Privacy Act - Annual Report to Parliament

Download the PDF version

About this publication

Publication author : Canada Economic Development for Quebec regions

Collaborator : Corporate Secretariat

Publish date : March 18, 2013

Summary :

This annual report deals with the activities of the Agency in implementing the Privacy Act for the fiscal year 2011-2012.

Table of Contents

  1. Foreword
  2. 1. Introduction
  3. 2. Access to Information and Privacy Office
  4. 3. Delegation of Authority
  5. 4. Interpretation of the Statistical Report on Requests for Access to Personal Information
  6. 5. Training
  7. 6. Administrative Policies and Practices
  8. 7. Complaints and Investigations
  9. 8. Privacy Impact Assessment (PIA)
  10. 9. Disclosure of Personal Information
  11. 10. Actions Planned for 2012-2013
  12. Appendix A: 2010-2011 Annual Statistical Report
  13. Appendix B: Additional reporting requirements – Privacy Act

Foreword

Mandate of the Economic Development Agency of Canada for the Regions of Quebec

The Agency supports the development of the regions of Quebec by granting repayable or non-repayable contributions under its programs and initiatives.

Since April 3, 2012, this service delivery is based on quality standards and provided by advisors in each of the 14 business offices.

The Agency also provides information, guidance and advisory services for SMEs and NPOs.

Mission

Under its enabling legislation, which came into effect on October 5, 2005, the Agency’s mission is to promote the long-term economic development of the regions of Quebec by giving special attention to those where slow economic growth is prevalent or where opportunities for productive employment are inadequate.

As part of its mission, it also undertakes to promote co-operation and complementarity with Quebec and communities in Quebec.

Vision

In the long term, Quebec's regions and communities will have increased their development capacity, vitality and prosperity in a significant and lasting manner, to the benefit of their citizens.

1. Introduction

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

Privacy Act
The Privacy Act provides individuals with a general right of access to information held by federal government institutions, with some specific, limited exceptions.

It is intended to protect personal information by allowing only the individuals themselves to consult their information. It also ensures a substantial degree of control over how such information is gathered, used and communicated.

Section 72 of the Act also stipulates that the head of a federal institution shall submit an annual report to Parliament on the administration of the Act within the institution.

This document deals with activities related to administration of the Act at the Economic Development Agency of Canada for the Regions of Quebec. A copy may be obtained from:

Access to Information and Privacy Office
Economic Development Agency of Canada for the Regions of Quebec
Dominion Square Building
1255 Peel Street, Suite 900
Montreal, Quebec H3B 2T9

2. Access to Information and Privacy Office

The Access to Information and Privacy Office (AIPO) is part of the Agency’s Corporate Secretariat and includes the Corporate Secretariat Manager, the Public Rights Co-ordinator and two officers who devote half of their workload to requests related to access to information and privacy.

As the entity responsible for the Act, the AIPO represents the Agency with the public, the Treasury Board Secretariat (TBS), the Information and Privacy Commissioners and other federal departments and institutions.

The AIPO ensures, on behalf of the Agency, compliance with the legislation, regulations, procedures and overall directions of the government with regard to access to information.

Overall, the AIPO plays a key role in processing requests for information and for correction of personal information. It assists applicants and co-ordinates all related administrative and legal activities. It develops advice, overall approaches, reports and procedures related to administration of the Act and plays a role with Agency employees in terms of training.

 

3. Delegation of Authority

Under the Agency’s enabling legislation, the President is named as the head. In addition to ensuring management of the institution and controlling management of its staff, she is also responsible for enforcement of the Privacy Act.

The Agency reviewed in 2011-2012 all delegated authorities in this regard, and they are now identified in a delegation tool signed on March 24, 2011, which may be consulted on the next page. In this schedule, authority for enforcing the Act is delegated to the position of Manager, Corporate Secretariat, while most of the administrative authority has been transferred to the Co-ordinator of Public Rights. The schedule is part of the overall access action plan, which reflects current trends in government and is in line with major access to information principles. The Policy and Administrative Practices section provides additional details in this regard.

Delegation Schedule - Privacy Act by section and proposed delegation
Section Description Proposed delegation
Manager,
General Secretariat
Co-ordinator
8(2)(j) Disclose personal information for research purposes check mark, means that this cell has been checked  
8(2)(m) Disclose personal information in the public interest or in the interest of the individual check mark, means that this cell has been checked  
8(4) Retain copy of 8(2)(e) requests and disclosed records check mark, means that this cell has been checked check mark, means that this cell has been checked
8(5) Notify Privacy Commissioner of 8(2)(m) disclosures check mark, means that this cell has been checked check mark, means that this cell has been checked
9(1) Retain record of use check mark, means that this cell has been checked check mark, means that this cell has been checked
9(4) Consistent use check mark, means that this cell has been checked check mark, means that this cell has been checked
10 Include personal information in personal information banks check mark, means that this cell has been checked check mark, means that this cell has been checked
14 Notice where access requested check mark, means that this cell has been checked check mark, means that this cell has been checked
15 Extension of time limits check mark, means that this cell has been checked check mark, means that this cell has been checked
17(2)(b) Language of access check mark, means that this cell has been checked check mark, means that this cell has been checked
17(3)(b) Access to personal information in alternative format check mark, means that this cell has been checked check mark, means that this cell has been checked
18(2) Exemption (exempt bank) - Disclosure may be refused check mark, means that this cell has been checked  
19(1) Exemption - Personal information obtained in confidence check mark, means that this cell has been checked  
19(2) Exemption - Where authorized to disclose check mark, means that this cell has been checked  
20 Exemption - Federal-provincial affairs check mark, means that this cell has been checked  
21 Exemption - International affairs and defence check mark, means that this cell has been checked  
22 Exemption - Law enforcement and investigation check mark, means that this cell has been checked  
22.3 Exemption - Public Servants Disclosure Protection Act check mark, means that this cell has been checked  
23 Exemption - Security clearances check mark, means that this cell has been checked  
24 Exemption - Individuals sentenced for an offence check mark, means that this cell has been checked  
25 Exemption - Safety of individuals check mark, means that this cell has been checked  
26 Exemption - Information about another individual check mark, means that this cell has been checked  
27 Exemption - Solicitor-client privilege check mark, means that this cell has been checked  
28 Exemption - Medical record check mark, means that this cell has been checked  
31 Notice of intention to investigate check mark, means that this cell has been checked check mark, means that this cell has been checked
33(2) Right to make representation check mark, means that this cell has been checked  
35(1) Findings and recommendations of Privacy Commissioner (complaints) check mark, means that this cell has been checked check mark, means that this cell has been checked
35(4) Access to be given check mark, means that this cell has been checked check mark, means that this cell has been checked
36(3) Report of findings and recommendations (exempt banks) check mark, means that this cell has been checked check mark, means that this cell has been checked
37(3) Report of findings and recommendations (compliance review) check mark, means that this cell has been checked check mark, means that this cell has been checked
51(2), (3) Special rules for hearings check mark, means that this cell has been checked  
72(1) Report to Parliament check mark, means that this cell has been checked check mark, means that this cell has been checked

I approve the delegation schedule.
[original signed]
Suzanne Vinet, President
Date: March 24, 2011

4. Interpretation of the Statistical Report on Requests for Access to Personal Information

Requests

The Agency did not receive any requests in 2011-2012 and no requests were carried over from the previous year.

Costs

Expenses related to enforcement of the Act totalled $7,859. Costs related to administration totalled $563. These costs included training, travel, licences for software for the processing of requests and the purchase of supplies. Salaries were in the order of $7,296.

5. Training

In 2011-2012, following submission of its action plan, the AIPO looked into the training needs of Agency staff. Based on this analysis, a mandatory course entitled Access to Information and Privacy was designed by the AIPO team, intended to make all Agency employees aware of compliance with acts and regulations related to access to information and privacy.

This training took the form of a session which could be shaped to employee needs. The first session, three hours in length, enabled employees to understand the legislation and their roles in the processing of requests for access to information and personal information. The training was also shaped into a one and a half hour initiation session, intended to provide general information for employees with no specific role in the processing of requests for access to information and personal information.

This training was presented by AIPO officers in a classroom setting for employees at Head Office in Montreal and business offices in the surrounding area. Employees in the other business offices and external branches were also able to attend the training via telepresence. A variety of dynamic participatory learning activities were used to support trainers throughout the training session. In addition, a practical guide on the material presented was handed out to all participants.

Most Agency employees attended the three-hour training session. At the end of the session, they were able to:

The 30 sessions presented between November 2011 and April 2012 enabled the AIPO team to train 316 employees out of a total of 399 FTEs. The objective for 2012-2013 will be to reach employees who have not yet received the training and present it to new employees as required, ensuring that the other employees maintain the knowledge they have acquired.

In addition to this training series, a coffee and chat session was held as part of Canadian Right to Know Week in September 2011. The event attracted 35 employees interested in attending a discussion meeting where they were encouraged to ask questions of AIPO employees. During the event, a leaflet containing e-mail addresses related to privacy was distributed to participants.

All in all, the training sessions and the coffee and chat were appreciated by Agency employees, allowed participants to become familiar with the legislation and clarified the work of the AIPO.

6. Administrative Policies and Practices

Procedure

For two years, the AIPO has maintained its Access to Information and Personal Information Procedure, which was submitted to and approved by Agency senior management in March 2011. The procedure was then presented to employees on the Agency’s intranet site and was not amended in 2012.

The Directive on the Administration of the Access to Information Act, which came into effect in March 2010, was used as a guide for implementation of the new procedure. The procedure is intended to make it easier to comply with the legislative and regulatory requirements of the acts, specify the roles and responsibilities of the stakeholders involved in processing requests for access and model the practices and procedures for processing access requests efficiently.

In addition to presenting the roles and responsibilities of the various stakeholders, this procedure identifies the process for handling the requests and illustrates the various steps in processing and approval in effect at the Agency, as shown on the next page.

Receipt

As part of a well defined process, the AIPO is responsible for receiving and processing requests submitted under the Act and provides leadership in this regard. The AIPO then forwards the requests to the office of primary interest, which is then responsible for forwarding the requested documents and providing the AIPO with expert advice.

Processing

Once the document extraction process has been completed, the AIPO analyses the documents on the basis of the Act, consults the office of primary interest. It then informs the branch or sector concerned of the recommended dispositions, which are then submitted to the Manager, Corporate Secretariat, for approval.

Communication

The documents are prepared for communication and sent to the applicants.

Development of advice

In addition to the expert advice services related to personal information provided to the Agency’s employees, the AIPO develops advice with regard to the communication of internal audit reports and environmental assessments stored in the Canadian Environmental Assessment Registry. This exercise assures the responsibility centres concerned that their reports are communicated in accordance with the Act.

In 2011-2012, 4 environmental assessments and 5 audit reports were analysed by the AIPO.

7. Complaints and Investigations

The Agency did not receive any complaints related to requests for access to personal information in 2011-2012.

8. Privacy Impact Assessment (PIA)

Given the nature of its activities and the type of information it holds, the Agency conducts few Privacy Impact Assessments. In 2011-2012, no new program or activity resulted in a Privacy Impact Assessment.

9. Disclosure of Personal Information

No information was disclosed under paragraph 8(2)(m) in 2011-2012.

10. Actions Planned for 2012-2013

The AIPO will continue its initial mandate, which is to respond to all requests for access to personal information, according to the spirit and the letter of the Act.

In recent years, the AIPO’s objective has been to consolidate its workforce and establish business practices which comply with guidelines and regulations, as well as major trends in the protection of personal information. Over the coming year, the AIPO intends to continue its activities in this regard. This objective will be attained through:

2012-2013

Appendix A: 2010-2011 Annual Statistical Report

Name of institution: Canada Economic Development for Quebec Regions

Reporting period: 01/04/2011 to 31/03/2012

Part 1 - Requests under the Privacy Act

  Number of Requests
Received during reporting period 0
Outstanding from previous reporting period 0
Total 0
Closed during reporting period 0
Carried over to next reporting period 0

Part 2 - Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion Time
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

2.2 Exemptions
Section Number of requests
18(2) 0
19(1) (a) 0
19(1) (b) 0
19(1) (c) 0
19(1) (d) 0
19(1) (e) 0
19(1) (f) 0
20 0
21 0
22(1) (a) (i) 0
22(1) (a) (ii) 0
22(1) (a) (iii) 0
22(1) (b) 0
22(1) (c) 0
22(2) 0
22.1 0
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 0
27 0
28 0

2.3 Exclusions
Section Number of requests
69(1) (a) 0
69(1) (b) 0
69.1 0
70(1) (a) 0
70(1) (b) 0
70(1) (c) 0
70(1) (d) 0
70(1) (e) 0
70(1) (f) 0
70.1 0

2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 0 0 0
Disclosed in part 0 0 0
Total 0 0 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages processed Number of pages disclosed Number of requests
All disclosed 0 0 0
Disclosed in part 0 0 0
All exempted 0 0 0
All excluded 0 0 0
Request abandoned 0 0 0

2.5 Complexity 2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100 pages processed 101-500 pages processed 501-1000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Abandoned 0 0 0 0 0 0
Total 0 0 0 0 0 0

2.5 Complexity 2.5.2 Relevant pages processed and disclosed by size of requests (continued)
Disposition 1001-5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 0 0 0 0
Disclosed in part 0 0 0 0
All exempted 0 0 0 0
All excluded 0 0 0 0
Abandoned 0 0 0 0
Total 0 0 0 0

2.5 Complexity 2.5.3 Other complexities
Disposition Consultation required Assessment of fees Legal Advice Sought Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 0 0 0 0
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Abandoned 0 0 0 0 0
Total 0 0 0 0 0

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Number of requests closed past the statutory deadline Principal Reason
Workload External consultation Internal consultation Other
0 0 0 0 0

2.6 Deemed refusals
2.6.2 Number of days past deadline
Number of days past deadline Number of requests past deadline where no extension was taken Number of requests past deadline where an extension was taken Total
1 to 15 days 0 0 0
16 to 30 days 0 0 0
31 to 60 days 0 0 0
61 to 120 days 0 0 0
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 0 0 0

2.7 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3 - Disclosures under subsection 8(2)

Paragraph 8(2)(e) Paragraph 8(2)(m) Total
0 0 0

Part 4 - Requests for correction of personal information and notations

  Number
Requests for correction received 0
Requests for correction accepted 0
Requests for correction refused 0
Notations attached 0

Part 5 - Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of requests where an extension was taken 15(a)(i)
Interference with operations
15(a)(ii)
Consultation
15(b)
Translation or conversion
Section 70 Other
All disclosed 0 0 0 0
Disclosed in part 0 0 0 0
All exempted 0 0 0 0
All excluded 0 0 0 0
No records exist 0 0 0 0
Request abandoned 0 0 0 0
Total 0 0 0 0

5.2 Length of extensions
Length of extensions 15(a)(i)
Interference with operations
15(a)(ii)
Consultation
15(b)
Translation purposes
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 0 0 0 0
Total 0 0 0 0

Part 6 - Consultations received from other institutions and organizations

6.1 Consultations received from other government institutions and organizations
Consultations Other
government institutions
Number of pages to review Other organizations Number of pages to review
Received during the reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Pending at the end of the reporting period 0 0 0 0

6.2 Recommendations and completion time for consultations received from other government institutions
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days than 365 days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days than 365 days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Part 7 - Completion time of consultations on Cabinet confidences

Number of days Number of responses received Number of responses received past deadline
1 to 15 0 0
16 to 30 0 0
31 to 60 0 0
61 to 120 0 0
121 to 180 0 0
181 to 365 0 0
More than 365 0 0
Total 0 0

Part 8 - Resources related to the Privacy Act

8.1 Costs
Expenditures Amount
Salaries $7 296
Overtime $0
Goods and Services $563
• Contracts for privacy impact assessments $0  
• Professional services contracts $0
• Other $563
Total $7 859

8.2 Human Resources
Resources Dedicated full-time Dedicated part-time Total
Full-time employees 0,00 1,00 1,00
Part-time and casual employees 0,00 0,00 0,00
Regional staff 0,00 0,00 0,00
Consultants and agency personnel 0,00 0,00 0,00
Students 0,00 0,00 0,00
Total 0,00 1,00 1,00

Appendix B: Additional reporting requirements – Privacy Act

Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA) Policy (which came into effect on May 2, 2002) and the Directive on Privacy Impact Assessment (which took effect April 1, 2010) through a variety of means. Institutions are therefore required to report the following information for this reporting period. Note that because some institutions are using the Core PIA as outlined in the Directive in advance of the implementation deadline, they will not have Preliminary PIAs to report.

None of the following assessments were carried out during the 2011-2012 fiscal year:

Part III – Exemptions invoked

Paragraph 19(1)(e)

Paragraph 19(1)(f)

Subsection 22.1

Subsection 22.2

Subsection 22.3

None of the following exemptions was invoked during the 2011-2012 fiscal year

Part IV – Exclusions cited

Neither of the following two exclusions was cited during the 2011-2012 fiscal year

Subsection 69.1

Subsection 70.1

Date modified: