Privacy Act - Annual Report 2011-2012

Table of Contents

• Preface
• Part I - Introduction
  1. Public Works and Government Services Canada (PWGSC)
     • 1.1 Background
     • 1.2 Raison d'être and Responsibilities
     • 1.3 Strategic Outcome and Program Activity Architecture
• Part II - Report on the Privacy Act
  1. Organization of the Access to Information and Privacy Directorate
     • 1.1 Delegation Instruments
     • 1.2 Responsibilities of the ATIP Directorate
     • 1.3 Policies and Procedures
  2. Summary of Activities and Highlights
     • 2.1 Management Accountability Framework (MAF)
     • 2.2 Committees
     • 2.3 ATIP Officer Development Program
     • 2.4 Training and Information Sessions
  3. Management of Personal Information
     • 3.1 Departmental Privacy Framework
     • 3.2 Privacy Impact Assessments
     • 3.3 Personal Information Banks
     • 3.4 Collection of Personal Information
  4. Statistical Report - Interpretation and Explanation of Trends
     • 4.1 Departmental Overview of Requests Received
     • 4.2 Requests under the Privacy Act
     • 4.3 Requests Closed During the Reporting Period
     • 4.4 Exemptions
     • 4.5 Exclusions
     • 4.6 Format of Information Released
     • 4.7 Complexity
     • 4.8 Processing Time
     • 4.9 Translations
     • 4.10 Disclosures Under Subsection 8(2) of the Act
     • 4.11 Requests for Correction of Personal Information and Notations
     • 4.12 Consultations from Other Government Institutions and Organizations
     • 4.13 Resources Related to the Privacy Act
  5. Complaints and Requests for Judicial Review
     • 5.1 Complaints to the Office of the Privacy Commissioner of Canada
     • 5.2 Requests for Judicial Review
• Annex A: Delegation of Authority (Excerpt)
• Annex B: Statistical Report on the Privacy Act

Preface

The Privacy Act (Revised Statutes of Canada, 1985, Chapter P-21) was proclaimed on July 1, 1983. The Act was most recently amended as a result of the royal assent of the Federal Accountability Act on December 12, 2006. Certain provisions came into force on December 12, 2006, and others took effect on April 1, 2007, and September 1, 2007.

The Privacy Act extends to individuals the right of access to information about themselves held by the government, subject to specific and limited exceptions. The Act also provides individuals the right to a reasonable expectation of privacy, including a basic right to exercise control over the collection, use and disclosure of their personal information.

Section 72 of the Privacy Act requires that the head of every federal government institution prepare for submission to Parliament an annual report on the administration of the Act within their institution during each fiscal year.

This annual report provides a summary of the management and administration of the Privacy Act within Public Works and Government Services Canada (PWGSC) for the fiscal year 2011-2012.

Part I - Introduction

1. Public Works and Government Services Canada (PWGSC)

1.1 Background

The Department, founded in 1841 and originally known as The Board of Works, was instrumental in the building of our nation's canals, roads and bridges, the Houses of Parliament, post offices and federal buildings across the country.

In 1993, the Department became Public Works and Government Services Canada (PWGSC) through the amalgamation of the former Supply and Services Canada, Public Works Canada, Government Telecommunications Agency (Communications Canada), and the Translation Bureau (Secretary of State of Canada).

The Department of Public Works and Government Services Act, passed in 1996, established the Department and set out the legal authorities for PWGSC's services. The Act established PWGSC as a common service organization providing government departments, boards and agencies with support services for their programs.

Today, the Department has evolved into a sophisticated operational arm of government that employs more than 13,000 staff working in the National Capital Area and across the country including regional offices in Halifax, Montreal, Toronto, Edmonton, and Vancouver, and abroad in the United States and in Europe.

The Office of the Procurement Ombudsman, an independent office, and part of the portfolio of the Minister of PWGSC, was established on May 5, 2008, as one of the final steps in the implementation of the Federal Accountability Act.

1.2 Raison d'être and Responsibilities

Public Works and Government Services Canada plays an important role in the daily operations of the Government of Canada. The Department is its principal banker, accountant, central purchasing agent, linguistic authority, real property manager and enabler of access to government services online.

PWGSC's vision is to excel in government operations, and our mission is to deliver high-quality services and programs that meet the needs of federal organizations and ensure sound stewardship on behalf of Canadians.

The Minister serves as the Receiver General for Canada and has the authority for the administration of services related to benefits, superannuation, pension plans, and the disbursement of pay to federal employees. The Minister is also responsible for maintaining the Public Accounts of Canada.

The Department's goal is to manage business in a way that strengthens accountability and transparency, and adds value for its clients. In doing so, PWGSC:

• injects more than $14 billion annually into the Canadian economy through government procurement;

• issues more than 14.6 million federal pay and pension payments;

• provides accommodation to parliamentarians and 270,455 public servants in 1,855 locations across Canada;

• provides translation and interpretation services, annually, for more than 1,500 parliamentary sittings and parliamentary committee meetings, and translates more than one million pages of text on behalf of other federal organizations; and,

• handles more than $2 trillion in cash flow transactions as the Receiver General for Canada.

The Office of the Procurement Ombudsman reviews complaints from suppliers. It also reviews procurement practices in departments and agencies, and makes recommendations for the improvement of those practices to ensure improved fairness, openness, and transparency in the procurement process.

1.3 Strategic Outcome and Program Activity Architecture

PWGSC's Program Activity Architecture (PAA), as approved by the Treasury Board, supports the strategic outcome of seeking high-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions. The following lists the program activities that comprise PWGSC's PAA.

• Acquisitions;
• Accommodation and Real Property Assets Management;
• Receiver General for Canada;
• Information Technology Infrastructure Services^{Footnote 1};
• Federal Pay and Pension Administration;
• Linguistic Management and Services;
• Specialized Programs and Services;
• Internal Services; and,
• Procurement Ombudsman^{Footnote 2}.

Part II - Report on the Privacy Act

1. Organization of the Access to Information and Privacy Directorate

The Access to Information and Privacy (ATIP) Directorate administers the provisions of the Privacy Act for PWGSC, including one Special Operating Agency, the Translation Bureau, as well as the Office of the Procurement Ombudsman.

The Director, ATIP, reports to the Director General, Executive Secretariat, who, in turn, reports to the Assistant Deputy Minister, Corporate Services and Strategic Policy Branch (ADM-CSSPB). The ATIP Directorate operated with up to 15 ATIP officers and nine consultants who worked under five Team Leaders to manage the requests received within the Department. Reporting to the Director, ATIP, the teams are overseen by the Manager, ATIP Operations, and the Manager, ATIP Policy and Governance. The two units are responsible for processing ATIP requests, consultations, complaints, and court cases, with the second one also being responsible for policy, governance and training. The administrative functions of the ATIP Directorate are supported by an administrative assistant, an office manager and up to five clerks.

1.1 Delegation Instruments

Under section 3 of the Privacy Act, the Minister of the Department is designated as the head of the government institution for purposes of the administration of the Act. Pursuant to section 73, the Minister may delegate any of her powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head, specified in the order.

Within PWGSC, this delegation instrument continued to be based on a centralized process with the Director General, Executive Secretariat, and the Director and managers of the ATIP Directorate having full delegated authority under the Act, with the exception of paragraph 8(2)(m). Certain administrative functions are also delegated to the ATIP chiefs to speed the processing of requests.

The delegation was revised in 2010 to provide full authority under the Act to the ADM-CSSPB as the branch head responsible for the ATIP program. Although in effect, these changes were formally incorporated in the Delegation of Authorities instrument signed on March 13, 2012.

An excerpt of the Delegation of Authorities approved by the Minister of Public Works and Government Services is attached in Annex A.

1.2 Responsibilities of the ATIP Directorate

The responsibilities of the ATIP Directorate include the following:

• managing all activities within PWGSC relating to the operation of the Act, as well as the regulations, directives and guidelines pursuant to them;

• developing, producing and promulgating departmental privacy policies, procedures, standards and guidelines;

• developing and delivering awareness training to PWGSC managers and staff to ensure departmental responsiveness to the legal obligations imposed by the Act and associated regulations;

• reviewing departmental policies, procedures and agreements to ensure that they are in compliance with the provisions of the Act and making recommendations for amendments;

• defending institutional decisions on the administration of the Act during investigations conducted by the Privacy Commissioner of Canada and during judicial proceedings at the Federal Court of Canada and the Supreme Court of Canada;

• collaborating with departmental branches to ensure that Privacy Impact Assessments (PIAs) are completed and personal information banks (PIBs) are established for new or substantially modified programs or activities, as well as registering the new or modified PIBs with the Treasury Board of Canada Secretariat (TBS);

• coordinating and approving the annual update of PWGSC's chapter in the TBS publication Info Source;

• reporting annually to Parliament, in accordance with section 72 of the Act and any instructions issued pursuant to paragraph 71(1)(e) of the Act;

• acting as spokesperson for the Department in dealings with the TBS, the Privacy Commissioner of Canada and other government departments and agencies;

• notifying the Office of the Privacy Commissioner of Canada of any initiative or issue that may relate to the Privacy Act or any of its provisions, or that may have an impact on the privacy of Canadians, at a sufficiently early stage to permit the Commissioner to review and discuss the issues involved, including:

  1. use or disclosure of personal information in a manner consistent with the purpose for which the information was obtained or compiled, and for which the consistent use is not identified in Info Source;

  2. development of legislation or regulations with privacy implications, prior to submission of the appropriate documentation for approval by the Governor in Council, or where applicable, prior to the approval of ministerial regulations;

  3. disclosure in the public interest under paragraph 8(2)(m) of the Privacy Act, either prior to the disclosure, or if this is not practicable, at the time of disclosure;

  4. PIAs, at a reasonably early stage prior to implementing the initiative, program or service; and,

  5. any suspected or actual breach or violation of security involving personal information.

The administration of the Act by the ATIP Directorate is also facilitated at the branch and regional office levels of PWGSC. Each organizational branch has an ATIP Liaison Officer who coordinates the collection of information and provides guidance to branch managers on the application of the Act, as well as related departmental directives and procedures.

1.3 Policies and Procedures

1.3.1 Departmental Policies on ATIP

For the reference of all employees, departmental policies are posted on PWGSC's intranet.

Departmental Policy 002 outlines the privacy Delegation of Authority and sets out the definitions, and the roles and responsibilities of all stakeholders within PWGSC. An annex to the Policy has been developed to outline the administrative attribution of powers and the departmental guidelines and procedures with respect to the disclosure of personal information pursuant to subsection 8(2) of the Privacy Act. Paragraphs (8)(2)(j) and (m) of the Act are delegated by the Minister pursuant to section 73 of the Act.

Departmental Policy 014 sets out definitions as well as the roles and responsibilities of employees with respect to the protection of personal information in the workplace.

1.3.2 ATIP Liaison Officer Handbook

The ATIP Liaison Officer Handbook is produced by the ATIP Directorate and is posted on PWGSC's intranet as a guide to:

• introduce departmental ATIP Liaison Officers across the Department to the Privacy Act and regulations;

• outline the roles and responsibilities of each PWGSC ATIP stakeholder; and,

• provide national processing standards and guidelines for the centralized handling of requests.

1.3.3 ATIP Directorate Desk Procedures

The ATIP Directorate has an ATIP Officer Desk Procedures manual in place, to standardize the work procedures used by staff, to facilitate the training of new hires and to complement the functionality of the electronic ATIP tracking system.

2. Summary of Activities and Highlights

2.1 Management Accountability Framework (MAF)

The MAF requirements for Area of Management 12 Information Management, Line of Evidence 12.5 Privacy, necessitate that PWGSC demonstrate compliance with statutory and regulatory requirements of the Act, including a demonstration of consistent public reporting on the administration of the Act.

The ATIP Directorate submitted its 2010-2011 statistical reports on time and in accordance with the TBS requirements. As Parliament was not sitting at the end of June, the Department tabled the ATIP annual reports in the House of Commons on September 19, 2011, and in the Senate on September 27, 2011.

Taking into account the feedback received from the TBS on PWGSC's 2010 Info Source submission, and with the goal of maintaining the Green rating received in the Round VII MAF assessment, the ATIP Directorate worked closely with the TBS and departmental branches on the 2011 update, that included revisions to several classes of records and personal information banks. PWGSC's Info Source chapter was submitted to the TBS on September 28, 2011, in accordance with the TBS requirements.

2.2 Committees

The Director General (DG), Executive Secretariat, participates on the interdepartmental ATIP DG Committee. The objective is to provide strategic advice to the TBS on overarching ATIP policy and operational questions.

The Director, ATIP, participated on the ATIP Community Development Initiative Working Group for developing and making recommendations to the ATIP DG Committee on generic tools for the ATIP Community, specifically organizational models, job descriptions, and competency profiles.

The Manager, ATIP Policy and Governance is an ad hoc member of the Departmental Information Management Committee (DIMC) that provides a forum for strategic discussions on department-wide IM related matters, ensuring that the Department makes IM decisions that are fully consistent with departmental priorities and for promoting collaboration between branches to ensure alignment to PWGSC's IM/Information Technology (IT) strategies and business priorities.

The ATIP Directorate is also represented at the Information Management Specialist Working Group (IMSWG) that was created in response to the TBS Information Management Policy that came into effect on July 1, 2007. The IMSWG is comprised of employees with IM functional expertise and is responsible for making recommendations to DIMC about Information Management within the Department, relating to their field of expertise.

2.3 ATIP Officer Development Program

The ATIP Officer Development Program was created in 2006 and revised in 2008-2009 to address the Department's mid and long-term shortage of skilled ATIP professionals by recruiting new employees at the junior level, and preparing them to fill senior ATIP Officer positions at the (Program Administration) PM-4 group and level within a three-year horizon. The Program is also intended to reduce the costs associated with the competitive staffing process and, in the long-term, the use of consultants.

In 2011-2012, one PM-1 was hired under the Program from a priority list, and two PM-1 trainees were promoted to the PM-2 group and level. Assessment tools are being developed to evaluate other program participants for promotion to the next level.

2.4 Training and Information Sessions

2.4.1 Departmental Employees

A brief overview of Privacy is incorporated into the general ATIP information sessions. During the fiscal year, 68 training and awareness sessions were given to 824 managers and employees from all branches of the Department at all levels.

As well, a section on ATIP has been added to the Department's Orientation Program for new employees. This section provides information on employee obligations under the Act, including an explanation of the duty to assist, a reminder that only those delegated under the Act can make disclosure decisions, a reference to procedures for reporting suspected contraventions, as well as a link to the departmental policy on ATIP.

In addition, In The Know articles have been issued, for all employees, providing tips on handling requests, and on Privacy Impact Assessments. As well, a booth was set up in the lobby of Place du Portage to share key ATIP information at the Information Management day in May 2011.

The ATIP Directorate has also participated in the development of the new PWGSC IM/ATIP Essentials Course. The course, developed in partnership with the Information Technology Services Branch, the Corporate Services and Strategic Policy Branch and the Human Resources Branch, will equip PWGSC employees with the competencies and skills to confidently manage the information in their care, in order to fulfill their information and recordkeeping responsibilities and meet legislative requirements.

2.4.2 ATIP Directorate Staff

All participants in the ATIP Officer Development Program, as well as other officers of the ATIP Directorate, are given the opportunity to register and complete the University of Alberta Information Access and Protection of Privacy Certification Program, and to take advantage of the ATIP training offered in-house and by the TBS.

Also, in order to increase competencies and ensure consistency within the ATIP Directorate, a PM-5 ATIP officer has been hired to develop and provide in-house training to ATIP staff. During the reporting period, a total of 19 training sessions were delivered on the following topics:

• Right of access, duty to assist, severability, and delegation of authority;
• Time extensions and fees – sections 9 and 11;
• Personal information – sections 3 to 8, and 26 of the Privacy Act;
• Solicitor-client privilege – section 27;
• AccessPro Case Management and Redaction; and,
• Media awareness.

3. Management of Personal Information

3.1 Departmental Privacy Framework

In the fall of 2011, the ATIP Directorate consulted all branches and regions to obtain high level information regarding their privacy practices in order to determine areas of risks and gaps in the departmental privacy framework and the management of personal information across the Department.

In summary, it has been determined that elements are in place, including a training program, a strong Personal Information Bank structure, privacy protocols, and standard privacy clauses for contracts. However, there is a need for a chief privacy officer at the senior management level, to build departmental privacy capacity, and to continue to increase privacy awareness among departmental management and staff.

3.2 Privacy Impact Assessments

The Treasury Board of Canada approved the Privacy Impact Assessment (PIA) Directive with an effective date of April 1, 2010. The objective of the Directive is to:

• provide direction to government institutions with respect to the administration of PIAs for new or substantially modified programs and activities involving the creation, collection and handling of personal information; and,

• ensure, through the conduct of PIAs, sound management and decision making as well as careful consideration of privacy risks with respect to the creation, collection and handling of personal information as part of government programs or activities.

A PIA must be initiated for a program or activity in the following circumstances:

• when personal information is used for or is intended to be used as part of a decision-making process that directly affects the individual;

• upon substantial modifications to existing programs or activities where personal information is used or intended to be used for an administrative purpose; and,

• when contracting out or transferring a program or activities to another level of government or the private sector results in substantial modifications to the program or activities.

The departmental PIA framework provides for the review and approval process within PWGSC, as well as the roles and responsibilities of stakeholders. Project managers follow this framework when conducting PIAs.

ATIP Directorate staff provides advice and guidance to PWGSC managers throughout the PIA process, including the review of PIA reports and liaison with the Office of the Privacy Commissioner.

When counsel from PWGSC's Legal Services unit review contractual terms and conditions, they inform contracting officers to seek the advice of the ATIP Directorate on the need for a PIA. The ATIP Directorate informs the contracting officers to check with their client departments and provides the name and telephone number of the responsible ATIP Coordinator. PWGSC's ATIP Directorate also advises on the requirement to include appropriate security and privacy clauses in procurement documentation.

Summaries of the PIAs completed by PWGSC are published on the departmental Internet site at the Privacy Impact Assessment (PIA) Public Reports. The site is intended to facilitate the public's understanding of the Access to Information Act, the Privacy Act and associated departmental procedures.

Table I provides the number of assessments conducted in the last three fiscal years.

Table Summary

Table I provides details on the Privacy Impact Assessments (PIAs) and Preliminary PIAs (PPIAs) in progress over the past three years.

Table I
Privacy Impact Assessments

Reporting Period	PIAs
	Initiated	Completed
2009-2010	6	5
2010-2011	4	5
2011-2012	3	2

3.2.1 PIAs Initiated

The following three PIAs were initiated in 2011-2012:

• Human Resources Information System
• Controlled Goods Program - Enhanced Security Strategy
• Federal Public Service Pension Administration

In addition to the above, the PWGSC ATIP Directorate provided advice and assistance to Shared Services Canada in the development of the following three PIAs:

• Credential Broker Services
• Internal Credential Management Services
• Branded Credential Services

3.2.2 PIAs Completed

During the 2010-2011 fiscal year, the following two PIAs were completed and sent to the Privacy Commissioner of Canada.

• Controlled Goods Program - Enhanced Security Strategy (CGP-ESS): PWGSC undertook a PIA to ensure that privacy was considered throughout the deployment of the CGP-ESS that was developed to address security gaps and operational inefficiencies. This is a new security assessment application for all individuals wishing to access controlled goods. The privacy risks identified in the PIA are rated Low in severity, except one rated Medium, and are being addressed by the Controlled Goods Directorate. The proposed mitigating mechanisms for the identified privacy risks indicate a continued commitment by PWGSC in ensuring the confidentiality and privacy of the personal information collected from individuals. The PIA summary is available at the Controlled Goods Program - Enhanced Security Strategy.

• Human Resources Information System: A PIA has been conducted to assess the privacy implications associated with the implementation of the new Human Resources Information System, a Crown-owned system developed to address the human resources needs of small to medium sized departments and agencies. The PIA determined privacy risks rated as Low in severity. To mitigate the risks, the Department has committed to: preparing a Memorandum of Understanding that indicates how privacy responsibilities and requirements will be administered with cluster clients in other federal departments and agencies; completing a Threat Risk Assessment; and briefing all Program Centre and Information Technology staff on the requirements for protecting personnel information. The PIA summary has been prepared for publication on the ATIP Directorate website.

3.3 Personal Information Banks

In accordance with the Departmental Policy on ATIP, the ATIP Directorate must be notified whenever there is a new or expanded collection of personal information or when personal information is used or disclosed for a use consistent with the purpose for which the information was obtained or compiled by the Department, but where such use is not included in the relevant personal information bank (PIB) published in Info Source.

Revisions to the following five institution-specific PIBs^{Footnote 3} were registered with the TBS in 2011-2012:

• PWGSC PPU 015 – Industry Personnel Clearance and Reliability Records
• PWGSC PPU 045 – Controlled Goods Registry Information
• PWGSC PPU 071 – Supplier Registration Information
  PWGSC PCU 195 – Certification Program for the Federal Government Procurement
  and Material Management
• PWGSC PCE 702 – Public Service Pensions Data Bank

The following PIB was deleted as it has been integrated in PWGSC PPU 071:

• PWGSC PPU 025 – Private Sector Resources

Effective April 1, 2012, the following three PIBs were transferred from PWGSC to Shared Services Canada:

• PPU 050 – Call Details
• PCU 606 – Internal and External Credential Management Services
• PCU 707 – Directory Services

PWGSC does not have any exempt banks.

3.4 Collection of Personal Information

Departmental Policy 061 (Forms Management) requires that all new and revised forms that collect personal information be reviewed by the ATIP Directorate to ensure compliance with privacy legislative and policy requirements. As well, the ATIP Directorate reviews electronic forms on departmental intranet and internet sites, including surveys and public opinion research. It also assists with the development of the related Privacy Notices and Consent Statements.

4. Statistical Report - Interpretation and Explanation of Trends

Statistical reporting on the administration of the Act has been conducted since 1983. This year marks the first time government institutions have completed new, more in-depth statistical reporting forms on the administration of the Act as prescribed by the TBS. The statistical report on the Privacy Act is attached in Annex B.

4.1 Departmental Overview of Requests Received

It is the practice of PWGSC to process requests formally where the information is sensitive and may be subject to an exemption or an exclusion pursuant to sections 18 through 28, 69 and 70 of the Act.

All requests pursuant to the Privacy Act are processed by the ATIP Directorate where they are first received and reviewed for clarity. Each request is then assigned to one or more organizational units of the Department that become responsible for locating and retrieving the records containing the information sought.

The organizational units review their relevant records and provide recommendations to the ATIP Directorate on any sensitivities related to their disclosure. Where necessary, the ATIP Directorate also undertakes consultations with other organizations before a skilled analyst reviews each record to make a decision on disclosure. The ATIP Directorate then notifies the requester and provides access to all of the records that can be disclosed.

4.2 Requests Under the Privacy Act

There were 98 requests filed under the Privacy Act in 2011-2012. Of these cases, 20 percent were for documents related to pension and pay, 17 percent for staffing processes, 11 percent for labour relation matters, nine percent for security clearances, and seven percent for employment related records. The remaining cases (36 percent) were for correspondence and other personal information pertaining to the requesters.

Compared with the previous fiscal year, PWGSC experienced a 10 percent decrease in the total number of privacy requests received. Table II provides an overview of the trends related to the volume of requests received by PWGSC over the past three years.

Table Summary

Table II provides details of the requests in progress during the fiscal year (requests outstanding from previous year, received, completed, and carried forward).

Table II
Processing Trends for Privacy Requests

Reporting Period	Outstanding	Received	Completed	Carried Forward
2009-2010	11	78	71	18
2010-2011	18	109	89	38
2011-2012	38	98	109	27

4.3 Requests Closed During the Reporting Period

Of the 136 requests in progress, 109 requests (80 percent) were completed during the 2011-2012 reporting period. The remaining 27 requests (28 percent) were carried forward to the next fiscal year. Of the 109 cases where the Department completed the request, information was released either in whole or in part in 76 requests (70 percent).

4.3.1 All Disclosed

In 26 of the 109 completed cases (24 percent), requesters were provided with full access to the relevant records totalling 2,847 pages. This figure is down by four percent from last fiscal year. On average, the files consisted of 112 pages, and the Department took 29 days to complete them. Two requests (eight percent) had more than 500 pages.

4.3.2 Disclosed in Part

PWGSC was compelled by the exemptive and exclusionary provisions of the Privacy Act to provide requesters partial access in 56 percent of the completed cases (60 of the 109 cases), for a total of 28,292 pages. This represents a 23 percent increase from last fiscal year. In most instances, the information withheld related to information about other individuals. On average, these requests contained approximately 650 pages, and required 142 days to complete. Thirteen comprised more than 1,000 pages.

4.3.3 Nothing Disclosed (All Exempted; All Excluded)

There was no request processed during the fiscal year where PWGSC was compelled by the exemptive and exclusionary provisions of the Privacy Act to withhold all information.

4.3.4 No Records Exist

After initial review, the Department was unable to process 16 requests (15 percent) because the Department did not have any records pertaining to the request. This represents a five percent decrease from the last fiscal year.

4.3.5 Request Abandoned

Of the completed cases, seven (6 percent) were eventually considered to be abandoned. Such an action may occur at any point in their processing and is often due to a requester not responding to clarification requests or no longer desiring the information.

4.4 Exemptions

An individual's right of access to his/her personal information under the Privacy Act is limited by a number of exemptions specified in sections 18 through 28 of the legislation.

Annex B is intended to show the types of exemptions invoked to refuse access. For clarity purposes, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five. If the same exemption was used several times for the same request, it would be reported only once.

As noted in Annex B, information about another individual (section 26 of the Act) accounts for the majority of the exemptions applied by the Department.

4.5 Exclusions

Pursuant to section 69, the Act does not apply to material that is published or available for purchase, library or museum material preserved solely for public record, material deposited with the Library and Archives Canada, as well as records considered to be confidences of the Queen's Privy Council of Canada pursuant to section 70 of the Act.

As in the case of exemptions, Annex B shows the types of exclusions invoked. Again, for the sake of clarity, if five different exclusions were cited in one request, one exclusion under each relevant section would be reported for a total of five. If the same exclusion was used several times for the same request, it would be reported only once.

Sections 69 and 70 were not invoked by PWGSC for any of the privacy request processed in the 2011-2012 fiscal year.

4.6 Format of Information Released

Of the 86 requests in which information was released, the requesters received copies of the records in all cases. There were no cases where access was provided by a combination of copies and in-person examination. It should be noted that the data in this section reflect only requests for which information was all disclosed or disclosed in part and therefore not those abandoned, etc.

Records were provided in the form of paper copies for 62 requests (57 percent), whereas 24 cases (43 percent) were in electronic format. With either method of access, as well as in-person examination, the ATIP Directorate offered the choice to the requester.

4.7 Complexity

PWGSC processed more than 45,000 pages during the reporting period. This represents a substantial increase compared to the previous fiscal year. While on average files contained 415 pages to be processed, 14 of the 109 requests completed (13 percent) had over 1,000 pages. Table III provides the trends related to the pages processed and disclosed by PWGSC over the past three years.

Table Summary

Table III provides a breakdown of complaints made to the Office of the Information Commissioner and of requests for judicial review filed with the Federal Court, for which PWGSC has been informed over the past three fiscal years.

Table III
Processing Trends for Pages Processed and Disclosed

Reporting Period	Pages Processed	Pages Disclosed
2009-2010	11,399	10,162
2010-2011	12,488	8,396
2011-2012	45,206	31,139

In addition to the high volume, consultations were required for nine of the 109 requests completed (eight percent). Other factors included sensitive subject matters, clarifications of requests, and unprecedented cases.

4.8 Processing Time

Of the 109 requests completed during the fiscal year, 47 (43 percent) needed to be extended in accordance with section 15 of the Act. In 40 cases meeting the original time limit would have unreasonably interfered with the operations of the Department. For the remaining seven cases, there was the need to consult with other government institutions.

Within the first thirty days, 49 requests (45 percent) were completed, while 20 requests (18 percent) were completed within 31 to 60 days, and 16 (15 percent) were completed between 61 and 120 days from the date of receipt by the Department. Eighteen of the cases (17 percent) required more than 120 days, and six (five percent) took more than one year. On average, privacy requests were completed within 102 days in 2011-2012, which is 31 days longer than the requests completed in the previous fiscal year.

Due to the large volume of records to be processed, 42 requests fell in a deemed refusal status and were closed after the statutory deadline. In 32 of those (76 percent), the maximum 30-day time extension allowed under the Act was not sufficient to complete the review. On average, PWGSC needed an additional 164 days to complete these late files.

The ATIP Directorate workload was the principal reason of delays in 38 percent of late cases. Other factors such as necessary consultations, complexity of requests and the reassignment of files within the ATIP Directorate also contributed to the delays.

4.9 Translation

One request was made for the translation of information from one official language to another.

4.10 Disclosures Under Subsection 8(2) of the Act

During 2011-2012, the Department made 17 disclosures of personal information to investigative bodies pursuant to paragraph 8(2)(e) of the Act. A copy of every request received under paragraph 8(2)(e), and a record of any information disclosed pursuant to the request, is kept in accordance with subsection 8(4) of the Act.

There were no disclosures made under paragraph 8(2)(m) of the Act.

4.11 Requests for Correction of Personal Information and Notations

There was no request for the correction of personal information or for a notation to be placed on a file.

4.12 Consultations from Other Government Institutions and Organizations

In addition to privacy requests, the Department received 13 privacy consultations in 2011-2012, for a total of 1,320 pages of records for review. PWGSC took 20 days on average to respond to these consultations. This is five days less than the previous fiscal year.

4.13 Resources Related to the Privacy Act

Salary costs associated with the Privacy program amounted to $165,141, and operations and maintenance costs to $209,132, for a combined total of $374,273. The associated full-time equivalent resources utilized were estimated at 3.3 for the 2011-2012 fiscal year.

5. Complaints and Requests for Judicial Review

Table IV provides the breakdown of complaints made to the Office of the Privacy Commissioner of Canada and of requests for judicial review filed with the Federal Court of Canada, for which PWGSC has been informed of over the past three fiscal years.

Table Summary

Table IV provides a breakdown of complaints made to the Privacy Commissioner of Canada and of requests for judicial review filed with the Federal Court of Canada, for which PWGSC has been informed of over the past three fiscal years.

Table IV
Complaints and Requests for Judicial Review

Reporting Period	Complaints	Judicial Reviews
2009-2010	7	0
2010-2011	2	0
2011-2012	17	1

5.1 Complaints to the Office of the Privacy Commissioner of Canada

In total, the Department was notified in 2011-2012 of 17 complaints, 11 of which related to requests received in previous fiscal years. This is a substantial increase compared to the previous fiscal year.

Of the 17 complaints, 10 (59 percent) pertained to information withheld under the Act, three (17 percent) concerned missing records, and two (12 percent) were about delays. The remaining two complaints (12 percent) were on other matters relating to the requests.

Of the complaints investigated, five were not substantiated, four were well founded, and 11 complaint investigations were still ongoing at the end of the fiscal year. The four well founded complaints were for delays in the processing of requests and for the application of exemptions. While this represents less than four percent of requests closed during the reporting period, PWGSC regularly reviews investigative findings to improve its administration of the Privacy Act.

5.2 Requests for Judicial Review

In 2011-2012, one request was made to the Federal Court of Canada seeking a judicial review. Below is a summary of the application:

• Federal Court Number T-426-12:On February 24, 2012, Ms. Diane Boutillier-Scott filed an application for review claiming that not all information was processed as part of her request. This matter had been investigated by the Office of the Privacy Commissioner and it was concluded that the complaint was not well-founded. Affidavits have been exchanged.

Annex A: Delegation of Authorities (Excerpt)

August 8, 2011
(revised on November 4, 2011)

Please note that the August 8, 2011 version has been updated as follows:

1. Changes to Schedule 1

Increase the contracting authorities further to the approval of the Integrated Investment Plan.

Increase the delegation of authority limit from $10K to $25K on individual transactions where the supplier is CORCAN where allowed by the per purchase limit on the cardholder's acquisition card.

Increase the delegation of authority for Call-ups Against Standing Offers to include contracts pursuant to Supply Arrangements for goods.

Increase authority limit for Information Technology Services Branch (ITSB) services contracting (electronic and competitive).

Addition or change to the "Table of Equivalent Positions" and "Specific Delegation of Authorities" tables to reflect the current organizational structures.

Extend the delegations pursuant to the Access to Information Act and the Privacy Act, as follows:

1. full authority to the Assistant Deputy Minister, Corporate Services and Strategic Policy, as the Branch head responsible for the Access to Information and Privacy (ATIP) program;

2. additional authority to the chiefs within the ATIP Directorate to allow them to make disclosure decisions about routine requests involving third party Information; and,

3. authority to officers within the ATIP Directorate regarding their duty to assist applicants.

Increase authority limit for Hospitality from $5K to "Full" for the Deputy Minister where he holds government-wide responsibility for a community of practice.

Minister's and Deputy Minister's Delegation of Authorities

We hereby delegate the powers vested in the offices of the Minister and Deputy Minister of Public Works and Government Services, in the manner defined in Schedules 1 to 4, the associated Tables of Equivalent Positions and specific delegations in the Notes to these schedules, including officers appointed on a temporary or acting basis to positions so defined, subject to the principles, guidelines, limitations and restrictions described in the department's Delegation of Authorities Manual and all relevant legislation, regulations and policies.

Specifically, this instrument is intended to delegate authority, as defined by:

Schedule 1

"Department-Wide Authorities", the "Table of Equivalent Positions" for Schedule 1 and the Specific Delegations contained in the "Notes to Schedule 1";

Schedule 2

"Real Property Services Authorities", the "Table of Equivalent Positions" for Schedule 2 and the Specific Delegations contained in the "Notes to Schedule 2";

Schedule 3

"Common Service Acquisition Authorities", the "Table of Equivalent Positions" for Schedule 3 and the Specific Delegations contained in the "Notes to Schedule 3";

Schedule 4

"Receiver General for Canada Authorities".

Further, these delegations are made on the explicit understanding that they are to be used only:

• commensurate with the level of responsibility assigned to the position and when required to undertake the duties of that position as described in the operational plans of the Department; and

• to attain departmental objectives, within the departmental mandate; or

• to attain clients' objectives when providing common services to client departments.

The department's Delegation of Authorities Manual documents the delegated authorities of Public Works and Government Services Canada and includes important information on the conditions under which we have made these delegations. All officers of the Department who are acting on our behalf in any matter related to these delegations must make themselves familiar with the contents of the Manual to ensure that they are fully cognizant of the conditions and implications of doing so.

________[orignal signed by the Minister]________
The Honourable Rona Ambrose, Privy Council (P.C.),
Member of Parliament (M.P.) (Edmonton–Spruce Grove)
Minister of Public Works and Government Services 

____[orignal signed by the Deputy Minister]_____
François Guimont
Deputy Minister of Public Works and Government Services

Department-Wide Authorities - Schedule 1

Administrative Authorities - Approvals

	Asset Disposals	Asset Write-Offs	Asset Loans	Project Approval: IT-Enabled Projects* & Business Projects	Treasury Board Submission	Amendment to the Table of Equivalent Positions	Access to Information Act	Privacy Act	Use of Government Vehicles	Exemption From Parking Charges	Certification of True Copies	Release Settlement Documents
Departmental Limit	FULL	FULL	FULL	FULL & Project Complexity and Risk Assessment (PCRA) Level 3	FULL	FULL	FULL	FULL	FULL	FULL	FULL	FULL
Generic Levels
Level 1	FULL See Notes	FULL	FULL	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes
Level 2	FULL See Notes	FULL	FULL				See Notes	See Notes	See Notes			See Notes
Level 3	FULL See Notes	FULL See Notes	FULL See Notes				See Notes	See Notes	See Notes
Level 4	FULL See Notes	FULL See Notes	FULL See Notes				See Notes	See Notes	See Notes
References to Notes to Schedule 1	50	51	52	53	54	55	56	57	58	59	60	61

*For IT-Enabled projects, obtaining the approval from the (Chief Information Officer) CIO-PWGSC is also required.

Supplementary Information

	Asset Disposals	Asset Write-Offs	Asset Loans	Project Approval: IT-Enabled Projects & Business Projects	Treasury Board Submission	Amendment to the Table of Equivalent Positions	Access to Information Act	Privacy Act	Use of Government Vehicles	Exemption From Parking Charges	Certification of True Copies	Release Settlement Documents
Departmental Limit	FULL	FULL	FULL	FULL & PCRA Level 3	FULL	FULL	FULL	FULL	FULL	FULL	FULL	FULL
Level 1	FULL See Notes	FULL	FULL	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes	See Notes
	50	51	52	53	54	55	56	57	58	59	60	61

Columns 50 to 52 are administrative authorities that allow managers to identify assets for disposal, write-off or loan. The authority to complete these transactions is only delegated to officers of Materiel Management in Corporate Services or Regional Corporate Services, Strategic Management & Communications.

Departmental Limit: FULL means the authority to dispose, write-off or loan assets for which the Department is responsible.

Level 1: FULL means the authority to dispose, write-off or loan assets for which the manager is responsible.

Column 53 For IT-Enabled projects, obtaining the approval from the CIO-PWGSC is also required.

Column 54 is a primary control on spending when that spending is outside the limits of Departmental authority. This is the authority to initiate a TB Submission. Only the Minister and Deputy Minister may approve a Submission to the Treasury Board.

Columns 55 to 61 are administrative authorities which are delegated to positions with assigned responsibility. Exercising of these authorities must also comply with relevant legislation, regulation and policy requirements and limitations.

Table of Equivalent Positions - for Schedule 1

This Table defines the positions at each of the four levels that receive the general delegations of authorities through the Schedule.

Notes:

1. Unless restricted by legislation, regulations and policies, the Deputy Minister and Associate Deputy Minister have full delegated authority;

2. For any position titles not listed in this Table of Equivalent Positions, the equivalent positions as recognized by the Chief Financial Officer shall apply.

Table of Equivalent Positions

Notes to Schedule 1

The Notes to the Schedule define the exceptions where authority is delegated to specific positions. These delegations are referenced in the Schedule.

Column 56 Access to Information Act

Specific Delegation of Authority

1. Only in regard to Sections 4(2.1), 7, 8(1), 9, 11(2) to 11(6), 19, 20, 24(1), 25, 27 28 and 33 of the Access to Information Act; Sections 6(1), 7(2)(3) and 8 of the Access to Information Regulations.

2. Only in regard to Sections 4(2.1), 9 and 27(1) of the Access to Information Act.

Column 57 Privacy Act

Specific Delegation of Authority

* Except for Section 8(2)(m) of the Privacy Act re; personal information to be disclosed in the public interest.

1. Only in regard to Sections 14, 15 and 26 of the Privacy Act; and section 9 of the Privacy Regulation.

2. Only in regard to Section 15 of the Privacy Act.

Annex B: Statistical Report on the Privacy Act

Name of institution: Public Works and Government Services Canada

Reporting period: 01/04/2011 to 31/03/2012

Part 1 – Requests under the Privacy Act

	Number of Requests
Received during reporting period	98
Outstanding from previous reporting period	38
Total	136
Closed during reporting period	139
Carried over to next reporting period	27

Part 2 - Requests closed during the reporting period

2.1 Disposition and completion time

Disposition of requests	Completion Time
	1 to 15 days	16 to 30 days	31 to 60 days	61 to 120 days	121 to 180 days	181 to 365 days	More than 365 days	Total
All disclosed	2	18	4	2	0	0	0	26
Disclosed in part	0	10	14	13	5	13	5	60
All exempted	0	0	0	0	0	0	0	0
All excluded	0	0	0	0	0	0	0	0
No records exist	6	7	2	1	0	0	0	16
Request abandoned	4	2	0	0	0	0	1	7
Total	12	37	20	16	5	13	6	109

2.2 Exemptions

Section	Number of requests
18(2)	0
19(1)(a)	0
19(1)(b)	0
19(1)(c)	0
19(1)(d)	0
19(1)(e)	0
19(1)(f)	0
20	0
21	1
22(1)(a)(i)	0
22(1)(a)(ii)	0
22(1)(a)(iii)	0
22(1)(b)	1
22(1)(c)	0
22(2)	0
22.1	0
22.2	0
22.3	3
23(a)	0
23(b)	0
24(a)	0
24(b)	0
25	0
26	57
27	6
28	0

2.3 Exclusions

Section	Number of requests
69(1)(a)	0
69(1)(b)	0
69.1	0
70(1)(a)	0
70(1)(b)	0
70(1)(c)	0
70(1)(d)	0
70(1)(e)	0
70(1)(f)	0
70.1	0

2.4 Format of information released

Disposition	Paper	Electronic	Other formats
All disclosed	23	3	0
Disclosed in part	39	21	0
Total	62	24	0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed

Disposition of requests	Number of pages processed	Number of pages disclosed	Number of requests
All disclosed	2,914	2,847	26
Disclosed in part	38,795	28,292	60
All exempted	0	0	0
All excluded	0	0	0
Request abandoned	3,497	0	7

2.5.2 Relevant pages processed and disclosed by size of requests

Disposition	Less than 100 pages processed		101-500 pages processed		501-1000 pages processed		1001-5000 pages processed		More than 5000 pages processed
	Number of requests	Pages disclosed	Number of requests	Pages disclosed	Number of requests	Pages disclosed	Number of requests	Pages disclosed	Number of requests	Pages disclosed
All disclosed	17	313	7	1,389	2	1,145	0	0	0	0
Disclosed in part	14	741	22	4,740	11	5,726	13	17,085	0	0
All exempted	0	0	0	0	0	0	0	0	0	0
All excluded	0	0	0	0	0	0	0	0	0	0
Abandoned	6	0	0	0	0	0	1	0	0	0
Total	37	1,054	29	6,129	13	6,871	14	17,085	0	0

2.5.3 Other complexities

Disposition	Consultation required	Legal Advice Sought	Interwoven Information	Other	Total
All disclosed	0	0	0	0	0
Disclosed in part	9	1	5	3	18
All exempted	0	0	0	0	0
All excluded	0	0	0	0	0
Abandoned	0	0	0	0	0
Total	9	1	5	3	18

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline

Number of requests closed past the statutory deadline	Principal Reason
	Workload	External consultation	Internal consultation	Other
42	16	1	1	24

2.6.2 Number of days past deadline

Number of days past deadline	Number of requests past deadline where no extension was taken	Number of requests past deadline where an extension was taken	Total
1 to 15 days	3	4	7
16 to 30 days	1	3	4
31 to 60 days	3	4	7
61 to 120 days	0	5	5
121 to 180 days	0	8	8
181 to 365 days	2	4	6
More than 365 days	1	4	5
Total	10	32	42

2.7 Requests for translation

Translation Requests	Accepted	Refused	Total
English to French	1	0	1
French to English	0	0	0
Total	1	0	1

Part 3 - Disclosures under subsection 8(2)

Paragraph 8(2)(e)	Paragraph 8(2)(m)	Total
17	0	17

Part 4 - Requests for correction of personal information and notations

	Number
Requests for correction received	0
Requests for correction accepted	0
Requests for correction refused	0
Notations attached	0

Part 5 - Extensions

5.1 Reasons for extensions and disposition of requests

Disposition of requests where an extension was taken	15(a)(i) Interference with operations	15(a)(ii) Consultation		15(b) Translation or conversion
		Section 70	Other
All disclosed	2	0	0	0
Disclosed in part	36	0	7	0
All exempted	0	0	0	0
All excluded	0	0	0	0
No records exist	2	0	0	0
Request abandoned	0	0	0	0
Total	40	0	7	0

5.2 Length of extensions

Length of extensions	15(a)(i) Interference with operations	15(a)(ii) Consultation		15(b) Translation purposes
		Section 70	Other
1 to 15 days	0	0	0	0
16 to 30 days	40	0	7	0
Total	40	0	7	0

Part 6 - Consultations received from other institutions and organizations

6.1 Consultations received from other government institutions and organizations

Consultations	Other government institutions	Number of pages to review	Other organizations	Number of pages to review
Received during the reporting period	13	1,320	0	0
Outstanding from the previous reporting period	0	0	0	0
Total	13	1,320	0	0
Closed during the reporting period	13	1,320	0	0
Pending at the end of the reporting period	0	0	0	0

6.2 Recommendations and completion time for consultations received from other government institutions

Recommendation	Number of days required to complete consultation requests
	1 to 15 days	16 to 30 days	31 to 60 days	61 to 120 days	121 to 180 days	181 to 365 days	More than 365 days	Total
Disclose entirely	4	7	0	0	0	0	0	11
Disclose in part	0	1	0	0	0	0	0	1
Exempt entirely	0	0	0	0	0	0	0	0
Exclude entirely	0	0	0	0	0	0	0	0
Consult other institution	0	0	0	0	0	0	0	0
Other	0	1	0	0	0	0	0	1
Total	4	9	0	0	0	0	0	13

6.3 Recommendations and completion time for consultations received from other organizations

Recommendation	Number of days required to complete consultation requests
	1 to 15 days	16 to 30 days	31 to 60 days	61 to 120 days	121 to 180 days	181 to 365 days	More than 365 days	Total
Disclose entirely	0	0	0	0	0	0	0	0
Disclose in part	0	0	0	0	0	0	0	0
Exempt entirely	0	0	0	0	0	0	0	0
Exclude entirely	0	0	0	0	0	0	0	0
Consult other institution	0	0	0	0	0	0	0	0
Other	0	0	0	0	0	0	0	0
Total	0	0	0	0	0	0	0	0

Part 7 - Completion time of consultations on Cabinet confidences

Number of days	Number of responses received	Number of responses received past deadline
1 to 15	0	0
16 to 30	0	0
31 to 60	0	0
61 to 120	0	0
121 to 180	0	0
181 to 365	0	0
More than 365	0	0
Total	0	0

Part 8 - Resources related to the Privacy Act

8.1 Costs

Expenditures		Amount ($)
Salaries		$165,141
Overtime		$0
Goods and Services		$209,132
Contracts for privacy impact assessments	$0
Professional services contracts	$54,700
Other	$154,432
Total		$374,273

8.2 Human Resources

Resources	Dedicated full-time	Dedicated part-time	Total
Full-time employees	2	15	17
Part-time and casual employees	0	0	0
Regional staff	0	0	0
Consultants and agency personnel	0	3	3
Students	0	1	1
Total	2	19	21