Publications and Reports - Annual Report to Parliament 2008-2009 - Privacy Act
The Administration of the Privacy Act in the Department of National Defence and the Canadian Forces
Table of Contents
- About National Defence and the Canadian Forces
- The Directorate Access to information and Privacy (DAIP)
- Report on the Privacy Act
Annex A - Statistical Report on the Privacy Act
Annex B - Department of National Defence Ministerial Delegation Order
1. About National Defence and Canadian Forces
The Mission of the Department of National Defence and Canadian Force
The mission of the Department of National Defence (DND) and the Canadian Forces (CF) is to defend Canada and Canadian interests and values while contributing to international peace and security.
The Defence Portfolio
In many respects, the Department of National Defence is an organization like other departments of government. It is established by a statute, the National Defence Act which sets out the Minister's responsibilities, including the Minister's responsibility for the Department. The National Defence Act establishes DND and the CF as separate entities operating in close co-operation under the authority of the Minister of National Defence. The Minister of National Defence has specific responsibilities under that Act, and responsibilities for the administration of other statutes, regulations and orders.
The Defence Portfolio comprises the Department of National Defence and Canadian Forces and eight distinct portfolio organizations including:
- National Search and Rescue Secretariat (NSS);
- Canadian Forces Grievance Board (CFGB);
- Military Police Complaints Commission of Canada (MPCC);
- Office of the National Defence and Canadian Forces Ombudsman;
- Communications Security Establishment Canada (CSEC);
- Office of the Chief Military Judge (CMJ);
- Office of the Communications Security Establishment Commissioner (OCSEC); and
- Defence Research and Development Canada (DRDC).
The CF includes the Environmental Commands (Navy, Army and Air Force), and Operational Commands (CANADACOM, CEFCOM, CANSOFCOM, and CANOSCOM) as well as a Strategic Joint Staff through which the Chief of the Defence Staff exercises strategic command and the following support organizations and services:
- A police service, comprising the Military Police and the National Investigation Service, operating under the Canadian Forces Provost Marshal;
- A justice system, administered under the superintendence of the Judge Advocate General;
- Chaplaincy services;
- Extensive communications networks in Canada and abroad;
- Firefighting services;
- Medical and dental services because CF members are excluded from both the Canada Health Act of 1984 and the Public Service Health Care Plan;
- The Canadian Cadet Program and the Junior Canadian Rangers;
- The Canadian Defence Academy;
- The Canadian Forces Grievance Authority;
- The Canadian Forces Housing Agency; and
- The Canadian Forces Personnel Support Agency.
Together, the diverse elements of the Defence Portfolio provide the core services and capabilities required to defend Canada and Canadian interests, and form an important constituency within the broader Canadian national security community.
The relationship differs between DND and each of the Portfolio organizations; therefore, the level of service provided to each will vary accordingly. Each organization has varying needs and responsibilities so they must be treated fairly but differently from one another. These reporting arrangements are designed to ensure accountability while maintaining an “arm’s length” relationship. This difference in associations is not unlike that of Portfolios in other government departments.
Treasury Board uses the Management Accountability Framework to place increased emphasis on Portfolio Coordination. The Privy Council Office is also directing government-wide adherence to Portfolio Coordination in accordance with the Federal Accountability Act. DND has a Portfolio Governance and Coordination section to address these requirements.
Further information on priorities, organization and accountability can be found in the Report on Plans and Priorities.
The Departmental Organization and Structure
The DND/CF has a unique personnel structure made up of two separate components – one military and one civilian. This table depicts the number of personnel in each component:
| Departmental Personnel Figures by Component as of March 31, 2009 | |
|---|---|
| Military members: Regular force: Primary Reserve force: |
65,897 39,199 |
| Civilian employees (Indeterminate): | 29,370 |
| Total Military and Civilian Personnel: | 134,466 |
The Chain of Command
National Defence Headquarters (NDHQ) in Ottawa provides broad direction for administration and operations, with specific execution being assigned to the various elements of the Department and the CF located across the country.
The DND/CF Ombudsman reports directly to and is accountable to the Minister of National Defence. His office was established to act as a direct source of information, referral and education to assist individuals to access existing channels of assistance and redress within DND/CF. To ensure the confidentiality of information brought to his attention, the Ombudsman has been given autonomy for Access to Information matters related to his office. Accordingly, a separate annual report will be tabled respecting the administration of the Privacy Act (ATIA) within the Office of the Ombudsman.
The Canadian Forces Grievance Board, the Military Police Complaints Commission and the Office of the CSE Commissioner are institutions separate and apart from DND. Consequently, these institutions are not accounted for in this Annual Report.
Organizational Chart
http://www.forces.gc.ca/site/about-notresujet/org-eng.asp
2. Directorate Access to information and Privacy (DAIP)
The Purpose of the Privacy Act
The Privacy Actcame into force on July 1, 1983. Under subsection 12(1) of the Act, Canadian citizens, permanent residents (within the meaning of the Immigration Act), all inmates (within the meaning of Part 1 of the Corrections and Conditional Release Act), and individuals present in Canada (who are not Canadian citizens, permanent residents or inmates) have a right of access to their personal information that is under the control of a government institution.
This right of access is balanced against the legitimate need to protect sensitive information and to permit the effective functioning of government while promoting transparency and accountability in government institutions.
In addition, the Act protects an individual's privacy by preventing others from accessing his or her personal information and it speaks to the collection, retention, accuracy, disposal, use and disclosure of personal information.
The Mission of DAIP
The mission of DAIP is to deliver Access to Information and Privacy Services, professional advice and training within DND and the CF.
The Mandate of DAIP
The mandate of DAIP is to act on behalf of the Minister of National Defence in promoting awareness, enforcing compliance with legislation, regulations, and government policy and to create departmental directions, including standards, in all matters relating to the Access to Information Act and the Privacy Act. DAIP authority in this regard extends to all elements of DND/CF – except for the Office of the Ombudsman, the Military Police Complaints Commission, the Office of the CSE Commissioner and the Canadian Forces Grievance Board who are separate institutions under the control of the Minister of National Defence and are responsible for their own Access to Information and Privacy administration.
The Delegation Authority
At DND/CF, a single Coordinator, the Director of DAIP, administers and coordinates both the Access to Information Act and the Privacy Act within the organization. For organizational matters, DAIP comes under the authority of the Assistant Deputy Minister Finance and Corporate Services (ADM Fin CS), via the Director General Corporate and Shared Services (DGCSS). DAIP seeks advice on legal, public affairs, policy, and operations security matters from other organizations and specialists as required.
In accordance with section 73 of the ATIA and PA, a delegation of authority, signed by the Minister of National Defence, designates the person holding the position of Director Access to Information and Privacy and the person(s) holding the position(s) of Deputy Director Access to Information and Privacy to exercise all powers and functions of the Minister as the Head of institution under the Acts. It also designates other specific powers and functions to employees within DAIP. See annex B.
DAIP Organization
The Access to Information and Privacy (ATIP) organization within DND/CF operates with a staff of 65 civilians, 1 military personnel and 3 consultants. The DAIP work force is divided into working groups consisting of an Administration Support Service Group, a Privacy Group, three Access to Information (ATI) Groups and a Strategic Planning and Policy Group that handles all ATIP policies, training and IT needs.
It is the Privacy Group, headed by a Deputy Director, that responds to all requests under the Privacy Act for records. This group also provides other Privacy services such as reviewing records for informal release to Next of Kin in the case of death.
The Strategic Planning and Policy Group contains a Compliance and Training section that provides advice on Privacy matters to the Directorate, DND/CF members and to the public. They also monitor compliance within DND/CF with the Privacy Act and associated policies and guidelines as well as conducting training for DND/CF members.
DAIP establishes an annual business plan and sets annual performance objectives, which are monitored.
Personal Information Record Holdings
DAIP provides on a yearly basis an update of the Department’s information holdings to the Treasury Board Secretariat for publication. A description of the Personal Information Banks held by DND/CF can be found in the Info Source publications.
The Info Source publications can be obtained through public and academic libraries, constituency offices of federal Members of Parliament, and on the Internet at Info Source Publications.
Reading Room
A reading room is available to individuals wanting to review DND/CF publications, and other public materials under the control of the institution. Individuals interested in visiting the reading room must phone ahead to make an appointment. The phone number to call is 613-995-3821.
The DND reading room is located at:
Place de Ville, B Tower, 17th Floor
112 Kent Street
Ottawa, Ontario.
DAIP Internet Site
DAIP Internet Site may be viewed at http://www.admfincs.forces.gc.ca/aip/contacts-cn-eng.asp.
3. Report on the Privacy Act
Requests under the Act
The privacy client group for DND/CF consists, for the most part, of current and former federal public servants and Canadian Forces personnel. Requests relate to such topics as personnel, medical and staff relation issues.
During this reporting period National Defence received a total of 4627 new requests under the Privacy Act, 610 were carried forward from 2007-2008 and 4,840 requests were completed. Of the 4,840 requests completed, 1,011 requests were either transferred to other federal institutions, could not be processed or were abandoned. A total of 751,446 pages were reviewed and 715,483 pages were disclosed, 397 requests were carried forward to the 2009–2010 fiscal year.
DND/CF also responded to 51 consultations regarding privacy requests involving DND/CF records or issues. In addition, 289 informal requests for information were processed by DAIP in support of DND/CF broader objective of providing Canadians with relevant information on an informal and timely basis.
Dispositions of Completed Requests
The disposition of the completed requests was as follows:
- 1,049 fully disclosed;
- 2,758 partially disclosed;
- 416 transferred or re-directed to another institution;
- 20 nothing disclosed;
- 333 abandoned; and
- 262 could not be processed.
- 2 nothing to disclosed
Completion Time and Extensions
The 4,840 requests completed in 2008–2009 were processed in the following timeframes:
- 3,624 within 30 days or less (75%); and
- 632 within 31 to 60 days (13%);
- 338 within 61 to 120 days (7%);
- 246 on and over 121(5%).
The increased number of requests completed within 30 days (75%) is particularly noteworthy as it is a great improvement over the 40% from the previous reporting period.
Exemptions Invoked
DND/CF invoked the following exemptions:
- 17 times under section 19 (Information received in confidence);
- 20 times under section 21 (International affairs and defence);
- 117 times under section 22 (Law enforcement and investigations);
- 2 times under section 25 (Safety of individuals);
- 2,635 times under section 26 (Personal information); and
- 60 times under section 27 (Solicitor-client privilege).
The remaining exemption sections were not invoked.
Complaints and Investigations
During this fiscal year 23 complaints were received from the Privacy Commissioner (this is, notably, 50% lower than the previous reporting period) and they are broken down as follows:
- 13 Delay;
- 1 Miscellaneous;
- 6 Refusal Exemption; and
- 3 Refusal General.
47 complaint investigations were completed and concluded as follows:
- 14 were well founded,
- 16 complaints were not well founded,
- 7 complaints were discontinued,
- 3 complaints were resolved,
- 4 were well founded – resolved,
- 2 complaints were settled, and
- 1 was well-founded – not resolved
Section 8 Disclosures
- 80 under paragraph 8(2)(e);
- 14 under paragraph 8(2)(f);
- 0 under paragraph 8(2)(g); and
- 6 under paragraph 8(2)(m) of the Act.
Data Matching and Sharing Activities
No data matching or sharing activities were undertaken by DND/CF during this reporting period.
Costs
During 2008–2009, an estimated $2,479,924 in salary costs and $550,472 in administrative costs were incurred by DAIP to administer the Privacy Act. These costs do not include the resources expended by the program areas of DND to meet the requirements of the Act.
Privacy Impact Assessments
The Privacy Impact Assessment (PIA) Policy came into effect on May 2, 2002. Its objective is to assure Canadians that privacy principles are being taken into account during the design, implementation and evolution of programs and services that involve personal information. The policy requires that programs and services with potential privacy risks undergo a PIA. The PIA policy was being revised by Treasury Board Secretariat but no new version was issued during this reporting period.
In August 2008 the Deputy Minister ordered the establishment of a series of committees that will report to him through the ADM (Fin CS). The first aims at policy awareness through outreach to foster understanding and compliance with the PIA Policy from all DND/CF organizations and brings to the attention of executive level management any PIA policy compliance issues within DND/CF. This is the PIA Executive Committee. The second committee was created to ensure compliance with TB PIA policy. This includes review of DND/CF initiatives on new programs and services as to determine whether there is a requirement for a PIA. This is the PIA Standing Committee. In turn, the PIA Standing Committee will form ad-hoc PIA Committees that will conduct PIAs as required. As subject matter expert, the Director Access to Information and Privacy (DAIP) will chair all committees. The inaugural PIA Executive Committee meeting took place on 6 November 2008.
During this reporting period, 2 PIAs were initiated. No PIAs were completed.
Training Sessions
During 2008–2009, DAIP continued to provide training sessions for employees on a regular basis as required by the Government Policy on Privacy (section 6.2.2 – “Privacy Awareness”). A total of 62 training sessions were given and 1,367 participants were familiarized with the Act and given a better understanding of their obligations, and of the process within DND/CF. Customized sessions were also provided to specialized groups. DAIP continues to fund training sessions outside of the National Capital Region. The training sessions are intrinsic to achieving increased compliance with both the Access to Information and Privacy legislation.
On-site training sessions were provided to DAIP staff members. DAIP also hosted an information session recognizing the 25th Anniversary of the Access to Information and Privacy Acts at National Defence Headquarters that included an address by the Associate Deputy Minister.
Summary of Significant Changes to Operations or Procedures
More positions have been created and DAIP has expanded to the point where the Department has acquired additional space on the 15th floor of 112 Kent Street, part of which has been devoted to the DAIP Privacy Team. They will be moving in the 2009-2010 reporting period. This will allow further expansion by the Access Teams on the 17th floor.
The DAIP Professional Development Plan (PDP) was put into full swing in this reporting period with 7 analysts participating. The PDP allows for participants to join at the PM-02 level and, after participating in a progressive series of assessed Job Training Assignments, to be promoted to PM-04 without competition. This program has been well received by the DAIP staff and has helped improve morale. For most participants, the Privacy Section is the first stage in the PDP and it is only when participants are well-grounded in Privacy that they move on to work in Access to Information.
Policies and Procedures Implemented or Revised
A Standard Operation Procedures manual has been created for the Privacy Group.
Changes Implemented as a Result of Issues Raised by the Privacy Commissioner
None to report.
Application to the Federal Court or Federal Court of Appeal
None to report.
Statistical Report on the Act
This report can be found at Annex A.
