2008-2009 Statistical Report on the Privacy Act

Supplemental Reporting Requirements Privacy Act

Supplemental Reporting Requirements Privacy Act

Exigences en matière d’établissement de rapports supplémentaireLoi sur la protection des renseignements personnels

Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA) Policy (which came into effect on May 2, 2002) through a variety of means. Institutions are therefore required to report the following information for this reporting period. Indicate the number of: Preliminary Privacy Impact Assessments initiated: ____0___ Preliminary Privacy Impact Assessments completed: ___0___________ Privacy Impact Assessments initiated:___0____ Privacy Impact Assessments completed:___0____ Privacy Impact Assessments forwarded to the Office of the Privacy Commissioner (OPC): _______0________ If your institution did not undertake any of the activities noted above during the reporting period, this must be stated explicitly.

Le Secrétariat du Conseil du Trésor surveille la conformité à la Politique sur l'Évaluation des facteurs relatifs à la vie privée (ÉFVP) (qui est entrée en vigueur le 2 mai 2002) par divers moyens. Les institutions sont donc tenues de déclarer les renseignements suivants pour cette période de déclaration. Veuillez indiquer le nombre : d’évaluations préliminaires des facteurs relatifs à la vie privée amorcées : ____0____ d’évaluations préliminaires des facteurs relatifs à la vie privée achevées : _____0___ d’évaluations des facteurs relatifs à la vie privée amorcées :___0___ d’évaluations des facteurs relatifs à la vie privée achevées :_____0___ d’évaluations des facteurs relatifs à la vie privée acheminées au Commissariat à la protection de la vie privée (CPVP) : __0___ Si votre institution n’a pas entrepris l’une ou l’autre des activités susmentionnées durant la période de rapport, cela doit être mentionné de façon explicite.

top of page

Interpretation of the Statistical Report

1. Requests Received Under the Privacy Act
   
   Between April 1, 2008, and March 31, 2009, WD received two requests for personal information under the Privacy Act. Both requests were completed during the reporting period – one within the initial 30-day period, and one within 31-60 days.
   
   Both requests were from a WD employee. The individual had difficulty identifying whether information should be requested the Privacy Act or the Access to Information Act despite efforts to explain this. One request was disclosed in part, and there were no records found which meet the requirements of the second request, as it was the personal information of individuals other than the applicant.
2. Exemptions Invoked
   
   Sections 25 and 26 were invoked to protect information pertaining to the personal information of individuals other than the requestor on one occasion. All other information was released in its entirety.
3. Permissible Disclosure of Personal Information
   
   Personal information collected by WD in the course of its programs and activities is being disclosed only for the purpose for which it was collected in accordance with paragraph 8(2)(a) of the Privacy Act. During 2008-2009, WD did not disclose personal information for any other purposes as outlined in paragraphs 8(2)(e), (f) or (m).
4. Operational Costs to Administer the Act
   
   Total salary costs associated with the Privacy Act are estimated at $19,438 for 2008-2009. Other costs amounted to $9,020, for a total of $28,458, in comparison to only a total of $2,500 estimated in 2007-2008.
   
   This substantial increase in costs can be attributed to the nature of the requests received, other activities pertaining to internal privacy issues, work on Info Source requirements and staff training-related expenses.
   
   Associated employee resources for 2008-2009 are fixed at 15% of one full-time equivalent (FTE) for administering the Act.

top of page

Privacy Impact Assessments

In 2002, Treasury Board issued a policy that requires federal government institutions subject to the Privacy Act to conduct Privacy Impact Assessments (PIA) before establishing new programs, systems or policies, or before making any substantial modifications to an existing program, system or policy.

During this reporting period, WD did not initiate any Privacy Impact Assessments (PIA) and, therefore, no assessments were forwarded to the Office of the Privacy Commissioner.

In November 2008, the ATIP Officer met with TBS officials to discuss PIAs and to ensure that the Department met its requirements in this regard. Although new funding programs have been developed or managed on behalf of other government departments (such as various Infrastructure and community economic adjustment programs), the TBS official confirmed that PIAs were required when only new personal information was being collected by the Department.

Efforts are ongoing to ensure that privacy concerns are addressed when new programs and activities are being discussed in the Department.

To date, WD has not posted PPIA summaries on its institutional website.

Data Matching and Sharing Activities

WD did not establish any new systems or processes that led to data matching or sharing of personal information, either within the Department or any external sources.

The ATIP unit continues to review business processes as they are alerted to them and procedures established to track data matching activities that may occur in the Department or with external sources will be developed in the future.