting period. This number is consistent with consultations that were received in previous reporting periods.

COVID-19

CSE was impacted by COVID-19 during the reporting period and transitioned its activities to a work-from-home posture. While the Privacy Policy and Governance Team continued to provide policy guidance, support and advice to CSE during the work-from-home posture, the ATIP Operations team experienced significant challenges to continue regular operations from March 13, 2020 to March 31, 2020 due to the inability to access classified information responsive to requests. CSE is examining ways in which to modify its processes to further enable analysts to perform some of their duties remotely as needed in 2020-2021.

Disclosure of Personal Information Under Paragraph 8(2)(m)

Subsection 8(2) of the Privacy Act describes the circumstances under which a government institution may disclose personal information under its control without the consent of the individual to whom the information relates. Such disclosures are discretionary and are subject to any other Act of Parliament.

Paragraph 8(2)(m) stipulates that an institution may disclose personal information for any purpose where, in the opinion of the head of the institution, the public interest in the disclosure clearly outweighs any invasion of privacy that could result from it or where the disclosure would clearly benefit the individual to whom the information relates.

CSE did not disclose any personal information pursuant to paragraph 8(2)(m) during the reporting period.

Fees and Costs

Total expenditures to administer the Privacy Act were $528,105. This represents an increase in expenditures from the previous fiscal year due to an expansion of the Privacy Policy and Governance team.

Complaints, Judicial Review and Audits

Individuals who are not satisfied with the processing of their privacy request or who feel that their personal information has been improperly collected, used or disclosed can file a complaint with the Office of the Privacy Commissioner of Canada.

CSE received two (2) complaints during the fiscal year. One (1) privacy request carried over from 2017-2018 continued to be under judicial review in 2019-2020. No complaints were closed during the reporting period.

Monitoring Compliance

Using our case management software, the ATIP Office continued to produce reports on the time taken to process requests.  These reports were shared with our ATIP Coordinator throughout the fiscal year.  CSE’s Executive Committee (made up of DM and ADM level executives) is also informed of the status of Privacy Act requests on a weekly basis.

Material Privacy Breaches

There were no material privacy breaches reported during the 2019-2020 fiscal year.

Appendix I: Delegation of Authority

Communications Security Establishment

Privacy Act Delegation Order

The Minister of National Defense, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister of National Defense as the head of the Communications Security Establishment, under the provisions of the Act and related regulations set out below for each position.

  • Chief, Communications Security Establishment: joint authority under paragraph 8(2) (m) (public interest disclosure) with the Deputy Chief, Policy and Communications.
  • Deputy Chief, Policy and Communication: full authority, except joint authority under paragraph 8(2) (m) (public interest disclosure) with the Chief, Communications Security Establishment.
  • Director General, Policy. Disclosure and Review: full authority, except for paragraph 8(2) (m) (public interest disclosure).
  • Director, Disclosures, and Information Sharing: full authority, except for paragraph 8(2) (m) (public interest disclosure).
  • Manager, Disclosures: full authority, except for paragraph 8(2) (m) (public interest disclosure).
  • Supervisor, Access to Information and Privacy Operations: subsection 8(2) (use and disclosure) except for paragraph 8(2)(m) (public interest disclosure), subsection I 4(a) only when no records exist (notice) and section IS (extension of time limits).
  • Supervisor, Privacy, Policy and Governance: subsection 8(2) (use and disclosure) except for paragraph 8(2) (m) (public interest disclosure)
  • Manager, Counselling and Advisory Program: paragraph 8(2)(m) (public interest disclosure) when it is believed that there is a duty to report child abuse under provincial or territorial legislation as part of their official duties; or where it is believed that there is a threat of harm to self or other.
  • Counsellor, Counselling and Advisory Program: paragraph 8(2)(m) (public interest disclosure) when it is believed that there is a duty to report child abuse under provincial or territorial legislation as part of their official duties; or where it is believed that there is a threat of harm to self or other.

This delegation order replaces all previous delegation orders.

Dated at Ottawa this 26 day of April 2018

The Hon. Harijit S. Saijan. PC. OMM, MSM. CD. MP

Appendix II: Statistical Report on the Privacy Act

Name of institution: Communications Security Establishment

Reporting period: 2019-04-01 to 2020-03-31

Section 1: Requests Under the Privacy Act
  Number of Requests
Received during reporting period 36
Outstanding from previous reporting period 11
Total 47
Closed during reporting period 28
Carried over to next reporting period 19

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time
Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 6 3 4 4 0 0 17
All exempted 0 1 0 0 0 0 0 1
All excluded 0 0 0 0 0 0 0 0
No records exist 0 0 1 0 1 0 0 2
Request abandoned 3 0 0 0 0 0 0 3
Neither confirmed nor denied 0 4 1 0 0 0 0 5
Total 3 11 5 4 5 0 0 28
2.2 Exemptions
Section Number of Requests
18(2) 0
19(1)(a) 1
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 18
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 0
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 0
22.4 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 16
27 1
27.1 0
28 5
 
2.3 Exclusions
Section Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
 

2.4 Format of information released

Paper Electronic Other
12 5 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of pages processed Number of pages disclosed Number of requests
5845 3576 26
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 0 0 0 0 0 0 0 0 0 0
Disclosed in part 6 124 9 1428 0 0 2 2024 0 0
All exempted 1 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 3 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 5 0 0 0 0 0 0 0 0 0
Total 15 124 9 1428 0 0 2 2024 0 0
2.5.3 Other complexities
Disposition Consultation required Assessment of fees Legal advice sought Other Total
All disclosed 0 0 0 0 0
Disclosed in part 2 0 0 0 2
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 2 0 0 0 2

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines
  Requests closed within legislated timelines
Number of requests closed within legislated timelines 15
Percentage of requests closed within legislated timelines (%) 53.6

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines
Number of Requests Closed Past the Legislated Timelines Principal Reason
Interference with Operations / Workload External Consultation Internal Consultation Other
13 9 0 4 0
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Where No Extension Was Taken Number of Requests Past  Legislated Timelines Where an Extension Was Taken Total
1 to 15 days 4 0 4
16 to 30 days 0 0 0
31 to 60 days 1 0 1
61 to 120 days 4 3 7
121  to 180 days 1 0 1
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 10 3 13
2.8 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures under subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Section 4: Requests for correction of personal information and notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken 15(a)(i) Interference with operations 15 (a)(ii) Consultation 
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet ConfidenceSection (Section 70) External Internal 15(b)
Translation purposes or conversion
4 0 2 0 0 0 2 0 0
5.2 Length of extensions
Length of Extensions 15(a)(i) Interference with operations 15 (a)(ii)
Consultation
Further review required to determine exemptions Large volume of pages Large volume of requests Documents
are difficult to obtain
Cabinet
Confidence
Section
(Section 70)
External Internal 15(b)
Translation purposes or conversion
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 0 2 0 0 0 2 0 0
31 days or greater    0
Total 0 2 0 0 0 2 0 0

Section 6: Consulations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of
Canada institutions
Number of pages
to review
Other
organizations
Number of pages
to review
Received during the reporting period 1 3 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 1 3 0 0
Closed during the reporting period 1 3 0 0
Pending at the end of the reporting period 0 0 0 0
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of days required to complete consultation requests
1 to 15
days
16 to 30
days
31 to 60
days
61 to 120
days
121 to 180
days
181 to 365
days
More than 365
days
Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 1 0 0 0 0 0 1
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 1 0 0 0 0 0 1
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15
days
16 to 30
days
31 to 60
days
61 to 120
days
121 to 180
days
181 to 365
days
More than 365
days
Total
All disclosed 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services
Number of days Fewer than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 days 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of days Fewer than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 days 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
Section 8: Complaints and Investigations Notices Received
Section 31 Section 33 Section 35 Court action Total
2 0 0 0 2
Section 9: Privacy Impact Assessments (PIAs)
Number of PIA(s) completed 2
9.2 Personal Information Banks
Active Created Terminated Modified
2 0 0 0

Section 10: Material Privacy Breaches

Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

Section 11: Resources related to the Privacy Act

11.1 Costs
Expenditures Amount
Salaries $514,855
Overtime $1,450
Goods and Services $11,800
Goods and Services - Professional services contracts $0
Goods and Services - Other $11,800
Total $528,105
10.2 Human Resources
Resources Person Years Dedicated to Privacy Activities
Full-time employees 5.46
Part-time and casual employees 0.00
Regional staff 0.00
Consultants and agency personnel 0.00
Students 0.29
Total 5.75

Note: Enter values to two decimal places.

2019-2020 Supplemental Statistical Report – Requests affected by COVID-19 measures

In addition to completing the forms for the Statistical Reports on the ATIA and Privacy Act for 2019-20, institutions are asked to complete this Supplemental Report to help identify the impact of COVID-19 measures on institutional performance for 2019-20 and going forward. The data requirements are set out in the tables below.

Supplemental Statistical Report on the Privacy Act

The following table reports the total number of formal requests received during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 4 – Requests Received
  Number of requests
Received from 2019-04-01 to 2020-03-13 36
Received from 2020-03-14 to 2020-03-31 0
Total 36

The following table reports the total number of requests closed within the legislated timelines and the number of closed requests that were deemed refusals during two periods 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 5 – Requests Closed
  Number of requests
closed within the
legislated timelines
Number of requests
closed past the
legislated timelines
Received from 2019-04-01 to 2020-03-13
and outstanding from previous reporting periods
15 13
Received from 2020-03-14 to 2020-03-31 0 0
Total 15 13

The following table reports the total number of requests carried over during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 6 – Requests Carried Over
  Number of requests
Requests received from 2019-04-01 to 2020-03-13 and outstanding from previous reporting period that were carried over to the 2020-2021 reporting period 19
Requests received from 2020-03-14 to 2020-03-31 that were carried over to the 2020-2021 reporting period 0
Total 19

Mission

Mission

Discover CSE's impactful mission

Careers

Careers

Join our team and help keep Canadians safe

Culture and community

Culture and community

Learn how we support our employees and our community

Date modified: