ARCHIVED - Privacy Act
Annual Report

WarningThis page has been archived.

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.



April 1, 2007 to March 31, 2008

Table of contents

Introduction

The Privacy Act (PA) came into force on July 1, 1983.

The PA extends to individuals the right to access information about them that is held by the government. This is however subject to specific and limited exceptions.

The PA also protects individuals= privacy by preventing others from accessing their personal information and by giving individuals substantial control over the collection, use and disclosure of personal information.

Section 72 of the PA requires that the head of every government institution submit yearly to Parliament an annual report on the administration of the Act within their institution.

This annual report describes how the Public Service Commission of Canada administered its Privacy Act responsibilities during fiscal year 2007-2008.

Part I — General Information on the Public Service Commission

Mission, Vision and Values - Striving for Excellence

The Public Service Commission (PSC) of Canada is dedicated to building a public service that strives for excellence. The PSC protects merit, non-partisanship, representativeness and, the use of both official languages.

The PSC safeguards the integrity of staffing in the public service and the political impartiality of public servants. It develops policies and guidance for public service managers and holds them accountable for their staffing decisions. The PSC conducts audits and investigations to confirm the effectiveness of the staffing system and to make improvements. As an independent agency, the PSC reports its results to Parliament.

The PSC recruits talented Canadians to the public service, drawn from across the country. It continually renews its recruitment services to meet the evolving needs of a modern and innovative public service.

Values Guiding the PSC's Actions

In serving Parliament and Canadians, the PSC is guided by and proudly adheres to the following organizational values:

  • Integrity in our actions;
  • Fairness in our decisions;
  • Respect in our relationships; and
  • Transparency in our communications.

Mandate and Strategic Outcome

Mandate

The mandate of the Commission is described in the Public Service Employment Act (PSEA).

The PSC is an independent agency reporting to Parliament, mandated to safeguard the integrity of the public service staffing system and the political impartiality of public servants. The PSC's mandate combines staffing-related authorities with oversight functions. The PSC also provides staffing and assessment services to help federal organizations meet the changing needs of the public service. Under the system of delegated authority provided by the Public Service Employment Act (PSEA), the independence of the PSC particularly with respect to its responsibility to oversee the integrity of the appointment system and preserve the non-partisanship of the public service is essential.

Under sections 11 and 12 of the PSEA, the PSC is responsible more specifically for:

  • appointing or providing for the appointment of persons to or from the public service;
  • conducting investigations and audits;
  • administering the provisions of the Act relating to political activities of employees and deputy heads; and
  • performing any other public service functions assigned by the Governor in Council.

Strategic Outcome

The PSC's strategic outcome has remained constant - to provide Canadians with a highly competent, non-partisan and representative public service, able to provide service in both official languages, in which appointments are based on the values of fairness, access, representativeness and transparency remains the same.

The PSC is a key player in strengthening and modernizing public sector management through its policy, oversight and service delivery roles.

The PSC also contributes to the Government of Canada's outcome of fostering a society that promotes linguistic duality and diversity, by ensuring that federal public service staffing policies protect merit, non-partisanship, representativeness and the use of both official languages.

Privacy Activities of the PSC

The Public Service Commission has a Departmental Coordinator of Privacy responsible and accountable for the development, coordination and implementation of effective policies, guidelines, systems and procedures to enable the efficient processing of requests under the Privacy Act.

The Coordinator is also responsible for related policies, systems and procedures emanating from the Act, such as the government's policy on information collection, Privacy Impact Assessments, data matching initiatives and public opinion researches.

The activities of the Coordinator include:

  • processing requests made under the Privacy Act;
  • acting as spokesperson for the PSC in dealings with the Treasury Board Secretariat, the Privacy Commissioner, and other government departments and agencies related to the Privacy Act;
  • responding to requests submitted by other federal institutions for PSC documents;
  • reviewing and approving information collection in accordance with the Government Policy on Information Collection and Public Opinion Research;
  • implementing and promoting the use of the Treasury Board Privacy Impact Assessment Policy;
  • preparing the annual report to Parliament and other statutory reports, as well as other material that may be required by central agencies;
  • developing policies, procedures and guidelines for the orderly implementation of the Privacy Act by the PSC;
  • promoting awareness to ensure the PSC's responsiveness to the obligations of the Privacy Act;
  • monitoring the PSC's compliance with the Privacy Act, regulations and relevant procedures and policies; and
  • providing, to PSC employees, advice and awareness sessions on the provisions of the Privacy Act and Treasury Board policies and their impact on various program initiatives.

Part II — Report on the Privacy Act

Highlights

Requests received

The number of requests received under the Privacy Act has decreased in the last year. From April 1, 2007 to March 31, 2008, the Public Service Commission (PSC) received 30 requests while the previous year, in 2006-2007, it received 36 requests.

Although the number of requests was smaller, the number of pages of information reviewed was much larger: 7,000 pages in 2007-2008 versus 5,000 pages the previous year.  There were also five (5) requests from 2006-2007 that were carried over and completed during this reporting period.

Requests completed

This year, 33 requests were completed. They covered a range of topics:

  • 5 requests (15%) pertained to staffing-related activities. For the most part, these requests were from individuals seeking personal information contained in competition and priority administration files, or regarding test results obtained during the assessment part of a competition.
  • 5 requests (15%) were from individuals seeking information contained in investigation and appeal files held by the former Recourse Branch (now Investigations Branch).
  • 2 requests (6%) pertained to individuals seeking feedback regarding their Second Language Evaluation.
  • 9 requests (30%) were from individuals seeking information about themselves on various issues.
  • 12 requests (34%) were not processed by the PSC. The requests were either abandoned, transferred, or treated informally. In some cases, records were not found at the PSC as the staffing actions were handled by departments and agencies. The PSC is not responsible for staffing all positions in the public service.

The PSC carried over 2 requests from this reporting period into the next reporting period (2008-2009).

Completion time

Of the 33 requests completed during this reporting period:

  • 27 (82%) requests were completed within 30 days;
  • 6 (18%) requests were completed within 31 to 60 days;
  • 32 (96%) requests were completed within the prescribed legislative time period; and
  • 1 file was closed on day 31 (as opposed to day 30).

Consultations

  • Four (4) requests received at the PSC required consultation with other government departments.
  • Seven (7) requests initially addressed to other government institutions required consultation with the PSC. These related to recourse, investigation, competitive process and test results. The PSC  recommended:
    • full disclosure in four (4) cases;
    • a partial release for one (1) request related to test results;
    • did not provide any recommendation on one (1) request, since it related to another department; and
    • one (1) consultation request was carried over to 2008-2009.

Complaints

Four (4) complaints regarding requests addressed to the PSC were lodged with the Privacy Commissioner during this reporting period.

Specifically, one (1) individual complained that, in March 2006, the PSC provided his former employer with the results of his General Competency Test. The Privacy Commissioner is still investigating this issue.

The other three (3) complaints were from individuals objecting to the release of the findings of PSC's investigation reports in cases of fraud. Under section 19 of the Public Service Employment Regulations (public interest), the PSC intended to release the findings of the investigation and the names of the individuals appearing in these reports. The cases are pending and the information has yet to be released.

There were three (3) complaints closed during this reporting period:

  • In the first case, an individual alleged the PSC did not provide all the records related to his request. After extensive researches by the ATIP Office, the Access to Information Commissioner and Privacy Commissioners' Offices, it was established that the PSC did not have any other records and that the complaint was not founded.
  • The second complaint was made by an individual who was not allowed to keep a copy of the tapes of his second language evaluation tests. As prescribed by section 17 of the Privacy Act, candidates are welcome to listen to the tapes, under limited access rights. This individual was not satisfied with the limitations imposed and complained to the Privacy Commissioner. This complaint was deemed unfounded as the PSC did not refuse access, it simply limited the access to this information. Providing copies of the records to individuals to take away would jeopardise the test itself.
  • The third complaint was about the improper disclosure of personal information to another government department. This case was resolved during the Privacy Commissioner's investigation. As it was impossible to determine whether or not there was disclosure, the applicant agreed to consider the complaint settled.

At the end of this reporting period, there were still 13 active complaints before the Privacy Commissioner from previous years. Five (5) of which relate to the publication on the internet of PSC appeal board decisions which contain personal information. Several other institutions have received similar complaints regarding the posting on the internet of their own quasi-judicial board decisions.

Advice and Training

The ATIP Office continued to provide advice and training about the provisions of the Privacy legislation and it impact on PSC programs and initiatives.

  • Six (6) awareness sessions were provided to 76 employees from the Audit and Data Services Branch, the Investigations Branch, and the Executive Counselling Services of the Personnel Psychology Centre.
  • 140 individuals including PSC managers, public servants and members of the public consulted the office for advice on the provisions of the PA related to various PSC topics like political activities, the Public Service Employment Act and Regulations, investigations and recourse files. (Almost doubling the number of consultation requests made in previous years.)

Review of documents prior to release and project implementation

In 2006-2007, the ATIP Office started to review staffing audits and studies prepared by the Audit and Data Services Branch, prior to their release. This is to ensure that any decision by the PSC to release personal information found in the audit report is in the public interest and that Privacy Commissioner is informed, as per section 8(2)5) of the Privacy Act.

During the 2007-2008 reporting period, there was no personal information released. The ATIP Office reviewed four (4) audits. Three of them were on the staffing practices of various organizations: the Canadian Forces Grievance Board, the Office of the Correctional Investigator, and the Royal Canadian Mounted Police. The last audit was on the Movement of Public Servants Between the Federal Public Service and Ministers' Officers.

In 2007-2008, the ATIP Office also started reviewing Informatics Technology Project Initiation Forms to ensure the conduct of Privacy Impact Assessment (PIA) when required, and to add descriptions of Personal Information Bank (PIB) to InfoSource. This year, the ATIP Office reviewed 13 forms: 4 required a PIA and a PIB description (See the PIB and PIA sections of this Report).

The ATIP Office also reviewed and updated six PSC Privacy Notice Statements over the course of this reporting period.

Personal Information Banks (PIB) descriptions created and/or updated for InfoSource

This year, the ATIP Office worked on eleven (11) PIB descriptions on the following program activities and systems for the InfoSource publication:

  • Three (3) were for Staffing and Assessment Services Branch programs:
    1. Recruitment of Policy Leaders Program,
    2. Infotel Modernization Project, and
    3. the Personnel Psychology Centre's Assessment for Accommodations.
  • Two (2) were in the areas of Human Resources:
    1. E-my Career in Harmony with my Objectives (ECHO) system, and
    2. the Human Resources Management Information System (HRMIS).
  • Three (3) were for Investigations Branch activities:
    1. investigations,
    2. the Investigations Management Information System (IMIS), and
    3. other inquiry.
  • Lastly, three (3) were from the Policy Branch:
    1. Political Activities Monitoring Program, and modifications to two existing banks;
    2. the Official Languages Exclusion Approval Order (EAO) and
    3. the Leave of Absence and Permission to Seek Election bank description.

Of these eleven (11) PIBs, two (2) were sent to Treasury Board Secretariat for approval.

After informal consultations with the Privacy Commissioner and approval from the Executive Management Committee, updates to the existing Official Languages EAO PIB was abandoned. It was determined that the PSC would not make any changes to the current collection of information, its retention, and its use and disclosure.

The Exit Interview Program PIB, submitted to Treasury Board Secretariat in 2005, was approved and registered during this reporting period.

Eleven (11) PIBs were carried forward to 2008-2009.

The ATIP Office hired "PIA Consultants" this year to assist with the InfoSource update, the submission of PIBs, and to identify the collection of personal information within the PSC. The results of this last initiative will help the ATIP Office establish plans and priorities for upcoming years.

Disclosure under Section 8(2) of the Privacy Act

(Authorised disclosure of personal information without consent from the individual to whom the information relates to.)

Under section 8(2)a) (disclosure consistent with the collection of information) on matters directly related to sections 11 and 12 of the PSEA, the PSC routinely disclosed personal information when:

  • appointing, or providing for the appointment of, persons to or from the public service in accordance with the PSEA;
  • conducting investigations and audits in accordance with the PSEA;
  • administering the PSEA provisions relating to political activities of employees and deputy heads; and
  • performing functions related to the public service that have been assigned by the Governor in Council.

Under section 8(2)b) of the PA (in accordance with an act or regulation of Parliament which authorises the disclosure), the PSC also released personal information:

  • authorized in the context of the old PSEA (R.S.C., 1985, c. P-33), section 21(1) pertaining to appeal matters.
  • contained in its staff relations files to assist the Canadian Human Rights Tribunal in their investigation processes.
  • in accordance with section 19 of the Public Service Employment Regulations (under the public interest to disclose). In this case however, the proposed disclosure did not take place as initially planned. This request will be reported on next year.

Under section 8(2)e) (investigative body), the PSC received two requests from the Royal Canadian Mounted Police for disclosure of information. The PSC disclosed information in one case and the other one was abandoned by the RCMP.

Under section 8(2)m) (public interest) the PSC disclosed personal information to the Ottawa police for one of their case. In this case, notification was provided to the Office of the Privacy Commissioner as per section 8(5) of the Act.

Privacy Impact Assessments (PIA) and Preliminary Privacy Impact Assessments (PPIA)

Over the last three years, the ATIP Office has been developing a Privacy Impact Assessment (PIA) framework and an accompanying communications strategy. Last year, a PIA Advisory Committee was created. This committee is now helping with the development of the PSC guidelines on PIAs and will start reviewing PIA reports prior to their submission to the PSC President and to the Office of the Privacy Commissioner. The terms of reference for the Committee and the PSC guidelines will be completed in time for the implementation of the Treasury Board Secretariat PIA Directive in April 2009.

Statistics

  • Preliminary Privacy Impact Assessments initiated: 0
  • Preliminary Privacy Impact Assessments completed: 0
  • Privacy Impact Assessments initiated: 4
  • Privacy Impact Assessments completed: 4
  • Privacy Impact Assessments abandoned: 3
  • Privacy Impact Assessments sent to the Office of the Privacy Commissioner: 0

The four (4) PIAs' initiated during this fiscal year were:

  • Records Document Information Management System (RDIMS)
  • On Line Testing Facilities (OLTF)
  • Data warehouse Reporting Solutions Database for the Public Service Resourcing System (PSRS)
  • Political Activities Monitoring Program (PAMP).

The four (4) PIAs completed were:

  • Records Document Information Management System (RDIMS)
  • On Line Testing Facility (OLTF)
  • Data warehouse Reporting Solutions Database (RSDB) for the Public Service Resourcing System (PSRS)
  • E-my Career in Harmony with my Objectives (ECHO)

The three (3) PIAs' abandoned were:

  • a human resources system called "HRSG's iskillsSuite" (similar to the E-CHO system) for the Staffing and Assessment Services Branch;
  • a collection of "leading indicators" information from the Canada School of Public Service for the Audit, Studies and Evaluation Branch; and
  • the N-VIVO (B7) database for the Audit, Studies and Evaluation Branch

All (3) initiatives were abandoned by the program areas as it was determined that the collection of personal information was no longer necessary.

Although no PIAs were submitted to the Office of the Privacy Commissioner for this reporting period, the ATIP Office worked diligently with the program areas and has already submitted four (4) for the next fiscal year 2008-2009.

Here is a short description of the four (4) PSC programs for which PIAs were initiated and completed during the course of the reporting period.

The assessments and the results of the PIAs will not be available to the public, as required by Treasury Board PIA policy, until the PSC's PIA Communications Plan has been approved. To do so at the present time would compromise the vulnerability of certain programs and systems. Any Access to Information requests about these PIAs will be duly processed, at which time, the Office will determine which portions of the PIA can be made publicly available.

Privacy Impact Assessment Descriptions

Records Document Information Management System (RDIMS)

The Corporate Management Branch of the PSC hired a consultant to conduct an assessment of the RDIM System. It was completed in March 2008. The Threat Risk Assessment will be finalised next fiscal year and shared with the Privacy Commissioner as soon as the action plan is approved and completed.

RDIMS is an automated system approved by the Treasury Board of Canada and its Secretariat, established with the collaboration and support of Public Works and Government Services Canada as a common records management solution available to departments and agencies.

RDIMS manages records (electronic, paper or other format) by assigning a unique identifier number to each document. In addition, each document is assigned classification topics, supplemented by other bibliographic information. The multiple descriptors applied to a document facilitate its identification and access as a user may search using a single or multiple terms in combination.

It is designed to improve the GoC's Information Management Practices by electronically enabling consistent document management and records keeping, and improving the sharing of information across the Government of Canada.

On Line Testing Facility (OLTF) system

A Privacy Impact Assessment (PIA) was conducted on the original system in 2003; however, since the original PIA was never provided to the Privacy Commissioner and the system has since gone through significant changes, it was determined that another PIA should be conducted.

The Staffing and Assessment Services Branch hired the services of a consultant and updated the original PIA. The Threat Risk Assessment is almost completed, and the ATIP office will be able to share the findings with the Privacy Commissioner as soon as the action plan has been completed and approved.

The Online Testing Facility (OLTF) allows test-takers to complete a PSC test on a secured line in proctored approved PSC and departmental settings. Once the test is completed, the results are sent to the PSC's Test Scoring and Results Reporting System (TSRR). No tests or test results reside on departmental or PSC computers. They reside in the TSRR database as do all other PSC test results.

PSRS data warehouse Reporting Solutions Database (RSDB)

The Staffing and Assessment Services Branch hired the services of a consultant to conduct the Privacy Impact Assessment. It was completed in February 2008. A Threat Risk Assessment was also conducted in 2007-2008 and has been completed. Once the action plan is finalized and approved, the ATIP Office will submit it to the Privacy Commissioner.

The PSRS data warehouse RSDB is a business intelligence implementation tool that will ultimately provide public service management information to users through a single web interface. The purpose is to provide consolidated reporting, analysing and displaying data to improve strategic planning and decision making. The initial implementation will be built with data from the Public Service Resourcing System (PSRS), which contains personal information on individuals from outside the Public Service who are applying for employment within the federal civil service. Potentially, all systems will eventually supply data to the RSDB.

Political Activities Monitoring Program (PAMP)

Policy Branch is the first PSC program to develop a Privacy Impact Assessment (PIA) under the guidance of the ATIP Office. The PIA is nearly completed and will be ready for submission to the Privacy Commissioner when the action plan is completed and approved.

Under the Public Service Employment Act (PSEA) that came into force on December 31, 2005, the PSC has a key role to play in safeguarding the political impartiality of the public service. This responsibility stems from the PSC's mandate and the specific responsibilities assigned to it under Part 7 of the PSEA on political activities of public servants.

One of the PSC two core values is non-partisanship. This means that appointments and promotions to and within the public service are made free from political influence.

Employees have the right to engage in political activities, while maintaining the principle of political impartiality in the public service. The political activity of employees must not impair, or be perceived as impairing their ability to perform their duties in a politically impartial manner. Political activity is described as; a) any activity in support of, within or in opposition to a political party; b) any activity in support of or in opposition to a candidate, and c) seeking to be a candidate in an election.

Under the PSEA, the PSC is responsible for; a) overseeing public servants' involvement in political activities including granting permission and leave for candidacy in federal provincial, territorial, and municipal elections; b) providing guidance with respect to involvement in political activities; c) investigating inappropriate involvement of a public servant in political activities; and d) taking corrective action when the allegations are founded.

In order to fulfill its responsibilities, the PSC has developed and is validating a comprehensive approach to monitor the state of political impartiality of the federal public service. One of the PSC's approaches is to monitor the level of compliance of public servants with the obligation under Part 7 of the PSEA, to request and obtain the permission from the PSC before seeking nomination as or being a candidate in federal, provincial territorial and municipal elections.

E-CHO

The Corporate Management Branch hired a consultant to conduct a Privacy Impact Assessment (PIA) on the E-CHO Human Resources system. The PIA was conducted during the fiscal year 2007-2008. This assessment was submitted to the Office of the Privacy Commissioner at the beginning of the year 2008-2009 along with the Threat Risk Assessment report.

E-CHO is an electronic tool that is considered the authoritative source of personnel accomplishments and professional profiles at the PSC. This bank contains information captured or viewed via the E-CHO web application and is connected to the HRMIS (Human Resources Management System B ref PSE 901), which is the key source of HR information.

The purpose of E-CHO is to provide the organization with information about its employees that is not usually readily available. This information is really important for human resources planning activities.

For example, E-CHO provides easy and fast access to information which can be used to offer assignment opportunities. It can also be a tool for employees to promote their skills, competencies and career objectives. Their records may contain information about employment outside the organization, education, professional and personal accomplishments, competencies and career objectives.

The tool can also be used to support and document decisions relating to the overall succession and operational planning of the organization and it can also enhance performance discussions between employees and their supervisor. It allows for a better alignment of employee's objectives with their learning plans.

The ATIP Office is working on four other activities requiring PIAs. These are:

  • the Investigations Management Information System (IMIS);
  • the Peoplesoft human resources application;
  • the Personnel Psychology Centre's Accommodations Testing, and
  • the Public Service Resourcing System (PSRS).

Appendix - Statistical Report

Statistical Report on the disposition of complaints by category

Complaints processed

  • Received during 2007-08: 4
  • Closed during 2007-08: 3
  • Carried forward to 2008-09: 13

Complaints received for:

  • Collection/Retention/Use/Disposal/Disclosure: 4
  • Delays: 0
  • Non-disclosure/exemptions/missing records: 0

Closed

  • Settled after investigation
    • Collection/Retention/Use/Disposal/Disclosure: 1
    • Delays: 0
    • Non-disclosure/exemptions/missing records: 0
  • Resolved
    • Collection/Retention/Use/Disposal/Disclosure: 0
    • Delays: 0
    • Non-disclosure/exemptions/missing records: 0
  • Withdrawn
    • Collection/Retention/Use/Disposal/Disclosure: 0
    • Delays: 0
    • Non-disclosure/exemptions/missing records: 0
  • Founded
    • Collection/Retention/Use/Disposal/Disclosure: 0
    • Delays: 0
    • Non-disclosure/exemptions/missing records: 0
  • Unfounded
    • Collection/Retention/Use/Disposal/Disclosure: 0
    • Delays: 0
    • Non-disclosure/exemptions/missing records: 2