2010–11 Annual Report on the Privacy Act
Table of Contents
- 1) Introduction
- 2) How Requests Were Processed Under the Act
- 3) Complaints and Investigations
- 4) Court Cases
- 5) Other Reporting Requirements Under the Act
- Appendix A: Statistical Report
- Appendix B: Delegation Order
The Privacy Act gives Canadian citizens, as well as individuals present in Canada, the right to access personal information about themselves held by the Government. The Act also protects the privacy of individuals by setting out parameters in relation to the collection, use and disclosure of personal information held by federal government institutions.
Section 72 of the Act requires the heads of all federal government institutions to submit a report to Parliament on their institutions’ administration of the Act each fiscal year. This report describes how the Canadian Food Inspection Agency (CFIA) administered the Privacy Act for fiscal year 2010–11; the report was prepared in accordance with the reporting requirements outlined by Treasury Board Secretariat.
About the Canadian Food Inspection Agency
The CFIA is the largest science-based regulatory agency in Canada. It has more than 7500 professionals working in the National Capital Region (NCR), in the four operational Areas (Atlantic, Quebec, Ontario and the West) and across Canada. The CFIA is dedicated to safeguarding food, animals and plants, which contributes to a safe and accessible food supply and plant and animal resource base, thereby enhancing the health and well-being of Canada’s people, environment and economy.
The CFIA’s activities help protect Canadian and international food consumers, Canadian agricultural production (including forestry) and our environment. This benefits all people in the agriculture-food continuum, such as farmers, fishers, foresters, processors and distributors (including importers and exporters), and consumers.
The CFIA is responsible for administering and enforcing 13 federal statutes and 38 regulations that govern the safety and labelling of food sold in Canada and that support a sustainable plant and animal resource base. The CFIA shares many areas of responsibility with other federal departments and agencies; with provincial, territorial and municipal authorities; and with other stakeholders.
Within a complex operating environment, the Agency works with its partners to implement food safety measures; to manage food, animal and plant risks and emergencies; and to promote the development of food safety and disease-control systems to maintain the safety of Canada’s high-quality agriculture, aquaculture and fisheries, and agri-food products. The Agency’s activities include verifying domestic and foreign industry compliance; registering and inspecting establishments; testing food, animals, plants and their related products; and approving the use of many agricultural inputs.
The CFIA is led by its President, who reports to the Minister of Agriculture and Agri-Food.
The Agency is structured so that all branch heads have specific accountabilities that contribute to achieving each of the CFIA’s strategic objectives.
With its headquarters in the NCR, the CFIA is organized into four operational Areas (Atlantic, Quebec, Ontario and the West) that are subdivided into 18 regional offices, 185 field offices (including border points of entry) and 408 offices in non-governmental establishments (such as processing facilities). The Agency also works in 14 laboratories that provide scientific advice, develop new technologies, provide testing services and conduct research.
Administration of the Act
The administration of the Privacy Act is the primary responsibility of the Access to Information and Privacy (ATIP) Office of Corporate Secretariat Branch. The ATIP Office processes all requests for information and coordinates all activities related to the Act, associated regulations, directives and guidelines. The ATIP Office is headed by a manager who reports to the Director of Executive Support and Coordination Directorate. As of March 31, 2011, there were nine full-time employees and several experts external to government working in the ATIP Office.
An estimated $77 225.00 in salary costs and $155 766.00 in operating costs were incurred by the ATIP Office to administer the Privacy Act for the reporting period. These costs do not include resources expended by CFIA program areas to meet the requirements of the Act.
Staff Training and Awareness
The ATIP Office provided 51 training sessions to 804 employees in the NCR during the 2010–11 fiscal year. ATIP officials also participated in 6 CFIA orientation sessions targeted at new employees. Approximately 188 employees received ATIP training during these sessions. Overall, 992 employees received ATIP training during 2010–11.
Policies, Guidelines and Procedures
The CFIA is continuing to implement a set of process improvements for ATIP in order to provide greater oversight and accountability. This multi-year endeavour is based on government-wide best practices, but also takes into account the CFIA’s priorities and environment. The enhanced procedures provide a more focused approach to the tasking of ATIP requests at the Agency.
2) How Requests Were Processed Under the Act
In recent years, there has been a growing interest in the CFIA’s information holdings, resulting in a significant increase in the volume, size and complexity of ATIP requests. This growth, accelerated by certain high-profile incidents, led to delays in the release of requested information. Processing of requests is also contingent on external factors, such as required consultations with other parties and the volume of records.
The CFIA received 63 new requests under the Privacy Act between April 1, 2010, and March 31, 2011. There were 14 outstanding requests from the previous year, bringing the total to 77 requests that required processing. Of this total, 57 were completed during the reporting period and 20 were carried forward to 2011–12. This represents an increase of 48 requests (533%) processed over last year, in which 9 requests were completed. A total of 18 209 pages were reviewed and 4841 were released pursuant to Act.
The following chart depicts the cycle of privacy requests at the CFIA for the last 5 years:
Privacy Requests 2006-2007 to 2010-11
The ATIP Office also processed 83 informal requests for personal information during 2010–11. This is an increase of 23 requests (38%) over last year, in which 60 informal requests were completed.
The CFIA is continuing to implement measures initiated in 2009–10 over the coming year, in line with Agency priorities and available resources, to ensure ongoing capacity to meet its obligations under the Privacy Act. Among the ongoing initiatives that the CFIA is pursuing is the hiring of additional resources, reducing delays in the release of requested information and streamlining the Agency’s overall ATIP process.
There were no consultations received from other institutions during the reporting period.
Completion Times and Extensions
The 57 requests completed in 2010–11 were processed in the following time frames:
- 25 within 30 days or less (44%);
- 12 within 31 to 60 days (21%);
- 11 within 61 to 120 days (19%); and
- 9 within 121 days or over (16%).
Completion Times 2010-2011
Disposition of Completed Requests
The following represents the disposition of completed requests:
- 4 were fully disclosed (7%);
- 46 were partially disclosed (81%);
- 6 could not be processed (10%); and
- 1 was abandoned (2%).
All requesters received copies of the requested information as opposed to reviewing the information on site.
Exemptions and Exclusions
The CFIA invoked exemptions pursuant to the Act a total of 46 times. The exemptions were invoked as follows:
- 3 instances for information concerning law enforcement and investigations (s. 22);
- 36 for personal information (s. 26);
- 6 for solicitor-client privilege (s. 27); and
- 1 for medical records (s. 28).
The Agency did not exclude any information under the Act.
3) Complaints and Investigations
The Agency received 7 new complaints from the Office of the Privacy Commissioner in 2010–11. The reasons cited for the new complaints are as follows:
- 5 concerned delays in the release of information;
- 1 concerned the extension of time limits; and
- 1 concerned the exemption of information.
During the 2010–11 fiscal year, 8 complaints were completed and the conclusions were as follows:
- 2 complaints were resolved and deemed not well-founded; and
- 6 complaints were resolved and deemed well-founded, mostly due to delays in the release of the requested information.
4) Court Cases
There were no applications filed with the Federal Court of Canada for the 2010–11 fiscal year.
5) Other Reporting Requirements Under the Act
Privacy Impact Assessments
There were no Privacy Impact Assessments completed during the reporting period.
Disclosures Under Section 8.(2)(m) of the Act
There were no disclosures made pursuant to section 8.(2)(m) of the Privacy Act during the 2010–11 fiscal year.
Data Matching and Sharing Activities
There were no data matching or sharing activities undertaken during the reporting period.
The CFIA has no exempt personal information banks.
Appendix A: Statistical Report
Preliminary Privacy Impact Assessments initiated: 0
Preliminary Privacy Impact Assessments completed: 0
Privacy Impact Assessments initiated: 1
Privacy Impact Assessments completed: 0
Privacy Impact Assessments forwarded to the Office of the Privacy Commissioner: 0
Part III—Exemptions invoked
Subsection 19.(1)(e) : 0
Subsection 19.(1)(f) : 0
Subsection 22.1 : 0
Subsection 22.2 : 0
Subsection 22.3 : 0
Part IV—Exclusions cited
Subsection 69.1 : 0
Subsection 70.1 : 0
Appendix B: Delegation Order
Privacy Act Delegation Order
The President of the Canadian Food Inspection Agency pursuant to section 73 of the Privacy Act (Act), hereby delegates the persons holding the positions set out in the Schedule annexed hereto to exercise the powers and perform the duties and functions of the President as the head of the government institution under the sections of the Act as set out in the Schedule.
Canadian Food Inspection Agency Delegation Schedule
|Sections||Powers, Duties and Functions||Positions/Titles |
Team Leader ATIP
|8(2)(j)||To disclose personal information for research or statistical purposes||X||-||-|
|8(2)(m)||To disclose personal information in the public interest or if disclosure would benefit an individual||X||-||-|
|8(4)||To retain a copy of every request made by investigative bodies and a record of any information disclosed and, on request, make them available to the Privacy Commissioner||X||X||X|
|8(5)||To notify the Privacy Commissioner of any disclosure of personal information made in the public interest||X||X||-|
|9(1)||To retain a record of use of personal information contained in a personal information bank or any use or purpose for which that information is disclosed where the use or purpose is not included in the statements of uses and purposes and to attach the record to the personal information||X||X||-|
|9(4)||To notify the Privacy Commissioner of consistent use of personal information and to update the index||X||X||-|
|10||To include personal information in personal information banks||X||X||-|
|14||To give notice to the applicant of a request and provide access to the personal information||X||X||-|
To extend the time limit and to give notice to the applicant
|17(2)(b)||To determine the necessity for translation or interpretation of record||X||X||-|
|17(3)(b)||To determine the necessity for giving access to the record in an alternative format and to cause the personal information to be converted||X||X||-|
|18(2)||To refuse to disclose any personal information contained in a personal information bank designated as an exempt bank||X||X||-|
|19(1)||To refuse disclosure of personal information that includes information obtained in confidence from another government, an organization or an institution||X||X||-|
|19(2)||To disclose personal information if the government, organization or institution from which the information was obtained either consent to its disclosure or makes it public||X||X||-|
|20||To refuse disclosure of personal information re: federal-provincial affairs.||X||X||-|
|21||To refuse disclosure of personal information re: international affairs and defence.||X||X||-|
|22||To refuse disclosure of the personal information re: law enforcement, investigations, security and policing services||X||X||-|
|22.3||To refuse disclosure of the personal information re: Public Servants Disclosure Protection Act||X||X||-|
|23||To refuse disclosure of personal information re: security clearances.||X||X||-|
|24||To refuse disclosure disclosure of personal information re: individuals sentenced for an offence||X||X||-|
|25||To refuse to disclose personal information re: safety of individuals||X||X||-|
|26||To refuse disclosure of personal information about another individual and prohibited under section 8 of the Act||X||X||-|
|27||To refuse disclosure of personal information subject to solicitor-client privilege||X||X||-|
|28||To refuse disclosure of personal information re: medical records||X||X||-|
|31||To receive notice of intention to investigate from the Privacy Commissioner||X||X||-|
|33(2)||To make representations to the Privacy Commissioner during an investigation of a complaint||X||X||X|
|35(1)||To receive a report from the Privacy Commissioner and to respond to his/her recommendations||X||X||-|
|35(4)||To provide a complainant access to personal information pursuant to the Privacy Commissioner’s recommendations||X||X||-|
|36(3)||To receive from the Privacy Commissioner a report containing findings of investigation and recommendations and to respond to his/her recommendations||X||X||-|
|37(3)||To receive from the Privacy Commissioner a report containing findings of an investigation and recommendations||X||X||-|
|51(2)(b)||To request that section 51 hearing be held in the National Capital Region||X||X||-|
|51(3)||To Request and be given the opportunity to make representation in s.51 hearings||X||X||-|
|72(1)||To prepare an annual report to Parliament||X||X||-|
- Analyst ATIP
- Analyst, Access to Information and Privacy
- Manager ATIP
- Manager, Access to Information and Privacy
- Team Leader
- Team Leader, Access to Information and Privacy
X Authority has been delegated
- Authority has not been delegated
- Date modified: