Listen to text
MP3Annual Report on the administration of the Privacy Act 2024-2025
Table of contents
Introduction
The Privacy Act (PA), enacted in 1983, imposes obligations on federal institutions to ensure that privacy rights of individuals are respected. The PA grants Canadian citizens, permanent residents and persons present in Canada the right to access their personal information held by institutions subject to the PA and to request corrections. The PA also establishes a legal framework governing the collection, retention, use, disclosure, processing, disposal and accuracy of personal information in the delivery of programs and activities of institutions subject to the PA.
Section 72 of the PA requires that at the end of each fiscal year, the head of every government institution prepare a report to Parliament on the administration of the PA within the institution.
This Annual Report is tabled in Parliament under section 72 of the PA. This report describes how the Canadian Transportation Agency (Agency) fulfilled its responsibilities under the PA for the period beginning April 1, 2024, and ending March 31, 2025.
About the Agency
The Agency is an independent regulator and quasi-judicial tribunal with the powers of a superior court. It operates within the context of the very large and complex Canadian transportation system.
The Canada Transportation Act includes the National Transportation Policy, which guides the Agency. It states that competition and market forces are the prime agents in providing viable and effective transportation services and that regulation may be required to meet public policy objectives that cannot be achieved by competition and market forces alone.
The Agency has specific powers assigned to it under this legislation:
- It is an economic regulator of modes of transportation under federal jurisdiction, and develops and applies ground rules that establish the rights and responsibilities of transportation service providers and users and that level the playing field among competitors. These rules can be binding regulations, guidelines, or codes of practice.
- It is a tribunal that hears and resolves disputes like a court. It resolves disputes between transportation service providers and their clients or neighbours, using various tools from facilitation and mediation to arbitration and adjudication.
The Agency’s responsibilities are:
- To help ensure that the national transportation system runs efficiently and smoothly in the interests of all Canadians: those who work and invest in it; the producers, shippers, travellers, and businesses who rely on it; and the communities where it operates.
- To provide consumer protection for air passengers.
- To protect the human right of persons with disabilities to an accessible transportation network.
Additional information on the Agency’s mandate is available at the following link: Canadian Transportation Agency - Canada.ca.
The Agency does not have any non-operational (“paper”) subsidiaries.
Open court principle
In its role as a quasi-judicial tribunal, the Agency operates like a court when adjudicating disputes and is therefore bound by the open court principle. This means that the Agency’s proceedings must be open and accessible to all Canadians.
Any submission or document filed with the Agency as part of its formal adjudication process will be made part of the public record without redaction, unless a claim for confidentiality has been made to and accepted by the Agency. Requests for information about decisions issued in a dispute proceeding are processed informally and records are released in their entirety unless a request for confidentiality was granted.
While requests for information on the public record are processed informally by other areas of the Agency, the Access to Information and Privacy (ATIP) Division must also apply the open court principle when these records form part of a response to a request made under the PA.
Organizational structure of the ATIP division
During this reporting period, the ATIP Division was part of the Secretariat and Registrar Services Directorate (SRSD) under the Legal Services and Secretariat Branch. The ATIP Division consists of an ATIP coordinator (and team leader) reporting to the director of SRSD, and one ATIP junior officer providing administrative support and reporting to the ATIP coordinator.
The ATIP coordinator is responsible for the daily activities related to the administration and enforcement of the Access to Information Act (ATIA) and the PA and for ensuring compliance with the requirements of legislation, policies and directives, as well as of any other ATIP policy instruments issued by the Treasury Board of Canada Secretariat (TBS).
Activities of the ATIP division include:
- processing requests for information submitted under the ATIA and the PA in accordance with legislation, regulations, policies and TBS guidelines;
- providing advice and guidance to Agency managers and employees on the interpretation and application of the ATIA and the PA;
- developing and offering to Agency managers and employees training and awareness sessions on how to meet their obligations under the ATIA and the PA;
- developing policies, procedures and guidelines on how to enforce the ATIA and the PA, in accordance with the instructions issued by the TBS;
- collaborating with the Office of the Information Commissioner and with the Office of the Privacy Commissioner on the resolution of complaints filed against the Agency;
- coordinating the updating of the Agency’s Info Source publication;
- ensuring that the proactive publication requirements of Part 2 of the ATIA are met; and
- preparing statistical and annual reports for tabling in Parliament with respect to the administration and enforcement of the ATIA and the PA.
The Agency had no agreements for provision of services related to privacy in place as defined in section 73.1 of the PA during this reporting period.
Delegation order
Delegation orders set out the powers, duties and functions for the administration of the PA that have been delegated by the head of the institution and specify to whom they have been delegated.
In March 2022, France Pégeot, the Chair and Chief Executive Officer, as head of the Agency, delegated full authority for the administration of the ATIA and the PA to the persons holding the positions of director of SRSD and of chief corporate officer, as well as partial authority to the persons holding the positions of ATIP coordinator and of ATIP analyst.
A copy of the signed delegation instrument is included in Appendix A.
Performance under the PA 2024–2025
The following provides an overview of the Agency’s key performance data from the Agency’s 2024-25 Statistical Reports.
Requests Closed
The following table provides an overview of the Agency’s performance on closing requests over a five-year period.
| Reporting year | Requests Closed During the Reporting Period | Requests Closed Within Legislated Timelines | Performance and Percentage (%) |
|---|---|---|---|
| 2024–2025 | 9 | 6 | 66.7% |
| 2023–2024 | 12 | 10 | 83.33% |
| 2022–2023 | 16 | 14 | 87.5% |
| 2021–2022 | 6 | 6 | 100% |
| 2020–2021 | 10 | 9 | 90% |
Completed Requests
The Agency closed 9 requests during the reporting period: 2 were completed within 15 days; 1 was completed within 30 days; 3 were completed within 60 days; and 3 were completed within 120 days.
Active requests
At the end of the 2024–2025 reporting period, the Agency had 2 active requests that were carried over to the next reporting period, 2025–2026. Both of these requests were received in 2024–2025 and are still within legislated timelines.
Active Complaints
At the end of the 2024–2025 reporting period, the Agency had 1 active complaint and it was received in 2024–2025.
Reasons for Extensions
The PA allows the head of a federal institution to extend the time limit for processing a request for a maximum of 30 days, for the following reasons:
- subparagraph 15(a)(i): meeting the original time limit would unreasonably interfere with the operations of the government institution; or
- subparagraph 15(a)(ii): consultations are necessary to comply with the request that cannot reasonably be completed within the original time limit.
The PA also allows for a time extension under paragraph 15(b) for a period of time deemed reasonable for translation purposes or for converting personal information into an alternate format.
The ATIP Division could not meet legislative timelines for 5 PA requests and was granted time extensions to complete their processing. The requesters were notified of the extensions taken by the ATIP Division.
Extended processing time was required for 5 of the 9 requests closed during the reporting period. Of the 5 extended requests, 4 requests were extended under subparagraph 15(a)(i) for interference with operations and 1 request was extended under subparagraph 15(a)(ii) as consultations were required.
The length of the extensions for all 5 requests was fewer than 30 days.
Consultation Requests From Other Government Institutions
No requests for consultation were received from other Government institutions by the ATIP Division during the reporting period.
Disposition of Completed Requests
The Agency completed 9 requests which were disposed as follows: 55.6% of the requests were disclosed in part and 44.4% of requests had no records existing.
In the current reporting period 2024–2025, the Agency had a completion rate of 66.7% for processing 1,282 pages and disclosing 697 pages to requesters within legislated timelines. In the previous reporting year (2023–2024), the Agency had a completion rate of 83.3% for processing 11,859 pages and disclosing 4,601 pages to requesters. Compared to the last reporting period, the pages processed has decreased by 89.2% and the rate of pages released has also decreased by 15%. This marked decrease is due to early communication with the requesters upon receipt of the request, especially when clarifications are needed. This dialogue helps to either narrow the scope of the request or to provide details for a more targeted search for relevant records by the Office of Primary Interests (OPI).
The Agency’s statistical report on the PA for reporting year 2024–2025 as well as previous years reports are available at: Statistics on the Access to Information and Privacy Acts — Canada.ca.
Training and awareness
During this reporting period, the ATIP Division delivered no formal training but has continued its outreach to Agency managers and employees. The ATIP Division provided ongoing guidance and recommendations on the application and interpretation of the PA and communicated the TBS policies and guidelines through ongoing dialogue, informal discussions and informal group training to enable Agency employees to better meet the requirements of the PA.
The Canada School of Public Service’s (CSPS) self-directed courses, entitled Fundamentals of Information Management (COR501) and Access to Information and Privacy Fundamentals (COR502), are mandatory learning for all employees and included in their learning plans which are monitored for compliance by the Agency’s managers and Workforce and Workplace Services directorate.
ATIP specialists also have specific mandatory training through CSPS and TBS that is included in their learning plans and monitored for compliance by their manager and the Workforce and Workplace Services directorate. They include the following two courses offered by the CSPS: Access to Information and Privacy Fundamentals (COR502) and Privacy in the Government of Canada (COR504); and all of the relevant training offered by TBS.
ATIP coaching services for employees
Individual coaching sessions on MS Teams were provided upon request to OPIs and ATIP Liaison Officers (LO) to improve their searches for relevant records and to assist in providing a relevant record package to the ATIP Division within the established timelines.
The coaching required that ATIP employees be available to assist OPIs and/or LOs through the ongoing electronic process review by providing step-by-step training on how to respond to an ATIP and/or prepare an OPI’s response when sending a package of relevant records. The ATIP employees assisted the OPIs with formulating their recommendations by using the KOFAX Power PDF (Nuance) software. This training gave the OPIs and LOs the knowledge and skills to respond to ATIP requests and to process the requests efficiently and effectively.
Policies, guidelines and procedures
The Agency did not implement any new policies or guidelines related to PA requests during the reporting period. However, the ATIP Division implemented new procedures concerning the reporting of privacy breaches for the Complaint Resolution Office. These procedures have streamlined the steps for processing privacy breaches relating to confidential air travel complaints. In addition, a designated privacy breach coordinator has been appointed to oversee the reporting process. This approach aims to reduce confusion and improve efficiency in handling privacy breaches.
Initiatives and Projects to Improve Privacy at the Agency
During the current reporting period, the ATIP Division has been working with the Information Technology Division to upgrade the Access to Information processing System as the product is reaching its end of life and will no longer be supported by the vendor. The ATIP Division is also working in collaboration with the Information Management team, to reorganize and update the ATIP file structure in the Agency’s corporate repository, RDIMS, for ease of retrieval. In addition, the ATIP Division has developed standardized text for responding to ATIP requests for confidential Complaint Resolution Office information. This text was developed to provide clarity to requesters and to ensure a consistent approach in handling these requests.
Summary of Key Issues and Actions Resulting From Complaints
During the reporting period, the Agency received 3 PA complaints—2 new complaints received during the 2024–2025 reporting period, and 1 carried over from the 2023–2024 reporting period. For 2 of these complaints, the Office of the Privacy Commissioner (OPC) issued notices of intention to investigate under section 31 and requests for representations under section 33. In response to the section 31 notices, the Agency submitted the required documentation and clarifications, demonstrating its commitment to the investigation process. As a result, 1 complaint was resolved through the OPC’s early resolution process, with a finding of well-founded and resolved. The second complaint remained active at the end of the reporting period, pending further representations under section 33.
Of the 3 complaints, 2 were closed during the reporting period:
- One complaint received during the reporting period concerned missing and illegible records disclosed to the complainant. At the OPC’s request, the Agency re-downloaded the affected pages in AccessPro Redaction at higher resolution and re-disclosed them to the complainant. The OPC concluded that the Agency had responded appropriately and issued a Report of Findings under section 35, deeming the complaint to be well-founded and resolved.
- The second complaint carried over from 2023–2024, involved a delay in responding to a request due to an administrative error — specifically, the received date was incorrectly entered in the AccessPro Case Management system, preventing a valid extension from being taken. The Agency explained the situation and assigned an ATIP analyst to support a timely disclosure. The OPC acknowledged the Agency’s collaboration and closed the complaint as well-founded and resolved.
In summary, 2 of the 3 complaints were closed with findings of well-founded and resolved, and at the end of the reporting period, the Agency had 1 active complaint with the OPC from 2024–2025.
Material Privacy Breaches
A material privacy breach has the highest-risk impact and is defined as involving sensitive personal information and could reasonably be expected to cause serious injury or harm to the individual and/or involves many affected individuals.
No material privacy breaches were identified by the Agency during the reporting period.
Privacy Impact Assessments (PIA)
The Agency did not complete or modify any PIAs during the reporting period.
Public Interest Disclosures
During the reporting period, the Agency did not disclose information pursuant to paragraph 8(2)(m) of the PA.
Monitoring Compliance
During the reporting period, the Agency continued to use an ATIP software, the AccessPro Case Management system, to input, track and monitor all administrative activities and set due dates in order to meet statutory timelines. Due dates for all actions were communicated to LOs and OPIs, and reminders were sent as required. All actions taken are detailed in a separate tracking tool and the status of each request was communicated weekly by the ATIP Coordinator to the Director, SRSD, in ensuring the review of the performance, priorities and issues in the processing of requests.
The Agency’s Financial Services and Asset Management Directorate protects the integrity of the Agency’s business activities by managing all financial and procurement services, including financial management and controls according to acts, regulations and central agency requirements. This includes ensuring that measures to protect personal information are reflected in contracts, information-sharing agreements and information-sharing arrangements.
Appendix A: Delegation order
The Chair and Chief Executive Officer of the Canadian Transportation Agency, pursuant to subsection 95(1) of the Access to Information Act and subsection 73(1) of the Privacy Act, delegates to the persons holding the positions set out in the attached Schedule, or the persons occupying on an acting basis those positions, the powers, duties and functions of the Chair and Chief Executive Officer as head of the Canadian Transportation Agency, under the provisions of the Acts and related regulations set out in the Schedule opposite to each position. This designation replaces all previous delegation orders.
Original signed by
France Pégeot
Chair and Chief Executive Officer
Date: March 30, 2022
Access to Information Act, Access to Information Regulations – Delegated Authorities
Part 1 of the Access to Information Act – Access to government records
| Provision | Description | Delegated Authority |
|---|---|---|
| 4(2.1) | Duty to assist |
|
| 6.1 | Declining to act on request |
|
| 7 | Notice where access requested / Giving access to record |
|
| 8(1) | Transfer of request to another government institution |
|
| 9(1) | Extension of time limits |
|
| 10 | Notice where access is refused |
|
| 11 | Application fee waiver or refund |
|
| 12(2) | Language of access |
|
| 12(3) | Access to record in alternative format |
|
| Provision | Description | Delegated Authority |
|---|---|---|
| 13 | Refuse access - Information obtained in confidence |
|
| 14 | Refuse access - Federal - provincial affairs |
|
| 15 | Refuse access - International affairs and defence |
|
| 16 | Refuse access - Law enforcement and investigations |
|
| 16.5 | Refuse access - Public Servants Disclosure Protection Act |
|
| 17 | Refuse access - Safety of individuals |
|
| 18 | Refuse access - Economic interests of Canada |
|
| 18.1 | Refuse access - Economic interests of certain government institutions |
|
| 19 | Refuse access - Personal information |
|
| 20 | Refuse access - Third-party information |
|
| 21 | Refuse access - Operations of government |
|
| 22 | Refuse access - Testing procedures, tests and audits |
|
| 22.1 | Refuse access - Internal audit working papers and draft internal audit reports |
|
| 23 | Refuse access - Protected information - solicitors, advocates and notaries |
|
| 23.1 | Refuse access - Protected information - patents and trademarks |
|
| 24 | Refuse access - Statutory prohibitions against disclosure |
|
| Provision | Description | Delegated Authority |
|---|---|---|
| 25 | Severability |
|
| 26 | Refuse access if information to be published |
|
| 27(1) | Notice to third parties |
|
| 27(4) | Notice to third parties - Extension of time limit |
|
| 28(1) | Notice to third parties - Representations of third party and decision |
|
| 28(2) | Notice to third parties - Waiver of representations to be made in writing |
|
| 28(4) | Notice to third parties - Disclosure of record |
|
| 33 | Notice to Information Commissioner of third-party involvement |
|
| 35(2)(b) | Right to make representations to the Information Commissioner |
|
| 37(4) | Access to record to be given to complainant |
|
| 41(2) | Application for review by Federal Court by government institution |
|
| 41(5) | Respondent named in application for review by Federal Court |
|
| 43(1) | Receive copy of application for Federal Court review |
|
| 43(2) | Service or notice of application for review by the Federal Court |
|
| 44(2) | Notice to person who requested record of application for review by Federal Court |
|
| 52(2)(b) | Request that application for Federal Court review be heard and determined in the National Capital Region |
|
| 52(3) | Request and be given opportunity to make ex parte representations |
|
| 94 | Prepare annual report to Parliament |
|
Part 2 of the Access to Information Act – Proactive publication of information
| Provision | Description | Delegated Authority |
|---|---|---|
| 82 | Travel expenses |
|
| 83 | Hospitality expenses |
|
| 84 | Reports tabled in Parliament |
|
| 85 | Reclassification of positions |
|
| 86 | Contracts over $10,000 |
|
| 88 | Briefing materials |
|
| Provision | Description | Delegated Authority |
|---|---|---|
| 6(1) | Transfer of request |
|
| 7(2) | Search and preparation fees |
|
| 7(3) | Production and programming fees |
|
| 8 | Method of access |
|
| 8.1 | Limitations in respect of format |
|
Privacy Act, Privacy Regulations – Delegated authorities
| Provision | Description | Delegated Authority |
|---|---|---|
| 8(2)(j)-(m) | Where personal information may be disclosed |
|
| 8(4) | Requests from investigative bodies |
|
| 8(5) | Notify Privacy Commissioner of 8(2)(m) disclosures |
|
| 9(1) | Retain record of personal information disclosures |
|
| 9(4) | Notify Privacy Commissioner of new consistent uses and amend index |
|
| 10 | Include personal information in personal information banks |
|
| 14(a) | Notice where access requested |
|
| 14(b) | Giving access to the record |
|
| 15 | Extension of time limits |
|
| 17(2)(b) | Decision on whether to translate a response to a privacy request in one of the two official languages |
|
| 17(3)(b) | Decision on whether to convert personal information to an alternative format |
|
| Provision | Description | Delegated Authority |
|---|---|---|
| 18(2) | Decision to refuse to disclose personal information contained in an exempt bank |
|
| 19(1) | Decision to refuse to disclose personal information obtained in confidence |
|
| 19(2) | Authority to disclose personal information obtained in confidence |
|
| 20 | Refuse to disclose personal information that may be injurious to federal-provincial affairs |
|
| 21 | Refuse to disclose personal information that may be injurious to international affairs and defence |
|
| 22 | Refuse to disclose personal information prepared by an investigative body, information injurious to enforcement of a law, or information injurious to the security of penal institutions |
|
| 22.3 | Refuse to disclose personal information created for the Public Servants Disclosure Protection Act |
|
| 23 | Refuse to disclose personal information prepared by an investigative body for security clearance |
|
| 24 | Refuse to disclose personal information collected or obtained for individuals sentenced for an offence if conditions are met |
|
| 25 | Refuse to disclose personal information which could threaten the safety of individuals |
|
| 26 | Refuse to disclose personal information about other individuals |
|
| 27 | Refuse to disclose protected information – solicitors, advocates and notaries |
|
| 27.1 | Refuse to disclose protected information – patents and trademarks |
|
| 28 | Refuse to disclose personal information relating to an individual’s medical record |
|
| 31 | Receive notice of investigation by the Privacy Commissioner |
|
| 33(2) | Right to make representations to the Privacy Commissioner during an investigation |
|
| 35(1) | Receive Privacy Commissioner’s report of findings and give notice of action taken |
|
| 35(4) | Provide access to additional personal information to complainant as detailed in notice of action taken |
|
| 36(3) | Receive Privacy Commissioner’s report of findings of investigation and recommendations of exempt banks |
|
| 37(3) | Receive Privacy Commissioner’s report of findings and recommendations of compliance investigation |
|
| 51(2)(b) | Request that a court hearing, undertaken with respect to certain sections of the Act, be held in the National Capital Region |
|
| 51(3) | Request and be given right to make representations in section 51 hearings |
|
| 72(1) | Prepare annual report to Parliament |
|
| Provision | Description | Delegated Authority |
|---|---|---|
| 9 | Allow examination of the documents (Reading Room) |
|
| 11(2) | Notification of correction |
|
| 11(4) | Correction refused, notation placed on file |
|
| 13(1) | Disclosure to a medical practitioner or psychologist |
|
| 14 | Disclosure in the presence of a medical practitioner or psychologist |
|
- Date modified: