Document Properties
- Type of Publication: Annual Report
- Date: May 2019
1. Introduction
The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.
This annual report was prepared and submitted in accordance with section 72 of the Privacy Act and covers the period from April 1, 2018 to March 31, 2019.
2. Mandate of the Office of the Superintendent of Financial Institutions (OSFI)
Under its legislation, OSFI's mandate is:
Fostering sound risk management and governance practices
OSFI advances a regulatory framework designed to control and manage risk.
Supervision and early intervention
OSFI supervises federally regulated financial institutions and pension plans to determine whether they are in sound financial condition and meeting regulatory and supervisory requirements.
OSFI promptly advises financial institutions and pension plans if there are material deficiencies, and takes corrective measures or requires that they be taken to expeditiously address the situation.
Environmental scanning linked to safety and soundness of financial institutions
OSFI monitors and evaluates system-wide or sectoral developments that may have a negative impact on the financial condition of federally regulated financial institutions.
Taking a balanced approach
OSFI acts to protect the rights and interests of depositors, policyholders, financial institution creditors and pension plan beneficiaries while having due regard for the need to allow financial institutions to compete effectively and take reasonable risks.
OSFI recognizes that management, boards of directors and pension plan administrators are ultimately responsible for risk decisions, that financial institutions can fail, and pension plans can experience financial difficulties resulting in the loss of benefits.
In fulfilling its mandate, OSFI supports the government's objective of contributing to public confidence in the Canadian financial system.
The Office of the Chief Actuary is an independent unit within OSFI that provides a range of actuarial valuation and advisory services to the Government of Canada. In conducting its work, the OCA plays a vital and independent role towards a financially sound and sustainable Canadian public retirement income system.
3. Strategic Outcomes
Primary to OSFI's mandate and central to its contribution to Canada's financial system are two strategic outcomes:
- A safe and sound Canadian financial system
- A financially sound and sustainable Canadian public retirement income system.
For the purposes of the Privacy Act, the head of OSFI is the Superintendent and the responsible minister is the Minister of Finance.
4. Administration of the Privacy Act
4.1 Access to Information and Privacy (ATIP) Unit
The Access to Information and Privacy (ATIP) Unit is part of the Enterprise Information Management (EIM) directorate within the Information Management/Information Technology (IM/IT) Division. The unit is responsible for administering the Act for the Office of the Superintendent of Financial Institutions. As such, the ATIP unit coordinates the timely processing of requests under the legislation, handles complaints lodged with the Privacy Commissioner, and responds to informal inquiries. The ATIP unit also provides advice and guidance to Office staff on matters involving the Act.
The Manager, Privacy and Access to Information reports to the Director, EIM and is supported by an ATIP Officer and a Junior ATIP Officer. In 2018-2019, due to the increased demand for privacy impact assessments and privacy protocols for the use of personal information for a non-administrative purpose, OSFI created and staffed the Manager, Privacy position. This position is dedicated to overseeing the administration of the Privacy Act, Regulations and related policies as well as providing input and support to IM/IT projects and to ensure EIM considerations (e.g. Privacy, Information lifecycle management) are suitably addressed. Staffing is currently underway to hire a Privacy Officer to support this role. The ATIP unit also relied upon the support of contract resources.
4.2 Institutional changes to the administration of the Privacy Act
No significant institutional changes to the administration of the Privacy Act to report during this reporting period.
4.3 Education and Training
Training efforts over the last year have been focused on continued privacy awareness building with staff in service areas supporting project delivery in Information Management/Information Technology, with Regulatory Data Governance, and within the Office's senior and operational governance committees. Training efforts also focused on ATIP awareness for all OSFI staff as part of an Information Management and ATIP awareness program. OSFI held four awareness sessions and a total of 50 employees attended.
4.4 Processing of Privacy Requests
All formal privacy requests are submitted to the Manager, Privacy and Access to Information, who reviews and assigns them to an ATIP Officer. The Officer requests the information from the head of the division or divisions concerned. In gathering the material and subsequently reviewing it, the ATIP Office provides advice and direction to ensure that the provisions of the Act are respected.
Assembled material is reviewed by the ATIP Officer and the Manager, Privacy and Access to Information. The material and the recommendations pertaining to each request are then submitted to the program area for validation. Once agreed, the release package is submitted to the Assistant Superintendent, Corporate Services for review and approval.
Employees have the right to review their personal records at intervals specified in the various collective agreements. To exercise this right, an employee contacts the appropriate official in the Human Resources and Administration Division. The review of personal records is considered informal and no data on these requests is compiled. The employee, however, does have the option of submitting a formal request under the privacy legislation. Employees of the Human Resources and Administration Division are aware of the provisions of the Privacy Act as they relate to the use and disclosure of personal information.
4.5 Delegation of Authority
Delegation orders set out what powers, duties and functions for the administration of the Privacy Act have been delegated by the head of the institution and to whom. Administration of the Privacy Act at OSFI is the responsibility of the Superintendent. The authority to claim exemptions and to issue various statutory notices has been delegated to the Assistant Superintendent, Corporate Services. The authority to issue various statutory notices has also been delegated to the Director, Enterprise Information Management, the Manager, Privacy and Access to Information and the ATIP Coordinator.
4.6 Monitoring Compliance
The time taken to process personal information requests and requests for the correction of personal information is tracked in the ATIP tracking system. The ATIP caseload is reviewed bi-weekly with the Director, EIM and the anticipated responses to privacy requests are ultimately reviewed and approved by the Assistant Superintendent, Corporate Services. Concerns are raised as appropriate throughout the lifecycle of the request and priority is given to fulfilling OSFI's statutory obligations.
4.7 Summary of significant changes to programs, operations, policies or procedures
There were no significant changes to policies, guidelines, procedures and initiatives related to privacy.
4.8 Reading room
In accordance with the Privacy Act, a public reading room is available in Ottawa. It is located at 255 Albert Street, on the 16th floor.
5. Interpretation of the Statistical Report
Part 1 – Requests under the Privacy Act
Due to the nature of OSFI's work regulating and supervising financial institutions and private pension plans under federal jurisdiction, much of the information in the Office's possession is third-party business information rather than personal information about individuals. The financial institutions and pension plans are OSFI's clients. As OSFI does not provide services directly to individuals, the volume of personal information collected by the Office is relatively small. This information is generally limited to employment records of current and previous OSFI employees and information about individual contract consultants at OSFI.
In 2018-2019, two new requests were received. Since the inception of the Privacy Act, July 1, 1983, OSFI has received 61 privacy requests
Part 2 – Requests closed during the reporting period
The following table summarizes the actions taken with respect to the completed requests:
| Disposition |
Number of requests |
| All disclosed |
0 |
| Disclosed in part |
0 |
| All exempted |
0 |
| All excluded |
0 |
| No records exist |
1 |
| Request abandoned |
1 |
| Neither confirmed nor denied |
0 |
| Total |
2 |
For both requests received in 2018-2019, less than 15 days were required to complete the requests.
Exemptions
No exemptions were applied during the reporting period.
Exclusions
No exclusions were cited during the reporting period.
Format of information released
No information was released pursuant to a request under the Privacy Act during the reporting period.
Relevant Pages Processed and Disclosed
No relevant pages were processed or disclosed during the reporting period.
Relevant pages processed and disclosed by size of requests
No relevant pages were processed or disclosed during the reporting period.
Other complexities
No consultations or requests for legal advice were required during this reporting period.
Deemed refusal
There were no deemed refusals during this reporting period.
Request for translation
No requests for translation were made during this reporting period.
Part 3 – Disclosures under Subsections 8(2) and 8(5)
No disclosures were made pursuant to subsections 8(2)(e), 8(2)(m) or 8(5) of the Privacy Act during this reporting period.
Part 4 – Request for correction of personal information and notations
No requests for correction of personal information and no notations were made during this reporting period.
Part 5 – Extensions
No extensions were required during this reporting period.
Part 6 – Consultations received from other government institutions and organizations
No consultations from other government institutions and organizations were received during the reporting period.
Part 7 – Completion time of consultations on Cabinet confidences
No consultations with respect to Cabinet confidences were required during the reporting period.
Part 8 – Resources related to the Privacy Act
The cost to administer the Act during this reporting period was $193,407.
6. Complaints and Investigations
OSFI did not receive any complaints pursuant to the Privacy Act during this reporting period, and one formal investigation was completed. The complaint was deemed not well-founded.
7. Privacy Breaches
There were no material privacy breaches reported during the 2018-2019 fiscal year.
8. Appeals to the Federal Court of Canada
8.1 Major changes implemented as a result of concerns or issues raised by the Privacy Commissioner of Canada in her annual report to Parliament
The Privacy Commissioner of Canada did not raise any concerns or issues related to OSFI, therefore no major changes were implemented.
8.2 Major changes implemented as a result of concerns or issued raised by other agents of Parliament
No major changes were implemented by OSFI as other agents of Parliament did not raise any concerns or issues.
8.3 Number of applications or appeals to the Federal Court or the Federal Court of Appeal during the fiscal year
There were no privacy related applications or appeals to the Federal Court or the Federal Court of Appeal during this fiscal year related to OSFI.
9. Completed Privacy Impacts Assessments
No privacy impact assessments (PIA) were completed in 2018-2019; however, OSFI did complete 4 privacy protocols for personal information being used for a non-administrative purpose.
APPENDIX A
Statistical Report on the Privacy Act
Name of institution: OSFI
Reporting period: 2018-04-01 to 2019-03-31
Part 1: Requests Under the Privacy Act
|
Number of Requests |
| Received during reporting period |
2 |
| Outstanding from previous reporting period |
0 |
| Total |
2 |
| Closed during reporting period |
0 |
| Carried over to next reporting period |
2 |
Part 2: Requests Closed During the Reporting Period
2.1 Disposition and completion time
| Disposition of Requests |
Completion Time |
| 1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More Than 365 Days |
Total |
| All disclosed |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All excluded |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| No records exist |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
1 |
| Request abandoned |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
1 |
| Neither confirmed nor denied |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Total |
2 |
0 |
0 |
0 |
0 |
0 |
0 |
2 |
2.2 Exemptions
| Section |
Number of Requests |
Section |
Number of Requests |
Section |
Number of Requests |
| 18(2) |
0 |
22(1)(a)(i) |
0 |
23(a) |
0 |
| 19(1)(a) |
0 |
22(1)(a)(ii) |
0 |
23(b) |
0 |
| 19(1)(b) |
0 |
22(1)(a)(iii) |
0 |
24(a) |
0 |
| 19(1)(c) |
0 |
22(1)(b) |
0 |
24(b) |
0 |
| 19(1)(d) |
0 |
22(1)(c) |
0 |
25 |
0 |
| 19(1)(e) |
0 |
22(2) |
0 |
26 |
0 |
| 19(1)(f) |
0 |
22.1 |
0 |
27 |
0 |
| 20 |
0 |
22.2 |
0 |
28 |
0 |
| 21 |
0 |
22.3 |
0 |
|
2.3 Exclusions
| Section |
Number of Requests |
Section |
Number of Requests |
Section |
Number of Requests |
| 69(1)(a) |
0 |
70(1) |
0 |
70(1)(d) |
0 |
| 69(1)(b) |
0 |
70(1)(a) |
0 |
70(1)(e) |
0 |
| 69.1 |
0 |
70(1)(b) |
0 |
70(1)(f) |
0 |
|
70(1)(c) |
0 |
70.1 |
0 |
2.4 Format of information released
| Disposition |
Paper |
Electronic |
Other Formats |
| All disclosed |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
| Disposition of Requests |
Number of Pages Processed |
Number of Pages Disclosed |
Number of Requests |
| All disclosed |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
| All excluded |
0 |
0 |
1 |
| Request abandoned |
0 |
0 |
0 |
| Neither confirmed nor denied |
0 |
0 |
0 |
| Total |
0 |
0 |
1 |
2.5.2 Relevant pages processed and disclosed by size of requests
| Disposition |
Less Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
| Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
| All disclosed |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All excluded |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Request abandoned |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Neither confirmed nor denied |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Total |
1 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
2.5.3 Other complexities
| Disposition |
Consultation Required |
Legal Advice Sought |
Interwoven Information |
Other |
Total |
| All disclosed |
0 |
0 |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
0 |
0 |
| All excluded |
0 |
0 |
0 |
0 |
0 |
| Request abandoned |
0 |
0 |
0 |
0 |
0 |
| Neither confirmed nor denied |
0 |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
0 |
2.6 Deemed refusals
2.6.1 Reasons for not meeting statutory deadline
Number of Requests Closed
Past the Statutory Deadline |
Principal Reason |
| Workload |
External Consultation |
Internal Consultation |
Other |
| 0 |
0 |
0 |
0 |
0 |
2.6.2 Number of days past deadline
| Number of Days Past Deadline |
Number of Requests Past Deadline
Where No Extension Was Taken |
Number of Requests Past Deadline
Where An Extension Was Taken |
Total |
| 1 to 15 days |
0 |
0 |
0 |
| 16 to 30 days |
0 |
0 |
0 |
| 31 to 60 days |
0 |
0 |
0 |
| 61 to 120 days |
0 |
0 |
0 |
| 121 to 180 days |
0 |
0 |
0 |
| 181 to 365 days |
0 |
0 |
0 |
| More than 365 days |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
2.7 Requests for translation
| Translation Requests |
Accepted |
Refused |
Total |
| English to French |
0 |
0 |
0 |
| French to English |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
Part 3: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) |
Paragraph 8(2)(m) |
Subsection 8(5) |
Total |
| 0 |
0 |
0 |
0 |
Part 4: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received |
Number |
| Notations attached |
0 |
| Requests for correction accepted |
0 |
| Total |
0 |
Part 5: Extensions
5.1 Reasons for extensions and disposition of requests
Disposition of Requests
Where an Extension Was Taken |
15(a)(i) Interference With Operations |
15(a)(ii) Consultation |
15(b) Translation or Conversion |
| Section 70 |
Other |
| All disclosed |
0 |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
0 |
| All excluded |
0 |
0 |
0 |
0 |
| No records exist |
0 |
0 |
0 |
0 |
| Request abandoned |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
5.2 Length of extensions
| Length of Extensions |
15(a)(i) Interference With Operations |
15(a)(ii) Consultation |
15(b) Translation or Conversion |
| Section 70 |
Other |
| 1 to 15 days |
0 |
0 |
0 |
0 |
| 16 to 30 days |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
Part 6: Consultations Received From Other Institutions and Organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
| Consultations |
Other Government of Canada Institutions |
Number of Pages to Review |
Other Organizations |
Number of Pages to Review |
| Received during the reporting period |
0 |
0 |
0 |
0 |
| Outstanding from the previous reporting period |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
| Closed during the reporting period |
0 |
0 |
0 |
0 |
| Pending at the end of the reporting period |
0 |
0 |
0 |
0 |
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
| Recommendation |
Number of Days Required to Complete Consultation Requests |
| 1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More Than 365 Days |
Total |
| All disclosed |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Disclosed in part |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All excluded |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Consult other institution |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Other |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
6.3 Recommendations and completion time for consultations received from other organizations
| Recommendation |
Number of days required to complete consultation requests |
| 1 to 15 Days |
16 to 30 Days |
31 to 60 Days |
61 to 120 Days |
121 to 180 Days |
181 to 365 Days |
More Than 365 Days |
Total |
| All disclosed |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Disclose in part |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All exempted |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| All excluded |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Consult other institution |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Other |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
Part 7: Completion Time of Consultations on Cabinet Confidences
7.1 Requests with Legal Services
| Number of Days |
Fewer Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
| Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
| 1 to 15 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 16 to 30 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 31 to 60 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 61 to 120 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 121 to 180 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 181 to 365 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| More than 365 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
7.2 Requests with Privy Council Office
| Number of Days |
Fewer Than 100 Pages Processed |
101-500 Pages Processed |
501-1000 Pages Processed |
1001-5000 Pages Processed |
More Than 5000 Pages Processed |
| Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
Number of Requests |
Pages Disclosed |
| 1 to 15 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 16 to 30 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 31 to 60 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 61 to 120 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 121 to 180 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| 181 to 365 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| More than 365 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
| Total |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
Part 8: Complaints and Investigations Notices Received
| Section 31 |
Section 33 |
Section 35 |
Court action |
Total |
| 0 |
0 |
1 |
0 |
1 |
Part 9: Privacy Impact Assessments (PIAs)
| Number of PIA(s) completed |
0 |
Part 10: Resources Related to the Privacy Act
10.1 Costs
| Expenditures |
Amount |
| Salaries |
$87,489 |
| Overtime |
$0 |
| Goods and Services |
$105,918 |
| Professional services contracts |
$93,261 |
|
| Other |
$12,657 |
| Total |
$193,407 |
10.2 Human Resources
| Resources |
Person Years Dedicated to
Access to Information Activities |
| Full-time employees |
0.66 |
| Part-time and casual employees |
0.00 |
| Regional staff |
0.00 |
| Consultants and agency personnel |
0.38 |
| Students |
0.00 |
| Total |
1.04 |
Note: Enter values to two decimal places.
APPENDIX B
Additional Reporting Requirements
| Privacy Act |
| Section |
Number of requests
|
| 22.4 National Security and Intelligence Committee
|
0 |
| 27.1 Patent or Trademark privilege |
0 |
APPENDIX C
DESIGNATION / DÉLÉGATION
PRIVACY ACT /
LOI SUR LA PROTECTION DES RENSEIGNEMENTS PERSONNELS
Privacy Act Designation Order
By this order made pursuant to section 73 of the Privacy Act, I hereby authorize those officers and employees of the Office of the Superintendent of Financial Institutions occupying, on an acting basis or otherwise, the positions identified within the attached schedule to perform on my behalf any of the powers, duties or functions specified therein.
This designation replaces and repeals all previous orders.
Dated in Ottawa on this 5 day of July, 2016
Arrêté sur la délégation en vertu de la Loi sur la protection des renseignements personnels
Par le présent arrêté pris en vertu de l'article 73 de la Loi sur la protection des renseignements personnels, j'autorise les agents et les employés du Bureau du surintendant des institutions financières occupant, par intérim ou autrement, les postes identifiés dans l'annexe ci-jointe à exercer en mon nom, les attributions, les fonctions et les pouvoirs qui y sont spécifiés.
Le présent document remplace et annule tous les arrêtés antérieurs.
Fait à Ottawa en ce 5 jour de juillet, 2016
Superintendent of Financial Institutions/
Le surintendant des institutions financières
SCHEDULE 2
Designation Order - Privacy Act
| Section |
Powers, Duties or Functions |
Assistant Superintendent, Corporate Services |
Director, Enterprise Information Management |
Manager, Privacy & Access to Information |
ATIP Coordinator |
| 8(2)(j) |
To disclose personal information when satisfied that the purpose for which the information is disclosed cannot reasonably be accomplished unless the information is provided in a form that identifies the person to whom it relates and obtain a written undertaking that no subsequent disclosure of the information will be made in a form that could reasonably be expected to identify the individual to whom it relates |
X |
|
|
|
| 8(2)(m) |
To disclose personal information when public interest outweighs invasion of privacy or when disclosure benefits the individual |
X |
|
|
|
| 8(4) |
To keep copies of requests made under 8(2)(e), keep records of information disclosed pursuant to such requests and to make those copies and records available to Privacy Commissioner |
X |
X |
X |
X |
| 8(5) |
To notify the Privacy Commissioner in writing of disclosure under paragraph 8(2)(m) |
X |
X |
X |
X |
| 9(1) |
To retain a record of use of personal information. |
X |
X |
X |
X |
| 9(4) |
To notify the Privacy Commissioner of consistent use of personal information and update index accordingly |
X |
X |
X |
X |
| 10 |
To include personal information in personal information banks |
X |
X |
X |
X |
| 14(a) |
To give written notice as to whether or not access will be given |
X |
X |
X |
X |
| 14(b) |
To give access to requester |
X |
X |
X |
X |
| 15 |
To extend time limit and give notice of extension |
X |
X |
X |
X |
| 17(2)(b) |
To determine the necessity for a translation or interpretation of a record |
X |
X |
X |
|
| 17(3) |
To determine whether a record should be provided in an alternative format |
X |
X |
X |
|
| 18(2) |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 19(1) |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 19(2) |
To disclose, with consent, personal information referred to in that subsection |
X |
X |
X |
|
| 20 |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 21 |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 22 |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 22.3 |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 23 |
To refuse to disclose personal information referred to in that section |
X |
|
|
|
| 24 |
To refuse to disclose personal information under that section |
X |
|
|
|
| 25 |
To refuse to disclose personal information under that section |
X |
|
|
|
| 26 |
To refuse to disclose personal information under that section |
X |
|
|
|
| 27 |
To refuse to disclose personal information under that section |
X |
|
|
|
| 28 |
To refuse to disclose personal information under that section |
X |
|
|
|
| 31 |
To receive notice of investigation by the Privacy Commissioner |
X |
X |
X |
|
| 33(2) |
To make representations to the Privacy Commissioner |
X |
X |
X |
X |
| 35(1) |
To receive the report of findings of the investigation and give notice of action taken or proposed to be taken or reasons why no action has been or is proposed to be taken |
X |
X |
X |
|
| 35(4) |
To provide access to personal information |
X |
X |
X |
|
| 36(3) |
To receive the report of findings of the investigation of files in exempt banks |
X |
X |
X |
|
| 37(3) |
To receive the report of findings after investigation in respect of personal information |
X |
X |
X |
|
| 51(2)(b) |
To request that the matter be heard and determined in the National Capital Region |
X |
X |
X |
|
| 51(3) |
To request the opportunity to make representations ex parte |
X |
X |
X |
|
| 72(1) |
To prepare annual report for submission to Parliament |
X |
X |
X |
X |
Privacy Regulations
| Section |
Powers, Duties or Functions |
Assistant Superintendent, Corporate Services |
Director, Enterprise Information Management |
Manager, Privacy & Access to Information |
ATIP Coordinator |
| 9 |
Reasonable facilities and time provided to examine personal information |
X |
X |
X |
X |
| 11(2) |
Notification that correction to personal information has been made |
X |
X |
X |
X |
| 11(4) |
Notification that correction to personal information has been refused |
X |
X |
X |
X |
| 13(1) |
Disclosure of personal information relating to physical or mental health may be made to qualified medical practitioner or psychologist for an opinion on whether to release information to requestor |
X |
|
|
|
| 14 |
Disclosure of personal information relating to physical or mental health may be made to requestor in presence of qualified medical practitioner or psychologist |
X |
|
|
|