April 1, 2009 to March 31, 2010
Table of contents
- Part I — General information on the Public Service Commission
- Part II — Report on the Privacy Act
- 1. Organization of delegation and activities
- 2. Summary of Access to Information and Privacy Office activities
- 2.1 Development of a Privacy Management Framework
- 2.2 Management Accountability Framework
- 2.3 Internal Advice and training
- 2.4 New tracking system and imaging software
- 2.5 Collection, use and disclosure of personal information
- 3. Statistical report: interpretation
- 3.1 Requests under the Act
- 3.2 Nature of requests
- 3.3 Inter-organizational consultations
- 3.4 Informal review of information
- 3.5 Disposition of requests completed
- 3.6 Exemptions invoked
- 3.7 Exclusions invoked
- 3.8 Extension of time limits
- 3.9 Completion time
- 3.10 Translations
- 3.11 Method of access
- 3.12 Corrections and notations
- 3.13 Costs
- 4. Complaints
- 5. Privacy Impact Assessments
- Appendix A – Delegation Instrument
- Appendix B — Historical Comparisons
- Appendix C – 2009-2010 Annual Privacy Act Statistical Report
- Appendix D — Additional Reporting Requirements
The Privacy Act (R.S., 1985, c. P-21) was proclaimed on July 1, 1983.
The Privacy Act (the “Act”) extends to individuals the right to access information about them that is held by the government. This is, however, subject to specific and limited exceptions.
The Act also protects individuals' privacy by preventing others from accessing their personal information and by giving individuals substantial control over the collection, use and disclosure of personal information.
Section 72 of the Act requires that the head of every federal government institution shall prepare an Annual Report, for submission to Parliament, on the administration of the Act within the institution during each fiscal year.
This Annual Report provides a summary of the management and administration of the Privacy Act within the Public Service Commission of Canada (PSC) for the fiscal year 2009-2010.
Additional copies of this report can be obtained by writing to:
Access to Information and Privacy Office
Public Service Commission of Canada
300 Laurier Avenue West
Or by communicating with us via e-mail:
Or by calling:
The PSC's Privacy Act Annual Report is also available on the PSC Web site.
Part I — General information on the Public Service Commission
1.1 Mission, vision and values — striving for excellence
The Public Service Commission (PSC) of Canada is dedicated to building a public service that strives for excellence. The PSC protects merit, non-partisanship, representativeness and the use of both official languages.
The PSC safeguards the integrity of staffing in the public service and the political impartiality of public servants. It develops policies and guidance for public service managers and holds them accountable for their staffing decisions. The PSC conducts audits and investigations to confirm the effectiveness of the staffing system and to make improvements. As an independent agency, the PSC reports its results to Parliament.
The PSC recruits talented Canadians to the public service. It continually renews its recruitment services to meet the evolving needs of a modern and innovative public service.
1.2 Values guiding the Public Service Commission's actions
In serving Parliament and Canadians, the PSC is guided by and proudly adheres to the following organizational values:
- Integrity in our actions;
- Fairness in our decisions;
- Respect in our relationships; and
- Transparency in our communications.
On behalf of Parliament, the PSC safeguards the integrity of staffing and the non-partisan nature of the public service. In this respect, the PSC works closely with government but is independent from ministerial direction and is accountable to Parliament. The PSC's mandate is threefold.
First, the PSC is mandated to appoint, or provide for the appointment of, persons to or from within the public service. The PSC provides staffing and assessment functions and services to support staffing in the public service.
Second, the PSC is mandated to oversee the integrity of the staffing system and ensure non-partisanship. This oversight role includes maintaining and interpreting data on the public service, carrying out audits that provide assurance and make recommendations for improvements and conducting investigations that can lead to corrective action in the case of errors or problems.
Third, the PSC is mandated to administer provisions of the Public Service Employment Act (PSEA) related to the political activities of employees and deputy heads.
1.4 Public Service Commission's strategic outcome and Program Activity Architecture
In order to effectively pursue its mandate, the PSC aims to achieve the following strategic outcome. The chart below illustrates the PSC's complete framework of program and activities and program sub-activities that contribute to the achievement of the PSC's strategic outcome.
|Strategic Outcome||Program Activities||Program
|To provide Canadians with a highly competent, non-partisan and representative public service, able to provide service in both official languages, in which appointments are based on the values of access, fairness, transparency and representativeness||1.1.0 Appointment Integrity and Political Neutrality||1.1.1 Policy, Regulation and Exclusion Approval Orders
1.1.2 Delegated Appointment Authorities
1.1.3 Non-delegated Authorities
1.1.4 Political Activities
|1.2.0 Oversight of Integrity of Staffing and Political Neutrality||1.2.1 Monitoring
1.2.2 Audit, Evaluation and Studies
|1.3.0 Staffing Services and Assessment||1.3.1 Staffing Service
|2.1.0 Internal Services
(These services contribute to all program activities.)
|2.1.1 Governance and Management Support
2.1.2 Resource Management Services
2.1.3 Asset Management Services
Program Activity 1.1.0 – Appointment Integrity and Political Neutrality
The Appointment Integrity and Political Neutrality activity develops and maintains a policy and regulatory framework for safeguarding the integrity of public service staffing and ensuring political neutrality. This activity includes establishing policies and standards, providing advice, interpretation and guidance, administering delegated and non-delegated authorities and allowing exceptions, as appropriate.
Program Activity 1.2.0 – Oversight of Integrity of Staffing and Political Neutrality
The Oversight of Integrity of Staffing and Political Neutrality activity provides an accountability regime for implementing the appointment policy and regulatory framework for safeguarding the integrity of public service staffing and ensuring political neutrality. This activity includes monitoring departments' and agencies' compliance with legislative requirements, conducting audits, studies and evaluations, carrying out investigations and reporting to Parliament on the integrity of public service staffing.
Program Activity 1.3.0 – Staffing Assessment and Services
The Staffing Assessment and Services activity develops and maintains systems that link Canadians and public servants seeking employment opportunities in the federal public service with hiring departments and agencies. It provides assessment-related products and services in the form of research and development, consultation, assessment operations and counseling for use in recruitment, selection and development throughout the federal public service. This activity also includes delivering staffing services, programs and products to departments and agencies, and to all Canadians, through client service units located across Canada.
Program Activity 2.1.0 – Internal Services
The Internal Services program activity develops and monitors corporate management planning frameworks and policies related to the Management Accountability Framework, finance, human resources management, information technology, communications and other administrative and support services; provides central services and systems in support of all PSC programs, including the offices of the President and Commissioners and formulates and implements policies, plans, guidelines, standards, processes and procedures to support the decision-making processes of the Commission.
Part II: Report on the Privacy Act
1. Organization of delegation and activities
1.1 Delegation Order
Under section 3 of the Privacy Act (the “Act”), the President of the Commission is designated as the head of the government institution for purposes of the administration of the Act.
Pursuant to section 73 of the Act, deputy heads may delegate any of their powers, duties or functions under the Act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head specified in the order.
Within the Public Service Commission (PSC), this delegation instrument continues to be based on a centralized process with the Secretary General, Commission Secretariat, who is also the PSC's Access to Information and Privacy (ATIP) Coordinator, having full delegated authority under the Act. An excerpt of the Delegation of Authority approved by the President is enclosed at Appendix A.
1.2 The Access to Information and Privacy Coordinator
The PSC has a single ATIP Coordinator who is responsible and accountable for the development, coordination and implementation of effective policies, guidelines, systems and procedures to enable the efficient processing of requests under the Act.
The Coordinator is also responsible for related policies, systems and procedures emanating from the Act, such as the government's policy on information collection and Public Opinion Research.
The activities of the Coordinator include:
- Processing requests made under the Act;
- Acting as spokesperson for the PSC in dealings with the Treasury Board Secretariat (TBS), the Office of the Privacy Commissioner and other government departments and agencies on matters related to the Act;
- Responding to consultation requests submitted by other federal institutions for PSC documents;
- Reviewing and approving information collection in accordance with the Government Policy on Information Collection and Public Opinion Research;
- Preparing the annual report to Parliament and other statutory reports, as well as other material that may be required by central agencies;
- Developing policies, procedures and guidelines for the orderly implementation of the Act by the PSC;
- Promoting awareness to ensure the PSC's responsiveness to the obligations of the Act;
- Monitoring the PSC's compliance with the Act, regulations and relevant procedures and policies; and
- Providing advice and awareness sessions to PSC employees on the provisions of the Act and TBS policies and their impact on various program initiatives.
1.3 The Access to Information and Privacy Office
The Access to Information and Privacy (ATIP) Office administers the provisions of the Act on behalf of the PSC. The Manager of the ATIP Office reports to the ATIP Coordinator, who, in turn, reports to the President of the PSC. The ATIP Office operates with two analysts to manage the requests received within the PSC.
The analysts are responsible for processing Privacy Act requests, consultations and complaints. One analyst is also dedicated to continuing the re-alignment of the PSC's Info Source chapter.
Overseeing this team, and reporting to the ATIP Coordinator and to the PSC's Vice-President, Legal Affairs Branch, is the ATIP Manager who is also counsel at the PSC's Legal Services. In addition to providing legal advice and guidance to the ATIP Office on all issues related to the application of the Act, the ATIP Manager/Counsel and the PSC's Legal Services, in general, assist OPIs within the PSC in the delivery of their program and activities having a Privacy Act component.
2. Summary of Access to Information and Privacy Office activities
2.1 Development of a Privacy Management Framework
In recognition of the importance of privacy, the PSC is developing a Privacy Management Framework (PMF). In keeping with the fundamentals of privacy, the objective of the PMF is to outline the way in which the PSC structures itself through policies and procedures to distribute privacy responsibilities, coordinate privacy work, manage privacy risks and ensure compliance with the both the Access to Information and Privacy Acts. The development and approval of the PMF is an ongoing initiative that will be carried on during the 2010-2011 reporting period and reported upon at a later date.
One of the initiatives of the PMF was the adoption of the ATIP Process and Compliance Manual, to standardize the work procedures used by staff and to facilitate the training of new hires. The ATIP Office is also developing procedures to complement the functionality of the electronic ATIP tracking system.
2.2 Management Accountability Framework
The PSC is committed to the continuous improvement of its management fundamentals and has used the results of the most recent Management Accountability Framework (MAF) assessment as a benchmark. As part of the MAF, the Info Source introduction has been updated to reflect the PSC's Program Activity Architecture (PAA).
The PSC has extensively reviewed its Info Source chapter and followed the TBS requirements and careful attention was paid to ensure the PSC complied with the instructions of the 2010 Implementation Report. Over the course of the next year the PSC will be renewing its Info Source chapter to align the classes of records and personal information banks to reflect the PSC's updated PAA.
2.3 Internal Advice and training
In addition to processing Access to Information Act and Privacy Act requests, the ATIP Office provides general advice to PSC managers and employees regarding a variety of issues and questions related to both Acts.
The ATIP Office also responds to questions from PSC employees and managers regarding the application of various policies and practices related to access to information and privacy.
In addition the ATIP Office is involved in numerous PSC initiatives such as:
- Providing advice on project initiation forms such as Threat and Risk Assessments, Statement of Sensitivity, and Risk Analysis and Impact Documents;
- Answering questions related to the protection of personal information in MOUs, Information Sharing Agreements, and Contracts;
- Assisting program areas in drafting of Privacy Notice Statements;
- Reviewing audit reports and other documents prior to publication to ensure that personal information is released in accordance with the Privacy Act.
The ATIP Office Manager is also member of PSC Working Groups and Working Group Sub-Committees and offers advice related to privacy and protection of personal information.
The ATIP Office provided general training on the provisions of the Access to Information Act and the Privacy Act and their impact on PSC programs and initiatives.
The ATIP Office also participated in eight orientation sessions where information was provided to approximately 146 new PSC employees regarding obligations under the both Acts. During the reporting period, five general information sessions on ATIP legislative and policy requirements were given to approximately 100 employees of the PSC.
2.4 New tracking system and imaging software
During the reporting period, the ATIP office replaced the ATIPflow tracking system with the new AccessPro Case Management System software. This software application and data resides on a more stable server. Also, new imaging software, AccessPro Redaction, was implemented. This system rapidly copies and serves increasingly large volumes of records. These systems are now fully operational.
2.5 Collection, use and disclosure of personal information
2.5.1 Personal Information Banks
Personal Information Banks (PIB) descriptions were created and/or updated for Info Source.
During this reporting period, the ATIP Office focused its efforts on seven PIB descriptions on PSC program activities and systems for the 2010 Info Source publication:
- Recruitment of Policy Leaders;
- Assessment Accommodation;
- Research and Development;
- Administration of Political Activities Candidacy Requests;
- Audits and Statistical Studies;
- Applicants and Inventories; and
- Analytical Environment.
The 10 PIBs abandoned during this fiscal were either replaced with a new initiative, merged with existing PIBs, were considered to be part of standard PIBs or the PSC confirmed that there was no personal information collected with the initiatives.
As part of its in-depth review and re-alignment of its Info Source chapter, the PSC is also working with program areas from the Staffing and Assessment to merge related PIBs in order simplify and streamline reporting within its information holdings.
The PSC is also reviewing record retention policies and will be submitting these for TBS review within the 2010-2011 reporting period.
2.5.2 Exempt banks
The PSC does not have any exempt banks. There were no denials of access under subsection 18(2) of the Act.
2.5.3. Disclosure under section 8(2)(m) of the Privacy Act
Personal information under the control of a government institution should not, without the consent of the individual to whom it relates, be disclosed by the institution except in accordance with subsection 8(2) of the Act.
Subsection 8(2) indicates that subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed pursuant to the exceptions specified in applicable paragraphs 8(2)(a) to 8(2)(m) of the Act.
Paragraph 8(2)(m) of the Privacy Act concerns cases where, in the opinion of the head of the institution, the public interest in disclosure clearly outweighed any invasion of privacy that could result from the disclosure or where disclosure would clearly benefit the individual to whom the information relates.
In the reporting period, the PSC released information under paragraph 8(2)(m) of the Act in two instances. In one instance the PSC published the name of an individual in an audit report and in the other instance the PSC disclosed the name of an individual to law enforcement. The PSC provided notice to the Office of the Privacy Commissioner of Canada in both instances before disclosing the information.
2.5.4 Review of documents
The ATIP Office reviews certain documents prior to release and project implementation.
The ATIP Office routinely reviews audit reports prepared by the PSC prior to their release. This is to ensure that any decision by the PSC to release personal information found in an audit report is in the public interest and that Privacy Commissioner is informed, in accordance with section 8(5) of the Act.
Project Initiation Forms
In 2009-2010, the ATIP Office also routinely reviewed Informatics Technology Project Initiation Forms to ensure privacy requirements are addressed in new technology initiatives, to determine if there are requirements for a Privacy Impact Assessment and to ensure for proper descriptions in personal information banks.
Privacy Notice Statements
The ATIP Office also routinely reviewed and provided advice regarding updates to Privacy Notice Statements for various program activities over the course of this reporting period.
3. Statistical report: interpretation
3.1 Requests under the Act
From April 1, 2009 to March 31, 2010, the PSC received 31 requests, while during the previous reporting period (2008-2009), it received 39. The number of requests received under the Act has decreased since the last reporting period. There were no requests outstanding from 2008-2009.
In an attempt to increase and facilitate access, the PSC treats as many requests for information informally unless the requester otherwise chooses a formal approach.
The PSC completed 30 requests during the reporting period and carried forward one for the following reporting period (2010-2011). For a historical comparison of requests received and completed, see Appendix B.
3.2 Nature of requests
This year, 30 requests were completed. As in previous years, the requests completed covered the entire gamut of the PSC's activities. More specifically, the requests pertained to the following:
- Twelve requests (40 percent) were from individuals seeking information about themselves on various issues such as priority administration files.
- Ten requests (34 percent) pertained to staffing-related activities. For the most part, these requests were from individuals seeking personal information contained in competitions or regarding test results obtained during the assessment part of a competition.
- Four requests (13 percent) pertained to individuals seeking feedback regarding their Second Language Evaluation.
- Four requests (13 percent) were from individuals seeking information contained in investigation and appeal files held by the former Recourse Branch (now Investigations Directorate).
As was the case in the past two reporting periods, the preferred method of access reported by the PSC, as well as by departments and agencies throughout the federal government, is to receive copies of government records as opposed to simply view them.
3.3 Inter-organizational consultations
The PSC received 11 requests for privacy consultations from other government departments and agencies. These requests amounted to a review of 389 pages of information. After a thorough review of the files, the PSC determined that in 7 of the 11 requests (completed over the course of the reporting period), information pertaining to the PSC could be released in full. Three privacy consultation requests were carried over from 2008-2009.
The requests for consultation pertained to the Public Service Employment Act, information on staffing files, second language and other forms of assessment results as well as information related to PSC investigations.
The PSC itself consulted other government departments and agencies for seven of its Privacy Act requests.
3.4 Informal review of information
Requesters may obtain access to their personal information on an informal basis by contacting the manager of the program area that controls the records. In these instances, the ATIP Office provides assistance and advice on an as-required basis. These requests are not reflected in the statistical report in Appendix C.
3.5 Disposition of requests completed
Of the 30 cases where the PSC completed the request, information was released either in whole or in part in 22 requests (73 percent).
3.5.1 All disclosed
In 10 of the 30 completed cases (33 percent), the applicants were provided with full access to the relevant records.
3.5.2 Disclosed in part
The PSC was compelled by the exemptive and exclusionary provisions of the Privacy Act to provide applicants partial access in 12 of the 30 completed cases, or 40 percent.
3.5.3 Nothing disclosed (exempted or excluded)
There were no instances in which the PSC was compelled by the exemptive and exclusionary provisions of the Privacy Act not to release information.
3.5.4 Unable to process
After an initial review, the PSC was unable to process five requests (16.6 percent). In all of these instances, the PSC did not have any records relating to the request.
3.5.5 Abandoned by the applicant
Of the 30 completed privacy requests, two (6.6 percent) were considered to be abandoned by the applicant. Such an action may occur at any point in the processing of a request.
Of the 30 requests only one was transferred to another government institution in 2009-2010.
3.6 Exemptions invoked
An individual's right of access to their personal information under the Act is limited by a number of exemptions specified in sections 18 through 28 of the legislation.
During the reporting period, the PSC invoked exemptions under s. 22(1)(b) of the Act in one instance; s. 26 of the Act in 10 instances and section 27 of the Act in 4 instances. Information about another individual (section 26 of the Act) accounts for the majority of the exemptions applied by the PSC.
For a historical comparison of exemptions invoked see Appendix B, Table 2 which shows the types of exemptions invoked to refuse access for the reporting period as compared to previous reporting periods.
For clarity purposes, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five exemptions. If the same exemption was used several times for the same request, it would be reported only once.
3.7 Exclusions invoked
Pursuant to section 69, the Act does not apply to material that is published or available for purchase, library or museum material preserved solely for public record, material deposited with Library and Archives Canada, as well as records considered to be confidences of the Queen's Privy Council of Canada pursuant to section 70 of the Act. No exclusions were invoked by the PSC during the processing of privacy requests in the reporting period.
3.8 Extension of time limits
Of the 30 requests completed during the reporting period, 8 needed to be extended for 30 days or under in accordance with section 15 of the Privacy Act. In 7 cases there was the need to consult with other government departments whereas in 1 other case the request for extension was deemed necessary so as not to interfere with operations.
3.9 Completion time
Of the 30 request completed, 28 requests were completed within the prescribed legislative time frame.
Within the first thirty days, 22 (73 percent) requests were completed, while 6 (20 percent) requests were completed within 31 to 60 days and 1 (3 percent) request was completed in 60 to 120 days. One request (3 percent) required more than 121 days to complete.
There were no requests for the translation of information from one official language to another.
3.11 Method of access
Of the 22 requests in which information was released, the applicants received paper copies of the information in 20 cases. There were three cases where access was provided by a combination of copies and in-person examination.
It should be noted that the data in this section reflect only requests for which information was all disclosed or disclosed in part and therefore not those abandoned, etc.
3.12 Corrections and notations
There was one request for the correction of personal information (as per section 12(2) of the Privacy Act).
The total salary costs associated with the privacy program were $120,137.33 and operations and maintenance costs were $4,356.97, for a combined total of $124,494.30. The associated full-time equivalent resources utilized were estimated at 1.55 for the 2009-2010 reporting period.
4.1 Number of complaints
The Office of the Privacy Commissioner (OPC) received three complaints regarding Privacy Act requests addressed to and received by the PSC during the reporting period.
4.2 Nature of complaints
Of the three complaints addressed to and received by the PSC during the reporting period, one was related to allegations of unauthorized disclosure of personal information, one was related to applied exemptions and the one was related to missing records.
4.3 Complaints resolved
During the 2009-2010 reporting period, the OPC resolved one complaint related to information that was withheld because of an on-going investigation. Once the investigation was completed, the requested information was provided and the complaint was resolved.
At the end of the 2009-2010 reporting period, the OPC continued to actively investigate two complaints related to the management of requests under the Act.
5. Privacy Impact Assessments
TBS approved the Privacy Impact Assessment (PIA) Policy with an effective date of May 2, 2002. The goal of the Policy is to allow government institutions to identify whether a program or a service delivery initiative, involving the collection, use or disclosure of personal information as defined in the Act, complies with privacy principles. The Policy also aims to avoid or mitigate any identifiable risks to privacy.
The ATIP Office Manager provides advice and guidance to PSC managers throughout the PIA process, including the review of PIA reports and liaison with the OPC.
The assessments and the results of the PIAs are currently not available to the public. However, any requests about these PIAs will be duly processed, at which time the ATIP Office will determine which portions of the PIAs can be made publicly available.
The ATIP Office is currently updating its Internet site and it is expected that summaries of the results of PIA reports conducted by PSC will, in the future, be published on this Web site as well on the PSC's Intranet.
The PSC did not complete any PIAs during the reporting period.
Appendix A – Delegation Instrument
Privacy Act – Delegation Order
Pursuant to section 73 of the Privacy Act, President Maria Barrados hereby designates the Secretary General or, in his or her absence, the Secretary or the Senior ATIP Advisor, Corporate Management Branch, to exercise or perform any of the powers or, in his or her absence, the Secretary or the Senior ATIP Advisor, Corporate Management Branch, to exercise or perform any of the powers, duties and functions of the Head of the government institution vested in him by the Privacy Act.
June 15, 2006
Appendix B - Historical Comparisons
Appendix C – 2009-2010 Annual Privacy Act Statistical Report
Report on the Privacy Act 2009-2010
Institution: Public Service Commission of Canada
Reporting period: 2009-04-01 – 2010-03-31
I. Requests under the Privacy Act
Received during reporting period: 31
Outstanding from previous period: 0
Completed during reporting period: 30
Carried forward: 1
II. Disposition of request completed
1. All disclosed: 10
2. Disclosed in part: 12
3. Nothing disclosed (excluded): 0
4. Nothing disclosed (exempt): 0
5. Unable to process: 5
6. Abandonned by applicant: 2
7. Transferred: 1
III. Exemptions invoked
S. Art. 18(2): 0
S. Art. 19(1)(a): 0
S. Art. 20: 0
S. Art. 21: 0
S. Art. 22(1)(a): 0
S. Art. 22(2): 0
S. Art. 23 (a): 0
S. Art. 24: 0
S. Art. 25: 0
S. Art. 26: 10
S. Art. 27: 4
S. Art. 28: 0
IV. Exclusions cited
S. Art. 69(1)(a): 0
S. Art. 70(1)(a): 0
V. Completion time
30 days or under: 22
31 to 60 days: 6
61 to 120 days: 1
121 days or over: 1
30 days or under
Interference with operations: 1
31 days or over
Interference with operations: 0
Translations requested: 0
English to French: 0
French to English: 0
VIII. Method of access
Copies given: 20
Copies and examination: 2
IX. Corrections and notation
Corrections requested: 1
Corrections made: 1
Notation attached: 0
Financial (all reasons)
Person year utilization (all reasons)
Person year (decimal format): 1.55
Appendix D - Additional Reporting Requirements
Treasury Board Secretariat is monitoring compliance with the Privacy Impact Assessment (PIA)
Policy (which came into effect on May 2, 2002) through a variety of means. Institutions are therefore required to report the following information for this reporting period.
Indicate the number of:
Preliminary PIAs initiated: 0
Preliminary PIAs completed: 0
PIAs initiated: 6
PIAs completed: 0
PIAs forwarded to the Office of the Privacy Commissioner: 0
If your institution did not undertake any of the activities noted above during the reporting period, this must be stated explicitly.
- Date modified: