Publications and Reports

Annual Report - Privacy Act

Table of contents

Privacy Act

Annual report
(April 1, 2016 to March 31, 2017)

Introduction

The Privacy Act protects the privacy of individuals with respect to personal information about themselves held by a government institution and provides individuals with a right of access to that information.

This report has been prepared and will be tabled in Parliament in accordance with Section 72 of the Privacy Act. The information contained in this report pertains to the administration of the Privacy Act within the Parks Canada Agency. 

The Parks Canada Agency’s mandate is to protect and present nationally significant examples of Canada’s natural and cultural heritage and to foster public understanding, appreciation and enjoyment in ways that ensure their ecological and commemorative integrity for present and future generations.  The Agency is responsible for 47 national parks, 171 national historic sites and 4 national marine conservation areas.  The Agency is highly decentralized with team members located across the country and often in remote areas.

Parks Canada’s Access to Information and Privacy Office coordinates all activities related to the legislation for the Agency.  It is comprised of six (6) full-time employees.  The Parks Canada Access to Information and Privacy Office has developed and continues to improve internal policies and procedures in order to meet its obligations in compliance with the Privacy Act, regulations and Treasury Board policies.

The following report presents an overview of activities carried out within the Agency during the reporting period of April 1, 2016 to March 31, 2017.

Statistical report - Privacy Act requests

The appended report (Appendix A) contains detailed statistics on the information requests processed under the Privacy Act.

Interpretation of the Statistical Report Privacy Act Requests

Between April 1, 2016 and March 31, 2017, six (6) formal information requests were received under the Privacy Act.  All requests were completed during the reporting period under review.

The two (2) requests that were completed resulted in the partial disclosure of the records.  The information that was exempted from disclosure was personal information pertaining to other individuals. 

The one (1) request included in the “no records exist” category concerned records that did not exist.

The one (1) request included in the “abandoned” category was received from an individual who did not respond to our correspondence.

Time limitations

During fiscal year 2016-2017, all requests were processed within the initial 30-day period.  

Costs

The costs reported in the statistical report are only those costs incurred for the processing of requests as the Privacy Act does not authorize the assessment of fees for the processing of requests for personal information.

Formal / Informal Interface

The Agency continues to provide the public with information on an informal basis.  Information is provided only when the Agency is satisfied that the information requested concerns the individual requesting it or where at least one of the conditions outlined in subsection 8(2) of the Act is met.

 In addition to the above, the ATIP Office also reviews human resources investigation reports and requests for strategic advice dealing with human resource issues.

Complaints / Investigations

No complaints were filed with the Office of the Privacy Commissioner of Canada during the reporting period under review.

Consultations Received from Other Institutions and Organizations

Between April 1, 2016 to March 31, 2017, the Agency did not receive any consultations under the Privacy Act.  No consultations were carried forward from the previous reporting period.  No consultations were carried forward to the next reporting period.

Exempt Banks

The Agency maintains no exempts banks.

Administrative Practices

Delegation of Authority

In 2016-2017, decision-making responsibility for the application of the various provisions of the Privacy Act is fully delegated to the Vice-President, External Relations and Visitor Experience Directorate and the Agency’s Access to Information Coordinator. The Agency continues to ensure that only those with the properly delegated authorities have an ability to have an impact on the disclosure process.

Procedures

The ATIP Office acts as a central coordinating point for the processing of information requests received under the Privacy Act.  As such, it maintains data banks and keeps statistical records on requests processed.  Requests are received by the ATIP Office and forwarded to the appropriate Program for retrieval of the requested records. Program officials retrieve the records and prepare preliminary recommendations concerning their disclosure.  These recommendations are reviewed by the ATIP Office.  It assesses the application of the Act and prepares the records for disclosure.

The ATIP Office does not presently monitor the time required to process privacy requests.  Additional reporting mechanisms are being planned in the next reporting period.

Training sessions

In order to support privacy as an Agency priority, the Agency has developed a mandatory training program consisting of a two-phased approach.  The first phase requires that Agency employees take the free online course on privacy from the School of the Public Service. The School has reported that over 1,300 employees have taken the online course in 2016-2017.  The second phase consists of a one and half day formal instructor-led course for employees that are regularly involved in privacy requests.  In 2016-2017, eight (8) sessions were given to Agency employees.  In total, ninety-seven (97) employees attended these sessions.  The Agency officials who have not completed the second phase of the program will be required to do so in the next reporting period. 

To ensure that all employees of the Agency are aware of the legislation and their obligations, general awareness sessions are also given periodically to provide basic information on the provisions of the Privacy Act.

Privacy Impact Assessments

Between April 1, 2016 and March 31, 2017, seven (7) privacy impact assessments were initiated.  These assessments are still underway.

Privacy Breaches

There were no material privacy breaches reported during the period under review.

Disclosure of personal information pursuant to 8(2)(e) of the Privacy Act

There was one (1) disclosure of personal information made during the reporting period under review.

Disclosure of personal information pursuant to 8(2)(m) of the Privacy Act

There were no disclosures of personal information made during the reporting period under review.

Data Matching Activities

There were no data matching activities during the reporting period under review.

Privacy Gap Assessment

The Agency is presently reviewing its Privacy Gap Assessment of all personal information holdings within the Agency which was completed in 2016-2017. The Assessment will assist in determining gaps with regards to non-compliance and will assist in establishing a national approach to streamlining the work that is being done nationally.  Results of the Assessment will determine the necessity for privacy impact assessments and personal information banks in accordance with federal government policies and directives.