2020-2021 Annual Report to Parliament on the Administration of the Privacy Act

Document Properties

Type of Publication: Annual Report
Date: August 2021

Table of contents

    1. Introduction

    The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

    This annual report was prepared and submitted in accordance with section 72 of the Privacy Act and covers the period from April 1, 2020 to March 31, 2021.

    2. Mandate of the Office of the Superintendent of Financial Institutions (OSFI)

    Under its legislation, OSFI’s mandate is:

    Fostering sound risk management and governance practices

    OSFI advances a regulatory framework designed to control and manage risk.

    Supervision and early intervention

    OSFI supervises federally regulated financial institutions and pension plans to determine whether they are in sound financial condition and meeting regulatory and supervisory requirements.

    OSFI promptly advises financial institutions and pension plans if there are material deficiencies and takes corrective measures or requires that they be taken to expeditiously address the situation.

    Environmental scanning linked to safety and soundness of financial institutions

    OSFI monitors and evaluates system-wide or sectoral developments that may have a negative impact on the financial condition of federally regulated financial institutions.

    Taking a balanced approach

    OSFI acts to protect the rights and interests of depositors, policyholders, financial institution creditors and pension plan beneficiaries while having due regard for the need to allow financial institutions to compete effectively and take reasonable risks.

    OSFI recognizes that management, boards of directors and pension plan administrators are ultimately responsible for risk decisions, that financial institutions can fail, and pension plans can experience financial difficulties resulting in the loss of benefits.

    In fulfilling its mandate, OSFI supports the government’s objective of contributing to public confidence in the Canadian financial system.

    The Office of the Chief Actuary is an independent unit within OSFI that provides a range of actuarial valuation and advisory services to the Government of Canada. In conducting its work, the OCA plays a vital and independent role towards a financially sound and sustainable Canadian public retirement income system.

    3. Strategic Outcomes

    Primary to OSFI’s mandate and central to its contribution to Canada’s financial system are two strategic outcomes:

    1. A safe and sound Canadian financial system
    2. A financially sound and sustainable Canadian public retirement income system.

    For the purposes of the Access to Information Act, the head of OSFI is the Superintendent and the responsible minister is the Minister of Finance.

    4. Administration of the Access to Information Act

    4.1 Access to Information and Privacy (ATIP) Unit

    The Access to Information and Privacy (ATIP) Unit is part of the Enterprise Information Management (EIM) directorate within the Information Management/Information Technology (IM/IT) Division. The unit is responsible for administering the Act for the Office of the Superintendent of Financial Institutions. As such, the ATIP unit coordinates the timely processing of requests under the legislation, handles complaints lodged with the Privacy Commissioner, and responds to informal inquiries. The ATIP unit also provides advice and guidance to Office staff on matters involving the Act.

    The Manager, Privacy reports to the Director, EIM and is supported by two Privacy Officers. Both Privacy Officer positions were staffed in 2020-2021. The Manager, Privacy position is dedicated to overseeing the administration of the Privacy Act, Regulations and related policies as well as providing input and support to IM/IT projects and to ensure EIM considerations (e.g. Privacy, Information lifecycle management) are suitably addressed.

    4.2 Institutional changes to the administration of the Access to Information Act

    There were no significant institutional changes to the administration of the Privacy Act to report during this reporting period. Effective FY 2021-2022, the ATIP unit will report to the Director, Strategic Governance, ATIP and Privacy Offices.

    4.3 Education and Training

    Training efforts over the last year have been focused on continued privacy awareness building with staff in service areas supporting project delivery in Information Management/Information Technology, with Risk and Data Analytics, and within the Office’s senior and operational governance committees. Multiple project-specific awareness sessions were delivered in 2020-2021 (4 sessions, 96 participants) to ensure users and administrators of new tools/technology at OSFI were made aware of their responsibilities as they relate to the Privacy Act. Training efforts also focused on broader ATIP awareness for all OSFI staff as part of an Information Management and ATIP awareness program (5 sessions, 54 participants) as well as in-depth privacy-specific session (4 sessions, 458 participants).

    4.4 Processing of Privacy Requests

    All formal privacy requests are submitted to the Manager, Privacy and Access to Information, who reviews and assigns them to an ATIP Officer. The Officer requests the information from the appointed sectoral ATIP Liaison Officer(s) concerned. In gathering the material and subsequently reviewing it, the ATIP Office provides advice and direction to ensure that the provisions of the Act are respected.

    Assembled material is reviewed by the ATIP Officer and the Manager, Privacy and Access to Information. The material and the recommendations pertaining to each request are then submitted to the program area for validation. Once agreed, the release package is submitted to the Assistant Superintendent, Corporate Services for review and approval.

    Employees have the right to review their personal records at intervals specified in the various collective agreements. To exercise this right, an employee contacts the appropriate official in the Human Resources department. The review of personal records is considered informal and no data on these requests is compiled. The employee, however, does have the option of submitting a formal request under the privacy legislation. Employees of the Human Resources and Administration Division are aware of the provisions of the Privacy Act as they relate to the use and disclosure of personal information.

    4.5 Delegation of Authority

    Delegation orders set out what powers, duties, and functions for the administration of the Privacy Act have been delegated by the head of the institution and to whom. Administration of the Privacy Act at OSFI is the responsibility of the Superintendent. The authority to claim exemptions and to issue various statutory notices has been delegated to the Assistant Superintendent, Corporate Services. The authority to issue various statutory notices has also been delegated to the Director, Enterprise Information Management and the Manager, Privacy and Access to Information.

    4.6 Monitoring Compliance

    The time taken to process personal information requests and requests for the correction of personal information is tracked in the ATIP tracking system. The ATIP caseload is reviewed monthly with the Director, EIM and the anticipated responses to privacy requests are ultimately reviewed and approved by the Assistant Superintendent, Corporate Services. Concerns are raised as appropriate throughout the lifecycle of the request and priority is given to fulfilling OSFI’s statutory obligations.

    4.7 Summary of significant changes to programs, operations, policies, or procedures

    OSFI’s existing Information Management/Information Technology (IM/IT) polices and infrastructure allowed the organization to avoid any significant disruptions relating to the COVID-19 pandemic and have had little effect on OSFI’s ability to fulfill its responsibilities under the Privacy Act. With the closure of OSFI’s offices on March 13th 2020, employees were no longer able to access paper files. Requests received by OSFI through the mail are retrieved by the Manager, Access to Information and Privacy on a weekly basis.

    4.8 Reading room

    In accordance with the Privacy Act, a public reading room is available in Ottawa. It is located at 255 Albert Street, on the 16th floor. The reading room was not available to the public as of March 13th, 2020 due to necessary restrictions arising from the COVID-19 pandemic.

    5. Interpretation of the Statistical Report

    Part 1 - Requests under the Privacy Act

    Due to the nature of OSFI’s work regulating and supervising financial institutions and private pension plans under federal jurisdiction, much of the information in the Office’s possession is third-party business information rather than personal information about individuals. The financial institutions and pension plans are OSFI’s clients. As OSFI does not provide services directly to individuals, the volume of personal information collected by the Office is relatively small. This information is generally limited to employment records of current and previous OSFI employees and information about individual contract consultants at OSFI.

    In 2020-2021, four new requests were received. Since the inception of the Privacy Act, July 1, 1983, OSFI has received 71 privacy requests.

    Part 2 - Requests closed during the reporting period

    The following table summarizes the actions taken with respect to the completed requests:

    2.1 Disposition and Completion Time

    Disposition Number of requests
    All disclosed 0
    Disclosed in part 2
    All exempted 0
    All excluded 0
    No records exist 1
    Request abandoned 1
    Neither confirmed nor denied 0
    Total 4

    For the 4 requests received in 2020-2021:

    • 2 were completed in 16 to 30 days: and
    • 2 were completed in 61 to 120 days.

    2.2 Exemptions

    Section 26 was applied to 2 privacy requests.

    2.3 Exclusions

    No exclusions were cited during the reporting period.

    2.4 Format of Information Released

    During the reporting period, one request under the Privacy Act was released electronically and one was released in paper format.

    2.5 Relevant Pages Processed and Disclosed

    369 relevant pages were processed, and 128 pages disclosed during the reporting period. 50% of the requests received during the reporting period were disclosed in part and OSFI was unable to process the remaining 2 requests as the requested records did not exist or the request was abandoned.

    2.6 Other complexities

    There were no other complexities required during the reporting period.

    2.7 Deemed refusal

    There were two deemed refusals during this reporting period. Both were delays due to internal consultations and challenges arising from the COVID 19 pandemic.

    2.8 Requests for translation

    No translations were requested in 2020-2021.

    Part 3 - Disclosures under Subsections 8(2) and 8(5)

    No disclosures were made pursuant to subsections 8(2)(e), 8(2)(m) or 8(5) of the Privacy Act during this reporting period.

    Part 4 - Requests for correction of personal information and notations

    No requests for correction of personal information and no notations were made during this reporting period.

    Part 5 - Extensions

    Additional 30-day extensions were required for 2 requests during this reporting period:

    • 2 pursuant to s.15(a)(i) - Interference with operations.

    Part 6 - Consultations received from other government Institutions

    No consultations from other government institutions and organizations were received during the reporting period.

    Part 7 - Completion Time of Consultations on Cabinet Confidences

    No consultations with respect to Cabinet confidences were required during the reporting period.

    Part 8 - Resources Related to the Privacy Act

    The cost to administer the Act during this reporting period was $313,339.

    6. Complaints and Investigations

    OSFI did not receive any complaints pursuant to the Privacy Act during this reporting period.

    7. Privacy Breaches

    There were no material privacy breaches reported during the 2020-2021 fiscal year.

    8. Appeals to the Federal Court of Canada

    8.1 - Major changes implemented as a result of concerns or issues raised by the Privacy Commissioner of Canada in his annual report to Parliament

    The Privacy Commissioner of Canada did not raise any concerns or issues related to OSFI, therefore no major changes were implemented.

    8.2 - Major changes implemented as a result of concerns or issues raised by other agents of Parliament

    No major changes were implemented by OSFI, as other agents of Parliament did not raise any concerns or issues.

    8.3 - Number of applications or appeals to the Federal Court of the Federal Court of Appeal during the fiscal year

    There were no access to information related applications or appeals to the Federal Court or the Federal Court of Appeal during this fiscal year related to OSFI.

    9. Completed Privacy Impact Assessments

    No privacy impact assessments (PIA) were completed in 2020-2021; however, OSFI did complete 4 privacy protocols for personal information being used for a non-administrative purpose as well as 2 privacy risk assessments.

    Appendix A - Statistical Report on the Privacy Act

    Statistical Report on the Privacy Act

    Name of institution: Office of the Superintendent of Financial Institutions

    Reporting period: 4/1/2020 to 3/31/2021

    Section 1: Requests Under the Privacy Act

    1.1 Number of requests

      Number of Requests
    Received during reporting period 4
    Outstanding from previous reporting period 0
    Total 4
    Closed during reporting period 4
    Carried over to next reporting period 0

    Section 2: Requests Closed During the Reporting Period

    2.1 Disposition and completion time

    Disposition of Requests Completion Time
    1 to 15
    Days
    16 to 30
    Days
    31 to 60
    Days
    61 to 120
    Days
    121 to 180
    Days
    181 to 365
    Days
    More
    Than 365
    Days
    Total
    All disclosed 0 0 0 0 0 0 0 0
    Disclosed in part 0 0 0 2 0 0 0 2
    All exempted 0 0 0 0 0 0 0 0
    All excluded 0 0 0 0 0 0 0 0
    No records exist 0 1 0 0 0 0 0 1
    Request abandoned 0 1 0 0 0 0 0 1
    Neither confirmed nor denied 0 0 0 0 0 0 0 0
    Total 0 2 0 2 0 0 0 4

    TBS/SCT 350-63

    2.2 Exemptions

    Section Number of
    Requests
    Section Number of
    Requests
    Section Number of
    Requests
    18(2) 0 22(1)(a)(i) 0 23(a) 0
    19(1)(a) 0 22(1)(a)(ii) 0 23(b) 0
    19(1)(b) 0 22(1)(a)(iii) 0 24(a) 0
    19(1)(c) 0 22(1)(b) 0 24(b) 0
    19(1)(d) 0 22(1)(c) 0 25 0
    19(1)(e) 0 22(2) 0 26 2
    19(1)(f) 0 22.1 0 27 0
    20 0 22.2 0 27.1 0
    21 0 22.3 0 28 0
      22.4 0  

    2.3 Exclusions

    Section Number of
    Requests
    Section Number of
    Requests
    Section Number of
    Requests
    69(1)(a) 0 70(1) 0 70(1)(d) 0
    69(1)(b) 0 70(1)(a) 0 70(1)(e) 0
    69.1 0 70(1)(b) 0 70(1)(f) 0
      70(1)(c) 0 70.1 0

    2.4 Format of information released

    Paper Electronic Other
    1 1 0

    2.5 Complexity

    2.5.1 Relevant pages processed and disclosed
    Number of Pages
    Processed
    Number of Pages
    Disclosed
    Number of Requests
    369 128 3
    2.5.2 Relevant pages processed and disclosed by size of requests
    Disposition Less Than 100
    Pages Processed
    101-500
    Pages Processed
    501-1000
    Pages Processed
    1001-5000
    Pages Processed
    More Than 5000
    Pages Processed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    All disclosed 0 0 0 0 0 0 0 0 0 0
    Disclosed in part 1 31 1 97 0 0 0 0 0 0
    All exempted 0 0 0 0 0 0 0 0 0 0
    All excluded 0 0 0 0 0 0 0 0 0 0
    Request abandoned 1 0 0 0 0 0 0 0 0 0
    Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
    Total 2 31 1 97 0 0 0 0 0 0
    2.5.3 Other complexities
    Disposition Consultation
    Required
    Legal Advice
    Sought
    Interwoven
    Information
    Other Total
    All disclosed 0 0 0 0 0
    Disclosed in
    part
    0 0 0 0 0
    All exempted 0 0 0 0 0
    All excluded 0 0 0 0 0
    Request abandoned 0 0 0 0 0
    Neither
    confirmed
    nor denied
    0 0 0 0 0
    Total 0 0 0 0 0

    2.6 Closed requests

    2.6.1 Number of requests closed within legislated timelines
      Requests closed within legislated timelines
    Number of requests closed within legislated timelines 2
    Percentage of requests closed within legislated timelines (%) 50

    2.7 Deemed refusals

    2.7.1 Reasons for not meeting legislated timelines
    Number of Requests Closed Past the Legislated Timelines Principal Reason
    Interference with Operations / Workload External Consultation Internal Consultation Other
    2 0 0 0 2
    2.7.2 Requests closed beyond legislated timelines (including any extension taken)
    Number of Days Past
    Legislated Timelines
    Number of Requests Past
    Legislated Timeline
    Where No Extension Was
    Taken
    Number of Requests
    Past Legislated
    Timelines Where an
    Extension Was Taken
    Total
    1 to 15 days 0 1 1
    16 to 30 days 0 1 1
    31 to 60 days 0 0 0
    61 to 120 days 0 0 0
    121 to 180 days 0 0 0
    181 to 365 days 0 0 0
    More than 365 days 0 0 0
    Total 0 2 2

    2.8 Requests for translation

    Translation Requests Accepted Refused Total
    English to French 0 0 0
    French to English 0 0 0
    Total 0 0 0

    Section 3: Disclosures Under Subsections 8(2) and 8(5)

    Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
    0 0 0 0

    Section 4: Requests for Correction of Personal Information and Notations

    Disposition for Correction Requests Received Number
    Notations attached 0
    Requests for correction accepted 0
    Total 0

    Section 5: Extensions

    5.1 Reasons for extensions and disposition of requests

    Number of
    requests
    where an
    extension
    was taken
    15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b)
    Translation
    purposes or
    conversion
    Further review
    required to
    determine
    exemptions
    Large volume of
    pages
    Large volume of
    requests
    Documents are
    difficult to obtain
    Cabinet
    Confidence
    Section (Section 70)
    External Internal
    2 2 0 0 0 0 0 0 0

    5.2 Length of extensions

    Length of
    Extensions
    15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b)
    Translation
    purposes or
    conversion
    Further review
    required to
    determine
    exemptions
    Large volume of
    pages
    Large volume of
    requests
    Documents are
    difficult to obtain
    Cabinet
    Confidence
    Section (Section 70)
    External Internal
    1 to 15 days 0 0 0 0 0 0 0 0
    16 to 30 days 2 0 0 0 0 0 0 0
    31 days or greater               0
    Total 2 0 0 0 0 0 0 0

    Section 6: Consultations Received From Other Institutions and Organizations

    6.1 Consultations received from other Government of Canada institutions and other organizations

    Consultations Other
    Government of
    Canada
    Institutions
    Number of
    Pages to
    Review
    Other
    Organizations
    Number of
    Pages to
    Review
    Received during the reporting period 0 0 0 0
    Outstanding from the previous reporting period 0 0 0 0
    Total 0 0 0 0
    Closed during the reporting period 0 0 0 0
    Carried over to the next reporting period 0 0 0 0

    6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

    Recommendation Number of Days Required to Complete Consultation Requests
    1 to 15
    Days
    16 to 30
    Days
    31 to 60
    Days
    61 to 120
    Days
    121 to 180
    Days
    181 to 365
    Days
    More
    Than
    365
    Days
    Total
    All disclosed 0 0 0 0 0 0 0 0
    Disclosed in part 0 0 0 0 0 0 0 0
    All exempted 0 0 0 0 0 0 0 0
    All excluded 0 0 0 0 0 0 0 0
    Consult other institution 0 0 0 0 0 0 0 0
    Other 0 0 0 0 0 0 0 0
    Total 0 0 0 0 0 0 0 0

    6.3 Recommendations and completion time for consultations received from other organizations

    Recommendation Number of days required to complete consultation requests
    1 to 15
    Days
    16 to 30
    Days
    31 to 60
    Days
    61 to 120
    Days
    121 to 180
    Days
    181 to 365
    Days
    More
    Than
    365
    Days
    Total
    All disclosed 0 0 0 0 0 0 0 0
    Disclosed in part 0 0 0 0 0 0 0 0
    All exempted 0 0 0 0 0 0 0 0
    All excluded 0 0 0 0 0 0 0 0
    Consult other institution 0 0 0 0 0 0 0 0
    Other 0 0 0 0 0 0 0 0
    Total 0 0 0 0 0 0 0 0

    Section 7: Completion Time of Consultations on Cabinet Confidences

    7.1 Requests with Legal Services

    Number of Days Fewer Than 100
    Pages Processed
    101-500 Pages
    Processed
    501-1000 Pages
    Processed
    1001-5000 Pages
    Processed
    More Than 5000
    Pages Processed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    1 to 15 0 0 0 0 0 0 0 0 0 0
    16 to 30 0 0 0 0 0 0 0 0 0 0
    31 to 60 0 0 0 0 0 0 0 0 0 0
    61 to 120 0 0 0 0 0 0 0 0 0 0
    121 to 180 0 0 0 0 0 0 0 0 0 0
    181 to 365 0 0 0 0 0 0 0 0 0 0
    More than 365 0 0 0 0 0 0 0 0 0 0
    Total 0 0 0 0 0 0 0 0 0 0

    7.2 Requests with Privy Council Office

    Number of Days Fewer Than 100
    Pages Processed
    101-500 Pages
    Processed
    501-1000 Pages
    Processed
    1001-5000 Pages
    Processed
    More Than 5000
    Pages Processed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    Number of
    Requests
    Pages
    Disclosed
    1 to 15 0 0 0 0 0 0 0 0 0 0
    16 to 30 0 0 0 0 0 0 0 0 0 0
    31 to 60 0 0 0 0 0 0 0 0 0 0
    61 to 120 0 0 0 0 0 0 0 0 0 0
    121 to 180 0 0 0 0 0 0 0 0 0 0
    181 to 365 0 0 0 0 0 0 0 0 0 0
    More than 365 0 0 0 0 0 0 0 0 0 0
    Total 0 0 0 0 0 0 0 0 0 0

    Section 8: Complaints and Investigations Notices Received

    Section 31 Section 33 Section 35 Court action Total
    0 0 0 0 0

    Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)

    9.1 Privacy Impact Assessments

    Number of PIA(s) completed 0

    9.2 Personal Information Banks

    Personal Information Banks Active Created Terminated Modified
      57 0 0 0

    Section 10: Material Privacy Breaches

    Number of material privacy breaches reported to TBS 0
    Number of material privacy breaches reported to OPC 0

    Section 11: Resources Related to the Privacy Act

    11.1 Costs

    Expenditures Amount
    Salaries $166,846
    Overtime $0
    Goods and Services $146,493
    Professional services contracts $146,066  
    Other $427
    Total $313,339

    11.2 Human Resources

    Resources Person Years Dedicated
    to Privacy Activities
    Full-time employees 1.220
    Part-time and casual employees 0.000
    Regional staff 0.070
    Consultants and agency personnel 0.560
    Students 0.000
    Total 1.850

    Note: Enter values to three decimal places.

    Supplemental Statistical Report on the Access to Information Act and Privacy Act

    Name of institution: Office of the Superintendent of Financial Institutions

    Reporting period: 2020-04-01 to 2021-03-31

    Section 1: Capacity to Receive Requests

    Enter the number of weeks your institution was able to receive ATIP requests through the different channels.

      Number of Weeks
    Able to receive requests by mail 52
    Able to receive requests by email 52
    Able to receive requests through the digital request service 52

    Section 2: Capacity to Process Records

    2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.

      No Capacity Partial Capacity Full Capacity Total
    Unclassified Paper Records 0 52 0 52
    Protected B Paper Records 0 52 0 52
    Secret and Top Secret Paper Records 52 0 0 52

    2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.

      No Capacity Partial Capacity Full Capacity Total
    Unclassified Electronic Records 0 0 52 52
    Protected B Electronic Records 0 0 52 52
    Secret and Top Secret Electronic Records 52 0 0 52

    APPENDIX B

    DESIGNATION / DÉLÉGATION

    PRIVACY ACT /
    LOI SUR LA PROTECTION DES RENSEIGNEMENTS PERSONNELS

    Privacy Act Designation Order

    By this order made pursuant to section 73 of the Privacy Act, I hereby authorize those officers and employees of the Office of the Superintendent of Financial Institutions occupying, on an acting basis or otherwise, the positions identified within the attached schedule to perform on my behalf any of the powers, duties or functions specified therein.

    This designation replaces and repeals all previous orders.

    Dated in Ottawa on this 5 day of July, 2016

    Arrêté sur la délégation en vertu de la Loi sur la protection des renseignements personnels

    Par le présent arrêté pris en vertu de l'article 73 de la Loi sur la protection des renseignements personnels, j'autorise les agents et les employés du Bureau du surintendant des institutions financières occupant, par intérim ou autrement, les postes identifiés dans l'annexe ci-jointe à exercer en mon nom, les attributions, les fonctions et les pouvoirs qui y sont spécifiés.

    Le présent document remplace et annule tous les arrêtés antérieurs.

    Fait à Ottawa en ce 5 jour de juillet, 2016

    Jeremy Rudin

    Superintendent of Financial Institutions/
    Le surintendant des institutions financières

    SCHEDULE 2

    Designation Order - Privacy Act

    Section Powers, Duties or Functions Assistant
    Superintendent,
    Corporate
    Services
    Director,
    Enterprise
    Information
    Management
    Manager,
    Privacy &
    Access to
    Information
    ATIP
    Coordinator
    8(2)(j) To disclose personal information
    when satisfied that the purpose for
    which the information is disclosed
    cannot reasonably be accomplished
    unless the information is provided in a
    form that identifies the person to
    whom it relates and obtain a written
    undertaking that no subsequent
    disclosure of the information will be
    made in a form that could reasonably
    be expected to identify the individual
    to whom it relates
    X      
    8(2)(m) To disclose personal information
    when public interest outweighs
    invasion of privacy or when disclosure
    benefits the individual
    X      
    8(4) To keep copies of requests made
    under 8(2)(e), keep records of
    information disclosed pursuant to such
    requests and to make those copies and
    records available to Privacy
    Commissioner
    X X X X
    8(5) To notify the Privacy Commissioner
    in writing of disclosure under
    paragraph 8(2)(m)
    X X X X
    9(1) To retain a record of use of personal
    information.
    X X X X
    9(4) To notify the Privacy Commissioner
    of consistent use of personal
    information and update index
    accordingly
    X X X X
    10 To include personal information in
    personal information banks
    X X X X
    14(a) To give written notice as to whether or
    not access will be given
    X X X X
    14(b) To give access to requester X X X X
    15 To extend time limit and give notice
    of extension
    X X X X
    17(2)(b) To determine the necessity for a
    translation or interpretation of a record
    X X X  
    17(3) To determine whether a record should
    be provided in an alternative format
    X X X  
    18(2) To refuse to disclose personal
    information referred to in that section
    X      
    19(1) To refuse to disclose personal
    information referred to in that section
    X      
    19(2) To disclose, with consent, personal
    information referred to in that
    subsection
    X X X  
    20 To refuse to disclose personal
    information referred to in that section
    X      
    21 To refuse to disclose personal
    information referred to in that section
    X      
    22 To refuse to disclose personal
    information referred to in that section
    X      
    22.3 To refuse to disclose personal
    information referred to in that section
    X      
    23 To refuse to disclose personal
    information referred to in that section
    X      
    24 To refuse to disclose personal
    information under that section
    X      
    25 To refuse to disclose personal
    information under that section
    X      
    26 To refuse to disclose personal
    information under that section
    X      
    27 To refuse to disclose personal
    information under that section
    X      
    28 To refuse to disclose personal
    information under that section
    X      
    31 To receive notice of investigation by
    the Privacy Commissioner
    X X X  
    33(2) To make representations to the
    Privacy Commissioner
    X X X X
    35(1) To receive the report of findings of the
    investigation and give notice of action
    taken or proposed to be taken or
    reasons why no action has been or is
    proposed to be taken
    X X X  
    35(4) To provide access to personal
    information
    X X X  
    36(3) To receive the report of findings of the
    investigation of files in exempt banks
    X X X  
    37(3) To receive the report of findings after
    investigation in respect of personal information
    X X X  
    51(2)(b) To request that the matter be heard
    and determined in the National Capital
    Region
    X X X  
    51(3) To request the opportunity to make
    representations ex parte
    X X X  
    72(1) To prepare annual report for
    submission to Parliament
    X X X X

    Privacy Regulations

    Section Powers, Duties or Functions Assistant
    Superintendent,
    Corporate
    Services
    Director,
    Enterprise
    Information
    Management
    Manager,
    Privacy &
    Access to
    Information
    ATIP
    Coordinator
    9 Reasonable facilities and time
    provided to examine personal
    information
    X X X X
    11(2) Notification that correction to personal
    information has been made
    X X X X
    11(4) Notification that correction to personal
    information has been refused
    X X X X
    13(1) Disclosure of personal information
    relating to physical or mental health
    may be made to qualified medical
    practitioner or psychologist for an
    opinion on whether to release
    information to requestor
    X      
    14 Disclosure of personal information
    relating to physical or mental health
    may be made to requestor in presence
    of qualified medical practitioner or
    psychologist
    X