2007-2008 Annual Report to Parliament on the Access to Information Act

PDF Version

December 2008

Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, Ontario
K1A 1H3

(613) 995-8210, 1-800-282-1376
Fax (613) 947-6850
TDD (613) 992-9190

---

Table of Contents

1. Introduction
2. Mandate / Mission of the OPC
3. Organizational Structure
4. ATIP Unit Activities
5. Access to Information Act Statistical Report and Interpretation
6. Appendix A – Access to Information Act Delegation Order
7. Appendix B – Statistical Report on the Access to Information Act

Introduction

The Access to Information Act (ATIA) came into effect on July 1, 1983. It provides Canadian citizens, permanent residents and any person and corporation present in Canada a right of access to information contained in government records, subject to certain specific and limited exceptions.

Section 72 of the ATIA requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institutions during the fiscal year.

When the Federal Accountability Act received Royal Assent on December 12, 2006, the Office of the Privacy Commissioner (OPC) along with other Agents of Parliament were added to Schedule I of the ATIA. So, while not initially subject to the ATIA, the OPC became so on April 1, 2007.

While this change has been—and continues to be—a learning experience for the OPC as a whole, we are fully supportive of greater transparency and accountability on the part of government and its institutions. In fact, shortly after taking office in 2003, the Privacy Commissioner publicly stated that although not yet subject to the ATIA, the OPC would act as though it were. So, in the spirit of the ATIA and using it as a guide, we began processing requests for access to OPC information well before April 1, 2007. Due to the nature of the work that we do and the information that we hold (e.g. through audits, investigations, research, etc.), we expected that once formally subject to the ATIA, we would receive a large number of requests but—as our statistics show—that has not been the case. While perhaps somewhat surprising, the situation nevertheless afforded us the opportunity to build the administrative side of the ATIP Unit, create ATIP policies and procedures, and ensure that the ATIP Unit staff had all of the training they required.

The OPC is pleased to submit our first Annual Report which describes how we fulfilled our responsibilities under the ATIA during the fiscal year 2007-2008.

Mandate / Mission of the OPC

The OPC is mandated to oversee compliance with the Privacy Act, which covers the personal information handling practices of federal government departments and agencies, and with the Personal Information Protection and Electronic Documents Act (PIPEDA) which is Canada’s private sector privacy law. Our mission is to protect and promote the privacy rights of individuals by, among other things:

• Investigating complaints and incidents under the Privacy Act and PIPEDA concerning the handling of personal information;
• Issuing reports to federal government institutions and private sector organizations which may contain recommendations designed to assist them in remedying situations and preventing errors in handling personal information;
• Assessing compliance with Privacy Act and PIPEDA obligations through audit and review activities, and publicly reports on findings;
• Reviewing and advising on Privacy Impact Assessments (PIAs) that deal with new or existing government initiatives;
• Providing legal and policy expertise to help guide Parliament’s review of evolving legislation in order to ensure respect for individuals’ right to privacy;
• Assisting Parliamentarians, individuals and organizations who are seeking information and guidance with respect to personal information handling practices;  
• Promoting public awareness and compliance with the two Acts and fostering understanding of privacy rights and obligations;
• Monitoring trends in privacy practices, identifying systemic privacy issues to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
• Working closely with privacy stakeholders from other Canadian and international jurisdictions in order to address global privacy issues arising from ever-increasing trans-border data flows.

The OPC’s focus is on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. However, if voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In some unresolved cases, the Commissioner may take the matter to Federal Court.

Organizational Structure

The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Commissioner is assisted by two Assistant Privacy Commissioners, one responsible for the Privacy Act and the other responsible for PIPEDA. The OPC is comprised of seven distinct branches: Research, Education and Outreach; Communications; Audit and Review; Legal Services and Policy; Human Resources; Corporate Services, and; Investigations and Inquiries.

The Access to Information and Privacy (ATIP) Unit falls under the Corporate Services Branch. ATIP is headed by a Director who is supported by one Senior Analyst. This fiscal year, the ATIP Unit also used the services of an experienced ATIP analyst on a part time contract basis.

Under section 73 of the ATIA the Privacy Commissioner, as the head of the OPC, delegated her authority to the Director General of Corporate Services and to the ATIP Director with respect to the application of the ATIA and its Regulations. A copy of that Delegation Order is attached as Appendix A.

ATIP Unit Activities

Although the OPC was not subject to the ATIA until April 1, 2007, the ATIP Unit was staffed in February 2007 in order to begin the process of setting up the Unit and to handle nine formal requests that the OPC had already received. Among other things, those requests sought access to information concerning OPC research Contribution Agreements, expense information related to the External Advisory Committee, hospitality and travel claims, and responses that the OPC had received to its July 2006 PIPEDA Review discussion document. Over 6,000 pages of information were reviewed with respect to those requests with the vast majority of the information being fully disclosed. The information not provided consisted largely of personal information about other individuals.

Given that the OPC was newly subject to ATIP responsibilities, the early focus was on administrative work that needed to be done. One of the first requirements was to ensure that information about the OPC was provided to the Treasury Board Secretariat. In early May 2007 all of the OPC’s Sources of Federal Employee Information – Standard Personal Information Banks (PIBs) and Sources of Federal Government Information – Standard Banks were registered with the Secretariat. The Secretariat was also provided initial information about the OPC to be included in Info Source such as background information, the OPC’s responsibilities, descriptions of and contacts for each OPC Branch, and the location of the OPC reading room. A review of all of the OPC’s record holdings was then undertaken to ensure that all non-standard bank information would be included in the next edition of Info Source.

While preparing formal Access to Information Act training for OPC employees, in the interim, the ATIP Unit prepared a “Preliminary Guideline for Processing Requests Pursuant to the Access to Information Act” which was distributed to each branch head in June 2007 and which was published on the Intranet as a reference guide with respect to employees’ roles and responsibilities in the OPC’s new “Atipable” environment. The ATIP Unit has since written an “Access to Information Process and Compliance Manual” which is available to all staff on the OPC Intranet site and to the public on the OPC website. This manual describes all of the steps taken by the ATIP Unit in the processing of requests under both the ATIA and the Privacy Act. It provides extensive information on a wide variety of subjects, e.g. responsibilities of employees in their retrieval of the information, the legislative time constraints, exemptions and exclusions, the complaint and investigation process, etc. It also contains the ATIP policy with respect to fees and fee waivers.

Four ATIA Awareness Sessions were given to OPC employees in June 2007 followed by two sessions in March 2008. In all some 125 employees received the training—the vast majority of staff. The Privacy Commissioner directed that this training be mandatory for all staff, including those working with the OPC on contract or on a temporary basis. Sessions will be given at least once a year in order to ensure that new staff receive the training as well.

The ATIP Director sits on the OPC’s Policy Development Committee and has played a collaborative role in the planning, development and updating of OPC policies, procedures and directives in order to ensure that the ATIA is respected. The ATIP Director has also recently drafted a “Directive Concerning Section 67.1 of the Access to Information Act” which—as of the writing of this report—has been presented to the Committee for first review.

In 2007 the Information and Privacy Policy Division of the Chief Information Officer Branch within the Treasury Board Secretariat began the process of renewing the Access to Information and Privacy policies and guidelines. The OPC’s ATIP Unit is part of the Secretariat’s Policy Renewal Working Group and, as such, participated in a number of meetings during the fiscal year. 

Throughout the year the ATIP Unit has been active in providing advice to all OPC staff with respect to informal requests for access to information. The ATIP Unit has also supported the Information Management function by providing input concerning proper information handling practices and has been involved in discussions with Library and Archives Canada personnel concerning retention schedules for OPC records and information.

Concurrently, the OPC’s ATIP Senior Analyst assisted another federal government institution by sitting on several competition boards for the recruitment of ATIP analysts.

Finally, the OPC has included a section on its website entitled “Access to Information and Privacy” which provides the public with information about the ATIA, including how to request access to information that is under the control of the OPC. 

Access to Information Act Statistical Report and Interpretation

The OPC’s statistical Report on the Access to Information Act is attached at Appendix B.

The OPC received 44 formal requests under the ATIA during the fiscal year. Of those, 14 sought access to records which were not under the control of the OPC and they were therefore transferred to Citizenship and Immigration Canada, the RCMP, the Canada Revenue Agency, the Department of National Defence and Correctional Service Canada for processing.

Of the 30 requests for records under the OPC’s control, the ATIP Unit had responded to 29 by the end of the fiscal year—only one has been carried forward. While the OPC did not receive as many requests as anticipated, the 29 completed requests constituted 9,696 pages of information. All were completed within the statutory time limits.

Section 16.1 of the ATIA was added to the ATIA as a result of the Federal Accountability Act. This provision requires that the OPC protect the information that we obtained during the course of our investigations or audits even once the matter and all related proceedings have been concluded.

Of the 29 requests completed during the fiscal year, six were for the contents of Privacy Act or PIPEDA investigation files. In two instances all of the information was withheld—one as the applicant was seeking a third party contract that the OPC had obtained from a respondent during the course of a PIPEDA investigation, and the other as the investigation was an active one. In the remaining cases, the information in the files was processed because the investigations were concluded and all appeal mechanisms had been exhausted.

Of the 44 requests received, six were submitted by media (13.636%), two by academia (4.545%), 18 by businesses (40.909%), and 18 by the public (40.909%).

Request Received

The exemption provision invoked most often was section 19(1) concerning the personal information of others, followed closely by section 16.1 with respect to information the OPC received or created during the course of an investigation and section 23 with respect to solicitor-client information.

The OPC received notice of five complaints that were submitted to the Information Commissioner—four of which were from one individual. Three of the complaints alleged denial of access, while two alleged a violation of the statutory time limit. The Information Commissioner concluded that two of the access complaints were “not substantiated” while the third was “resolved”.  As for the delay complaints, the Information Commissioner concluded that one was “not substantiated”—the second is outstanding.

As of the writing of this report, no applications have been submitted to the Federal Court following the Information Commissioner’s findings.

In addition to processing its own ATIA requests, the OPC was consulted seven times by five government institutions with respect to eight documents. In each case, the OPC had no objection to the full disclosure of the documents.

With respect to fees, we collected the mandatory $5.00 application fee from all but two individuals. In one case, the individual had submitted two requests, one for each of our investigation files concerning her PIPEDA complaints. As the investigation files were so closely intertwined and contained many of the same records, the OPC waived the application fee with respect to the second request. In the other instance, the application fee was waived because of the specific nature of the information being requested.

None of the requests required the assessment of search, preparation or computer processing time. As for reproduction costs, federal government institutions generally waive reproduction costs for the first 125 pages of records—this amounts to $25.00.  Given that this was our first year of operating under the ATIA, the OPC did not charge any of its requesters for providing copies of the documents they were seeking. Of the 20 requests to which we responded with copies, 12 of those were over 125 pages.

The ATIP Unit has prepared a fee waiver policy which took effect April 1, 2008 and which is included in the “Access to Information Process and Compliance Manual”. The policy outlines the fees chargeable under the ATIA, states that the decision to waive, reduce or refund fees will be made on a case-by-case basis, and outlines the circumstances under which certain fees may be waived.

For additional information on the OPC’s activities, please visit www.priv.gc.ca.

Additional copies of this report may be obtained from:

Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
112 Kent Street
Ottawa, ON  K1A 1H3

Appendix A – Access to Information Act Delegation Order

The Privacy Commissioner of Canada, as the head of the government institution, hereby designates pursuant to section 73 of the Access to Information Act, the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties or functions of the Privacy Commissioner as specified below and as more fully described in Annex A:

Position	Sections of Access to Information Act
Director General, Corporate Services and Chief Financial Officer Director, ATIP	Act: 7(a), 8(1), 9, 11(2) to (6), 12(2) and (3), 13 to 24, 25, 26, 27(1) and (4), 28(1), (2) and (4), 29(1), 33, 35(2), 37(1) and (4), 43(1), 44(2), 52(2) and (3), 71(2), 72(1); and Regulations: 6(1) and 8.

Dated at the City of Ottawa, this 1^st day of October, 2008

 

(Original signed by)
__________________________
Jennifer Stoddart
Privacy Commissioner of Canada

Access to Information Act

7(a)	Respond to request for access within 30 days; give access or give notice
8(1)	Transfer of Request to government institution with greater interest
9	Extend time limit for responding to request for access
11(2), (3), (4), (5), (6)	Additional fees
12(2)(b)	Decide whether to translate requested record
12(3)	Decide whether to give access in an alternative format
13(1)	Shall refuse to disclose information obtained in confidence from another government
13(2)	May disclose any information referred to in 13(1) if the other government consents to the disclosure or makes the information public
14	May refuse to disclose information injurious to the conduct of federal-provincial affairs
15	May refuse to disclose information injurious to international affairs or defence
16	Series of discretionary exemptions related to law enforcement and investigations; security; and policing services for provinces or municipalities.
16.1(1)	In force April 1, 2007 - Specific to four named Officers of Parliament - Auditor General, Commissioner of Official Languages, Information Commissioner and Privacy Commissioner - shall refuse to disclose information obtained or created by them in the course of an investigation or audit
16.1(2)	In force April 1, 2007 - Specific to two named Officers of Parliament - Information and Privacy Commissioner - shall not refuse under 16.1(1) to disclose any information created by the Commissioner in the course of an investigation or audit once the investigation or audit and related proceedings are concluded
17	May refuse to disclose information which could threaten the safety of individuals
18	May refuse to disclose information related to economic interests of Canada
18.1(1)	(Not yet in force) May refuse to disclose confidential commercial information of Canada Post Corporation, Export Development Canada, Public Sector Pension Investment Board, or VIA Rail Inc.
18.1(2)	(Not yet in force) Shall not refuse under 18.1(1) to disclose information relating to general administration of the institution
19	Shall refuse to disclose personal information as defined in section 3 of the Privacy Act, but may disclose if individual consents, if information is publicly available, or disclosure is in accordance with section 8 of Privacy Act
20	Shall refuse to disclose third party information, subject to exceptions
21	May refuse to disclose records containing advice or recommendations
22	May refuse to disclose information relating to testing or auditing procedures
22.1	(Not yet in force) May refuse to disclose draft report of an internal audit
23	May refuse to disclose information subject to solicitor/client privilege
24	Shall refuse to disclose information where statutory prohibition (Schedule II)
25	Shall disclose any part of record that can reasonably be severed
26	May refuse to disclose where information to be published
27(1),(4)	Third party notification
28(1),(2),(4)	Receive representations of third party
29(1)	Disclosure on recommendation of Information Commissioner
33	Advise Information Commissioner of third party involvement
35(2)	Right to make representations to the Information Commissioner during an investigation
37(1)	Receive Information Commissioner’s report of findings of the investigation and give notice of action taken
37(4)	Give complainant access to information after 37(1)(b) notice
43(1)	Notice to third party (application to Federal court for review)
44(2)	Notice to applicant (application to federal Court by third party)
52(2)(b)	Request that section 52 hearing be held in the National Capital Region
52(3)	Request and be given right to make representations in section 51 hearings
71(2)	Exempt information may be severed from manuals
72(1)	Prepare annual report to Parliament

Access to Information Regulations

6(1)	Procedures relating to transfer of access request to another government institution under 8(1) of the Act
8	Form of Access

Appendix B – Statistical Report on the Access to Information Act

Institution Office of the Privacy Commissioner of Canada				Reporting period / Période visée par le rapport April 1, 2007 to March 31, 2008
Source	Media / Médias 6	Academia / Secteur universitatire 2	Business / Secteur commercial 18	Organization / Organisme	Public 18

I	Requests under the Access to Information Act / Demandes en vertu de la Loi sur l'accès à l'information

Received during reporting period / Reçues pendant la période visée par le rapport		44
Outstanding from previous period / En suspens depuis la période antérieure
TOTAL		44
Completed during reporting period / Traitées pendant la période visées par le rapport		43
Carried forward / Reportées		1

II	Dispositon of requests completed / Disposition à l'égard des demandes traitées

1.	All disclosed / Communication totale	5	6.	Unable to process / Traitement impossible	4
2.	Disclosed in part / Communication partielle	15	7.	Abandoned by applicant / Abandon de la demande	2
3.	Nothing disclosed (excluded) / Aucune communication (exclusion)	n/a	8.	Treated informally / Traitement non officiel
4.	Nothing disclosed (exempt) / Aucune communication (exemption)	3	TOTAL		43
5.	Transferred / Transmission	14

III	Exemptions invoked / Exceptions invoquées

S. Art. 13(1)(a)			S. Art 16(1)(a)		S. Art. 18(b)		S. Art. 21(1)(a)	3
(b)			(b)		(c)		(b)	2
(c)		1	(c)		(d)		(c)
(d)			(d)		S. Art. 19(1)	10	(d)
S. Art. 14			S. Art. 16(2)	1	S. Art. 20(1)(a)		S. Art.22	2
S. 15(1) International rel. / Art. Relations interm.			S. Art. 16(3)		(b)		S. Art 23	8
Defence / Défense			S. Art. 17		(c)		S. Art. 24
Subversive activities / Activités subversives			S. Art. 18(a)	2	(d)		S. Art 26

IV	Exclusions cited /Exclusions citées

S. / Art. 68(a)			S. / Art. 69(1)(c)
(b)			(d)
(c)			(e)
S. / Art. 69(1)(a)			(f)
(b)			(g)	1

V	Completion time /Délai de traitement

30 days or under / 30 jours ou moins		40
31 to 60 days / De 31 à 60 jours		1
61 to 120 days /De 61 à 120 jours		2
121 days or over / 121 jours ou plus

VI	Extensions /Prorogations des délais

		30 days or under / 30 jours ou moins	31 days or over / 31 jours ou plus
Searching / Recherche		1
Consultation			2
Third party / Tiers
TOTAL		1	2

VII	Translations /Traduction

Translations requested / Traductions demandées
Translations prepared /		English to French / De l'anglais au français
Traductions préparées		French to English / Du français à l'anglais

VIII	Method of access /Méthode de consultation

Copies given / Copies de l'original		20
Examination / Examen de l'original
Copies and examination / Copies et examen

IX	Fees /Frais

Net fees collected / Frais net perçus
Application fees / Frais de la demande		$140.00	Preparation / Préparation
Reproduction			Computer processing / Traitement informatique
Searching / Recherche			TOTAL	$140.00
Fees waived / Dispense de frais			No. of times / Nombre de fois	$
$25.00 or under / 25 $ ou moins			11	$84.80
Over $25.00 /De plus de 25 $			12	$993.00

X	Costs / Coûts

Financial (all reasons) / Financiers (raisons)
Salary / Traitement		$64,966.28
Administration (O and M) / Administration (fonctionnement et maintien)		$36,792.03
TOTAL		$101,758.31
Person year utilization (all reasons) / Années-personnes utilisées (raison)
Person year (decimal format) / Années-personnes (nombre décimal)		.9715

TBS/SCT 350-62 (Rev. 1999/03)

Discrepancies

Source of requests OPC included in the source the transferred requests. III – Exemptions invoked Section 16.1 was invoked on 9 requests. IX – Fees OPC waived the $5.00 application fee in two instances. In one case, the individual had submitted two requests, one for each of our investigation files on her complaints.  As the investigation files were so closely intertwined and contained many of the same records, the OPC waived the application fee with respect to the second request. In another instance an application fee was waived because of the specific nature of the information requested. X – Costs All operating and maintenance costs are borne by other OPC Branches, eg: Human Resources (training), Information Technology (computers, printouts, etc.), Corporate Services (supplies, mailing, etc.). Other The OPC received and responded to 7 consultations from other government institutions.

Supplemental Reporting Requirements for 2007-2008 Access to Information Act

In addition to the reporting requirements addressed in form TBS/SCT 350-62 "Report on the Access to Information Act", institutions are required to report on the following using this form:

Part III – Exemptions invoked

Section 13

Subsection 13(e)

N/A

Section 14

Subsections 14(a)	N/A
Subsections 14(b)	N/A

Part IV – Exclusions cited:

Subsection 69.1

1