Archived - Department of Finance Canada’s Annual Report to Parliament On the Administration of the
Privacy Act

2008–2009

Archived information

Archived information is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Table of Contents

Introduction

Purpose of the Privacy Act

Mandate of the Department of Finance

Administration of the Privacy Legislation

Interpretation of Statistical Report

Complaints

Appeals to the Federal Court of Canada

Privacy Impact Assessments (PIAs) and Preliminary Privacy Impact Assessments (PPIAs)

APPENDIX A
Statistical Report on Privacy Act Requests

Introduction

The annual report on the administration of the Privacy Act in the Department of Finance is submitted in accordance with section 72 of the legislation. This report covers the period from April 1, 2008 to March 31, 2009. 

Purpose of the Privacy Act

The Privacy Act protects the privacy of all Canadian citizens and permanent residents regarding personal information held by a federal government institution. In addition, it gives these individuals, including those in Canada who are not permanent residents or citizens, the right to access their own personal information.

Mandate of the Department of Finance

The Department of Finance is the federal government’s central agency responsible for advising on all aspects of Canada’s economic and financial affairs. Concerned with all aspects of the performance of the Canadian economy, it oversees all initiatives that affect the economy, ensuring harmony and following the development of external factors that bear on domestic economic performance.

The department's most visible output is the federal budget. The budget speech provides an authoritative review of past, present, and future economic factors that will affect Canada’s economic performance and finances. The budget reviews government accounts for the past period and presents its fiscal projections for the coming years. These include the government's expenditure program, revenues from existing sources, taxation changes, and debt levels. The minister has a number of statutory responsibilities and plays a significant role as central policy advisor. The following list of ministerial and departmental functions reflects these responsibilities:

Program (or Statutory) Responsibilities and Core Functions

Central Agency Functions

Administration of the Privacy Legislation

Access to Information and Privacy Division

The Access to Information and Privacy Division (ATIP), whose operations are overseen by the Law Branch, is responsible for administering the Privacy Act for the Department of Finance. As a centralized operation, the ATIP Division co‑ordinates the timely processing of requests under the legislation, conducts interdepartmental consultations, handles complaints lodged with the Privacy Commissioner, and responds to informal inquiries. Division staff also provide advice and guidance to departmental officials on matters involving the Privacy Act.  Due to the low volume of personal information and privacy issues managed by the Department of Finance, generally only a few staff are involved in privacy matters during most reporting periods.  However, since the Department recently implemented a Code of Conflict for its employees, a significant amount of time was spent on this initiative during the reporting period and in advance of its implementation, to ensure compliance with the Privacy Act and related policies.

This report presents an overview of the Privacy activities carried out within the Department of Finance during the reporting period April 1, 2008 to March 31, 2009.

Overview of Privacy Activities

Since the legislation was implemented, the Department of Finance Canada has received very few requests under the Privacy Act. Because the department does not collect personal information to administer particular programs, its personal information holdings largely concern departmental employees. Very few privacy requests have been received since effective procedures were put in place for employees to access their personnel records informally. Departmental employees can process and access their leave records through "PeopleSoft" software on their personal computers. These PeopleSoft files are accessible to each employee by an individual password chosen by the employee.

The department also has personal information about contractors who provide personal services to the department, individuals who apply for positions within the department, and correspondence and survey responses from the general public.

Education and Training Activities

Training sessions for new employees are given on a monthly basis. These include an overview of privacy-related activities. Ad-hoc training is also provided as needed or requested by the branches. No privacy specific courses were delivered during the reporting period, however, all of the eleven Access to Information sessions included some information concerning Privacy Act requirements.

Institutional Changes to the Administration of the Privacy Act

Because the department processes very few privacy requests, no institutional changes were made regarding the administration of the Privacy Act this year.

The delegation of authority that was approved on March 31, 2008 remained in effect throughout the reporting period.

Delegation of Authority

During the reporting period, the authority to approve or deny the release of departmental information requested under the Privacy Act was shared among the Deputy Minister, the Associate Deputy Minister and G7 Deputy for Canada, the Associate Deputy Minister, the Assistant Deputy Minister and Counsel to the Department, and the Access to Information and Privacy Director.  Usually the ATIP Director performs this function, with the exception of disclosures of personal information to investigative bodies pursuant to 8(2)(e) of the Privacy Act.  These disclosures are usually performed by the Assistant Deputy Minister of the Corporate Services Branch. 

Privacy Act Designation Order. For details, refer to the preceding paragraph.

Schedule 2
Designation Order—Privacy Act
Powers, Duties or Functions Section Deputy Minister Associate DM Associate DM and
G7 Deputy  for Canada
Assistant DM, Corporate Services Branch
To disclose personal information to an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed 8(2)(e) Yes Yes Yes Yes

 

Powers, Duties or Functions Section Deputy Minister Associate DM Associate DM and
G7 Deputy  for Canada
ADM and Counsel,
Law Branch
Director, ATIP ATIP Team Leader
Senior ATIP Analyst
To disclose personal information when satisfied that the purpose for which the information is disclosed cannot reasonably be accomplished unless the information is provided in a form that identifies the person to whom it relates and obtain a written undertaking that no subsequent disclosure of the information will be made in a form that could reasonably be expected to identify the individual to whom it relates 8(2)(j) Yes Yes Yes Yes Yes No
To disclose personal information when public interest outweighs invasion of privacy or when disclosure benefits the individual 8(2)(m) Yes Yes Yes Yes Yes No
To keep copies of requests made under 8(2)(e), keep records of information disclosed pursuant to such requests and to make those copies and records available to Privacy Commissioner 8(4) Yes Yes Yes Yes Yes Yes
To notify the Privacy Commissioner in writing of disclosure under paragraph 8(2)(m) 8(5) Yes Yes Yes Yes Yes No
To retain a record of use of personal information. 9(1) Yes Yes Yes Yes Yes Yes
To notify the Privacy Commissioner of consistent use of personal information and update index accordingly 9(4) Yes Yes Yes Yes Yes Yes
To include personal information in personal information banks 10 Yes Yes Yes Yes Yes Yes
To give written notice as to whether or not access will be given 14(a) Yes Yes Yes Yes Yes No
To give access to requester 14(b) Yes Yes Yes Yes Yes No
To extend time limit and give notice of extension 15 Yes Yes Yes Yes Yes Yes
To determine the necessity for a translation or interpretation of a record 17(2)(b) Yes Yes Yes Yes Yes Yes
To determine whether a record should be provided in an alternative format 17(3) Yes Yes Yes Yes Yes Yes
To refuse to disclose personal information referred to in that section 18(2) Yes Yes Yes Yes Yes No
To refuse to disclose personal information referred to in that section 19(1) Yes Yes Yes Yes Yes No
To disclose, with consent, personal information referred to in that subsection 19(2) Yes Yes Yes Yes Yes No
To refuse to disclose personal information referred to in that section 20 Yes Yes Yes Yes Yes No
To refuse to disclose personal information referred to in that section 21 Yes Yes Yes Yes Yes No
To refuse to disclose personal information referred to in that section 22 Yes Yes Yes Yes Yes No
To refuse to disclose personal information referred to in that section 22.3 Yes Yes Yes Yes Yes No
To refuse to disclose personal information referred to in that section 23 Yes Yes Yes Yes Yes No
To refuse to disclose personal information under that section 24 Yes Yes Yes Yes Yes No
To refuse to disclose personal information under that section 25 Yes Yes Yes Yes Yes No
To refuse to disclose personal information under that section 26 Yes Yes Yes Yes Yes No
To refuse to disclose personal information under that section 27 Yes Yes Yes Yes Yes No
To refuse to disclose personal information under that section 28 Yes Yes Yes Yes Yes No
To receive notice of investigation by the
Privacy Commissioner
31 Yes Yes Yes Yes Yes No
To make representations to the Privacy Commissioner 33(2) Yes Yes Yes Yes Yes Yes
To receive the report of findings of the investigation and give notice of action taken or proposed to be taken or reasons why no action has been or is proposed to be taken 35(1) Yes Yes Yes Yes Yes Yes
To provide access to personal information 35(4) Yes Yes Yes Yes Yes No
To receive the report of findings of the investigation of files in exempt banks 36(3) Yes Yes Yes Yes Yes Yes
To receive the report of findings after investigation in respect of personal information 37(3) Yes Yes Yes Yes Yes Yes
To request that the matter be heard and determined in the National Capital Region 51(2)(b) Yes Yes Yes Yes Yes Yes
To request the opportunity to make representations ex parte 51(3) Yes Yes Yes Yes Yes Yes
To prepare annual report for submission to Parliament 72(1) Yes Yes Yes Yes Yes Yes
To carry out responsibilities conferred on the Head of the institution by regulations made under section 77, not included above 77 Yes Yes Yes Yes Yes Yes

Disclosures under Section 8 of the Privacy Act

Paragraph 8(2)(e) of the Act allows for disclosures "to an investigative body specified…for the purpose of enforcing any law". During the reporting period, one request for information was received and processed from an investigative body pursuant to paragraph 8(2)(e).

The department made no disclosures of personal information pursuant to the provisions of 8(2)(f), (g) or (m) during the reporting period.

Data Matching and Sharing Activities

No new data-matching or sharing activities were undertaken during the year.

Exempt Banks

The nature of information contained in personal information banks under the control of the Department of Finance Canada is such that no bank has been designated as an exempt bank within the meaning of section 18 of the Privacy Act.

Interpretation of Statistical Report

Disposition of Requests

The department carried forward two requests from the previous fiscal year and received six Privacy Act requests for personal information during the reporting period.  Eight requests were completed in the reporting period and none was carried forward to fiscal year 2009–10.

The following summary table indicates the disposition of the 8 Privacy requests completed during this reporting period:

Disposition Number of Requests Percentage of Requests

Documents all disclosed 0 N/A
Disclosed in part 1 12.5%
Nothing disclosed 0 N/A
Transferred 0 N/A
Unable to process 6 75%
Abandoned 1 12.5%
Treated informally 0 N/A

Total 8 100%

Disclosed in Full

N/A

Disclosed in Part

One applicant was provided with total access to his personal information; only personal information concerning other individuals was withheld.

Disclosed No Records

N/A

Transferred

N/A

Unable to Process

No relevant records were found to respond to 6 requests (75 per cent of requests).

Abandoned

One applicant abandoned her request upon learning that the records of former employees were under the control of Libraries and Archives Canada.

Treated Informally

N/A

Exemptions Invoked and Exclusions Cited

During the reporting period, section 26 was invoked on one request to protect the personal information of individuals other than the requestor and no exclusions were cited pursuant to the Privacy Act.

Completion Time and Extensions

During the reporting period, 7 requests were completed within 30 days and 1 request was completed within 60 days.  A 30 day extension was applied to one file in order to conduct consultations with other institutions.

Translations

During the reporting period, the department received no requests for translations.

Method of Access

In response to the one request where personal information was disclosed, the requester was given copies of the records.

Corrections and Notations

During the reporting period, no requests for corrections or notations were received by the department.

Costs

Costs incurred during the reporting period are calculated based on the average salaries of ATIP Division members (1) and administrative expenses associated with the administration of the Privacy Act.  See Appendix A for cost details.

Complaints

No Privacy Act complaints were received during the reporting period.

Appeals to the Federal Court of Canada

No appeals to the Federal Court were made in this reporting period.

Privacy Impact Assessments (PIAs) and
Preliminary Privacy Impact Assessments (PPIAs)

One Privacy Impact Assessment (PIA) was completed during the reporting period.  It deals with the conflict of interest code for departmental employees.  A summary of the PIA can be located on the department’s website at:  http://www.fin.gc.ca/disclose-divulgation/pia-efvp-eng.asp .    No Preliminary Privacy Impact Assessments (PPIA) were completed during the reporting period.

APPENDIX A
Statistical Report on Privacy Act Requests

Statistical Report on Privacy Act Requests