Annual Report to Parliament

Privacy Act

Annual Report to Parliament

2012

2013

CONTENTS

SECTION 1: Introduction 1

1.1 Departmental Overview 2

1.1.1 Raison d’être 2

1.1.2 Organization 2

1.1.3 Program Activity Architecture 3

1.2 Access to Information and Privacy Overview 3

1.3 Treasury Board of Canada Secretariat Requirements 4

1.3.1 Treasury Board of Canada Secretariat ATIP Policy Suite Renewal 4

1.3.2 Management Accountability Framework 5

SECTION 2: Report on the Administration of the Privacy Act 6

2.1 Overview of Privacy Activity Workload 6

2.2 Interpretation of the Statistical Report 6

2.2.1 Part 1 – Requests under the Privacy Act 7

2.2.2 Part 2 – Requests closed during the reporting period 7

2.2.3 Part 3 – Disclosures under Subsection 8(2) 9

2.2.4 Part 4 – Requests for correction of personal information and notations 10

2.2.5 Part 5 – Extensions 10

2.2.6 Part 6 – Consultations received from other institutions and organizations 10

2.2.7 Part 7 – Completion time of consultations on Cabinet confidences 11

2.2.8 Part 8 – Resources related to the Privacy Act 11

2.3 Informal Privacy Requests and Other 8(2) Disclosures 12

2.4 Complaints and Investigations 12

2.4.1 Privacy Breaches 15

2.5 Privacy Impact Assessments 15

2.5.1 PIA Backlog Project 16

SECTION 3: Report on Community and Client Service Accomplishments 17

3.1 Training Activities 17

3.1.1 Training for DFO Employees 17

3.1.2 Training for ATIP Staff 18

3.2 Mandatory ATIP Training for Executives 18

3.3 Capital Project 18

3.4 Policies, Directives and Procedures 19

3.5 Info Source Renewal Project 19

3.6 Information Management Strategy 20

3.7 ATIP Community Involvement and Development 20

APPENDIX A: 2012-2013 Statistical Report on the Privacy Act 22

APPENDIX B: Additional Reporting Requirements 38

APPENDIX C: 2012-13 Statistical Report on the Access to Information Act 45

APPENDIX D: Delegation Order 54

Annual Report on the Privacy Act 2012-2013

SECTION 1: Introduction

The Privacy Act came into effect on July 1, 1983. The Act protects the privacy of individuals with respect to their personal information that is held by government institutions, and provides these individuals with a right of access to this information. In addition, the Privacy Act gives individuals substantial control over the collection, use and disclosure of their personal information.

Section 72 of the Privacy Act requires that the head of every government institution submit an annual report to Parliament, detailing the administration of the Act within the institution for each fiscal year.

This annual report describes how Fisheries and Oceans Canada administered the Privacy Act for the period from April 1, 2012, to March 31, 2013.

For further information or to make a request under this Act, please direct all inquiries to:

Director, Access to Information and Privacy Secretariat

Fisheries and Oceans Canada

Mail Station 4N193

Centennial Towers

200 Kent Street

Ottawa, Ontario K1A 0E6

E-mail:

Tel: 613-993-3115

Fax: 613-998-1173

1.1 Departmental Overview

1.1.1 Raison d’être

Fisheries and Oceans Canada supports strong economic growth in our marine and fisheries sectors and contributes to a prosperous economy through global commerce by supporting exports and advancing safe maritime trade. The Department supports the innovation needed for a knowledge-based economy through research in expanding sectors such as aquaculture and biotechnology. The Department contributes to a clean and healthy environment and sustainable aquatic ecosystems for Canadians through habitat protection, oceans management, and ecosystems research. A safe and secure Canada relies on the maritime security, safe navigation, presence on our waters, and effective search and rescue services that the Canadian Coast Guard provides.

Our Mission

Through sound science, forward-looking policy, and operational and service excellence, DFO employees work collaboratively toward the following strategic outcomes:

·  Economically Prosperous Maritime Sectors and Fisheries;

·  Sustainable Aquatic Ecosystems; and

·  Safe and Secure Waters.

Our Vision

To advance sustainable aquatic ecosystems and support safe and secure Canadian waters while fostering economic prosperity across maritime sectors and fisheries.

The Department’s work is guided by three key pieces of legislation:

n  The Oceans Act entrusts the Minister with leading integrated oceans management and providing coast guard and hydrographic services.

n  The Fisheries Act gives the Minister responsibility for the management of fisheries, habitat, and aquaculture.

n  The Species at Risk Act gives the Minister responsibilities associated with the management of aquatic species at risk.

1.1.2 Organization

Fisheries and Oceans Canada has a presence across Canada with the majority of employees (about 85%) working outside national headquarters in one of the Department's six regions. National objectives, policies, procedures, and standards for the Department and the Canadian Coast Guard are established at national headquarters, in Ottawa. Regions are responsible for delivering programs and activities in accordance with national and regional priorities and within national performance parameters.

Information about Fisheries and Oceans Canada's regions and the Canadian Coast Guard is available at http://www.dfo-mpo.gc.ca/rpp/2012-13/index-eng.htm. A diagram of the Department's organizational structure is available at http://www.dfo-mpo.gc.ca/us-nous/organisation-eng.htm.

1.1.3 Program Activity Architecture

The Government of Canada’s Management, Resources and Results Structure (MRRS) is the foundation of a government-wide approach aimed at strengthening the management and accountability of public expenditures and clearly demonstrating results for Canadians. The Program Activity Architecture (PAA) is part of the MRRS. The PAA shows how DFO’s programs align with the Department’s three strategic outcomes. The PAA also includes a stand alone program activity called Internal Services, defined as the activities and resources that support an organization’s program needs and other corporate obligations.

Fisheries and Oceans Canada sets its strategic direction and makes policy and program decisions based on Government of Canada priorities, its domestic and global operating environment, human and financial resource capacity, and existing or emerging corporate risks. The Department systematically identifies and manages the risks and challenges in its environment. Fisheries and Oceans Canada also pursues opportunities that will better enable it to deliver programs to support economically prosperous maritime sectors and fisheries, sustainable aquatic ecosystems, and safe and secure waters.

Fisheries and Oceans Canada took these considerations into account when it established the following priorities for 2012-2013:

• Renewing Canadian Coast Guard Capacity and Assets;
• Advancing Management and Operational Excellence;
• Reviewing Habitat Policy and Program; and
• Improving Fisheries Management.

1.2 Access to Information and Privacy Overview

The Access to Information and Privacy (ATIP) Director reports to the Director General, Executive Secretariat, who in turn reports to the Senior Assistant Deputy Minister of Strategic Policy. The ATIP Director is accountable for the development, coordination and implementation of effective ATIP-related policies, guidelines, systems and procedures. This accountability ensures that the Department’s responsibilities under the Access to Information Act and the Privacy Act are met, and enables appropriate processing and proper disclosure of information.

The ATIP Secretariat is currently made up of three streams. The largest of these streams is ATIP Operations, which manages the processing of access and privacy requests, consultations, and other informal requests. Along with the ATIP Director, the Deputy Director of ATIP Operations has full delegation authority under both the Access to Information Act and the Privacy Act. The Privacy Division is responsible for providing advice and guidance on privacy-related issues, including Privacy Impact Assessments (PIAs), Privacy Notices and privacy breaches. The Policy and Governance Unit addresses policy development, reporting, training, and issues management.

The average number of FTEs for the 2012-2013 fiscal year was 22.5. There is an ATIP contact located in each of DFO’s regions and sectors, and in certain branches, who assists the ATIP Secretariat by acting as a liaison for their respective parts of the Department.

The main activities of the ATIP Secretariat include:

n  Processing requests under the Access to Information Act and the Privacy Act;

n  Developing policies, procedures and guidelines in support of access and privacy legislation;

n  Promoting awareness of both Acts within the Department to ensure that employees understand their roles and responsibilities;

n  Monitoring departmental compliance with both Acts, and maintaining regulations and relevant procedures and policies;

n  Preparing annual reports to Parliament and other statutory reports, as well as other material that may be required by central agencies;

n  Responding to consultations from other government institutions regarding DFO documents under consideration for release;

n  Representing the Department in dealings with the Treasury Board of Canada Secretariat, and the Information and Privacy Commissioners regarding the application of both Acts as they relate to DFO; and

n  Supporting the Department in meeting its commitments to openness and transparency through proactive disclosure of information and the release of information via informal avenues.

1.3 Treasury Board of Canada Secretariat Requirements

1.3.1 Treasury Board of Canada Secretariat ATIP Policy Suite Renewal

In January 2012, the Treasury Board of Canada Secretariat (TBS) published an amended Directive on the Administration of the Access to Information Act, which outlines practices and procedures on the management of the Act. The two key amendments include:

n  A change to the wording with regard to inter-institutional consultations in order to help reduce unnecessary delays in the processing of Access to Information Act requests; and

n  The addition of a mandatory requirement that institutions post monthly summaries of completed Access to Information Act requests on their websites on an on-going basis to align with the commitments related to open information.

Summaries of completed Access to Information Act requests at DFO are available at http://www.inter.dfo-mpo.gc.ca/atip/summaries-e. Privacy requests, however, are not posted on the website as the information is not accessible to the general public and would only be released to the individual to whom the information pertains.

1.3.2 Management Accountability Framework

The Management Accountability Framework (MAF) sets out TBS’s expectations of senior public service managers for good public service management. MAF is structured around 10 key elements that collectively define management and establish the expectations for good management of a department or agency.

ATIP is included as part of the Stewardship element and is assessed as part of Area of Management (AoM) 12 – Effectiveness of Information Management. With regards to ATIP, the assessment examines reporting, governance and capacity. In April 2010, DFO received a rating of “Acceptable” for AoM 12 in MAF round VII. This AoM was scheduled to be assessed again in 2012-2013, however Treasury Board chose not to assess the AoM 12 element for the 2012-2013 fiscal year.

SECTION 2: Report on the Administration of the Privacy Act

2.1 Overview of Privacy Activity Workload

The following table provides an overview of the ATIP Secretariat’s workload with respect to Privacy activities in 2012-2013:

Type of Request / Requests
Received / Requests
Completed / Pages
Processed
Privacy Act Requests / 33 / 27 / 9,311
Requests for Correction of Personal Information / 0 / 0 / 0
Privacy Consultation Requests / 3 / 3 / 55
Disclosures Pursuant to Subsection 8(2) (Excluding those made under paragraphs 8(2)(e) and 8(2)(m)) / 9 / 10 / 189
Informal Privacy Requests (External) / 21 / 17 / 210
Informal Privacy Requests (Internal) / 83 / 91 / 2012

Note that the total pages processed for informal requests is a rough estimate as it is often difficult to capture a page count when responding to questions or giving advice.

2.2 Interpretation of the Statistical Report

The statistical report prepared by government institutions provides aggregate data on the application of the Privacy Act, which enables TBS to analyze trends and exercise oversight.

DFO’s 2012-2013 statistical report on the Privacy Act is the source of the information provided in this section. Please reference Appendix A for the complete statistical report, including additional data not detailed here.

As a result of business processes in place during the last reporting period, the manner in which the ATIP Secretariat captured case management information made it difficult to extract some of the required statistics for this reporting period. Data is represented to the best extent possible; any variances are noted where applicable.

2.2.1 Part 1 – Requests under the Privacy Act

Requests

In 2012-2013, DFO received 33 requests under the Privacy Act and had 6 requests outstanding from the previous reporting period. Of these 39 requests, DFO completed 27 and carried forward 12 into the next reporting period.

2.2.2 Part 2 – Requests closed during the reporting period

Disposition and completion time

Section 14 of the Act requires institutions to provide a response to the applicant within 30 days of receipt of the request, or to notify the applicant that an extension is required. Of the 27 requests completed during the reporting period, 10 requests (37%) were completed in 30 days or less. Eight requests (30%) were completed in 31 to 60 days, eight requests (30%) were completed in 61 to 120 days and one request was completed in 181-365 days.

The requests completed by the Department in 2012-2013 were finalized in the following manner:

n  All disclosed – In four cases, all relevant information was released in full to the applicant.

n  Disclosed in part – In 19 instances, applicants were granted partial access to information.

n  All exempted - For one request all records were exempted from disclosure

n  No records exist – In two cases, no relevant records existed under the control of the Department.

n  Request abandoned – One request was abandoned by the applicant.

No requests were processed where all information was excluded from disclosure.

Exemptions

The Privacy Act protects against unauthorized disclosure of personal information and controls how the government will collect, use, store, disclose and dispose of personal information. The Act also gives Canadian citizens and individuals present in Canada a right of access to their personal information that is held by federal government institutions, subject to certain specific and limited exceptions. These exceptions are called exemptions and exclusions. For more information regarding exemptions and exclusions, please consult the official version of the Privacy Act on the Justice Canada website.[1]

Exemptions are provisions of the Act that allow or require the heads of federal government institutions to withhold information requested under the legislation. For requests completed during the reporting period, the Department invoked exemptions pursuant to sections 22, 26 and 27 of the Privacy Act. Section 26 was the most frequently invoked provision, cited in 19 requests, and was used to protect personal information about individuals other than the applicant.