2024-25 Annual Report to Parliament on the Privacy Act
October 2025
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec
K1A 1H3
819-994-5444, 1-800-282-1376
Fax: 819-994-5424
Follow us on X: @privacyprivee
Introduction
The Privacy Act (the Act or PA) came into effect on July 1, 1983. The Act imposes obligations on federal government departments and agencies to respect the privacy rights of individuals by limiting the collection, use and disclosure of personal information. The Act also gives individuals the right of access to their personal information and the right to request the correction of that information.
While not initially subject to the PA, the Office of the Privacy Commissioner (OPC) and other Agents of Parliament became so on April 1, 2007, when relevant provisions of the Federal Accountability Act came into force.
Section 72 of the Act requires that the head of every federal government institution submit an annual report to Parliament on the administration of the Act within their institution during the fiscal year.
The OPC is pleased to submit its eighteenth Annual Report which describes how the OPC fulfilled its responsibilities under the Privacy Act in 2024-25.
Mandate and Mission of the OPC
The mandate of the OPC is to oversee compliance with both the PA, which covers the personal information handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.
The OPC’s mission is to protect and promote the fundamental privacy rights of individuals.
The Commissioner works independently from any other part of the government to investigate privacy complaints from individuals with respect to the federal public sector and certain aspects of the private sector. With respect to public sector matters, individuals may complain to the Commissioner about any matter specified in section 29 of the PA.
For matters relating to personal information in the private sector in the course of commercial activities, the Commissioner may investigate complaints under section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Quebec, British Columbia, and Alberta. Ontario, New Brunswick, Nova Scotia and Newfoundland and Labrador now fall into this category with respect to personal health information held by health information custodians under their health sector privacy laws. However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA applies to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees. PIPEDA also applies to all personal data that flows across provincial or national borders, in the course of commercial activities.
The Commissioner focuses on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate. If voluntary cooperation is not forthcoming however, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence. In cases that remain unresolved, particularly under PIPEDA, the complainant or the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.
As the agent of Parliament responsible for the protection of the privacy rights of Canadians, the Commissioner carries out the following activities:
- Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations of non-compliance, as appropriate;
- Pursuing legal action before the federal courts where appropriate to resolve outstanding matters;
- Assessing compliance with obligations contained in the PA and PIPEDA through the conduct of independent audit and review activities;
- Advising on, and reviewing, Privacy Impact Assessments (PIAs) of new and existing government initiatives;
- Providing legal and policy analysis and expertise to help guide Parliament’s review of evolving legislation to ensure respect for individuals’ right to privacy;
- Responding to inquiries from parliamentarians, individual Canadians and organizations seeking information and guidance, and taking proactive steps to inform them of emerging privacy issues;
- Promoting privacy awareness and compliance, and fostering understanding of privacy rights and obligations through proactive engagement with federal government institutions, private-sector organizations, industry associations, the legal community, academia, professional associations, and other stakeholders;
- Preparing and disseminating public education materials, positions on evolving legislation, regulations and policies, guidance documents and fact sheets for use by the general public, federal government institutions and private sector organizations;
- Conducting research and monitoring trends in technological advances and privacy practices, identifying systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
- Working with privacy stakeholders from other jurisdictions in Canada and internationally to address global privacy issues that result from ever increasing transborder data flows.
Organizational Structure
The Privacy Commissioner is an Officer of Parliament who reports directly to the House of Commons and the Senate.
In January 2025, the OPC, following an organizational review, adopted a new structure to support the Privacy Commissioner’s vision: that privacy is a fundamental right; that privacy supports the public interest and Canada’s innovation and competitiveness; and that privacy accelerates Canadians’ trust in their institutions and their participation as digital citizens. Implementation of this structure, especially with regards to the new Compliance Promotion and Enforcement Sector, was announced on January 22, 2025, and implemented on May 1, 2025, and had therefore not been completed by March 31, 2025; the description provided below represents the structure as it was at the end of the reporting period.
The OPC’s organizational structure is now comprised of three sectors: Compliance Promotion and Enforcement Sector, Legal Services and Policy Sector, and Enabling Services Sector. The work of each sector is overseen by a Deputy Commissioner. The three Deputy Commissioners, as well as the Executive Director of Communications and Stakeholder Relations, report directly to the Privacy Commissioner. The Commissioner is also supported by the OPC’s Executive Secretariat.
The OPC was not party to any service agreements under section 73.1 of the Privacy Act.
As of March 31, 2025, the OPC was structured in the following way:
Compliance Promotion and Enforcement Sector
The Compliance Promotion and Enforcement Sector is led by the Deputy Commissioner, Compliance Promotion and Enforcement. The Sector is responsible for compliance under both acts.
Its activities include promoting compliance with the Privacy Act and PIPEDA using a variety of tools, including advisory engagements and outreach to organizations, both public and private, to inform them of their privacy obligations, as well as leveraging domestic and international partnerships to promote and enforce compliance.
It also undertakes several enforcement activities such as investigations and audits leading to the issuance of reports of findings, concludes compliance agreements where applicable, and monitors organizations’ compliance with recommendations and measures issued in the context of investigation reports and compliance agreements.
The sector also oversees the intake, triage and assessment of complaints and the intake of breach reports under both acts. Finally, the sector is responsible for reviewing Codes of practice under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, a new function that was launched on March 1, 2025.
At the end of the reporting period, the Compliance Promotion and Enforcement Sector included five directorates: the Privacy Act Compliance Directorate (public sector), the Personal Information and Electronic Documents Act (PIPEDA) Compliance Directorate (private sector), the Compliance, Intake and Resolution Directorate (public and private sectors), the Government Advisory Directorate and the Business Advisory Directorate.
Privacy Act (PA) Compliance Directorate
The mandate of the PA Compliance Directorate is to investigate complaints under the Privacy Act from individuals, either because they believe that they have not been given access to their personal information held by government institutions, or feel that their information has been inappropriately, collected, used, disclosed or managed. The Directorate also investigates complaints that are initiated by the Commissioner and conducts audits.
PIPEDA Compliance Directorate
The mandate of the PIPEDA Compliance Directorate is to investigate complaints from individuals under PIPEDA about the collection, use and disclosure of their personal information in the course of an organization’s commercial activities. The Directorate also investigates complaints that are initiated by the Commissioner.
Compliance, Intake and Resolution Directorate
The Compliance, Intake and Resolution Directorate is responsible for receiving all complaints under PIPEDA and the Privacy Act, and, where possible, trying to resolve them quickly through an early resolution process. The Directorate also:
- reviews mandatory reporting of data breaches submitted by private-sector organization and federal institutions; and
- ensures compliance monitoring.
The Compliance, Intake and Resolution Directorate’s Executive Director also acts as the Chief Privacy Officer for the OPC.
Government Advisory Directorate
The Government Advisory Directorate provides advice and recommendations to federal public sector institutions in relation to programs and initiatives, as well as reviews PIAs and information sharing agreements submitted by departments and agencies. This group also undertakes various outreach initiatives with the federal public sector in order to encourage compliance with the Privacy Act.
Business Advisory Directorate
The Business Advisory Directorate provides advice to businesses subject to PIPEDA relating to their programs and initiatives, reviews existing privacy practices, and conducts proactive engagements with the business community. This group also undertakes various outreach initiatives with the private sector in order to encourage compliance with PIPEDA.
Legal Services and Policy Sector
The Legal Services and Policy Sector is led by the Deputy Commissioner and Senior General Counsel who reports directly to the Privacy Commissioner.
Legal Services, and ATIP Division
Legal Services provides legal advice and support in relation to PIPEDA and PA compliance and in support of other operational activities across the OPC. It also represents the OPC in litigation matters before the courts and in negotiations with other parties.
The ATIP Program ensures that the OPC meets the obligations to provide access to information, including personal information, under the Access to Information Act and the Privacy Act. The Program also prepares the annual reports required to be filed in Parliament under these two acts. In 2024-25, the ATIP Division was headed by a director supported by two analysts. Under section 73(1) of the PA, the Privacy Commissioner has delegated his authority in relation to all access-related powers, duties and functions with respect to the application of the Act and its Regulations to the ATIP Director as well as to the Deputy Commissioner and Senior General Counsel. A copy of the Delegation Order is attached as Appendix A.
Policy, Research and Parliamentary Affairs Directorate
This Directorate develops strategic policy positions on legislative bills, government policies and private sector initiatives; supports the Commissioner’s appearances before Parliament; conducts research on emerging privacy issues; and manages the OPC Contributions Program. It is also the central hub for developing guidance for the public and private sectors.
Enabling Services Sector
The Enabling Services Sector is led by the Deputy Commissioner, Enabling Services. This Sector includes four directorates: Human Resources; Finance and Administration; Information and Technology Services; and Strategic Management.
The Enabling Services Sector provides advice and integrated administrative services related to human resources and people management, financial and resource management, corporate planning, information management and technology analysis, digital transformation and service modernization, as well as general administration support to managers and staff. It’s also the central hub for the OPC’s business intelligence functions.
The Information Technology Services directorate also includes the Technology Analysis Directorate. This directorate identifies and analyzes technological trends and developments in electronic platforms and digital media; conducts research to assess the impact of technology on the protection of personal information in the digital world and provides strategic analysis and guidance on complex, varied and sensitive technological issues involving government and commercial systems that store personal information.
Communications and Stakeholder Relations Directorate
The Communications and Stakeholder Relations Directorate is led by an Executive Director who reports directly to the Privacy Commissioner.
Communications
This Division focuses on providing strategic advice and support for the planning and execution of public education and communications activities. This includes the production and dissemination of information for Canadians and organizations aimed at increasing awareness of privacy rights and obligations through, for example, media relations, speeches, publications, special events, outreach campaigns, social media, and the OPC website, as well as the delivery of translation and linguistic services, media monitoring and analysis, and public opinion research. At the end of the reporting period, the Division was also responsible for responding to requests for information from the public and organizations regarding privacy rights and responsibilities through the OPC’s Information Centre.
International and Domestic Stakeholder Relations Division
This Division serves as the focal point for the Office’s domestic and international engagement. This includes working collaboratively with counterparts and key stakeholders to advance strategic priorities, partnerships, and collaborative efforts related to domestic and international privacy protections, joint initiatives, public education and policy matters. It has established frameworks with a number of counterparts to formalize consultation, cooperation and the sharing of relevant information. The OPC also participates in a number of international privacy protection organizations to help shape and improve privacy policies and standards around the world, which in turn leads to better protection for Canadian’s personal information.
Privacy Commissioner, Ad Hoc / Complaint Mechanism
Given the PA’s silence regarding an independent mechanism under which PA complaints against the OPC are to be investigated, the Office has developed an alternative process to investigate OPC actions with respect to its administration of the Act.
For this purpose, the Commissioner’s powers, duties and functions set out in sections 29 through 35 and section 42 of the Act have been delegated to a Privacy Commissioner, Ad hoc in order to investigate PA complaints lodged against the OPC.
In 2024-25, the Privacy Commissioner, Ad Hoc was Anne Bertrand, K.C. Ms. Bertrand was the Province of New Brunswick’s first Access to Information and Privacy Commissioner from 2010 to 2017. In 2016, she also served as New Brunswick’s Acting Conflict of Interest Commissioner for one year. She had previously been a practising lawyer in Fredericton for more than 24 years, working in multiple areas of the law, including administrative law, criminal law, labour law and civil litigation. She served as an arbitrator on various administrative tribunals for a number of years.
ATIP Division Activities
Training employees
Although training offered to new OPC employees has moved to an online, self-paced learning platform, the ATIP Division continues to offer ad hoc training to individuals and groups.
The ATIP Division also participated in an internal OPC showcase where each directorate had a booth to share their mandate and the work they do, allowing for a deeper understanding of the diverse and impactful efforts across the OPC. The ATIP booth, in conjunction with Legal Services, presented a “Who wants to be a Millionaire?” quiz style of questions and answers.
Privacy Act Statistical Interpretation
The OPC’s Statistical Report on the PA is attached as Appendix B.
The OPC received 127 formal requests under the PA during the fiscal year, and considering the two requests carried forward from the previous year, was therefore seized of a total of 129 requests. Of these, 123 requests were closed during the course of this reporting year and six were carried forward to the next fiscal year. All of the 123 requests closed during the reporting period were closed within legislated timelines (100%).
Requests under the Privacy Act
Text version
Requests under the Privacy Act| Year | 2022/2023 | 2023/2024 | 2024/2025 |
|---|---|---|---|
| Received | 26 | 101 | 127 |
| Processed | 27 | 101 | 123 |
The total of 123 requests processed under the PA about information under the OPC’s control, represents a total of 12,823 pages of information. This represents approximately a 5.5% decrease in the number of pages of information processed compared to the previous year.
Of the 123 requests closed, 80 were completed within one to 15 days, 42 were completed within 16 to 30 days and one was completed within 31 to 60 days. Of the two requests carried over from the previous year, both were received in 2023-24 and were processed within legislated timelines. Of the 127 requests received, the OPC was required to claim an extension of the time limit in one case, as the volume of records that required processing was quite large and finalizing that request within the original 30-day timelines would have unreasonably interfered with the operations of the OPC. With respect to the 123 requests processed in 2024-25:
- Information was partially disclosed in 22 instances (17.9%);
- Information was fully disclosed in 23 instances (18.7%);
- In three instances, no records existed that responded to the requests (2.4%);
- In 60 instances, the requests were abandoned by the requester (48.8%); and
- In 15 instances, all records were withheld (12.2%).
Of the 123 requests processed in the reporting year, 12 were for the contents of PA investigation files and/or content processed by the OPC. Section 22.1 of the PA prohibits the OPC from releasing information it obtained during the course of its investigations or audits even after the matter and all related proceedings have been concluded. However, subject to any applicable exemptions, the OPC cannot refuse to disclose information that it created during the course of an investigation or audit, once they and any related proceedings are completed. This exemption was applied in 29 cases during the reporting period. With respect to other exemptions, section 26 (Information about another individual) was invoked in ten cases and section 27 (Solicitor-client privileged information) was invoked in eight cases.
The OPC also processed four requests for consultation received from other institutions during the fiscal year within the reporting period, representing a total of 127 pages. Two requests were answered within the first 15 days of receipt, one was answered within 16 to 30 days and the other was answered within 31 to 60 days.
It is quite common for the OPC to receive broad requests seeking access to personal information held by other federal institutions. In most cases, the OPC does not have any of the requested personal information under its control. In such cases, requesters are advised to contact the relevant federal institution or to consult Info Source for a detailed listing of the personal information holdings of each federal organization, and to submit requests to those most likely to have the personal information to which they seek access.
At no point during the reporting period were requests received for correction of personal information held by the OPC, nor was the OPC consulted by any federal institution with a request for correction.
Processing times for information requests are tracked on a weekly basis by the ATIP Division using the access to information management system.
Initiatives and Projects to Improve Privacy
The OPC continued to collaborate with stakeholders with regards to the replacement of the current ATIP request processing software. Efforts towards implementation are ongoing.
Privacy Act complaints against the OPC
During the reporting period covered in this report, the OPC received 20 complaints made against it under the Privacy Act. Eighteen complaints were deemed to be not well-founded by the Privacy Commissioner Ad hoc and no further action was required on the part of the OPC. One complaint was discontinued by the Privacy Commissioner Ad hoc, as she found that further investigation was not necessary since the requester withdrew their complaint. One complaint was found to be well-founded in part by the Privacy Commissioner Ad hoc after she determined that personal information about an individual was inadvertently disclosed to another, by the OPC; the two other parts of the complaint were deemed not well-founded. The oversight which led to the well-founded determination has since been addressed.
Report on the TBS Directive on Privacy Impact Assessment (PIA)
The Directive on Privacy Impact Assessment, which came into effect on April 1, 2010, requires that Treasury Board of Canada Secretariat (TBS) monitor compliance with the Directive. Given this responsibility, institutions are asked to include pertinent statistics in their annual reports on the administration of the PA.
No privacy impact assessments were conducted by the OPC during this reporting period.
The current list of OPC Privacy Impact Assessments can be found on the OPC website.
Data Sharing Activities
The OPC did not undertake any personal data sharing activities during this reporting year.
Public Interest Disclosures
Permissible disclosure pursuant to subsection 8(2) of the PA describes the circumstances under which personal information under the control of a government institution may be disclosed without the consent of the individual to whom the information pertains. The OPC made two such disclosures under subsection 8(2)(m) during this reporting year and in both cases the OPC informed the Privacy Commissioner Ad hoc of the disclosures in accordance with subsection 8(5) of the PA.
In one case, the OPC became aware of an individual’s attempt to defraud a service provider’s customers using personal information that was unlawfully accessed. The OPC informed the service provider of the risk and provided pertinent information to police authorities. In the other case, an OPC employee received a communication in which an individual threatened to commit an act that would compromise public safety. Police authorities were contacted and were provided with necessary details to intervene.
Monitoring Compliance
Processing times for personal information requests are tracked on a weekly basis by the ATIP Division using the access to information management system and weekly team meetings.
Obligations under the Access to Information Act and the Privacy Act are incorporated into contracts and information sharing agreements and arrangements using standard clauses to ensure appropriate privacy protections are recognized.
Material Privacy Breach
No material privacy breaches occurred within the OPC during the fiscal reporting year.
Privacy Related Policy Instruments
No new or revised policies, guidelines, and procedures related to privacy were adopted or updated by the OPC during the reporting period.
Additional copies of this report may be obtained from:
Director, Access to Information and Privacy
Office of the Privacy Commissioner of Canada
30 Victoria Street, 1st Floor
Gatineau, Quebec
K1A 1H3
Appendix A – Privacy Act Delegation Order
Pursuant to subsection 73(1) of the Privacy Act, the Privacy Commissioner of Canada hereby delegates to the persons holding the positions set out below, or the persons occupying the positions on an acting basis, the following powers, duties, and functions of the Privacy Commissioner of Canada, as head of the institution, under the provisions of the Act and related regulations set out in the column opposite each position, as specified below:
| Position | Legislative Authority |
|---|---|
|
Director, Access to Information and Privacy (ATIP) Deputy Commissioner and Senior General Counsel |
Privacy Act: Full authority with respect to processing requests for access to, and correction of, personal information pursuant to ss. 12-28 of the Privacy Act and with respect to responding to complaints relating to such matters Privacy Regulations: Full authority with respect to processing requests for access to, and correction of, personal information pursuant to ss. 8-14 of the Privacy Regulations |
| Chief Privacy Officer | Privacy Act: Full authority with respect to all matters not delegated to the Director of ATIP, or the Deputy Commissioner and Senior General Counsel, with the exception of paragraph 8(2)(m) of the Privacy Act unless a disclosure under the aforementioned paragraph relates to a situation where there is a health safety or security threat or where it is believed that there is a threat of harm to self or others. Privacy Regulations: Full authority with respect to all matters not delegated to the Director, ATIPor to the Deputy Commissioner and Senior General Counsel. |
For greater clarity, this delegation to the positions set out above, or to the persons occupying on an acting basis these positions, includes all powers, duties, and functions as they existed prior to June 21, 2019 under section 73 of the Privacy Act to be exercised with respect to any complaint, investigation, application, judicial review or appeal that was initiated before June 21, 2019.
This delegation of authority supersedes any previous delegation of the powers, duties and functions set out herein.
Dated at the City of Gatineau, this 12th day of November, 2024.
(Original signed by)
Philippe Dufresne
Privacy Commissioner of Canada
Privacy Act
| 8(2)(j) | Disclose personal information for research purposes |
|---|---|
| 8(2)(m) | Disclose personal information in the public interest or in the interest of the individual |
| 8(4) | Retain copy of 8(2)(e) requests and disclosed records |
| 8(5) | Notify Privacy Commissioner of 8(2)(m) disclosures |
| 9(1) | Retain record of use |
| 9(4) | Notify Privacy Commissioner of consistent use and amend index |
| 10 | Include personal information in personal information banks |
| 14 | Respond to request for access within 30 days; give access or give notice |
| 15 | Extend time limit for responding to request for access |
| 17(2)(b) | Decide whether to translate requested information |
| 17(3)(b) | Decide whether to give access in an alternative format |
| 18(2) | May refuse to disclose information contained in an exempt bank |
| 19(1) | Shall refuse to disclose information obtained in confidence from another government |
| 19(2) | May disclose any information referred to in 19(1) if the other government consents to the disclosure or makes the information public |
| 20 | May refuse to disclose information injurious to the conduct of federal-provincial affairs |
| 21 | May refuse to disclose information injurious to international affairs or defence |
| 22 | Series of discretionary exemptions related to law enforcement and investigations; and policing services for provinces or municipalities |
| 22.1(1) | In force April 1, 2007 – Privacy Commissioner shall refuse to disclose information obtained or created in the course of an investigation conducted by the Commissioner |
| 22.1(2) | In force April 1, 2007 – Privacy Commissioner shall not refuse under 22.1(1) to disclose any information created by the Commissioner in the course of an investigation conducted by the Commissioner once the investigation and related proceedings are concluded |
| 23 | May refuse to disclose information prepared by an investigative body for security clearances |
| 24 | May refuse to disclose information collected by the Correctional Service of Canada or the National Parole Board while individual was under sentence if conditions in section are met |
| 25 | May refuse to disclose information which could threaten the safety of individuals |
| 26 | May refuse to disclose information about another individual, and shall refuse to disclose such information where disclosure is prohibited under section 8 |
| 27 | May refuse to disclose information subject to solicitor-client privilege |
| 28 | May refuse to disclose information relating to the individual’s physical or mental health where disclosure is contrary to best interests of the individual |
| 31 | Receive notice of investigation by Privacy Commissioner |
| 33(2) | Right to make representations to the Privacy Commissioner during an investigation |
| 35(1) | Receive Privacy Commissioner’s report of findings of the investigation and give notice of action taken |
| 35(4) | Give complainant access to information after 35(1)(b) notice |
| 36(3) | Receive Privacy Commissioner’s report of findings of investigation of exempt bank |
| 37(3) | Receive report of Privacy Commissioner’s findings after compliance investigation |
| 51(2)(b) | Request that section 51 hearing be held in the National Capital Region |
| 51(3) | Request and be given right to make representations in section 51 hearings |
| 70 | Refuse to provide information that is excluded from the Act as a cabinet confidence |
| 72(1) | Prepare annual report to Parliament |
Privacy Regulations
| 9 | Provide reasonable facilities to examine information |
|---|---|
| 11(2) and (4) | Procedures for correction or notation of information |
| 13(1) | Disclosure of information relating to physical or mental health to qualified practitioner or psychologist |
| 14 | Require individual to examine information in presence of qualified practitioner or psychologist |
Appendix B — Statistical Report
Statistical Report on the Privacy Act
Name of institution: Office of the Privacy Commissioner of Canada
Reporting period: 2024-04-01 to 2025-03-31
Section 1: Requests Under the Privacy Act
1.1 Number of requests received
| Number of requests | |
|---|---|
| Received during reporting period | 127 |
| Outstanding from previous reporting periods | 2 |
| • Outstanding from previous reporting period | 2 |
| • Outstanding from more than one reporting period | 0 |
| Total | 129 |
| Closed during reporting period | 123 |
| Carried over to next reporting period | 6 |
| • Carried over within legislated timeline | 6 |
| • Carried over beyond legislated timeline | 0 |
1.2 Channels of requests
| Source | Number of requests |
|---|---|
| Online | 127 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 127 |
Section 2: Informal requests
2.1 Number of informal requests
| Number of requests | |
|---|---|
| Received during reporting period | 0 |
| Outstanding from previous reporting periods | 0 |
| • Outstanding from previous reporting period | 0 |
| • Outstanding from more than one reporting period | 0 |
| Total | 0 |
| Closed during reporting period | 0 |
| Carried over to next reporting period | 0 |
2.2 Channels of informal requests
| Source | Number of requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
2.3 Completion time of informal requests
| Completion time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
2.4 Pages released informally
| Less than 100 pages released | 100-500 pages released | 501-1000 pages released | 1001-5000 pages released | More than 5000 pages released | |||||
|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
3.1 Disposition and completion time
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 15 | 8 | 0 | 0 | 0 | 0 | 0 | 23 |
| Disclosed in part | 2 | 19 | 1 | 0 | 0 | 0 | 0 | 22 |
| All exempted | 2 | 13 | 0 | 0 | 0 | 0 | 0 | 15 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 1 | 2 | 0 | 0 | 0 | 0 | 0 | 3 |
| Request abandoned | 60 | 0 | 0 | 0 | 0 | 0 | 0 | 60 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 80 | 42 | 1 | 0 | 0 | 0 | 0 | 123 |
3.2 Exemptions
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 18(2) | 0 | 22(1)(a)(i) | 0 | 23(a) | 0 |
| 19(1)(a) | 0 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
| 19(1)(b) | 0 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
| 19(1)(c) | 0 | 22(1)(b) | 0 | 24(b) | 0 |
| 19(1)(d) | 0 | 22(1)(c) | 0 | 25 | 0 |
| 19(1)(e) | 0 | 22(2) | 0 | 26 | 10 |
| 19(1)(f) | 0 | 22.1 | 29 | 27 | 8 |
| 20 | 0 | 22.2 | 0 | 27.1 | 0 |
| 21 | 0 | 22.3 | 0 | 28 | 0 |
| 22.4 | 0 |
3.3 Exclusions
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
| 69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
| 69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
| 70(1)(c) | 0 | 70.1 | 0 |
3.4 Format of information released
| Paper | Electronic | Other | |||
|---|---|---|---|---|---|
| E-record | Data set | Video | Audio | ||
| 1 | 44 | 0 | 0 | 0 | 0 |
3.5 Complexity
3.5.1 Relevant pages processed and disclosed for paper and e-record formats
| Number of pages processed |
Number of pages disclosed |
Number of requests |
|---|---|---|
| 12,823 | 3,313 | 120 |
3.5.2 Relevant pages processed by request disposition for paper and e-record formats by size of requests
| Disposition | Less than 100 pages processed | 100-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | |
| All disclosed | 20 | 439 | 2 | 395 | 1 | 765 | 0 | 0 | 0 | 0 |
| Disclosed in part | 8 | 376 | 9 | 2,222 | 1 | 550 | 4 | 5,326 | 0 | 0 |
| All exempted | 8 | 65 | 7 | 2,685 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 96 | 880 | 18 | 5,302 | 2 | 1,315 | 4 | 5,326 | 0 | 0 |
3.5.3 Relevant minutes processed and disclosed for audio formats
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 0 | 0 | 0 |
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
| Disposition | Less than 60 minutes processed | 60-120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 |
3.5.5 Relevant minutes processed and disclosed for video formats
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 0 | 0 | 0 |
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
| Disposition | Less than 60 minutes processed | 60-120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 |
3.5.7 Other complexities
| Disposition | Consultation required |
Legal advice sought |
Interwoven information |
Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 |
3.6 Closed requests
3.6.1 Number of requests closed within legislated timelines
| Number of requests closed within legislated timelines | 123 |
|---|---|
| Percentage of requests closed within legislated timelines (%) | 100 |
3.7 Deemed refusals
3.7.1 Reasons for not meeting legislated timelines
| Number of requests closed past the legislated timelines |
Principal reason | |||
|---|---|---|---|---|
| Interference with operations / workload |
External consultation |
Internal consultation |
Other | |
| 0 | 0 | 0 | 0 | 0 |
3.7.2 Requests closed beyond legislated timelines (including any extension taken)
| Number of days past legislated timelines |
Number of requests past legislated timeline where no extension was taken |
Number of requests past legislated timeline where an extension was taken |
Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
3.8 Requests for translation
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 2 | 2 | 4 |
Section 5: Requests for Correction of Personal Information and Notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 6: Extensions
6.1 Reasons for extensions
| Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
6.2 Length of extensions
| Length of extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation or conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions |
Large volume of pages |
Large volume of requests |
Documents are difficult to obtain |
Cabinet Confidence Section (Section 70) |
External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 1 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Consultations Received From Other Institutions and Organizations
7.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during reporting period | 4 | 127 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 4 | 127 | 0 | 0 |
| Closed during the reporting period | 4 | 127 | 0 | 0 |
| Carried over within negotiated timelines | 0 | 0 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
7.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 1 | 1 | 1 | 0 | 0 | 0 | 0 | 3 |
| Exempt entirely | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 1 | 1 | 0 | 0 | 0 | 0 | 4 |
7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Completion Time of Consultations on Cabinet Confidences
8.1 Requests with Legal Services
| Number of days | Fewer than 100 pages processed | 100-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
8.2 Requests with Privy Council Office
| Number of days | Fewer than 100 pages processed | 100-500 pages processed | 501-1000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 20 | 3 | 20 | 0 | 43 |
Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)
10.1 Privacy Impact Assessments
| Number of PIAs completed | 0 |
|---|---|
| Number of PIAs modified | 0 |
10.2 Institution-specific and Central Personal Information Banks
| Personal Information Banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution-specific | 6 | 0 | 0 | 0 |
| Central | 0 | 0 | 0 | 0 |
| Total | 6 | 0 | 0 | 0 |
Section 11: Privacy Breaches
11.1 Material Privacy Breaches reported
| Number of material privacy breaches reported to TBS | 0 |
|---|---|
| Number of material privacy breaches reported to OPC | 0 |
11.2 Non-Material Privacy Breaches
| Number of non-material privacy breaches | 4 |
|---|
Section 12: Resources related to the Privacy Act
12.1 Allocated costs
| Expenditures | Amount |
|---|---|
| Salaries | $204,730 |
| Overtime | $0 |
| Goods and services | $0 |
| • Professional services contracts | $0 |
| • Other | $0 |
| Total | $204,730 |
12.2 Human Resources
| Resources | Person years dedicated to privacy activities |
|---|---|
| Full-time employees | 1.905 |
| Part-time and casual employees | 0.000 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 0.000 |
| Students | 0.000 |
| Total | 1.905 |
| Note: Enter values to three decimal places. | |
- Date modified: