Department of Finance Canada
www.fin.gc.ca
Common menu bar links
Archived - Department of Finance Canada’s Annual Report to Parliament On the Administration of the
Privacy Act
2008–2009
Table of Contents
Mandate of the Department of Finance
Administration of the Privacy Legislation
Access to Information and Privacy Division
Overview of Privacy Activities
Education and Training Activities
Institutional Changes to the Administration of the Privacy Act
Delegation of Authority
Disclosures under Section 8 of the Privacy Act
Data Matching and Sharing Activities
Exempt Banks
Interpretation of Statistical Report
Disposition of Requests
Exemptions Invoked and Exclusions Cited
Completion Time and Extensions
Translations
Method of Access.
Corrections and Notations
Costs
Appeals to the Federal Court of Canada
Privacy Impact Assessments (PIAs) and Preliminary Privacy Impact Assessments (PPIAs)
APPENDIX A
Statistical Report on Privacy Act Requests
Introduction
The annual report on the administration of the Privacy Act in the Department of Finance is submitted in accordance with section 72 of the legislation. This report covers the period from April 1, 2008 to March 31, 2009.
Purpose of the Privacy Act
The Privacy Act protects the privacy of all Canadian citizens and permanent residents regarding personal information held by a federal government institution. In addition, it gives these individuals, including those in Canada who are not permanent residents or citizens, the right to access their own personal information.
Mandate of the Department of Finance
The Department of Finance is the federal government’s central agency responsible for advising on all aspects of Canada’s economic and financial affairs. Concerned with all aspects of the performance of the Canadian economy, it oversees all initiatives that affect the economy, ensuring harmony and following the development of external factors that bear on domestic economic performance.
The department's most visible output is the federal budget. The budget speech provides an authoritative review of past, present, and future economic factors that will affect Canada’s economic performance and finances. The budget reviews government accounts for the past period and presents its fiscal projections for the coming years. These include the government's expenditure program, revenues from existing sources, taxation changes, and debt levels. The minister has a number of statutory responsibilities and plays a significant role as central policy advisor. The following list of ministerial and departmental functions reflects these responsibilities:
Program (or Statutory) Responsibilities and Core Functions
- fiscal and monetary policy
- budget preparation and planning
- tax policy
- debt and exchange fund management
- tariff and certain aspects of trade and tariff policy
- financial sector policy
- international financial arrangements
- federal‑provincial fiscal arrangements (policy and program administration)
- private pension policy and public pension financing
- privatization
Central Agency Functions
- development of the fiscal framework
- preparation of the economic outlook and forecast
- analysis and assessment of major policy initiatives and options
- shared supervision of Crown corporations and agencies
- coordination with other central agencies on key files
Administration of the Privacy Legislation
Access to Information and Privacy Division
The Access to Information and Privacy Division (ATIP), whose operations are overseen by the Law Branch, is responsible for administering the Privacy Act for the Department of Finance. As a centralized operation, the ATIP Division co‑ordinates the timely processing of requests under the legislation, conducts interdepartmental consultations, handles complaints lodged with the Privacy Commissioner, and responds to informal inquiries. Division staff also provide advice and guidance to departmental officials on matters involving the Privacy Act. Due to the low volume of personal information and privacy issues managed by the Department of Finance, generally only a few staff are involved in privacy matters during most reporting periods. However, since the Department recently implemented a Code of Conflict for its employees, a significant amount of time was spent on this initiative during the reporting period and in advance of its implementation, to ensure compliance with the Privacy Act and related policies.
This report presents an overview of the Privacy activities carried out within the Department of Finance during the reporting period April 1, 2008 to March 31, 2009.
Overview of Privacy Activities
Since the legislation was implemented, the Department of Finance Canada has received very few requests under the Privacy Act. Because the department does not collect personal information to administer particular programs, its personal information holdings largely concern departmental employees. Very few privacy requests have been received since effective procedures were put in place for employees to access their personnel records informally. Departmental employees can process and access their leave records through "PeopleSoft" software on their personal computers. These PeopleSoft files are accessible to each employee by an individual password chosen by the employee.
The department also has personal information about contractors who provide personal services to the department, individuals who apply for positions within the department, and correspondence and survey responses from the general public.
Education and Training Activities
Training sessions for new employees are given on a monthly basis. These include an overview of privacy-related activities. Ad-hoc training is also provided as needed or requested by the branches. No privacy specific courses were delivered during the reporting period, however, all of the eleven Access to Information sessions included some information concerning Privacy Act requirements.
Institutional Changes to the Administration of the Privacy Act
Because the department processes very few privacy requests, no institutional changes were made regarding the administration of the Privacy Act this year.
The delegation of authority that was approved on March 31, 2008 remained in effect throughout the reporting period.
Delegation of Authority
During the reporting period, the authority to approve or deny the release of departmental information requested under the Privacy Act was shared among the Deputy Minister, the Associate Deputy Minister and G7 Deputy for Canada, the Associate Deputy Minister, the Assistant Deputy Minister and Counsel to the Department, and the Access to Information and Privacy Director. Usually the ATIP Director performs this function, with the exception of disclosures of personal information to investigative bodies pursuant to 8(2)(e) of the Privacy Act. These disclosures are usually performed by the Assistant Deputy Minister of the Corporate Services Branch.
| Powers, Duties or Functions | Section | Deputy Minister | Associate DM | Associate DM and G7 Deputy for Canada |
Assistant DM, Corporate Services Branch |
|---|---|---|---|---|---|
| To disclose personal information to an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed | 8(2)(e) | Yes | Yes | Yes | Yes |
| Powers, Duties or Functions | Section | Deputy Minister | Associate DM | Associate DM and G7 Deputy for Canada |
ADM and Counsel, Law Branch |
Director, ATIP | ATIP Team Leader Senior ATIP Analyst |
|---|---|---|---|---|---|---|---|
| To disclose personal information when satisfied that the purpose for which the information is disclosed cannot reasonably be accomplished unless the information is provided in a form that identifies the person to whom it relates and obtain a written undertaking that no subsequent disclosure of the information will be made in a form that could reasonably be expected to identify the individual to whom it relates | 8(2)(j) | Yes | Yes | Yes | Yes | Yes | No |
| To disclose personal information when public interest outweighs invasion of privacy or when disclosure benefits the individual | 8(2)(m) | Yes | Yes | Yes | Yes | Yes | No |
| To keep copies of requests made under 8(2)(e), keep records of information disclosed pursuant to such requests and to make those copies and records available to Privacy Commissioner | 8(4) | Yes | Yes | Yes | Yes | Yes | Yes |
| To notify the Privacy Commissioner in writing of disclosure under paragraph 8(2)(m) | 8(5) | Yes | Yes | Yes | Yes | Yes | No |
| To retain a record of use of personal information. | 9(1) | Yes | Yes | Yes | Yes | Yes | Yes |
| To notify the Privacy Commissioner of consistent use of personal information and update index accordingly | 9(4) | Yes | Yes | Yes | Yes | Yes | Yes |
| To include personal information in personal information banks | 10 | Yes | Yes | Yes | Yes | Yes | Yes |
| To give written notice as to whether or not access will be given | 14(a) | Yes | Yes | Yes | Yes | Yes | No |
| To give access to requester | 14(b) | Yes | Yes | Yes | Yes | Yes | No |
| To extend time limit and give notice of extension | 15 | Yes | Yes | Yes | Yes | Yes | Yes |
| To determine the necessity for a translation or interpretation of a record | 17(2)(b) | Yes | Yes | Yes | Yes | Yes | Yes |
| To determine whether a record should be provided in an alternative format | 17(3) | Yes | Yes | Yes | Yes | Yes | Yes |
| To refuse to disclose personal information referred to in that section | 18(2) | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information referred to in that section | 19(1) | Yes | Yes | Yes | Yes | Yes | No |
| To disclose, with consent, personal information referred to in that subsection | 19(2) | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information referred to in that section | 20 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information referred to in that section | 21 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information referred to in that section | 22 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information referred to in that section | 22.3 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information referred to in that section | 23 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information under that section | 24 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information under that section | 25 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information under that section | 26 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information under that section | 27 | Yes | Yes | Yes | Yes | Yes | No |
| To refuse to disclose personal information under that section | 28 | Yes | Yes | Yes | Yes | Yes | No |
| To receive notice of investigation by the Privacy Commissioner |
31 | Yes | Yes | Yes | Yes | Yes | No |
| To make representations to the Privacy Commissioner | 33(2) | Yes | Yes | Yes | Yes | Yes | Yes |
| To receive the report of findings of the investigation and give notice of action taken or proposed to be taken or reasons why no action has been or is proposed to be taken | 35(1) | Yes | Yes | Yes | Yes | Yes | Yes |
| To provide access to personal information | 35(4) | Yes | Yes | Yes | Yes | Yes | No |
| To receive the report of findings of the investigation of files in exempt banks | 36(3) | Yes | Yes | Yes | Yes | Yes | Yes |
| To receive the report of findings after investigation in respect of personal information | 37(3) | Yes | Yes | Yes | Yes | Yes | Yes |
| To request that the matter be heard and determined in the National Capital Region | 51(2)(b) | Yes | Yes | Yes | Yes | Yes | Yes |
| To request the opportunity to make representations ex parte | 51(3) | Yes | Yes | Yes | Yes | Yes | Yes |
| To prepare annual report for submission to Parliament | 72(1) | Yes | Yes | Yes | Yes | Yes | Yes |
| To carry out responsibilities conferred on the Head of the institution by regulations made under section 77, not included above | 77 | Yes | Yes | Yes | Yes | Yes | Yes |
Disclosures under Section 8 of the Privacy Act
Paragraph 8(2)(e) of the Act allows for disclosures "to an investigative body specified…for the purpose of enforcing any law". During the reporting period, one request for information was received and processed from an investigative body pursuant to paragraph 8(2)(e).
The department made no disclosures of personal information pursuant to the provisions of 8(2)(f), (g) or (m) during the reporting period.
Data Matching and Sharing Activities
No new data-matching or sharing activities were undertaken during the year.
Exempt Banks
The nature of information contained in personal information banks under the control of the Department of Finance Canada is such that no bank has been designated as an exempt bank within the meaning of section 18 of the Privacy Act.
Interpretation of Statistical Report
Disposition of Requests
The department carried forward two requests from the previous fiscal year and received six Privacy Act requests for personal information during the reporting period. Eight requests were completed in the reporting period and none was carried forward to fiscal year 2009–10.
The following summary table indicates the disposition of the 8 Privacy requests completed during this reporting period:
| Disposition | Number of Requests | Percentage of Requests |
|---|---|---|
| Documents all disclosed | 0 | N/A |
| Disclosed in part | 1 | 12.5% |
| Nothing disclosed | 0 | N/A |
| Transferred | 0 | N/A |
| Unable to process | 6 | 75% |
| Abandoned | 1 | 12.5% |
| Treated informally | 0 | N/A |
| Total | 8 | 100% |
Disclosed in Full
N/A
Disclosed in Part
One applicant was provided with total access to his personal information; only personal information concerning other individuals was withheld.
Disclosed No Records
N/A
Transferred
N/A
Unable to Process
No relevant records were found to respond to 6 requests (75 per cent of requests).
Abandoned
One applicant abandoned her request upon learning that the records of former employees were under the control of Libraries and Archives Canada.
Treated Informally
N/A
Exemptions Invoked and Exclusions Cited
During the reporting period, section 26 was invoked on one request to protect the personal information of individuals other than the requestor and no exclusions were cited pursuant to the Privacy Act.
Completion Time and Extensions
During the reporting period, 7 requests were completed within 30 days and 1 request was completed within 60 days. A 30 day extension was applied to one file in order to conduct consultations with other institutions.
Translations
During the reporting period, the department received no requests for translations.
Method of Access
In response to the one request where personal information was disclosed, the requester was given copies of the records.
Corrections and Notations
During the reporting period, no requests for corrections or notations were received by the department.
Costs
Costs incurred during the reporting period are calculated based on the average salaries of ATIP Division members (1) and administrative expenses associated with the administration of the Privacy Act. See Appendix A for cost details.
Complaints
No Privacy Act complaints were received during the reporting period.
Appeals to the Federal Court of Canada
No appeals to the Federal Court were made in this reporting period.
Privacy Impact Assessments (PIAs) and
Preliminary Privacy Impact Assessments (PPIAs)
One Privacy Impact Assessment (PIA) was completed during the reporting period. It deals with the conflict of interest code for departmental employees. A summary of the PIA can be located on the department’s website at: http://www.fin.gc.ca/disclose-divulgation/pia-efvp-eng.asp . No Preliminary Privacy Impact Assessments (PPIA) were completed during the reporting period.
APPENDIX A
Statistical Report on Privacy Act Requests
