Pursuant to subsection 72(1) of the Privacy Act, this document contains the Annual Report to Parliament on the Administration of the Privacy Act for 2020-2021 as submitted by the Minister of National Defence.
Alternate format: Annual Report to Parliament on the Administration of the Privacy Act 2020-2021 (PDF, 662 KB)
Table of contents
- Introduction
- Mandate of the Communications Security Establishment
- Structure of the Access to Information and Privacy Office
- Key activities and accomplishments
- Other initiatives
- Privacy impact assessments
- Statistical report on the administration of the Privacy Act
- Complaints, judicial review and audits
- Monitoring compliance
- Material privacy breaches
- Appendix I: Delegation of authority
- Appendix II: Statistical report on the Privacy Act
Introduction
The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a federal government institution, and to provide individuals with a right of access to that information.
Canadians value their privacy and the protection of their personal information. They expect government institutions to respect the spirit and requirements of the Privacy Act. The Government of Canada is committed to protecting the privacy of individuals with respect to personal information that is under the control of government institutions. The government recognizes that this protection is an essential element in maintaining public trust.
This is the eighth annual report prepared by the Communications Security Establishment (CSE) and tabled in Parliament in accordance with section 72 of the Act. It presents an overview of the agency’s activities and describes how the Access to Information and Privacy (ATIP) Office carried out its responsibilities under the Privacy Act during the reporting period 1 April 2020 to 31 March 2021.
Mandate of the Communications Security Establishment
On August 1st, 2019 the Communications Security Establishment Act (CSE Act) entered into force as part of Bill C-59 (An Act respecting national security matters). The CSE Act sets out the five aspects of CSE’s mandate:
- helping to protect and defend Canada’s most important cyber systems;
- acquiring foreign intelligence in support of the Government of Canada’s intelligence priorities;
- conducting defensive foreign cyber operations;
- conducting active foreign cyber operations; and
- assisting federal law enforcement and security agencies, the Canadian Forces and the Department of National Defence to carry out their lawful mandates.
The CSE Act provides CSE with a modern set of authorities and also enhances the accountability framework with new oversight and review functions.
Structure of the Access to Information and Privacy Office
The ATIP Office is part of the Policy, Disclosure and Review group in CSE’s Policy and Communications Branch. The Minister of National Defence delegated all authorities under section 73 of the Privacy Act to the Deputy Chief, Policy and Communications, the Director General, Policy, Disclosure and Review, the Director, Disclosures and Information Sharing, and to the Manager, Disclosures. He also delegated limited authorities to the Supervisor, Access to Information and Privacy Operations and the Supervisor, Privacy, Policy and Governance. A copy of the Delegation Order setting out the responsibilities under the Act appears in Appendix I of this report.
The protection of privacy is a fundamental part of our organizational culture and remains of paramount importance in all functions across the organization. The Access to Information and Privacy Office includes a manager responsible for ten (10) mandated full-time positions working in two distinct teams: ATIP Operations and, Privacy Policy and Governance. At the end of the reporting period, the ATIP Operations team consisted of one (1) supervisor, and four (4) analysts, while the Privacy Policy and Governance team consisted of one (1) supervisor and four (4) analysts.
In addition to preparing reports for Parliament and Treasury Board Secretariat (TBS), the ATIP Office acts on behalf of CSE as the delegated authority in dealings with TBS, and representatives of the federal Information and Privacy Commissioners regarding CSE’s administration of the Access to Information Act and Privacy Act.
Specifically, the ATIP Operations team is responsible for the following activities:
- Processing requests under the Access to Information Act and Privacy Act;
- Responding to consultation requests from other government institutions;
- Providing advice and guidance to senior management and staff of CSE on ATIP legislation and policy-related matters;
- Supporting CSE’s legislative compliance obligations under the Acts, including the application of their associated regulations, policies and guidelines;
- Representing CSE in ATIP Communities of practice, such as the TBS ATIP Community meetings;
- Drafting and implementing internal ATIP procedures, guidance documents and working aids; and,
- Providing training to CSE staff on the administration of the Access to Information Act and the Privacy Act.
The Privacy Policy and Governance team is responsible for the following activities:
- Providing advice and guidance to senior management and staff of CSE on privacy legislation and policy-related matters;
- Providing expert privacy advice and assistance to business lines in the undertaking of Privacy Impact Assessments, privacy breach management, drafting of Privacy Notice Statements, and maintenance of Personal Information Banks;
- Supporting CSE’s legislative compliance obligations under the Privacy Act, including the application of associated regulations, policies and guidelines;
- Representing CSE in privacy protection communities of practice;
- Coordinating the annual update of the institution’s Info Source publication, which includes a description of the agency’s organizational structure and record holdings;
- Drafting and implementing privacy-related policies, internal procedures, guidance documents and working aids; and,
- Providing training to CSE staff on the administration of the Privacy Act focusing on the protection of personal information.
Key activities and accomplishments
Education and training
CSE continues its commitment to the learning and development of its employees and provides comprehensive privacy awareness training sessions to ensure all employees are up to date on their responsibilities with regard to the management of personal information in both mission and non-mission related activities. These training sessions were delivered to specific audience groups such as operational units, new staff and coop students on a regular and ad hoc basis, reaching 170 employees. In addition, 422 employees further completed the online privacy awareness training module, which is a training program deployed in 2019-2020 that aims to improve the availability of privacy awareness training to CSE employees.
Additional privacy educational initiatives in 2020-2021 included promoting privacy awareness through the organization of Privacy Awareness Week at CSE from May 11, 2020 to May 15, 2020. Privacy Awareness Week is an event that provides CSE’s Privacy Policy and Governance team with the opportunity to educate and raise employee awareness of their responsibilities regarding personal information and of the various resources available to them, including the Privacy Policy and Governance team and privacy awareness training.
Collectively, these efforts provided opportunities to showcase privacy across the organization, resulting in a greater number of program managers and stakeholders consulting with CSE’s ATIP Operations Office and Privacy Policy and Governance team. The teams’ support included guidance on CSE privacy policies, procedures, and best practices for personal information management.
Institutional privacy policies and procedures
The CSE privacy policy suite includes a broad-scoped CSE Administrative Privacy Policy which outlines CSE’s obligations to manage and protect personal information in the course of its corporate functions in accordance with the Privacy Act, its regulations and Treasury Board Secretariat (TBS) policies relating to privacy. CSE initiated a review of its corporate privacy policy instruments in 2020-2021 to streamline the policy suite. The initiative is expected to be completed in the upcoming fiscal year.
In 2020-2021, CSE updated its internal privacy compliance and impact assessment process, based on CSE client feedback, to further streamline the process in the development of new services and programs. The process examines how personal information is involved in a program or activity, and how the activity may affect the privacy of an individual. This allows CSE program managers to examine the effectiveness of privacy protection measures and identify appropriate additional measures to mitigate the impact where necessary.
Other initiatives
CSE was onboarded into the ATIP Online Request Service (AORS) late in FY2018-19, giving CSE the ability to receive requests under section 12(1) directly online from the requestor. The AORS is a centralized website developed by TBS that enables users to complete access to information and privacy requests and submit them to any of the institutions that are subject to the Government of Canada’s Privacy Act. The current reporting period includes the second full year CSE has accepted requests through the AORS system. CSE received twenty-one (21) requests in this manner, representing approximately 91% of the total requests received, a significant increase from the 56% received through AORS in the previous reporting period.
In 2020-2021, the ATIP Operations team also collaborated with CSE Offices of Primary Interest (OPIs) to address the challenges and restrictions created by the COVID-19 pandemic, and impacts to the regular operational posture. The pandemic limited access of staff to CSE facilities and infrastructure, which in turn restricted access to classified information responsive to requests, as well as ATIP analysts’ ability to review the classified material and process the requests.
COVID-19
CSE was impacted by COVID-19 pandemic during the reporting period and transitioned a significant portion of its activities to a work-from-home posture. In support of this transition, the Privacy Policy and Governance Team promptly transitioned its business processes to effectively support its internal clients, and support CSE’s continuing compliance with the Privacy Act. In particular, the transition to a work-from-home posture for CSE led, in a very short period of time, to an unprecedented use of cloud-based communications services and the deployment of a significant number of new in-house applications on its internal network. CSE’s Privacy Policy and Governance team provided advice and guidance to support the initiative and ensure that privacy guidelines are integrated.
On the other hand, ATIP operations experienced significant challenges to continue regular operations due to the limited access of staff to CSE facilities and infrastructure, which in turn restricted access to classified information responsive to requests, as well as ATIP analysts’ ability to review the classified material and process the requests. CSE is examining ways in which to modify its processes to further enable analysts to perform some of their duties remotely where possible in 2020-2021.
Privacy impact assessments
During the 2020-2021 reporting period, CSE completed one (1) Privacy Impact Assessment related to an operational initiative through the creation of an information sharing process. The Privacy Policy and Governance team is further supporting the development of six Assessments related to various operational and corporate activities. During this fiscal year, the Privacy Policy and Governance team also conducted a Gap Analysis to identify CSE’s Privacy Impact Assessment priorities for the next five years.
Statistical report on the administration of the Privacy Act
Number of formal requests
During this reporting period, CSE received 23 requests under section 12(1) the Privacy Act, which is a decrease from the previous fiscal year when 36 new requests were received. This decrease may simply be a regular year-to-year fluctuation, however it may also be reasonably attributed to the COVID-19 pandemic. In addition, nineteen (19) requests outstanding from the previous reporting period were carried over, giving CSE a total of 42 requests to process. By the end of 2020-2021, CSE closed 23 requests and carried forward 19 into 2021-2022.
Long description - Table: 1
Number of Received Requests | |||||
---|---|---|---|---|---|
2016-2017 | 2017-2018 | 2018-2019 | 2019-2020 | 2020-2021 | |
Privacy | 23 | 10 | 12 | 36 | 23 |
Privacy Consultations | 1 | 2 | 1 | 1 | 0 |
Disposition of completed requests
CSE closed 23 requests during this reporting period. Of these, 13 (56.5%) were disclosed in part, none were disclosed in full and two were abandoned by the applicants. There were also eight requests where the existence of records was neither confirmed nor denied. This can be attributed to requests for records which, if they exist, would be located in CSE’s exempt personal information bank (CSE PPU 040) which contains records relating to CSE’s foreign intelligence files. There were no requests which were exempted or excluded in full.
Long description - Table: 2
Number of Closed Requests | |||||
---|---|---|---|---|---|
2016-2017 | 2017-2018 | 2018-2019 | 2019-2020 | 2020-2021 | |
Privacy | 22 | 8 | 8 | 28 | 23 |
Privacy Consultations | 1 | 2 | 1 | 1 | 0 |
Long description - Table: 3
Disposition | Number of requests | ||||
---|---|---|---|---|---|
2016-2017 | 2017-2018 | 2018-2019 | 2019-2020 | 2020-2021 | |
All disclosed | 0% | 0% | 0% | 0% | 0% |
Disclosed in part | 27% | 50% | 50% | 61% | 57% |
All Exempted | 0% | 0% | 0% | 4% | 0% |
All Excluded | 0% | 0% | 0% | 0% | 0% |
No records exist | 36% | 13% | 0% | 7% | 0% |
Request abandoned | 9% | 25% | 25% | 11% | 9% |
Neither confirm nor Deny | 27% | 13% | 25% | 18% | 35% |
Neither confirm nor deny
Section 16(2) of the Act indicates that institutions do not have to tell a requester whether personal information exists. Section 16(2) was designed to address situations in which the mere confirmation of a record’s existence (or non-existence) would reveal information that could be protected under the Act. It is recommended that the application of section 16(2) be limited to circumstances where the confirmation or denial of the existence of a record would be injurious to Canada’s foreign relations, the defence of Canada, law enforcement activities, or the safety of individuals. When notifying a requester that it is invoking this provision, institutions must also indicate the part of the Act on which a refusal could reasonably be expected to be based if the record existed. The application of subsection 16(2) was used on eight occasions during the 2020-2021 fiscal year.
Completion time
Section 16(2) of the Act indicates that institutions do not have to tell a requester whether personal information exists. Section 16(2) was designed to address situations in which the mere confirmation of a record’s existence (or non-existence) would reveal information that could be protected under the Act. It is recommended that the application of section 16(2) be limited to circumstances where the confirmation or denial of the existence of a record would be injurious to Canada’s foreign relations, the defence of Canada, law enforcement activities, or the safety of individuals. When notifying a requester that it is invoking this provision, institutions must also indicate the part of the Act on which a refusal could reasonably be expected to be based if the record existed. The application of subsection 16(2) was used on eight occasions during the 2020-2021 fiscal year.
Long description - Table: 4
Completion time | Number of requests | ||||
---|---|---|---|---|---|
2016-2017 | 2017-2018 | 2018-2019 | 2019-2020 | 2020-2021 | |
Closed within 30 days | 100% | 88% | 75% | 50% | 35% |
31 to 60 days | 0% | 0% | 13% | 18% | 0% |
61 to 120 days | 0% | 13% | 0% | 14% | 9% |
121 to 180 days | 0% | 0% | 0% | 18% | 22% |
181 to 365 days | 0% | 0% | 13% | 0% | 26% |
More than 365 days | 0% | 0% | 0% | 0% | 9% |
Exemptions to the release of information
The most common exemptions applied at CSE were sections 21 and 26 of the Privacy Act. Of the 13 requests that were disclosed in part, section 21 was applied in all cases to protect information which could be reasonably expected to be injurious to the defense of Canada. Section 26 was applied in 12 requests to protect information about an individual other than the applicant. The application of these exemptions is consistent with previous reporting periods.
Extension of the time limit
Two (2) extensions, based on Section 15 (a)(i) of the Privacy Act relating to interference of operations, were taken on requests under the Privacy Act during the 2020-2021 fiscal year. Extensions were taken on two (2) additional requests under Section 15(a)(ii) due to the need for external consultations.
Consultations
CSE did not receive any consultations from other government departments during the reporting period. This could be attributed to year-to-year fluctuation.
Disclosure of personal information under paragraph 8(2)(m)
Subsection 8(2) of the Privacy Act describes the circumstances under which a government institution may disclose personal information under its control without the consent of the individual to whom the information relates. Such disclosures are discretionary and are subject to any other Act of Parliament.
Paragraph 8(2)(m) stipulates that an institution may disclose personal information for any purpose where, in the opinion of the head of the institution, the public interest in the disclosure clearly outweighs any invasion of privacy that could result from it or where the disclosure would clearly benefit the individual to whom the information relates. CSE did not disclose any personal information pursuant to paragraph 8(2)(m) during the reporting period.
Fees and costs
Total expenditures to administer the Privacy Act were $712,052. This represents an increase in expenditures from the previous fiscal year due to an expansion of the Privacy Policy and Governance team.
Complaints, judicial review and audits
Individuals who are not satisfied with the processing of their privacy request or who feel that their personal information has been improperly collected, used or disclosed can file a complaint with the Office of the Privacy Commissioner of Canada (OPC).
CSE received two (2) complaints during the fiscal year. One (1) privacy request carried over from 2017-2018 continued to be under judicial review in 2020-2021. Three (3) complaints were closed during the reporting period. Two (2) of the closed complaints were received prior to 2020-2021.
The first complaint closed during the reporting period was an exemption complaint received in July of 2018. CSE responded to the initial request neither confirming nor denying the existence of responsive records. CSE made representations to the OPC at the time the complaint was received. The OPC found that the complaint was not well founded in July 2020.
The second complaint closed was also an exemption complaint received in September of 2019. The complainant indicated that they had not received the release package as reported. A second release package was prepared and provided to the complainant and representations made to the OPC in October 2019. The OPC subsequently challenged the application of paragraph 19(1)(a) and section 21 on parts of the released package. CSE agreed to invite the complainant to view the information onsite in accordance with paragraph 17(1)(a) to review the information that was severed under paragraph 19(1)(a) and section 21. As a result, the OPC found the complaint to be well founded and resolved in February 2021.
The third complaint closed was a delay complaint which CSE had received in July 2020. CSE prioritized processing of the associated request and provided a response to the complainant in September 2020. The OPC found the complaint to be well founded and resolved in October 2020.
CSE has made representations to the OPC on the remaining complaint received during the current reporting period and will continue to communicate with the OPC to resolve it.
Monitoring compliance
Using our case management software, the ATIP Office continued to produce reports on the time taken to process requests. These reports were shared with our ATIP Coordinator throughout the fiscal year. CSE’s Executive Committee (made up of DM and ADM level executives) is also informed of the status of Privacy Act requests on a weekly basis.
Material privacy breaches
There were no material privacy breaches reported during the 2020-2021 fiscal year.
Appendix I: Delegation of Authority
Communications Security Establishment
Privacy Act Delegation Order
The Minister of National Defense, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister of National Defense as the head of the Communications Security Establishment, under the provisions of the Act and related regulations set out below for each position.
- Chief, Communications Security Establishment: joint authority under paragraph 8(2) (m) (public interest disclosure) with the Deputy Chief, Policy and Communications.
- Deputy Chief, Policy and Communication: full authority, except joint authority under paragraph 8(2) (m) (public interest disclosure) with the Chief, Communications Security Establishment.
- Director General, Policy. Disclosure and Review: full authority, except for paragraph 8(2) (m) (public interest disclosure).
- Director, Disclosures, and Information Sharing: full authority, except for paragraph 8(2) (m) (public interest disclosure).
- Manager, Disclosures: full authority, except for paragraph 8(2) (m) (public interest disclosure).
- Supervisor, Access to Information and Privacy Operations: subsection 8(2) (use and disclosure) except for paragraph 8(2)(m) (public interest disclosure), subsection I 4(a) only when no records exist (notice) and section IS (extension of time limits).
- Supervisor, Privacy, Policy and Governance: subsection 8(2) (use and disclosure) except for paragraph 8(2) (m) (public interest disclosure)
- Manager, Counselling and Advisory Program: paragraph 8(2)(m) (public interest disclosure) when it is believed that there is a duty to report child abuse under provincial or territorial legislation as part of their official duties; or where it is believed that there is a threat of harm to self or other.
- Counsellor, Counselling and Advisory Program: paragraph 8(2)(m) (public interest disclosure) when it is believed that there is a duty to report child abuse under provincial or territorial legislation as part of their official duties; or where it is believed that there is a threat of harm to self or other.
This delegation order replaces all previous delegation orders.
Dated at Ottawa this 26 day of April 2018
The Hon. Harijit S. Saijan. PC. OMM, MSM. CD. MP
Appendix II: Statistical Report on the Privacy Act
Name of institution: Communications Security Establishment
Reporting period: 2020-04-01 to 2021-03-31
Number of requests | |
---|---|
Received during reporting period | 23 |
Outstanding from previous reporting period | 19 |
Total | 42 |
Closed during reporting period | 23 |
Carried over to next reporting period | 19 |
Section 2: Requests closed during the reporting period
Disposition of requests | Completion time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 2 | 3 | 6 | 2 | 13 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
Neither confirmed nor denied | 1 | 5 | 0 | 0 | 2 | 0 | 0 | 8 |
Total | 3 | 5 | 0 | 2 | 5 | 6 | 2 | 23 |
Section | Number of requests |
---|---|
18(2) | 0 |
19(1)(a) | 0 |
19(1)(b) | 0 |
19(1)(c) | 0 |
19(1)(d) | 0 |
19(1)(e) | 0 |
19(1)(f) | 0 |
20 | 0 |
21 | 13 |
22(1)(a)(i) | 0 |
22(1)(a)(ii) | 0 |
22(1)(a)(iii) | 0 |
22(1)(b) | 1 |
22(1)(c) | 0 |
22(2) | 0 |
22.1 | 0 |
22.2 | 0 |
22.3 | 1 |
22.4 | 0 |
23(a) | 0 |
23(b) | 0 |
24(a) | 0 |
24(b) | 0 |
25 | 0 |
26 | 12 |
27 | 2 |
27.1 | 0 |
28 | 1 |
Section | Number of requests |
---|---|
69(1)(a) | 0 |
69(1)(b) | 0 |
69.1 | 0 |
70(1) | 0 |
70(1)(a) | 0 |
70(1)(b) | 0 |
70(1)(c) | 0 |
70(1)(d) | 0 |
70(1)(e) | 0 |
70(1)(f) | 0 |
70.1 | 0 |
2.4 Format of information released
Paper | Electronic | Other |
---|---|---|
2 | 11 | 0 |
2.5 Complexity
Number of pages processed | Number of pages disclosed | Number of requests |
---|---|---|
10870 | 5800 | 23 |
Disposition | Less than 100 pages processed |
101-500 pages processed |
501-1000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 2 | 92 | 7 | 1305 | 2 | 677 | 2 | 3726 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 7 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 11 | 92 | 8 | 1305 | 2 | 677 | 2 | 3726 | 0 | 0 |
Disposition | Consultation required | Assessment of fees | Legal advice sought | Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 2 | 0 | 0 | 0 | 2 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 2 | 0 | 0 | 0 | 2 |
2.6 Closed requests
Requests closed within legislated timelines | |
---|---|
Number of requests closed within legislated timelines | 8 |
Percentage of requests closed within legislated timelines (%) | 34.8 |
2.7 Deemed refusals
Number of Requests Closed Past the Legislated Timelines | Principal Reason | |||
---|---|---|---|---|
Interference with Operations / Workload | External Consultation | Internal Consultation | Other | |
15 | 3 | 0 | 7 | 5 |
Number of Days Past Legislated Timelines | Number of Requests Past Legislated Timeline Where No Extension Was Taken | Number of Requests Past Legislated Timelines Where an Extension Was Taken | Total |
---|---|---|---|
1 to 15 days | 0 | 0 | 0 |
16 to 30 days | 0 | 0 | 0 |
31 to 60 days | 1 | 0 | 1 |
61 to 120 days | 3 | 0 | 3 |
121 to 180 days | 4 | 1 | 5 |
181 to 365 days | 3 | 1 | 4 |
More than 365 days | 0 | 2 | 2 |
Total | 11 | 4 | 15 |
Translation Requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
0 | 0 | 0 | 0 |
Disposition for Correction Requests Received | Number |
---|---|
Notations attached | 0 |
Requests for correction accepted | 0 |
Total | 0 |
Section 5: Extensions
Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | ||||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet ConfidenceSection (Section 70) | External | Internal | 15(b) Translation purposes or conversion |
|
4 | 0 | 2 | 0 | 0 | 0 | 2 | 0 | 0 |
Length of Extensions | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation |
||||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain |
Cabinet Confidence Section (Section 70) |
External | Internal | 15(b) Translation purposes or conversion |
|
1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 days | 0 | 2 | 0 | 0 | 0 | 2 | 0 | 0 |
31 days or greater | 0 | |||||||
Total | 0 | 2 | 0 | 0 | 0 | 2 | 0 | 0 |
Section 6: Consulations Received From Other Institutions and Organizations
Consultations | Other Government of Canada institutions |
Number of pages to review |
Other organizations |
Number of pages to review |
---|---|---|---|---|
Received during the reporting period | 0 | 0 | 0 | 0 |
Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 |
Closed during the reporting period | 0 | 0 | 0 | 0 |
Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Completion time of consultations on Cabinet Confidences
Number of days | Fewer than 100 pages processed |
101-500 pages processed |
501-1000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Number of days | Fewer than 100 pages processed |
101-500 pages processed |
501-1000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
2 | 0 | 2 | 0 | 4 |
Number of PIA(s) completed | 1 |
---|
Active | Created | Terminated | Modified |
---|---|---|---|
2 | 0 | 0 | 0 |
Section 10: Material Privacy Breaches
Number of material privacy breaches reported to TBS | 0 |
---|---|
Number of material privacy breaches reported to OPC | 0 |
Section 11: Resources related to the Privacy Act
Expenditures | Amount |
---|---|
Salaries | $695,918 |
Overtime | $0 |
Goods and Services | $16,134 |
Goods and Services - Professional services contracts | $0 |
Goods and Services - Other | $16,134 |
Total | $712,052 |
Resources | Person Years Dedicated to Privacy Activities |
---|---|
Full-time employees | 7.469 |
Part-time and casual employees | 0.00 |
Regional staff | 0.00 |
Consultants and agency personnel | 0.00 |
Students | 0.280 |
Total | 7.749 |
Note: Enter values to two decimal places.
Supplemental Statistical Report on the Access to Information Act and Privacy Act
Name of institution: Communications Security Establishment
Reporting period: 2020-04-01 to 2021-03-31
Section 1: Capacity to Receive Requests
Number of Weeks | |
---|---|
Able to receive requests by mail | 41 |
Able to receive requests by email | 41 |
Able to receive requests through the digital request service | 41 |
Section 2: Capacity to Process Records
No Capacity | Partial Capacit | Full Capacity | Total | |
---|---|---|---|---|
Unclassified Paper Records | 0 | 0 | 52 | |
Protected B Paper Records | 11 | 41 | 0 | |
Secret and Top Secret Paper Records | 11 | 41 | 0 |
No Capacity | Partial Capacit | Full Capacity | Total | |
---|---|---|---|---|
Unclassified Electronic Records | 0 | 0 | 52 | |
Protected B Electronic Records | 11 | 41 | 0 | |
Secret and Top Secret Electronic Records | 11 | 41 | 0 |
Mission
Discover CSE's impactful mission
Careers
Join our team and help keep Canadians safe
Culture and community
Learn how we support our employees and our community