Annual Report on the administration of the Privacy Act 2023-2024

Introduction

The Privacy Act (PA), enacted in 1983, imposes obligations on federal institutions to ensure that privacy rights of individuals are respected. The PA grants Canadian citizens, permanent residents and persons present in Canada the right to access their personal information held by institutions subject to the PA and to request corrections. The PA also establishes a legal framework governing the collection, retention, use, disclosure, processing, disposal and accuracy of personal information in the delivery of programs and activities of institutions subject to the PA.

Section 72 of the PA requires that at the end of each fiscal year, the head of every government institution prepare a report to Parliament on the administration of the PA within the institution.

This Annual Report is tabled in Parliament under section 72 of the PA. This report describes how the Canadian Transportation Agency (Agency) fulfilled its responsibilities under the PA for the period beginning April 1, 2023, and ending March 31, 2024.

About the Agency

The Canadian Transportation Agency (Agency) is an independent regulator and quasi-judicial tribunal with the powers of a superior court. It operates within the context of the very large and complex Canadian transportation system.

The Canada Transportation Act includes the National Transportation Policy, which guides the Agency. It states that competition and market forces are the prime agents in providing viable and effective transportation services and that regulation may be required to meet public policy objectives that cannot be achieved by competition and market forces alone.

The Agency has specific powers assigned to it under this legislation:

It is an economic regulator of modes of transportation under federal jurisdiction, and develops and applies ground rules that establish the rights and responsibilities of transportation service providers and users and that level the playing field among competitors. These rules can be binding regulations, guidelines, or codes of practice.
It is a tribunal that hears and resolves disputes like a court. It resolves disputes between transportation service providers and their clients or neighbours, using various tools from facilitation and mediation to arbitration and adjudication.

The Agency’s responsibilities are:

To help ensure that the national transportation system runs efficiently and smoothly in the interests of all Canadians: those who work and invest in it; the producers, shippers, travellers, and businesses who rely on it; and the communities where it operates.
To provide consumer protection for air passengers.
To protect the human right of persons with disabilities to an accessible transportation network.

Additional information on the Agency’s mandate is available at the following link: Canadian Transportation Agency - Canada.ca.

Open court principle

In its role as a quasi-judicial tribunal, the Agency operates like a court when adjudicating disputes and is therefore bound by the open court principle. This means that the Agency’s proceedings must be open and accessible to all Canadians.

Any submission or document filed with the Agency as part of its formal adjudication process will be made part of the public record without redaction, unless a claim for confidentiality has been made to and accepted by the Agency. Requests for information about decisions issued in a dispute proceeding are processed informally and records are released in their entirety unless a request for confidentiality was granted.

While requests for information on the public record are processed informally by other areas of the Agency, the Access to Information and Privacy (ATIP) Division must also apply the open court principle when these records form part of a response to a request made under the PA.

Organizational structure of the ATIP division

During this reporting period, the ATIP Division was part of the Secretariat and Registrar Services Directorate (SRSD) under the Legal Services and Secretariat Branch. The ATIP Division consists of an ATIP coordinator (and team leader) reporting to the director, SRSD and one ATIP junior officer reporting to the ATIP coordinator; however, it should be noted that there was a large volume of staff turnover during the reporting period.

The ATIP coordinator is responsible for the daily activities related to the administration and enforcement of the Access to Information Act (ATIA) and the PA and for ensuring compliance with the requirements of legislation, policies and directives, as well as of any other ATIP policy instruments issued by the Treasury Board of Canada Secretariat (TBS).

Activities of the ATIP division include:

Processing requests for information submitted under the ATIA and the PA in accordance with legislation, regulations, policies and TBS guidelines;
Providing advice and guidance to Agency managers and employees on the interpretation and application of the ATIA and the PA;
Developing and offering to Agency managers and employees training and awareness sessions on how to meet their obligations under the ATIA and the PA;
Developing policies, procedures and guidelines on how to enforce the ATIA and the PA, in accordance with the instructions issued by the TBS;
Collaborating with the Office of the Information Commissioner and with the Office of the Privacy Commissioner on the resolution of complaints filed against the Agency;
Coordinating the updating of the Agency’s Info Source publication;
Ensuring that the proactive publication requirements of Part 2 of the ATIA are met; and
Preparing statistical and annual reports for tabling in Parliament with respect to the administration and enforcement of the ATIA and the PA.

ATIP division’s staffing

The ATIP Division remains committed to recruiting, training and maintaining a workforce that possesses specialized ATIP skills to continue to provide the best possible service to both internal and external clients.

During the 2023–2024 reporting period, the Agency completed several staffing actions, including the recruitment of 1 senior ATIP consultant, 3 junior ATIP analysts and 1 casual employee. In total, 5 full-time employees at various levels were hired at various points in the reporting period to administer the ATIA.

The ATIP Division made efforts to staff vacant positions, but had challenges with employee retention. Budgetary allocations were also an issue later in 2023–2024.

Access to Information and Privacy communities development office membership

The Access to Information and Privacy Communities Development Office (APCDO) was established to address capacity issues in the Access to Information and Privacy communities across Government of Canada institutions subject to the Acts.

The APCDO contributes to the development and sustainability of the Access to Information and Privacy communities via recruitment, retention, learning, networking, and partnership activities with a spirit of diversity, inclusivity, and accessibility through community engagement.

During the reporting period, the ATIP Division staff participated in several training sessions offered by the APCDO and consulted their ATIP professionals pools of PM-01 to PM-04 for the Agency’s hiring needs.

Delegation order

Delegation orders set out the powers, duties and functions for the administration of the PA that have been delegated by the head of the institution and specify to whom they have been delegated.

In March 2022, France Pégeot, the Chair and Chief Executive Officer, as head of the Agency, delegated full authority for the administration of the ATIA and the PA to the persons holding the positions of director of SRSD and of chief corporate officer, as well as partial authority to the persons holding the positions of ATIP coordinator and of ATIP analyst.

A copy of the signed delegation instrument is included in Appendix A.

Highlights 2023–2024

Modernized workplace environment — Hybrid work models

During this reporting period, the Government of Canada has continued with a hybrid work model that requires public service employees to work on-site at least 2–3 days each week, or 40–60% of their regular schedule. In order to establish fairness and equity across workplaces, this new model has been applied to all of the core public administration and was strongly recommended to agencies to adopt a similar strategy.

The Agency has adopted the model as recommended. This has fostered a collaborative and supportive work environment that encourages teamwork, innovation and cultivates a culture of belonging.

ATIP division: Hybrid workplace and impact on operations and staff

The hybrid model (on-site presence) has had a positive effect on the ATIP employees. It has led to improved communication, cooperation and engagement of ATIP activities.

To optimize the Agency’s internal processes and client services in the administration of the ATIA and the PA within a hybrid work environment, the ATIP Division has maintained the following initiatives from the last reporting period:

Enabling employees to stay productive in a hybrid work environment

Since January 2023, ATIP employees are required a minimum attendance at the workplace, in compliance with the Direction on prescribed presence in the workplace.
ATIP employees have been provided with the necessary equipment to continue to work efficiently through the telework and on-site: laptops, mobile devices, work surfaces, computer peripherals, access to the Agency’s Virtual Private Network (VPN) and a help-line service with the Information Technology (IT) Unit to remedy any technical problems and difficulties with the equipment or systems, AccessPro Case Management (APCM) system, AccessPro Redaction (APR) system and GoAnywhere Secure Mail for the disclosure of the records to requesters.
ATIP employees have been provided with additional temporary resources to respond to increased workloads. These resources were required to maintain the workflow in the electronic processing of requests and responding to the requesters within the established timelines.
In telework or at the workplace, ATIP employees have maintained their services and activities by using different channels to communicate with their internal Agency clients, requesters and external requesters. The internal communications were transmitted by email, instant messaging (Microsoft Teams), mobile phone, video conferencing. The external communications with requesters were done by email or mobile phone.

Running effective operations in a hybrid work environment:

The ATIP Division has ensured transparency in the ATIP process in relation to the “Duty to Assist” requirements, by maintaining proactive communication with the requesters in order to provide timely and complete responses.
The ATIP Division has continued to coordinate the processing of the Agency’s proactive disclosure of information on the Open Canada website as required by Part 2 of the ATIA.
The ATIP Division, along with other government institutions’ ATIP offices, have been actively participating in TBS’s Online Request Service Pilot Project (ATIP Online Request Service [AORS]) trainings. This initiative simplifies the process of requesting government records by providing a convenient solution, which enables Canadians to submit their ATIP requests and application fees online. In 2023–2024, all 10 (100%) of the PA requests received by the Agency were received through AORS.
The ATIP Division has participated actively in the virtual TBS ATIP Community meetings. These meetings aim to update the ATIP community on ATIP considerations with regard to the Acts, policies, guidelines and to share best practices on processing requests in post COVID-19 pandemic and in the new adopted common hybrid workplace.
The ATIP Division has seen a steady rate of inquiries from Agency employees for the administrative review of documents and/or reports processed informally within the spirit of the application of provisions contained under the ATIA and the PA. There has also been a marked increase for advice and recommendations on questions about the application, disclosure, administration and processing of the ATIA and the PA due to the hiring of a large number of Complaint Resolution Officers to deal with the Air Travel Complaint backlog.
The ATIP Division has received and responded (by mobile phone or email) to at least 200 informal requests/inquiries from Agency employees, clients and the general public. The ATIP Division has maintained its business relations with the Legal Services Division to work more effectively on complex ATIA and PA requests and complaints. The Legal Services Division supports the needs of ATIP employees in the processing of ATIA and PA requests and in responding to the Office of the Information Commissioner and to the Office of the Privacy Commissioner (OPC) complaint investigations, when required. This business relation has resulted in developing a collaborative team environment that directly impacts the ATIP Division’s success in the administration of the ATIP activities.

Performance 2023–2024

The purpose of the statistical report

Statistical reporting on the administration of the ATIA and the PA has been in place since 1983. The statistical reports prepared by government institutions provide aggregate data on the application of the ATIA and the PA. This information is made public annually and is included with the annual report which is tabled in Parliament by each institution.

The statistical reports allow the Agency to monitor trends and respond to inquiries from Canadians wanting to: access their personal information, correct their personal information and on the administration of the PA.

The following table and graphic provide an overview of the Agency’s data from the last five years regarding requests received and closed under the PA (including the current fiscal year 2023–2024).

Overview of requests received and closed over the last five years

Details

Overview of requests received and closed over the last five years
Reporting year	Requests received	Requests closed *	Informal requests
2022–2023	10	12	0
2022–2023	17	16	1
2021–2022	7	6	0
2020–2021	10	10	0
2019–2020	7	9	0

* Includes outstanding requests from the previous fiscal year

Interpretation of the 2023–2024 Statistical Report on the PA

The Agency’s Statistical Report (Statistical Report) details the requests received and processed under the PA during the period of April 1, 2023, to March 31, 2024.

This report also provides an analysis of the Statistical Report and demonstrates the Agency’s ability to meet its obligations under the PA during this reporting period.

Requests received during the reporting period

Requests received under the PA

During the reporting period, the Agency had a total of 12 active PA requests. As detailed in Appendix B, 2 requests were outstanding from the 2022–2023 reporting period and 10 new PA requests were received in 2023–2024. This is a decrease of 41% (7 requests) from the 17 requests it received in the 2022–2023 reporting period. The Agency closed all 12 (100%) active requests within the reporting period. No requests were carried over beyond the legislated timeline to the 2024–2025 reporting period.

The 10 (100%) PA requests received at the Agency were submitted online through the TBS ATIP Online Request System.

Consultation requests received (from other Government institutions)

No requests for consultation from other Government institutions were received by the ATIP Division during that period.

Consultation with legal services on PA requests

The ATIP division sought no legal advice in regard to privacy requests.

Informal requests

The Agency received no informal requests during the reporting period.

Requests closed during the reporting period

The following table provides an overview of the Agency’s performance on closing requests over a five-year period.

Reporting year	Requests Closed During the Reporting	Requests Closed Within Legislated Timelines	Performance and Percentage (%)
2023–2024	12	10	83.33%
2022–2023	16	14	87.5%
2021–2022	6	6	100%
2020–2021	10	9	90%
2019–2020	9	9	100%

Percentage of requests closed Within legislated timelines

The Agency closed 12 requests during the reporting period and was successful in meeting its obligations under the PA. Of the 12 requests closed, 10 were closed within the legislated timelines. The Agency has obtained a completion rate of 83.33% for processing requests under the PA. The Agency’s completion rate has decreased by 5%. The 12 requests were closed for the following reasons: 1 request (8.33%) was all disclosed, 6 requests (50%) were disclosed in part, 1 request (8.33%) was abandoned and 4 requests (33.33%) had no existing records in response to the requests.

During the reporting, the Agency has processed 8 requests in which 11,859 relevant pages were reviewed and 4,601 relevant pages were disclosed to requesters within legislated timelines. The Agency disclosed the requested documents in e-format on 7 occasions. The number of relevant pages processed in this reporting period is 6,586 pages which is an increase of 1,313 pages from the 5,273 pages relevant pages processed in 2022–2023. The Agency has disclosed 4,554 relevant pages to requesters which is an increase of 4,507 pages from the 47 relevant pages disclosed in 2022–2023.

Percentage of requests closed past its legislated timelines

The Agency was unable to close 2 (16.67%) of the 12 PA requests within the legislated timelines. These 2 requests were closed past their legislated timeline following an extension taken by the Agency. For these 2 requests, the Agency required an extension of time to complete their processing for the reason relating to interference with operations due to workload considerations. These requests were subsequently closed within 61–120 days.

Disposition of closed requests

The Agency disposed of the 12 closed requests as follows: 1 request (8.33%) was all disclosed and closed within 16–30 days; 6 requests (50%) were disclosed in part with 3 requests (25%) closed between 16–30 days, 1 request (8.33%) closed between 31–60 days and 2 requests (16.67%) closed between 121–180 days; 4 requests (33.33%) had no existing records and were closed within 15 days; and 1 request (8.33%) was abandoned and closed within 15 days.

Completion time and extensions for closed requests

Of the 12 requests closed during the reporting period, 5 requests (41.67%) were closed within 15 days; 4 requests (33.33%) were closed between 16–30 days; 1 request (8.33%) was closed between 31–60 days; and 2 requests (16.67%) were closed between 121–180 days.

The PA allows the head of a federal institution to extend the time limit for processing a request for a maximum of 30 days, for the following reasons:

Subparagraph 15(a)(i): meeting the time limit would unreasonably interfere with the operations of the government institution; or
Subparagraph 15(a)(ii): consultations are necessary to comply with the request that cannot reasonably be completed within the original time limit.

The PA also allows for a time extension under paragraph 15(b) for a period of time deemed reasonable for translation purposes or for converting personal information into an alternate format.

The ATIP Division determined that it could not meet legislative timelines for certain PA requests and was granted time extensions to complete their processing. The requesters were notified of the extensions taken by the ATIP Division.

Other complexities during processing

The Agency encountered processing complexities in 6 of the 12 PA requests (50%) closed during the reporting period. Consultations were required for 3 requests that were disclosed in part to the requester and other actions were required to complete the processing for 3 requests that were disclosed in part to the requester .

Reasons and length for extensions and disposition of requests

Extended processing time was required for 3 requests (25%) of the 12 closed during the reporting period. Of the requests with extended processing time, 1 request was extended under subparagraph 15(a)(i) for interference with operations due to a large volume of pages to process and 2 requests were extended under subparagraph 15(a)(ii) as consultations were required.

Length of extension and disposition of requests

The length of extension for the 3 requests with extended processing time is broken down as follows: 1 request was extended for less than 30 days and 2 requests were extended for 16–30 days.

Exemptions and exclusions of requests

Exemptions and exclusions are the only grounds to withhold information found in records that are requested under PA, their application being limited and specific. During the reporting period, section 26 was applied by the Agency to deny access to the requested records.

Section 26 allows for the refusal to disclose personal information about an individual other than the individual who made the request. This provision was invoked in 6 requests.

The PA states that certain types of records are excluded from its application, specifically, records to which the public has access (section 69) and records containing confidences of the Queen’s Privy Council of Canada (section 70). The Agency did not invoke exclusions for any requests completed during the reporting period.

Interpretation of the 2023–2024 supplemental statistical report on the Access to Information Act and Privacy Act

Outstanding open requests and complaints under the PA

At the end of the 2023–2024 reporting period, the Agency had no open requests.

The Agency also has a total of 2 outstanding complaints, 1 complaint received during the reporting period 2023–2024 and 1 complaint remaining open from reporting period 2016–2017. The Agency has no open outstanding complaints in this fiscal year.

The Agency’s statistical report on the PA for reporting year 2023–2024 is provided in Appendix B and the 2023–2024 Supplemental Statistical Report on the Access to Information Act and Privacy Act in Appendix C.

Operational resources

Operational costs for the Administration of the PA

The total cost of operation for the administration of the PA for the Agency was $208,849, including $153,717 for employee salaries and $55,132 for professional services, contracts and program resources. A total of 1.869 employees were dedicated to the PA activities, including 1.536 full-time employees, 0.100 part-time and casual employees, and 0.233 consultants and Agency personnel.

Initiatives and projects to improve privacy at the Agency

During the current reporting period, the ATIP Division completed no new projects that were initiated or completed by the ATIP Division. The ATIP Division had continued improving its internal ATIA process and the communication between the ATIP employee, Liaison Officer (LO) and Office of Primary Interest (OPI) when processing requests.

Training and awareness

During this reporting period, the ATIP Division delivered no formal training but has continued its outreach to Agency managers and employees. The ATIP Division provided ongoing guidance and recommendations on the application and interpretation of the PA and communicated the TBS policies and guidelines through ongoing dialogue, informal discussions and informal group training to enable Agency employees to better meet the requirements of the PA.

Ongoing group and individual training were provided to the multiple newly hired ATIP resources to assist in their ATIP tasks and responsibilities and to provide support on the use of the electronic ATIP process, which contributed to the achievements of the ATIP Division throughout the reporting period.

ATIP coaching services for employees

Individual coaching sessions on MS Teams were provided upon request to OPIs and ATIP LOs to improve their searches for relevant records and to assist in providing a relevant record package to the ATIP Division within the established timelines.

The coaching required that ATIP employees be available to assist OPIs and/or LOs through the ongoing electronic process review by providing step by step training on how to respond to an ATIP and/or preparing an OPI’s response when sending a package of relevant records. The ATIP employees assisted the OPIs with formulating their recommendations by using the KOFAX Power PDF (Nuance) software. This training gave the OPIs and LOs the knowledge and skills to respond to ATIP requests and to process the requests efficiently and effectively.

Policies, guidelines and procedures

The ATIP Division continued its efforts to improve and update its processes and guidelines for processing ATIP requests to enable Agency employees, particularly the ATIP LOs and OPIs. These continued efforts have proven to be beneficial in assisting employees to better understand their responsibilities and the importance of their role in the processing (searching and retrieving) of records under the PA. This support maximized the efficiency in processing requests and enabled requesters to receive the requested information in a timely manner.

During the reporting period the Agency implemented the ATIP Division’s electronic ATIP process 2023 and used the related materials to streamline the process for the OPIs, LOs and all employees tasked with an ATIP request.

Agency employees’ access to records contained in the Records, Document and Information Management System (RDIMS) and APCM is controlled to ensure that access to personal information is provided on a “need-to-know” basis.

Transition to an electronic ATIP request process

The ATIP Division has continued processing ATIP requests by using electronic material for the retrieval of the ATIA and the PA requests. The ATIP Division is now operating in a hybrid work environment and paperless environment. The ATIP Division undertook the following actions to improve the ATIP processing culture at the Agency:

The OPIs work with electronic forms to submit their records, recommendations and their approvals. These electronic forms have ensured continuity in the processing of requests and compliance within statutory deadlines.
The OPIs’ search for records is done electronically and the records found are provided in electronic format to the ATIP Division. The OPIs search the shared drives, their emails and their personal drives, while IM searches for the pertinent records in RDIMS and paper files. If there are relevant paper records, IM scans the records into electronic format for processing.
The Case Management System RDIMS Portal is used by the ATIP Division to create ATIP files in the Agency’s File Plan in RDIMS, the Agency’s corporate repository for record-keeping. The ATIP Division does not keep any paper records of ATIP requests.
The approvals for the disclosure of the ATIA and PA requests records are completed by the ATIP director through APCM. The approval process to disclose the requested records to requesters is completed electronically.
The records are electronically disclosed to the requester through the Agency secure file transfer system “GoAnywhere”. The ATIP Division is now able to securely disclose to the requester electronic records packages that are larger than 30MB.
The ATIP Division, in collaboration with the LOs, OPIs, IM/IT and Legal Services, continues to improve its processing efficiency and increase productivity.
The Agency implemented the ATIP Division’s electronic ATIP process 2023 and put into use the related materials. The electronic ATIP process 2023 is making the ATIP process more manageable for the OPIs, LOs and any employees tasked with an ATIP request.

Info Source

Under the PA, institutions are required to identify, describe and publicly report their personal information banks (PIBs) and classes of personal information in the TBS’s annual publication, entitled Info Source. The descriptions of PIBs and classes of personal information contained in Info Source describe how government institutions inform their employees and the public about the personal information they collect and how that information is handled, used, retained and disposed. Info Source assists individuals in exercising their rights under the PA.

The Agency’s Info Source Chapter (Chapter) provides information about the Agency’s functions, programs, activities and related PIBs. The Chapter also provides individuals and employees of the Agency with relevant information to access their personal information and exercise their rights under the PA.

The OPIs in collaboration with the ATIP Division have finalized the review of 6 PIBs relating to the Agency’s new program activities. At the end of the reporting period, the ATIP Division sent, for review and approval, to TBS the revised PIBs in order to update the Agency’s Info Source publication. The review of these PIBs was necessary to provide the public with the most accurate information holdings.

TBS approved the Agency’s revised PIBs shortly after the end of the reporting period. Consequently, the 2016 version of the Agency’s Chapter remains available at the following web page: Access to Information and Privacy | Canadian Transportation Agency (otc-cta.gc.ca). The revised Chapter replacing the 2016 version will be available online to the public in the next fiscal year 2024–2025.

Personal Information Banks (PIB)

A PIB is a collection or grouping of personal information under the control of a government institution that is organized and intended to be retrieved by the name of an individual or by an identifying number, symbol or other assigned to an individual. The personal information described in the personal information bank has been used, is being used or is available for use for an administrative purpose.

The Agency has 5 active institution-specific PIBs and no new PIBs were created, terminated or modified during the reporting period. The Agency maintains no central PIBs.

Summary of key issues and actions resulting from complaints

During the reporting, the Agency received 1 complaint that was notified by the OPC under section 31 of the PA. The complainant alleged that the records disclosed were incomplete; records were missing and some were illegible. Accordingly, the OPC demanded that the Agency provide representations under section 33 of the PA. The conclusion of the investigation will be reported in 2024-25 reporting period. The breakdown of the complaint is found in Appendix B.

At the end of the reporting period, the Agency had 1 active complaint with the OPC, but has 1 case from a previous reporting period (2016–2017) pending before the Federal Court. This is indicated in Appendix C under the Interpretation of the 2023–2024 Supplementary Statistical Report on the Access to Information Act and Privacy Act.

Monitoring compliance

During the reporting period, the Agency continued to use APCM to track and monitor all administrative activities and set due dates in order to meet statutory timelines. Due dates for all actions were communicated to LOs, OPIs and reminders were sent as required. All actions taken have also been detailed in a separate tracking tool and the status of each request was communicated weekly to the Director, SRSD, in ensuring the review of the performance, priorities and issues in the processing of requests.

There were no requests for corrections of personal information over the reporting year.

Privacy breaches

Material privacy breaches

According to the Directive on Privacy Breaches section 6.1.2, the institutions are required to notify the OPC, the TBS and the parties affected by the material privacy breaches.

A material privacy breach has the highest risk impact and is defined as involving sensitive personal information and could reasonably be expected to cause serious injury or harm to the individual and/or involves many affected individuals.

No material privacy breaches were identified during the reporting period.

Non-material privacy breaches

A non-material privacy breach is defined as the improper or unauthorized creation, collection, use, disclosure, retention, or disposition of personal information. A privacy breach that does not attain the status of a material privacy breach is a non-material privacy breach or simply a privacy breach.

During the reporting period, the Agency has identified 5 non-material breaches which were signalled by the OPIs to the ATIP Division for assessment and containment in accordance with the TBS Directive on Privacy Practices and the Privacy breach management toolkit. The ATIP Division continues to work with the OPIs to prevent further non-material breaches with their employees.

Privacy Impact Assessments (PIA)

A PIA is not considered as complete until the final, approved copy, including all eight sections outlined in Appendix C of the Directive on Privacy Impact Assessments, has been sent to both the OPC and to the Information and Privacy Policy Division (TBS).

The Agency did not complete or modify any PIAs in 2023–2024. However the following Agency PIA’s are still in progress:

Microsoft 365

During the reporting period, the Agency completed the migration of its operations from Microsoft Office 2016 to Microsoft 365 suite of cloud-based software-as-a-service applications. Microsoft 365 offers a cloud-based version of the core Microsoft products, such as Excel, Word, PowerPoint and Outlook, with enhanced collaboration functionalities, such as multi-user editing of documents in real time. Microsoft 365 also includes Microsoft Teams, a collaboration hub with integrated instant messaging, video conferencing, group channels and file sharing capabilities.

This update to Microsoft 365 cloud services has required the Agency to produce a PIA. The Information Technology Services (IT) implemented Microsoft 365 PIA in 2022–2023. The ATIP Division (on behalf of IT) has submitted the Microsoft 365 PIA to TBS for their review and comment. In response to the submission, TBS provided the Agency with a list of recommendations to consider prior to its approval.

In order to comply with TBS recommendations, IT had to do a great deal of work, which included the development of new policies, controls implementation, artefact gathering, etc. Now that this work has been completed, the Agency will be in a better position to incorporate all of this new information into the PIA to provide a revised version for TBS review in 2024–2025 and once the PIA is approved, it will be published on the Agency’s Website.

Privacy Impact Assessment

Report on the air travel complaints resolution process

The Agency has implemented a new streamlined air travel complaints resolution process, the Complaint Resolution Office (CRO). Under this new process, the decision-makers are Agency public servants, who deal with the entire complaint process, including rendering a final decision. As part of the new process, a new online portal for industry and passengers was launched to facilitate the management of complaints and reduce the administrative burden.

The creation of this new process and services to submit complaints through the portal has required the Agency to produce a PIA. In order to comply with sections 4 to 8 of the Privacy Act and TBS Directives, the Agency has hired an experienced consultant to work with IT and the CRO to produce the Agency Air Travel Complaint PIA.

At the end of the reporting period, the first draft of the Agency Air Travel Complaint PIA was under review with the management team. When approval is obtained from management, the ATIP Division will summit the PIA to TBS for their review and comments.

The ATIP Division has continued supporting the OPI through the PIA process in order for the Agency to meet the PIA requirements. Once the PIA is approved, it will be published on the Agency’s Website.

Public interest disclosures

During the reporting period, the Agency did not disclose information pursuant to paragraph 8(2)(m) of the PA.

Appendix A: Delegation order

The Chair and Chief Executive Officer of the Canadian Transportation Agency, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, delegates to the persons holding the positions set out in the attached Schedule, or the persons occupying on an acting basis those positions, the powers, duties and functions of the Chair and Chief Executive Officer as head of the Canadian Transportation Agency, under the provisions of the Acts and related regulations set out in the Schedule opposite to each position. This designation replaces all previous delegation orders.

Original signed by

France Pégeot

Chair and Chief Executive Officer

Date: March 30, 2022

Access to Information Act, Access to Information Regulations – Delegated Authorities

Part 1 of the Access to Information Act – Access to government records

Table 1: Administration of the *Access to Information Act*
Provision	Description	Delegated Authority
4(2.1)	Duty to assist	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
6.1	Declining to act on request	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
7	Notice where access requested / Giving access to record	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
8(1)	Transfer of request to another government institution	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
9(1)	Extension of time limits	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
10	Notice where access is refused	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
11	Application fee waiver or refund	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
12(2)	Language of access	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
12(3)	Access to record in alternative format	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator

Table 2: Exemption provisions of the *Access to Information Act*
Provision	Description	Delegated Authority
13	Refuse access - Information obtained in confidence	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
14	Refuse access - Federal-provincial affairs	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
15	Refuse access - International affairs and defence	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
16	Refuse access - Law enforcement and investigations	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
16.5	Refuse access - Public Servants Disclosure Protection Act	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
17	Refuse access - Safety of individuals	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
18	Refuse access - Economic interests of Canada	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
18.1	Refuse access - Economic interests of certain government institutions	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
19	Refuse access - Personal information	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
20	Refuse access - Third-party information	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
21	Refuse access - Operations of government	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
22	Refuse access - Testing procedures, tests and audits	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
22.1	Refuse access - Internal audit working papers and draft internal audit reports	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
23	Refuse access - Protected information - solicitors, advocates and notaries	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
23.1	Refuse access - Protected information - patents and trademarks	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
24	Refuse access - Statutory prohibitions against disclosure	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator

Table 3: Other provisions of the *Access to Information Act*
Provision	Description	Delegated Authority
25	Severability	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
26	Refuse access if information to be published	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
27(1)	Notice to third parties	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
27(4)	Notice to third parties - Extension of time limit	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
28(1)	Notice to third parties - Representations of third party and decision	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
28(2)	Notice to third parties - Waiver of representations to be made in writing	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
28(4)	Notice to third parties - Disclosure of record	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
33	Notice to Information Commissioner of third-party involvement	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
35(2)(b)	Right to make representations to the Information Commissioner	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
37(4)	Access to record to be given to complainant	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
41(2)	Application for review by Federal Court by government institution	Chief Corporate Officer Director, Secretariat and Registrar Services
41(5)	Respondent named in application for review by Federal Court	Chief Corporate Officer Director, Secretariat and Registrar Services
43(1)	Receive copy of application for Federal Court review	Chief Corporate Officer Director, Secretariat and Registrar Services
43(2)	Service or notice of application for review by the Federal Court	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
44(2)	Notice to person who requested record of application for review by Federal Court	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
52(2)(b)	Request that application for Federal Court review be heard and determined in the National Capital Region	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
52(3)	Request and be given opportunity to make ex parte representations	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
94	Prepare annual report to Parliament	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator

Part 2 of the Access to Information Act – Proactive publication of information

Table 4: Proactive publication of information under the *Access to Information Act*
Provision	Description	Delegated Authority
82	Travel expenses	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
83	Hospitality expenses	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
84	Reports tabled in Parliament	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
85	Reclassification of positions	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
86	Contracts over $10,000	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
88	Briefing materials	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst

Table 5: Responsibilities under the *Access to Information Regulations*
Provision	Description	Delegated Authority
6(1)	Transfer of request	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
7(2)	Search and preparation fees	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
7(3)	Production and programming fees	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
8	Method of access	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
8.1	Limitations in respect of format	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst

Privacy Act, Privacy Regulations – Delegated authorities

Table 6: Administration of the *Privacy Act*
Provision	Description	Delegated Authority
8(2)(j)-(m)	Where personal information may be disclosed	Chief Corporate Officer Director, Secretariat and Registrar Services
8(4)	Requests from investigative bodies	Chief Corporate Officer Director, Secretariat and Registrar Services
8(5)	Notify Privacy Commissioner of 8(2)(m) disclosures	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
9(1)	Retain record of personal information disclosures	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
9(4)	Notify Privacy Commissioner of new consistent uses and amend index	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
10	Include personal information in personal information banks	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
14(a)	Notice where access requested	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
14(b)	Giving access to the record	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
15	Extension of time limits	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
17(2)(b)	Decision on whether to translate a response to a privacy request in one of the two official languages	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst
17(3)(b)	Decision on whether to convert personal information to an alternative format	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator ATIP Analyst

Table 7: Exemption provisions of the *Privacy Act*
Provision	Description	Delegated Authority
18(2)	Decision to refuse to disclose personal information contained in an exempt bank	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
19(1)	Decision to refuse to disclose personal information obtained in confidence	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
19(2)	Authority to disclose personal information obtained in confidence	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
20	Refuse to disclose personal information that may be injurious to federal-provincial affairs	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
21	Refuse to disclose personal information that may be injurious to international affairs and defence	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
22	Refuse to disclose personal information prepared by an investigative body, information injurious to enforcement of a law, or information injurious to the security of penal institutions	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
22.3	Refuse to disclose personal information created for the Public Servants Disclosure Protection Act	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
23	Refuse to disclose personal information prepared by an investigative body for security clearance	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
24	Refuse to disclose personal information collected or obtained for individuals sentenced for an offence if conditions are met	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
25	Refuse to disclose personal information which could threaten the safety of individuals	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
26	Refuse to disclose personal information about other individuals	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
27	Refuse to disclose protected information – solicitors, advocates and notaries	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
27.1	Refuse to disclose protected information – patents and trademarks	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
28	Refuse to disclose personal information relating to an individual’s medical record	Chief Corporate Officer Director, Secretariat and Registrar Services
31	Receive notice of investigation by the Privacy Commissioner	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
33(2)	Right to make representations to the Privacy Commissioner during an investigation	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
35(1)	Receive Privacy Commissioner’s report of findings and give notice of action taken	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
35(4)	Provide access to additional personal information to complainant as detailed in notice of action taken	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
36(3)	Receive Privacy Commissioner’s report of findings of investigation and recommendations of exempt banks	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
37(3)	Receive Privacy Commissioner’s report of findings and recommendations of compliance investigation	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
51(2)(b)	Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
51(3)	Request and be given right to make representations in section 51 hearings	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
72(1)	Prepare annual report to Parliament	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator

Table 8: Responsibilities of the *Privacy Regulations*
Provision	Description	Delegated Authority
9	Allow examination of the documents (Reading Room)	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
11(2)	Notification of correction	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
11(4)	Correction refused, notation placed on file	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
13(1)	Disclosure to a medical practitioner or psychologist	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator
14	Disclosure in the presence of a medical practitioner or psychologist	Chief Corporate Officer Director, Secretariat and Registrar Services ATIP Coordinator

Appendix B: 2023–2024 Statistical report on the Privacy Act

Name of institution: Canadian Transportation Agency
Reporting period: April 1, 2023, to March 31, 2024

Section 1: Requests under the Privacy Act

1.1 Number of requests

Total	12
	Number of requests
Received during the reporting period	10
Outstanding from previous reporting period Outstanding from previous reporting period = 2 Outstanding from more than one reporting period = 0	2
Closed during the reporting period	12
Carried over to the next reporting period Carried over within legislated timeline = 0 Carried over beyond legislated timeline = 0	0

1.2 Channels of requests

Source	Number of requests
Online	10
Email	0
Mail	0
In person	0
Phone	0
Fax	0
Total	10

Section 2: Informal requests

2.1 Number of informal requests

Total	0
	Number of requests
Received during reporting period	0
Outstanding from previous reporting period Outstanding from previous reporting period = 0 Outstanding from more than one reporting period = 0	0
Closed during the reporting period	0
Carried over to next reporting period	0

2.2 Channels of informal requests

Source	Number of requests
Online	0
Email	0
Mail	0
In person	0
Phone	0
Fax	0
Total	0

2.3 Completion time of informal requests

1 to 15 days	16 to 30 days	31 to 60 days	61 to 120 days	121 to 180 days	181 to 365 days	More than 365	Total
0	0	0	0	0	0	0	0

2.4 Pages released informally

Less than 100 Pages released Number of requests	Less than 100 Pages released Pages Released	100-500 Pages released Number of requests	100-500 Pages released Pages Released	501-1000 Pages released Number of requests	501-1000 Pages released Pages Released	1001-5000 Pages released Number of requests	1001-5000 Pages released Pages Released	More than 5000 Pages released Number of requests	More than 5000 Pages released Pages Released
0	0	0	0	0	0	0	0	0	0

Section 3: Requests closed during the reporting period

3.1 Disposition and completion time

Disposition of requests	1 to 15 days	16 to 30 days	31 to 60 days	121 to 180 days	Total
All disclosed	0	1	0	0	1
Disclosed in part	0	3	1	2	6
All exempted	0	0	0	0	0
All excluded	0	0	0	0	0
No records exist	4	0	0	0	4
Request abandoned	1	0	0	0	1
Neither confirmed nor denied	1	0	0	0	0
Total	5	4	1	2	12

3.2 Exemptions

Section	Number of requests	Section	Section	Number of requests
18(2)	0	22(1)(a)(i)	23(b)	0
19(1)(a)	0	22(1)(a)(ii)	23(b)	0
19(1)(b)	0	22(1)(a)(iii)	24(a)	0
19(1)(c)	6	24(b)	28	0
19(1)(d)	6	22(1)(c)	25	0
19(1)(e)	6	22(2)	26	6
19(1)(f)	6	22.1	27	0
20	6	22.2	27.1	0
21	6	22.3	28	0
-	-	22.4	-	-

3.3 Exclusions

Section	Number of requests	Section	Section
69(1)(a)	0	70(1)	70(1)(d)
69(1)(b)	0	70(1)(a)	70(1)(e)
69.1	0	70(1)(b)	70(1)(f)
		70(1)(c)	70.1

3.4 Format of information released

Paper	Electronic E-Record	Electronic Data set	Electronic Video	Electronic Audio	Other
0	7	0	0	0	0

3.5 Complexity

3.5.1 Relevant pages processed and disclosed

Number of pages processed	Number of pages disclosed	Number of requests
11859	4601	8

3.5.2 Relevant pages processed by request disposition for paper, e-record and dataset formats by size of requests

Disposition	Less than 100 pages processed Number of requests	Less than 100 pages processed Pages disclosed	1001-5,000 Pages processed Number of requests	1001-5,000 Pages processed Pages disclosed	More than 5,000 Pages processed Number of requests	More than 5,000 Pages processed Pages disclosed
All disclosed	1	3	0	0	0	0
Disclosed in part	3	109	2	5171	1	6576
All exempted	0	0	0	0	0	0
All excluded	0	0	0	0	0	0
Request abandoned	1	0	0	0	0	0
Neither confirmed nor denied	0	0	0	0	0	0
Total	5	112	2	5171	1	6576

3.5.3 Relevant minutes processed and disclosed for audio formats

Number of Minutes processed	Number of Minutes disclosed	Number of requests
0	0	0

3.5.4 Relevant minutes processed per request disposition for audio formats by size of request

Disposition	Less than 60 minutes processed Number of requests	Less than 60 minutes processed Minutes processed	60-120 minutes processed Number of requests	60-120 minutes processed Minutes processed	More than 120 minutes processed Number of requests	More than 120 minutes processed Minutes processed
All disclosed	0	0	0	0	0	0
Disclosed in part	0	0	0	0	0	0
All exempted	0	0	0	0	0	0
All excluded	0	0	0	0	0	0
Request abandoned	0	0	0	0	0	0
Neither confirmed nor denied	0	0	0	0	0	0
Total	0	0	0	0	0	0

3.5.5 Relevant minutes processed and disclosed for video formats

Number of minutes processed	Number of minutes disclosed	Number of requests
0	0	0

3.5.6 Relevant minutes processed per request disposition for video formats by size of request

Disposition	Less than 60 minutes processed Number of requests	Less than 60 minutes processed Minutes processed	60-120 minutes processed Number of requests	60-120 minutes processed Minutes processed	More than 120 minutes processed Number of requests	More than 120 minutes processed Minutes processed
All disclosed	0	0	0	0	0	0
Disclosed in part	0	0	0	0	0	0
All exempted	0	0	0	0	0	0
All excluded	0	0	0	0	0	0
Request abandoned	0	0	0	0	0	0
Neither confirmed nor denied	0	0	0	0	0	0
Total	0	0	0	0	0	0

3.5.7 Other complexities

Disposition	Consultation required	Other	Total
All disclosed	0	0	0
Disclosed in part	3	3	6
All exempted	0	0	0
All excluded	0	0	0
Request abandoned	0	0	0
Neither confirmed nor denied	0	0	0
Total	3	3	6

3.6 Closed requests

3.6.1 Number of requests closed within legislated timelines

	Requests closed within statutory deadline
Number of requests closed within legislated timelines	10
Proportion of requests closed within legislated timelines (%)	83.33333333

3.7 Deemed refusals

3.7.1 Reasons for not meeting legislated timelines

Number of requests closed past the legislated timelines	Principal reason Interference with operations/Workload	Principal reason External consultation	Principal reason Internal consultation	Principal reason Other
2	2	0	0	0

3.7.2 Request closed beyond legislated timelines (including any extension taken)

Number of days past legislated timelines	Number of requests past legislated timelines where an extension was taken	Total
1 to 15 days	0	0
16 to 30 days	0	0
31 to 60 days	0	0
61 to 180 days	2	2
181 to 365 days	0	0
More than 365 days	0	0
Total	2	2

3.8 Requests for translation

Translation requests	Accepted	Refused	Total
English to French	0	0	0
French to English	0	0	0
Total	0	0	0

Section 4: Disclosures under subsections 8(2) and 8(5)

Paragraph 8(2)(e)	Paragraph 8(2)(m)	Subsection 8(5)	Total
0	0	0	0

Section 5: Requests for correction of personal information and notations

Disposition for correction requests received	Number
Notations attached	0
Requests for correction accepted	0
Total	0

Section 6: Extensions

6.1 Reasons for extensions

Number of extensions taken	15(a)(i) Interference with operations Further review required to determine exemptions	15(a)(i) Interference with operations Large volume of pages	15(a)(i) Interference with operations Large volume of requests	15(a)(i) Interference with operations Documents are difficult to obtain	15(a)(ii) Consultation Cabinet confidence (section 70)	15(a)(ii) Consultation External	15(a)(ii) Consultation Internal	15(b) Translation purposes or conversion
3	0	1	0	0	0	0	2	0

6.2 Length of extensions

Length of extensions	15(a)(i) Interference with operations Large volume of pages	15(a)(ii) Consultation Internal
1 to 15 days	0	0
16 to 30 days	1	2
31 days or greater	0	0
Total	1	2

Section 7: Consultations received from other institutions and organizations

7.1 Consultations received from other Government of Canada institutions and other organizations

Consultations	Other Government of Canada institutions	Number of pages to review	Other Organizations	Number of pages to review
Received during reporting period	0	0	0	0
Outstanding from previous reporting period	0	0	0	0
Total	0	0	0	0
Closed during reporting period	0	0	0	0
Carried over within negotiated timelines	0	0	0	0
Carried over beyond negotiated timelines	0	0	0	0

7.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendation	Number of days required to complete consultation requests 1 to 15 days	Number of days required to complete consultation requests 16 to 30 days	Number of days required to complete consultation requests 31 to 60 days	Number of days required to complete consultation requests 61 to 120 days	Number of days required to complete consultation requests 121 to 180 days	Number of days required to complete consultation requests 181 to 365 days	Number of days required to complete consultation requests More than 365 days	Total
Disclosed entirely	0	0	0	0	0	0	0	0
Disclosed in part	0	0	0	0	0	0	0	0
Exempted entirely	0	0	0	0	0	0	0	0
Excluded entirely	0	0	0	0	0	0	0	0
Consult other institutions	0	0	0	0	0	0	0	0
Other	0	0	0	0	0	0	0	0
Total	0	0	0	0	0	0	0	0

7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada

Recommendation	Number of days required to complete consultation requests 1 to 15 days	Number of days required to complete consultation requests 16 to 30 days	Number of days required to complete consultation requests 31 to 60 days	Number of days required to complete consultation requests 61 to 120 days	Number of days required to complete consultation requests 121 to 180 days	Number of days required to complete consultation requests 181 to 365 days	Number of days required to complete consultation requests More than 365 days	Total
Disclosed entirely	0	0	0	0	0	0	0	0
Disclosed in part	0	0	0	0	0	0	0	0
Exempted entirely	0	0	0	0	0	0	0	0
Excluded entirely	0	0	0	0	0	0	0	0
Consult other institutions	0	0	0	0	0	0	0	0
Other	0	0	0	0	0	0	0	0
Total	0	0	0	0	0	0	0	0

Section 8: Completion time of consultations on Cabinet confidences

8.1 Requests with Legal Services

Number of days	Fewer than 100 pages processed Number of requests	Fewer than 100 pages processed Pages disclosed	101‒500 pages processed Number of requests	101‒500 pages processed Pages disclosed	501‒1,000 pages processed Number of requests	501‒1,000 pages processed Pages disclosed	1001‒5,000 pages processed Number of requests	1001‒5,000 pages processed Pages disclosed	More than 5,000 pages processed Number of requests	More than 5,000 pages processed Pages disclosed	Total
1 to 15	0	0	0	0	0	0	0	0	0	0	0
16 to 30	0	0	0	0	0	0	0	0	0	0	0
31 to 60	0	0	0	0	0	0	0	0	0	0	0
61 to 120	0	0	0	0	0	0	0	0	0	0	0
121 to 180	0	0	0	0	0	0	0	0	0	0	0
181 to 365	0	0	0	0	0	0	0	0	0	0	0
More than 365	0	0	0	0	0	0	0	0	0	0	0
Total	0	0	0	0	0	0	0	0	0	0	0

8.2 Requests with Privy Council Office

Number of days	Fewer than 100 pages processed Number of requests	Fewer than 100 pages processed Pages disclosed	101‒500 pages processed Number of requests	101‒500 pages processed Pages disclosed	501‒1,000 pages processed Number of requests	501‒1,000 pages processed Pages disclosed	1001‒5,000 pages processed Number of requests	1001‒5,000 pages processed Pages disclosed	More than 5,000 pages processed Number of requests	More than 5,000 pages processed Pages disclosed	Total
1 to 15	0	0	0	0	0	0	0	0	0	0	0
16 to 30	0	0	0	0	0	0	0	0	0	0	0
31 to 60	0	0	0	0	0	0	0	0	0	0	0
61 to 120	0	0	0	0	0	0	0	0	0	0	0
121 to 180	0	0	0	0	0	0	0	0	0	0	0
181 to 365	0	0	0	0	0	0	0	0	0	0	0
More than 365	0	0	0	0	0	0	0	0	0	0	0
Total	0	0	0	0	0	0	0	0	0	0	0

Section 9: Complaints and investigation notices received

Section 31	Section 33	Section 35	Court action	Total
1	1	0	1	3

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks

10.1 Privacy Impact Assessments

Number of PIA(s) completed	0
Number of PIA(s) modified	2

10.2 Institution-specific and Central Personal Information Banks

Personal information banks	Active	Created	Terminated	Modified
Institution-specific	5	0	0	0
Central	0	0	0	0
Total	5	0	0	0

Section 11: Privacy breaches

11.1 Material privacy breaches reported

Number of material privacy breaches reported to TBS	0
Number of material privacy breaches reported to OPC	0

11.2 Non-Material Privacy Breaches

Number of non-material privacy breaches reported to TBS
5

Section 12: Resources related to the Privacy Act

12.1 Allocated Costs

Expenditures	Amount
Salaries	$153,717
Overtime	$0
Goods and services Professional services contracts = $54,757 Other = $375	$55,132
Total	$208,849

12.2 Human Resources

Resources	Person-years dedicated to privacy activities
Full-time employees	1.536
Part-time and casual employees	0.100
Regional staff	0.000
Consultants and agency personnel	0.233
Students	0.000
Total	1.869

Appendix C: 2023–2024 Supplemental Statistical Report on the Access to Information Act and the Privacy Act

Section 1: Open requests and complaints under the Access to Information Act

1.1 The following table reports the total number of open requests that are outstanding from previous reporting periods.

Fiscal year open requests were received	Open requests that are within legislated timelines as of March 31, 2024	Open requests that are beyond legislated timelines of March 31, 2024	Total
Received in 2023–2024	1	1	2
Received in 2022–2023	0	0	0
Received in 2021–2022	0	0	0
Received in 2020–2021	0	0	0
Received in 2019–2020	0	0	0
Received in 2018–2019	0	0	0
Received in 2017–2018	0	0	0
Received in 2016–2017	0	0	0
Received in 2015–2016	0	0	0
Received in 2014–2015 or earlier	0	0	0
Total	1	1	2

1.2 The following table reports the total number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods.

Fiscal year open complaints were received by institution	Number of open complaints
Received in 2023–2024	2
Received in 2022–2023	2
Received in 2021–2022	0
Received in 2020–2021	0
Received in 2019–2020	0
Received in 2018–2019	0
Received in 2017–2018	0
Received in 2016–2017	0
Received in 2015–2016	0
Received in 2014–2015	0
Received in 2013–2014 or earlier	0
Total	4

Section 2: Open requests and complaints under the Privacy Act

2.1 The following table reports the total number of open requests that are outstanding from previous reporting periods.

Fiscal Year Open Requests were Received	Open requests that are within legislated timelines as of March 31, 2024	Open Requests that are beyond legislated timelines of March 31, 2024	Total
Received in 2023–2024	0	0	0
Received in 2022–2023	0	0	0
Received in 2021–2022	0	0	0
Received in 2020–2021	0	0	0
Received in 2019–2020	0	0	0
Received in 2018–2019	0	0	0
Received in 2017–2018	0	0	0
Received in 2016–2017	0	0	0
Received in 2015–2016	0	0	0
Received in 2014–2015	0	0	0
Received in 2013–2014 or earlier	0	0	0
Total	0	0	0

2.2 The following table reports the total number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods.

Fiscal year open complaints were received by institution	Number of open complaints
Received in 2023–2024	1
Received in 2022–2023	0
Received in 2021–2022	0
Received in 2020–2021	0
Received in 2019–2020	0
Received in 2018–2019	0
Received in 2017–2018	0
Received in 2016–2017	1
Received in 2015–2016	0
Received in 2014–2015	0
Received in 2013–2014 or earlier	0
Total	2

Section 3: Social Insurance Number (SIN)

Has your institution begun a new collection or a new consistent use of the SIN in 2023–2024?
No

Section 4: Universal Access under the Privacy Act

How many requests were received from confirmed foreign nationals outside of Canada in 2023–2024?
0

Date modified:: 2024-10-18