Annual Report to Parliament 2020-2021 on the Administration of the Privacy Act

Table of contents

Introduction

The Royal Canadian Mounted Police (RCMP) is committed to being open, transparent, and accountable for the services we provide while safeguarding the personal information collected as part of the process. As such, we take our responsibilities under the Access to Information Act (ATIA) and Privacy Act (PA) seriously, and will continue to strive to meet Canadians' expectations, while protecting the public and the integrity of the investigations we undertake on their behalf.

The PA provides individuals with the right to access information about themselves held by the government, subject to specific and limited exceptions. The Act also protects individuals' privacy by preventing others from having access to their personal information, and gives individuals substantial control over the collection, retention, use and disclosure of their personal information.

The RCMP's annual report for 2020-2021 details the manner in which the RCMP discharged its responsibilities in relation to the Act during the reporting period. The report is prepared and tabled in Parliament in accordance with section 72(1) of the PA.

The RCMP is undergoing a major effort to modernize its Access to Information and Privacy (ATIP) program to ensure that the RCMP's ATIP program achieves the high standard expected by Canadians. Privacy is a central focus of this effort, with the RCMP looking to not only expand the number of resources devoted to responding to privacy requests to improve compliance rates, but to help ingrain privacy considerations as a key consideration within the culture of the RCMP.

As this effort advances, the RCMP will be posting detailed information on its website outlining the ATIP modernization strategy and key initiatives that are being undertaken. We encourage all Canadians to visit our website as it is updated to keep track of our progress.

Organizational structure

RCMP

For nearly 150 years, the RCMP has been Canada's national police service. As a federal, provincial, and municipal policing body, the RCMP is unique in the world. The RCMP provides federal policing services to all Canadians and policing services under contract to the three territories, eight provinces, and more than 180 municipalities, including more than 750 detachments across Canadian communities, 600 Indigenous communities and three international airports.

The RCMP's mandate is multi-faceted and includes preventing and investigating crime; maintaining peace and order; enforcing laws; contributing to national security; ensuring the safety of state officials, visiting dignitaries and foreign missions; and providing vital operational support services to other police and law enforcement agencies within Canada and abroad.

The organization is sub-divided into 16 divisions (ten provinces, three territories, National Division, Depot and National Headquarters in Ottawa), each of which is under the direction of a Commanding Officer or Director General. National Headquarters includes nine business lines and is structured as follows: Federal Policing; Contract and Indigenous Policing; Specialized Policing Services; Corporate Management and Comptrollership; Human Resources; Internal Audit and Evaluation; Legal Services; Professional Responsibility Sector; and, Strategic Policy and External Relations.

Access to Information and Privacy (ATIP) Branch

The RCMP established the ATIP Branch in 1983, as the central contact point for matters arising from both the ATIA and PA.

The ATIP Branch falls within the RCMP's Strategic Policy and External Relations Directorate. The Director of the ATIP Branch acts on behalf of the head of the institution as the Departmental Access to Information and Privacy Coordinator for the RCMP. The ATIP Coordinator ensures compliance with both the spirit and the intent of the ATIA and PA, as well as all associated regulations and guidelines.

As described below, the ATIP Branch is divided into two areas:

Policy Team

This team monitors and develops internal policies, procedures and guidelines for the collection, retention, disposition, use and disclosure of all personal and non-personal information for RCMP-wide applications. These dedicated professionals provide policy advice and expertise to the RCMP on access to information and privacy related issues, including supporting the drafting and development of Privacy Impact Assessments (PIAs). It also offers support to ATIP analysts and the RCMP ATIP Coordinator, provides guidance to RCMP business lines and divisions across Canada with respect to the PA, the ATIA and related Treasury Board Secretariat (TBS) policies, directives and guidelines. In addition, the team reviews and creates internal policies that reflect TBS policies and directives as well as expectations of the Office of the Privacy Commissioner (OPC) in order to meet its obligations in relation to Info Source: Sources of Federal Government and Employee Information and PIAs within the RCMP.

Disclosure Team (Operations)

This team processes all formal requests under the ATIA and PA. This includes: working with requesters to discuss scope and clarity of their submissions; opening requests; and, tasking and receiving/importing records to and from Liaison Officers (LOs) within the RCMP's various business lines and divisions across the country. The team also reviews records and provides disclosed pages to requesters, process informal access to information requests, review, and respond to complaints received through both the Offices of the Information and Privacy Commissioners.

When tasking requests, the ATIP Branch works closely with LOs and record holders, known as Office of Primary Interest (OPI). Some responsibilities of the LOs and OPI include:

Liaison Officers (LOs)
LOs are responsible for forwarding all ATIP requests to the appropriate personnel (OPI) within their business lines or divisions. Other responsibilities include: tracking submissions to ensure responsive records are sent by OPI to the ATIP Branch; ensuring records are on time; and, documenting and communicating internal RCMP ATIP processes to all who facilitate the processing of requests.
Office of Primary Interest (OPI)
As the record holders, some of the OPI's responsibilities include: providing electronic copies of the responsive records; reviewing records for duplication; ensuring that the information falls within the scope of the request; notifying the ATIP Branch if records are voluminous; and, advising the Branch or LO if an extension is required.

Delegation Order

The Departmental Access to Information and Privacy Coordinator has full authority to administer the legislation and apply exemptions and releases. A copy of the signed Delegation Order is included in Appendix A.

Performance 2020-2021

This section provides an overview of the RCMP's performance with respect to information requested under the PA for the 2020-2021 reporting year. The completed statistical report is found in Appendix B.

Impact of the COVID-19 pandemic and mitigation measures

Due to the COVID-19 pandemic, the RCMP experienced added challenges during the 2020-2021 reporting period. As a result of the pandemic, the RCMP had to shift employees to work remotely. Consequently, some employees were not able to perform the full breadth of their duties, including being unable to retrieve physical records from the office or access highly sensitive material remotely. Personnel in divisions across the country were also restricted from accessing physical work locations, which delayed their retrieval and review of requested material. To address this, the ATIP branch implemented temporary measures to ensure Canadians continued to receive information, such as reprioritizing requests to better meet timelines and electronically releasing smaller sized consultations and responses to requests. Nevertheless, the COVID-19 pandemic did have a demonstrable impact on the RCMP's overall compliance rates.

Compliance

The ATIP Branch saw a slight decrease in compliance for the number of closed requests within the legislated timeframes under the PA. In the 2020-2021 fiscal year, compliance decreased to 32.8% from 38.6% in the 2019-2020 fiscal year. The decrease is largely due to COVID-19 pandemic restrictions and technology limitations, which further impeded the RCMP in its ability to meet its compliance obligations.

Requests received and closed

As noted in the statistical report in Appendix B, the RCMP received a total of 4,212 new requests under the PA in 2020-2021. In addition, there were 2,641 requests outstanding from the previous reporting period for a total of 6,853 requests. Of these, 3,614 requests were completed and 3,239 carried over to the 2021-2022 fiscal year.

Generally, privacy requests cover a variety of topics, including information on police operational files such as motor vehicle accidents and employment files.

As demonstrated below, there has been an increase in the number of requests received compared to the previous reporting period. The number of requests received increased by 15% compared to the previous fiscal year and decreased by less than 2% compared to the 2018-2019 fiscal year.

The graph also demonstrates that the number of requests closed this reporting period decreased by 20% compared to the previous fiscal year, and was 25% lower than the 2018-2019 fiscal year.

Workload
Workload - Text version
Workload
Number of requests received 2018-2019 2019-2020 2020-2021
Received 4,289 3,661 4,212
Outstanding 4,009 3,490 2,641
Completed 4,808 4,510 3,614
Carried over 3,490 2,641 3,239

Number of requests processed with over 5,000 pages

Over the past three fiscal years, the RCMP has seen an overall influx in the number of requests processed with over 5,000 relevant pages disclosed compared to previous reporting periods. During this reporting period, the ATIP Branch processed 11 requests with more than 5,000 pages disclosed. In the previous fiscal year, there were 20 requests with such high page numbers, and only eight in the 2018-2019 fiscal year. For the current reporting period of 2020-2021, there has been a decrease of 45% in the number of such requests compared to the 2019-2020 fiscal year, and an increase of 38% compared to the 2018-2019 fiscal year. The decrease in this current reporting period is due, in part, to the COVID-19 pandemic restrictions; however, it does still indicate an overall trend of increased requests. This represents an ongoing challenge for the RCMP's ATIP program to ensure it has the necessary personnel and technology required to keep pace with these trends.

Number of requests processed with over 5,000 pages processed
Number of requests processed with over 5,000 pages processed - Text version
Number of requests processed with over 5,000 pages processed
Fiscal year Number of requests Total pages disclosed
2018-2019 8 17,633
2019-2020 20 43,369
2020-2021 11 21,424

Completion time and extensions

The ATIP Branch completed 20% (727) of its requests in 30 days or less. During the reporting period, 14% (504) of the requests were completed within 31-60 days, 11% (406) were completed in 61-120 days, and 55% (1,977) were completed in more than 121 days.

Extensions of over 30 days were sought on 3,614 files. This can be attributed, in part, to the number of requests with a large volume of pages, but more specifically to the ongoing challenges faced by the ATIP program that were exasperated by COVID-19.

Completion rate of closed requests
Completion rate of closed requests - Text version
Completion rate of closed requests
Fiscal year 0 to 30 days 31 to 60 days 61 to 120 days over 121 days Total
2018-2019 1,184 846 422 2,356 4,808
2019-2020 1,043 744 586 2,137 4,510
2020-2021 727 504 406 1,977 3,614

Disposition of completed requests

Of the 3,614 requests completed in the 2020-2021 fiscal year, the dispositions of completed requests were as follows:

  • 2,045 (57%) were disclosed in part
  • 812 (22%) were abandoned by requesters
  • 326 (9%) had no records located
  • 298 (8%) were fully disclosed
  • 121 (3.5%) had all material exempted
  • 12 (0.5%) were neither confirmed nor denied
  • 0 (0%) had all material excluded
Disposition of completed requests
Disposition of completed requests - Text version
Disposition of completed requests
Disposition of requests Total
All disclosed 298
Disclosed in part 2,045
All exempted 121
All excluded 0
No records exist 326
Request abandoned 812
Neither confirmed nor denied 12
Total 3,614

Consultations with other institutions

The number of consultations received and completed over the last three reporting periods has remained relatively consistent. During the current reporting period, the RCMP completed 108 consultations, totaling 3,716 pages reviewed. Of the 108 completed consultations, 43 were received from other Government of Canada institutions and 65 were received from other organizations.

All consultations received and completed
All consultations received and completed - Text version
All consultations received and completed
Fiscal year Received Completed
2018-2019 157 150
2019-2020 144 143
2020-2021 108 96

Training and awareness

Training RCMP employees is a priority for the ATIP Branch. Employees are encouraged and supported to enroll in various courses as a means to gain knowledge and improve their skills. For the 2020-2021 reporting year, the ATIP Branch held regular information sharing sessions where employees discussed files and shared best practices, and informal briefings were held to advise ATIP staff of the implementation of new procedures to respond to the COVID-19 pandemic. As new technological tools were introduced to support remote collaboration during the pandemic, the RCMP was able to leverage them to provide a number of training sessions to employees. In-house training and orientation was also provided to new ATIP Intake personnel and virtual training was provided to ATIP LOs in several divisions and business lines across the country, including to the Canadian Criminal Real Time Identification Services, Protective Policing, H Division (Nova Scotia) and J Division (New Brunswick).

Throughout the reporting period, the ATIP Branch, in conjunction with the RCMP's Learning and Development unit continued to develop an ATIP introductory course. This training will provide RCMP employees with increased knowledge in order to more effectively comply with ATIP legislation and RCMP policies. As part of broader modernization efforts, the RCMP is examining how to expand this training delivery for all personnel, leveraging the new technological tools introduced as part of COVID-19. In fact, expanding training delivery forms a key part of the Branch's human resources strategy for ATIP modernization, succession planning and employee retention. Further, the RCMP is examining the development of new training modules that focus specifically on privacy, including enhanced guidance on the development of PIAs.

Policies, guidelines, procedures and initiatives

The ATIP Branch continued to review its processes to improve operational effectiveness. During the reporting period of 2020-2021, the ATIP Branch accomplished the following:

  • reviewed employee work arrangements due to the COVID-19 pandemic restrictions and established new telework agreements as well as a reintegration protocol to allow more flexibility for its employees
  • updated the Disclosure and Intake team's standard operating procedures, which was part of the ATIP Branch's efforts to formalize its internal processes
  • enhanced internal processes for facilitating the transfer of files within the RCMP, including the creation of national shared drives
  • modified guidelines to address its on-time and backlog files, enabling processing efficiencies
  • provided new equipment to enable employees to telework efficiently during the COVID-19 pandemic restrictions, including securing cellular phones for ATIP employees
  • established an internal working group comprised of various stakeholders within the RCMP to augment guidelines, standard operating procedures and awareness communiques to facilitate RCMP ATIP modernization
  • continued to lead the interdepartmental working group for the development of business continuity plans specifically for ATIP programs, which led to greater information sharing among the participating departments
  • collaborated in monthly conferences with the OPC, resulting in streamlined processes
  • created and filled a System Administrator position for data integrity and quality assurance
  • rolled-out new technology including MS Teams and electronic data exchange with record holders and requesters to enhance service delivery

Additionally, the ATIP Policy Unit completed the following:

  • reviewed its policy on paragraph 8(2)(e) – Privacy Act Request to other federal institutions and initiated a review of its Exempt Bank policy in collaboration with interested stakeholders
  • developed Standard Operating Procedures on disclosures in accordance with subsections 8(2)(e) and (m) of the PA and on privacy compliance complaints, which include a handbook describing the ATIP Branch and OPI's responsibilities regarding complaints. These also offer guidance on formulating representations to the OPC
  • developed, in accordance with TBS guidelines, the Policy on Privacy Protection, as well as a protocol for collecting, using or disclosing personal information for non-administrative purposes, including research, statistical, audit and evaluation purposes
  • established regular meetings with the OPC concerning PIAs and Privacy Compliance Complaints
  • participated in multiple working groups to discuss initiatives such as Race Based Data Collection and several high profile privacy breaches
  • in response to an internal audit of the ATIP Program, a gap analysis of all ATIP Policies was initiated to identify the need for revisions to existing policies or the creation of new policies which is slated to be finalized by the end of 2021

Summary of key issues and actions taken on complaints or audits

Complaints and investigations

During this reporting period, the RCMP continued to work collaboratively with the OPC to streamline processes in addressing complaint files.

Comprised of seven employees, including consultants, the ATIP Branch's complaints team, which is dedicated to responding to complaints, continued to enable the RCMP to respond more efficiently to complaints received through the Offices of the Information and Privacy Commissioners.

Section 8 of the Statistical Report Appendix B also provides data on the complaints received and closed. Specifically, for the 2020-2021 reporting period, the RCMP received and provided the following under the PA:

Section 31
The RCMP received 187 Section 31 notices, which represents less than 4% of all requests closed during the reporting period. The majority of the privacy complaints received relate to delays and in deemed refusal, which can be attributed to the ongoing RCMP backlog and to the complex and/or voluminous nature of requests. Under this section, the OPC formally notifies the institution of their intent to investigate a complaint received.
Section 33
No formal representations were made under Section 33. Under this section, the OPC requests representations from both the complainant and the institution pursuant to an ongoing complaint investigation.
Section 35
No formal representations were made under Section 35. Under this section, the OPC issues a findings report, which may include recommendations, for founded complaints upon the conclusion of the investigation.

Court action

Four court proceedings were actioned with respect to privacy requests processed and three were concluded during the reporting period.

Monitoring compliance

The ATIP Branch monitors compliance through weekly statistical reports, which include compliance rate, the number of files completed on time and those that are delayed, as well as complaints. A System Administrator position was created along with a Performance Dashboard to further identify trends and assist the Branch in strategically developing efficiencies. The Branch's Management team reviews the weekly reports to manage workload and to determine any upcoming issues where processes could be improved. The reports are provided to the Chief Strategic Policy and External Relations Officer and the RCMP's Chief Administrative Officer.

The ATIP Branch is currently working to bolster its data reporting function by onboarding new technology. This new technology will enable the Branch to be more strategic and transparent, by automatically capturing pertinent data to assist the Branch with its planning and public reporting, and ensuring that senior management has a complete understanding of the ATIP program's workload as well as to identify areas where efficiencies may be found.

Material privacy breaches

As Canada's national police force, the RCMP is trusted to handle and protect the personal information of Canadians with professionalism and integrity. The RCMP places the utmost importance on this responsibility. To safeguard the personal information in its care, the RCMP has strict policies and procedures in place to prevent unauthorized access and disclosure across the organization. However, even with these rigorous procedures in place, privacy breaches still occur, often as a result of human error. With every privacy breach, the RCMP takes steps to improve its processes to ensure that similar incidents do not occur again.

When a privacy breach is detected, the RCMP ATIP Branch follows the TBS guidelines to determine the privacy risks and reports all breaches, deemed material as per TBS guidelines, to the OPC and TBS.

During fiscal year 2020-2021, the RCMP reported a total of 10 material privacy breaches to the OPC and TBS. Specifically:

  1. A note containing personal information, created by an RCMP member, was left at the scene of an incident. A member of the public subsequently found the note and posted it to Facebook. The post was removed several hours later. The affected individuals were notified and advised of their right to complain to the OPC.
  2. A conduct decision was posted online containing information that could possibly lead to the identification of a confidential informant. The affected individual was notified and advised of their right to complain to the OPC. The decision was removed from the website and the RCMP's Conduct Unit will review conduct decisions prior to publishing them online.
  3. The personnel and service files of an employee were mistakenly mailed to an RCMP Detachment instead of the RCMP Headquarters Records Department. The affected individual was notified and advised of their right to complain to the OPC. The Division has reminded all employees to ensure they adhere to proper records transmittal processes, and proper use and acknowledgement of transmittal documentation. The lost files were later located within the RCMP Detachment and the affected individual was notified.
  4. An employee security file was lost between the Records Office and the Departmental Security office. The affected individual was notified and advised of their right to complain to the OPC. The Records Office has committed to conducting more regular follow-ups of outgoing transmittals to ensure there is an accurate paper trail of where the file is, at all times. The lost file was later located and the affected individual was notified.
  5. The RCMP learned that a hacker group called Distributed Denial of Secrets had published over 260 gigabytes of law enforcement data it had stolen from the websites of 200+ law enforcement agencies across North America, including the RCMP. A Joint Management Taskforce comprised of Departmental Security, National Security, National Cyber Crime Unit, Federal Policing and Access to Information and Privacy (ATIP) Branch was formed to determine the impacts of this breach on the RCMP. The RCMP ATIP Branch is currently notifying affected individuals.
  6. An ATIP Branch employee sent a copy of an Access to Information request release package, which contained personal information, to three individuals who had requested informal access. All parties who inadvertently received the personal information were asked to return the records. The affected individual was notified and advised of their right to complain to the OPC. The ATIP Branch has provided the employee with additional training, including the need to review release packages for personal information prior to releasing.
  7. The RCMP in Saskatchewan issued a Crime Watch Advisory, requesting the assistance of the public to identify two individuals (male and female) associated with the theft of fuel. The wrong picture was included in the advisory, which identified another individual. The same day, an apology was issued on Crime Watch and the correct photo of the suspect was issued. The affected individual was notified and advised of their right to complain to the OPC. The officers involved in this incident were provided verbal direction concerning best practices for future investigations of this kind. Furthermore, Saskatchewan RCMP policy regarding Crime Watch advisories was updated and a communiqué was sent to all District Commanders and Program Officers to remind their employees of the applicable policy.
  8. The Occupational Health Services Unit sent a form containing personal, medical information of an employee to other employee outside of the Health Services Unit who did not have a need to know. The affected individual was notified and advised of their right to complain to the OPC. All employees who received the form have deleted the information. Moreover, all staff of the Occupational Health Services Unit were reminded of the importance of maintaining the confidentiality of employee health information.
  9. A digital copy of a Code of Conduct witness waiver form, typically only used internally within the RCMP, was sent to a civilian witness. The form included two allegations against a member under investigation. The form was returned to the RCMP and the National Conduct Unit has decided to no longer use this form outside the RCMP. The affected party was notified of the incident and their right to file a complaint with the OPC.
  10. A USB containing an RCMP Public Complaint file was lost in the mail. The USB was not password-protected nor encrypted. Canada Post Security and Investigative Services has flagged the incident and will notify the RCMP if the USB is located in their holdings. The RCMP is currently in the process of communicating with all the affected individuals to advise them of the incident and their right to file a complaint with the OPC. The employee involved was reminded of their security obligations when mailing protected information.

Privacy Impact Assessments

During the reporting period, the RCMP completed one Privacy Impact Assessment (PIA) and submitted the following to the OPC:

Cybercrime Coordination Unit (NC3)

The NC3 is a National Police Service stewarded within the RCMP. The NC3 will coordinate and de-conflict intelligence for cybercrime investigations across all levels of policing and enable efficient law enforcement activities of national and international police partners as they relate to cybercrime, including apprehending and disrupting cybercriminals. Ultimately, the NC3 is intended to reduce the threat, impact and victimization of cybercrime in Canada and contribute to achieving the Government of Canada's long-term vision of safety and security in the digital age.

Based on the present assessment, privacy risks arising from the activities of the NC3 are considered to be moderate. However, if recommendations from this PIA were fully adopted, the risks would be reduced to an acceptable or low level.

The NC3 will develop and implement a management action plan to address the recommendations and mitigate the risks. The protection of privacy is a pillar of NC3's operations. Every effort will be made within NC3's operating procedures and policies to ensure that operational benefits are proportionate to privacy impacts and to help achieve a balance between an individual's right to privacy and the need for collecting personal information to inform law enforcement operations, activities and priorities. Information collected by the NC3 will be used for authorized purposes only and secured in a manner commensurate with its sensitivity.

The RCMP will implement policies, protocols and controls to ensure the protection and proper handling of personal information collected by the NC3. A comprehensive analysis of the RCMP's obligations under the PA with respect to the operation and administration of NC3's core activities was completed as part of this PIA.

Public interest disclosures

During the 2020-2021 fiscal year, 42 disclosures were made pursuant to paragraph 8(2)(m) of the PA, which allows for disclosure when either the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or the disclosure would clearly benefit the individual to whom the information relates. The disclosures related to either the duty status of charged RCMP employees or the release of dangerous offenders into communities across Canada. Due to the nature of these disclosures, the majority of the notifications were made to the OPC after the disclosure.

Appendix A - Delegation Order

Access to Information Act and Privacy Act Delegation Order

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Access to Information Act and of the Privacy Act, hereby designates the persons holding the position set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers and functions of the Minister as the head of a government institution, that is, the Royal Canadian Mounted Police, under the section of the Act set out in the Schedule opposite each position. This designation replaces and nullifies all such designations previously signed and dated by the Minister.

Schedule
Position Privacy Act and Regulations Access to Information Act and Regulations
Commissioner of the RCMP Full Authority Full Authority
Chief, Strategic Policy and Planning Officer
Departmental Access to Information and Privacy Coordinator
Commanding Officers Authority for 8(2)(j) and 8(2)(m) Not available
Officer in Charge, Policy, Processing and External Relations Full Authority except 8(2)(j) and 8(2)(m) 7, 8(1), 9, 11(2) to 11(6) (inclusive), 12(2) and all mandatory exemptions (13(1), 16(3), 19(1), 20(1) and 24(1)) and 6(1) and 8 of the Regulations
Manager, Processing and Triage
Manager, Quality Control
Non-Commissioned Officers and public servants in charge of ATIP unit
Non-Commissioned Officers and public servants in charge of ATIP Branch (analysts) 14 and 15 for all records; 17(2)(b), 19 to 28 (inclusive) for all employee records as designated in InfoSource; For all other records requiring mandatory exemptions in their entirety (19(1), 22(2) and 26) of the Act; 9 and 11(2) of the Regulations 7, 8(1) and 12(2)(b) and all records exempted in their entirety by mandatory exemptions (13(1), 16(3), 19(1), 20(1) and 24(1)) of the Act; 6(1) and 8 of the Regulations

Signed, at the City of Ottawa, this 4 day of December, 2015

The Honourable Ralph Goodale, P.C., M.P.
Minister of Public Safety and Emergency Preparedness

Appendix B – Statistical Report on the Privacy Act

Name of institution
Royal Canadian Mounted Police
Reporting period
April 1, 2020 to March 31, 2021

Section 1: Requests under the Privacy Act

1.1 Number of requests
Type Number of Requests
Received during reporting period 4,212
Outstanding from previous reporting period 2,641
Total 6,853
Closed during reporting period 3,614
Carried over to next reporting period 3,239

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time
Disposition of requests Completion time
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 5 12 49 76 49 72 35 298
Disclosed in part 45 120 269 221 179 399 812 2,045
All exempted 6 21 32 18 14 19 11 121
All excluded 0 0 0 0 0 0 0 0
No records exist 64 20 47 50 31 72 42 326
Request abandoned 383 50 104 40 45 36 154 812
Neither confirmed nor denied 0 1 3 1 1 4 2 12
Total 503 224 504 406 319 602 1,056 3,614
2.2 Exemptions
Section Number of Requests
18(2) 0
19(1)(a) 13
19(1)(b) 3
19(1)(c) 372
19(1)(d) 114
19(1)(e) 0
19(1)(f) 1
20 0
21 2
22(1)(a)(i) 863
22(1)(a)(ii) 356
22(1)(a)(iii) 14
22(1)(b) 450
22(1)(c) 10
22(2) 0
22.1 0
22.2 0
22.3 0
22.4 0
23(a) 3
23(b) 0
24(a) 0
24(b) 0
25 3
26 1,530
27 137
27.1 0
28 3
2.3 Exclusions
Section Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Paper Electronic Other
552 1,791 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of pages processed Number of pages disclosed Number of requests
567,813 227,874 3,288
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100 pages processed 101-500 pages processed 501-1000 pages processed 1001-5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 288 1,488 8 1,758 2 529 0 0 0 0
Disclosed in part 1,273 25,761 543 60,180 126 41,752 92 74,982 11 21,424
All exempted 95 0 22 0 4 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 792 0 13 0 5 0 2 0 0 0
Neither confirmed nor denied 12 0 0 0 0 0 0 0 0 0
Total 2,460 27,249 586 61,938 137 42,281 94 74,982 11 21,424
2.5.3 Other complexities
Disposition Consultation required Legal Advice Sought Interwoven Other Total
All disclosed 0 0 0 4 4
Disclosed in part 25 0 55 95 175
All exempted 0 0 0 8 8
All excluded 0 0 0 0 0
Request abandoned 1 0 0 29 30
Neither confirmed nor denied 0 0 0 0 0
Total 26 0 55 136 217

2.6. Closed requests

2.6.1 Number of requests closed within legislated timelines
Type Requests closed within legislated timelines
Number of requests closed within legislated timelines 1,184
Percentage of requests closed within legislated timelines (%) 32.8

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines
Number of requests closed past the legislated timelines Principal reason
Interference with Operations / Workload External Consultation Internal Consultation Other
2,430 1,720 0 0 710
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines Number of requests past legislated timeline where no extension was taken Number of requests past legislated timeline where an extension was taken Other
1 to 15 days 42 81 123
16 to 30 days 13 92 105
31 to 60 days 21 193 214
61 to 120 days 39 290 329
121 to 180 days 18 219 237
181 to 365 days 15 493 508
More than 365 days 207 707 914
Total 355 2,075 2,430
2.8 Requests for translation
Translation requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures Under Subsections 8(2) and 8(5)

Disclosures Under Subsections 8(2) and 8(5)
Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
10 41 41 92

Section 4: Requests for Correction of Personal Information and Notations

Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received Number
Notations attached 10
Requests for correction accepted 0
Total 10

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken 15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b) Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
2,849 0 0 2,849 0 0 0 0 0
5.2 Length of extensions
Length of extensions 15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b) Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 0 0 2,849 0 0 0 0 0
31 days or greater 0 0 0 0 0 0 0 0
Total 0 0 2,849 0 0 0 0 0

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and organizations
Consultations Other Government of Canada institutions Number of pages to review Other organizations Number of pages to review
Received during reporting period 43 2,720 65 996
Outstanding from the previous reporting period 8 60 9 1,026
Total 51 2,780 74 2,022
Closed during the reporting period 37 2,638 59 1,729
Carried over to next reporting period 14 142 15 293
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 11 5 4 4 0 1 0 25
Disclosed in part 4 5 0 1 0 1 0 11
All exempted 0 1 0 0 0 0 0 1
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 15 11 4 5 0 2 0 37
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 28 8 4 1 0 1 0 42
Disclosed in part 7 3 1 2 0 0 0 13
All exempted 0 1 1 0 0 0 0 2
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 1 0 0 0 1 0 2
Total 35 13 6 3 0 2 0 59

Section 7: Completion time of consultations on cabinet confidences

7.1 Requests with Legal Services
Number of days Less than 100 pages processed 101-500 pages processed 501-1000 pages processed 1001-5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of days Less than 100 pages processed 101-500 pages processed 501-1000 pages processed 1001-5000 pages processed More than 5000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and investigations notices received

Complaints and investigations notices received
Section 31 Section 33 Section 35 Court action Total
187 0 0 4 191

Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)

9.1 Privacy Impact Assessments
Number of PIA(s) completed 1
9.2 Personal Information Banks
Type Active Created Terminated Modified
Personal Information Banks 38 0 0 0

Section 10: Material privacy breaches

Material Privacy Breaches
Number of material privacy breaches reported to TBS 10
Number of material privacy breaches reported to OPC 10

Section 11: Resources related to the Privacy Act

11.1 Costs
Expenditures Amount
Salaries $2,326,930
Overtime $69,753

Goods and Services


  • Professional services contracts ($620,140)
  • Other ($40,081)
 $660,221
Total $3,056,904
11.2 Human resources
Resources Person years dedicated to Access to Information Activities
Full-time employees 25.607
Part-time and casual employees 1.501
Regional staff 0
Consultants and agency personnel 3.548
Students 0.261
Total 30.917

Appendix C - Supplemental Statistical Report on the Privacy Act

Section 1: Capacity to Receive Requests

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.
Type Number of weeks
Able to receive requests by mail 30
Able to receive requests by email 52
Able to receive requests through the digital request service 52

Section 2: Capacity to Process Records

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.
Type No capacity Partial capacity Full capacity Total
Unclassified paper records 22 0 30 52
Protected B paper records 22 0 30 52
Secret and Top Secret paper records 22 30 0 52
2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.
Type No capacity Partial capacity Full capacity Total
Unclassified electronic records 0 0 52 52
Protected B electronic records 0 0 52 52
Secret and Top Secret electronic records 22 30 0 52
Top of page
Date modified: