Annual Report to Parliament on the administration of the Privacy Act 2019-2020

Document Properties

  • Type of Publication: Annual Report
  • Date: August 2020

Table of Contents

1. Introduction

The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

This annual report was prepared and submitted in accordance with section 72 of the Privacy Act and covers the period from April 1, 2019 to March 31, 2020.

2. Mandate of the Office of the Superintendent of Financial Institutions (OSFI)

Under its legislation, OSFI's mandate is:

Fostering sound risk management and governance practices

OSFI advances a regulatory framework designed to control and manage risk.

Supervision and early intervention

OSFI supervises federally regulated financial institutions and pension plans to determine whether they are in sound financial condition and meeting regulatory and supervisory requirements.

OSFI promptly advises financial institutions and pension plans if there are material deficiencies, and takes corrective measures or requires that they be taken to expeditiously address the situation.

Environmental scanning linked to safety and soundness of financial institutions

OSFI monitors and evaluates system-wide or sectoral developments that may have a negative impact on the financial condition of federally regulated financial institutions.

Taking a balanced approach

OSFI acts to protect the rights and interests of depositors, policyholders, financial institution creditors and pension plan beneficiaries while having due regard for the need to allow financial institutions to compete effectively and take reasonable risks.

OSFI recognizes that management, boards of directors and pension plan administrators are ultimately responsible for risk decisions, that financial institutions can fail, and pension plans can experience financial difficulties resulting in the loss of benefits.

In fulfilling its mandate, OSFI supports the government's objective of contributing to public confidence in the Canadian financial system.

The Office of the Chief Actuary is an independent unit within OSFI that provides a range of actuarial valuation and advisory services to the Government of Canada. In conducting its work, the OCA plays a vital and independent role towards a financially sound and sustainable Canadian public retirement income system.

3. Strategic Outcomes

Primary to OSFI's mandate and central to its contribution to Canada's financial system are two strategic outcomes:

  1. A safe and sound Canadian financial system
  2. A financially sound and sustainable Canadian public retirement income system.

For the purposes of the Privacy Act, the head of OSFI is the Superintendent and the responsible minister is the Minister of Finance.

4. Administration of the Privacy Act

4.1 Access to Information and Privacy (ATIP) Unit

The Access to Information and Privacy (ATIP) Unit is part of the Enterprise Information Management (EIM) directorate within the Information Management/Information Technology (IM/IT) Division. The unit is responsible for administering the Act for the Office of the Superintendent of Financial Institutions. As such, the ATIP unit coordinates the timely processing of requests under the legislation, handles complaints lodged with the Privacy Commissioner, and responds to informal inquiries. The ATIP unit also provides advice and guidance to Office staff on matters involving the Act.

The Manager, Privacy and Access to Information reports to the Director, EIM and is supported by an ATIP Officer and a Junior ATIP Officer. In 2018-2019, due to the increased demand for privacy impact assessments and privacy protocols for the use of personal information for a non-administrative purpose, OSFI created and staffed the Manager, Privacy position. This position is dedicated to overseeing the administration of the Privacy Act, Regulations and related policies as well as providing input and support to IM/IT projects and to ensure EIM considerations (e.g. Privacy, Information lifecycle management) are suitably addressed. Staffing is currently underway to hire a Privacy Officer to support this role. The ATIP unit also relied upon the support of contract resources.

4.2 Institutional changes to the administration of the Privacy Act

No significant institutional changes to the administration of the Privacy Act to report during this reporting period.

4.3 Education and Training

Training efforts over the last year have been focused on continued privacy awareness building with staff in service areas supporting project delivery in Information Management/Information Technology, with Regulatory Data Governance, and within the Office's senior and operational governance committees. Training efforts also focused on ATIP awareness for all OSFI staff as part of an Information Management and ATIP awareness program. OSFI held four awareness sessions and a total of 50 employees attended.

4.4 Processing of Privacy Requests

All formal privacy requests are submitted to the Manager, Privacy and Access to Information, who reviews and assigns them to an ATIP Officer. The Officer requests the information from the appointed sectoral ATIP Liaison Officer(s) concerned. In gathering the material and subsequently reviewing it, the ATIP Office provides advice and direction to ensure that the provisions of the Act are respected.

Assembled material is reviewed by the ATIP Officer and the Manager, Privacy and Access to Information. The material and the recommendations pertaining to each request are then submitted to the program area for validation. Once agreed, the release package is submitted to the Assistant Superintendent, Corporate Services for review and approval.

Employees have the right to review their personal records at intervals specified in the various collective agreements. To exercise this right, an employee contacts the appropriate official in the Human Resources and Administration Division. The review of personal records is considered informal and no data on these requests is compiled. The employee, however, does have the option of submitting a formal request under the privacy legislation. Employees of the Human Resources and Administration Division are aware of the provisions of the Privacy Act as they relate to the use and disclosure of personal information.

4.5 Delegation of Authority

Delegation orders set out what powers, duties and functions for the administration of the Privacy Act have been delegated by the head of the institution and to whom. Administration of the Privacy Act at OSFI is the responsibility of the Superintendent. The authority to claim exemptions and to issue various statutory notices has been delegated to the Assistant Superintendent, Corporate Services. The authority to issue various statutory notices has also been delegated to the Director, Enterprise Information Management, the Manager, Privacy and Access to Information and the ATIP Coordinator.

4.6 Monitoring Compliance

The time taken to process personal information requests and requests for the correction of personal information is tracked in the ATIP tracking system. The ATIP caseload is reviewed monthly with the Director, EIM and the anticipated responses to privacy requests are ultimately reviewed and approved by the Assistant Superintendent, Corporate Services. Concerns are raised as appropriate throughout the lifecycle of the request and priority is given to fulfilling OSFI's statutory obligations.

4.7 Summary of significant changes to programs, operations, policies or procedures

In 2019-2020, an external consultant was engaged to perform a LEAN assessment of OSFI's ATIP processes. Several recommedations were subsequesntly made and are under consideration. The most significant of these recommendations was the establishment of the ATIP Liaison role. The ATIP Office has since developed and implemented the role of ATIP Liaison within each sector. The Liaisons facilitate the ATIP process by acting as subject matter experts (SME's) and as a single point of contact for their respective sectors.

OSFI's existing Information Management/Information Technology (IM/IT) polices and infrastructure allowed the organization to avoid any significant disruptions relating to the COVID-19 pandemic and have had little effect on OSFI's ability to fulfill its responsibilities under the Privacy Act. The planned review of current ATIP procedures and the selection/training of new ATIP Liaisons was accelerated to coincide with OSFI's work-from-anywhere posture. With the closure of OSFI's offices on March 13th, employees were no longer able to access paper files. Requests received by OSFI through the mail are retrieved by the Manager, Access to Information and Privacy on a weekly basis.

4.8 Reading room

In accordance with the Privacy Act, a public reading room is available in Ottawa. It is located at 255 Albert Street, on the 16th floor. The reading room was not available to the public as of March 13th 2020 due to necessary restrictions arising from the COVID-19 pandemic.

5. Interpretation of the Statistical Report

Part 1 – Requests under the Privacy Act

Due to the nature of OSFI's work regulating and supervising financial institutions and private pension plans under federal jurisdiction, much of the information in the Office's possession is third-party business information rather than personal information about individuals. The financial institutions and pension plans are OSFI's clients. As OSFI does not provide services directly to individuals, the volume of personal information collected by the Office is relatively small. This information is generally limited to employment records of current and previous OSFI employees and information about individual contract consultants at OSFI.

In 2019-2020, six new requests were received. Since the inception of the Privacy Act, July 1, 1983, OSFI has received 67 privacy requests.

Part 2 – Requests closed during the reporting period

The following table summarizes the actions taken with respect to the completed requests:

DispositionNumber of requests
All disclosed2
Disclosed in part0
All exempted0
All excluded0
No records exist3
Request abandoned1
Neither confirmed nor denied0
Total 6

For the 6 requests received in 2019-2020:

  • 2 were completed in less than 15 days;
  • 1 was completed in 16 to 30 days; and
  • 3 were completed in 31 to 60 days.

Exemptions

No exemptions were applied during the reporting period.

Exclusions

No exclusions were cited during the reporting period.

Format of information released

No information was released pursuant to a request under the Privacy Act during the reporting period.

Relevant pages processed and disclosed by size of requests

497 relevant pages were processed and 439 pages disclosed during the reporting period.

Other complexities

To complete the processing of the requests, 2 required consultations during this reporting period.

Deemed refusal

There were no deemed refusals during this reporting period.

Request for translation

No requests for translation were made during this reporting period.

Part 3 – Disclosures under Subsections 8(2) and 8(5)

No disclosures were made pursuant to subsections 8(2)(e), 8(2)(m) or 8(5) of the Privacy Act during this reporting period.

Part 4 – Request for correction of personal information and notations

No requests for correction of personal information and no notations were made during this reporting period.

Part 5 – Extensions

Additional 30 day extensions were required for 3 requests during this reporting period:

  • 1 pursuant to s.15(a)(i) – Large volume of pages;
  • 2 pursuant to s.15(a)(ii) – External consultations.

Part 6 – Consultations received from other government institutions and organizations

No consultations from other government institutions and organizations were received during the reporting period.

Part 7 – Completion time of consultations on Cabinet confidences

No consultations with respect to Cabinet confidences were required during the reporting period.

Part 8 – Resources related to the Privacy Act

The cost to administer the Act during this reporting period was $239,930.

6. Complaints and Investigations

OSFI did not receive any complaints pursuant to the Privacy Act during this reporting period.

7. Privacy Breaches

There were no material privacy breaches reported during the 2019-2020 fiscal year.

8. Appeals to the Federal Court of Canada

8.1 Major changes implemented as a result of concerns or issues raised by the Privacy Commissioner of Canada in her annual report to Parliament

The Privacy Commissioner of Canada did not raise any concerns or issues related to OSFI, therefore no major changes were implemented.

8.2 Major changes implemented as a result of concerns or issued raised by other agents of Parliament

No major changes were implemented by OSFI, as other agents of Parliament did not raise any concerns or issues.

8.3 Number of applications or appeals to the Federal Court or the Federal Court of Appeal during the fiscal year

There were no privacy related applications or appeals to the Federal Court or the Federal Court of Appeal during this fiscal year related to OSFI.

9. Completed Privacy Impacts Assessments

No privacy impact assessments (PIA) were completed in 2019-2020; however, OSFI did complete 4 privacy protocols for personal information being used for a non-administrative purpose.

APPENDIX A

Statistical Report on the Privacy Act

Name of institution: Office of the Superintendent of Financial Institutions

Reporting period: 2019-04-01 to 2020-03-31

Section 1: Requests Under the Privacy Act

1.1 Number of requests

Number of Requests
Received during reporting period6
Outstanding from previous reporting period0
Total 6
Closed during reporting period6
Carried over to next reporting period0

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

Disposition of
Requests
Completion Time
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More
Than 365
Days
Total
All disclosed00200002
Disclosed in part00000000
All exempted00000000
All excluded00000000
No records exist11100003
Request abandoned10000001
Neither confirmed nor denied00000000
Total 2 1 3 0 0 0 0 6

TBS/SCT 350-63

2.2 Exemptions

SectionNumber of
Requests
SectionNumber of
Requests
SectionNumber of
Requests
18(2)022(1)(a)(i)023(a)0
19(1)(a)022(1)(a)(ii)023(b)0
19(1)(b)022(1)(a)(iii)024(a)0
19(1)(c)022(1)(b)024(b)0
19(1)(d)022(1)(c)0250
19(1)(e)022(2)0260
19(1)(f)022.10270
20022.2027.10
21022.30280
 22.40 

2.3 Exclusions

SectionNumber of
Requests
SectionNumber of
Requests
SectionNumber of
Requests
69(1)(a)070(1)070(1)(d)0
69(1)(b)070(1)(a)070(1)(e)0
69.1070(1)(b)070(1)(f)0
70(1)(c)070.10

2.4 Format of information released

PaperElectronicOther
200

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of Pages
Processed
Number of Pages
Disclosed
Number of Requests
4974393
2.5.2 Relevant pages processed and disclosed by size of requests
DispositionLess Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
All disclosed171432000000
Disclosed in part0000000000
All exempted0000000000
All excluded0000000000
Request abandoned1000000000
Neither confirmed nor denied0000000000
Total 2 7 1 432 0 0 0 0 0 0
2.5.3 Other complexities
DispositionConsultation
Required
Legal Advice
Sought
Interwoven
Information
OtherTotal
All disclosed20002
Disclosed in
part
00000
All exempted00000
All excluded00000
Request abandoned00000
Neither
confirmed
nor denied
00000
Total 2 0 0 0 2

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines
Requests closed within legislated timelines
Number of requests closed within legislated timelines6
Percentage of requests closed within legislated timelines (%)100

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines
Number of Requests Closed Past the Legislated TimelinesPrincipal Reason
Interference with Operations / WorkloadExternal ConsultationInternal ConsultationOther
00000
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past
Legislated Timelines
Number of Requests Past
Legislated Timeline
Where No Extension Was
Taken
Number of Requests
Past Legislated
Timelines Where an
Extension Was Taken
Total
1 to 15 days000
16 to 30 days000
31 to 60 days000
61 to 120 days000
121 to 180 days000
181 to 365 days000
More than 365 days000
Total 0 0 0

2.8 Requests for translation

Translation RequestsAcceptedRefusedTotal
English to French000
French to English000
Total 0 0 0

Section 3: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e)Paragraph 8(2)(m)Subsection 8(5)Total
0000

Section 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests ReceivedNumber
Notations attached0
Requests for correction accepted0
Total 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests

Number of
requests
where an
extension
was taken
15(a)(i) Interference with operations15 (a)(ii) Consultation 15(b)
Translation
purposes or
conversion
Further review
required to
determine
exemptions
Large volume of
pages
Large volume of
requests
Documents are
difficult to obtain
Cabinet
Confidence
Section (Section 70)
ExternalInternal
301000200

5.2 Length of extensions

Length of
Extensions
15(a)(i) Interference with operations15 (a)(ii) Consultation 15(b)
Translation
purposes or
conversion
Further review
required to
determine
exemptions
Large volume of
pages
Large volume of
requests
Documents are
difficult to obtain
Cabinet
Confidence
Section (Section 70)
ExternalInternal
1 to 15 days00000000
16 to 30 days01000200
31 days or greater        0
Total 0 1 0 0 0 2 0 0

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

ConsultationsOther
Government of
Canada
Institutions
Number of
Pages to
Review
Other
Organizations
Number of
Pages to
Review
Received during the reporting period0000
Outstanding from the previous reporting period0000
Total 0 0 0 0
Closed during the reporting period0000
Carried over to the next reporting period0000

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

RecommendationNumber of Days Required to Complete Consultation Requests
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More
Than
365
Days
Total
All disclosed00000000
Disclosed in part00000000
All exempted00000000
All excluded00000000
Consult other institution00000000
Other00000000
Total 0 0 0 0 0 0 0 0

6.3 Recommendations and completion time for consultations received from other organizations

RecommendationNumber of days required to complete consultation requests
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More
Than
365
Days
Total
All disclosed00000000
Disclosed in part00000000
All exempted00000000
All excluded00000000
Consult other institution00000000
Other00000000
Total 0 0 0 0 0 0 0 0

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

Number of DaysFewer Than 100
Pages Processed
101-500 Pages
Processed
501-1000 Pages
Processed
1001-5000 Pages
Processed
More Than 5000
Pages Processed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
1 to 150000000000
16 to 300000000000
31 to 600000000000
61 to 1200000000000
121 to 1800000000000
181 to 3650000000000
More than 3650000000000
Total 0 0 0 0 0 0 0 0 0 0

7.2 Requests with Privy Council Office

Number of DaysFewer Than 100
Pages Processed
101-500 Pages
Processed
501-1000 Pages
Processed
1001-5000 Pages
Processed
More Than 5000
Pages Processed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
1 to 150000000000
16 to 300000000000
31 to 600000000000
61 to 1200000000000
121 to 1800000000000
181 to 3650000000000
More than 3650000000000
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and Investigations Notices Received

Section 31Section 33Section 35Court actionTotal
00000

Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)

9.1 Privacy Impact Assessments

Number of PIA(s) completed0

9.2 Personal Information Banks

Personal Information BanksActiveCreatedTerminatedModified
 57000

Section 10: Material Privacy Breaches

Number of material privacy breaches reported to TBS0
Number of material privacy breaches reported to OPC0

Section 11: Resources Related to the Privacy Act

11.1 Costs

ExpendituresAmount
Salaries$136,899
Overtime$0
Goods and Services$103,031
Professional services contracts$103,031
Other$0
Total $239,930

11.2 Human Resources

ResourcesPerson Years Dedicated
to Privacy Activities
Full-time employees0.99
Part-time and casual employees0.00
Regional staff0.02
Consultants and agency personnel0.36
Students0.00
Total 1.37

Note: Enter values to two decimal places.

Supplemental Statistical Report on the Privacy Act

The following table reports the total number of formal requests received during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 4 – Requests Received

 Column (Col.) 1
Number of requests
Row
1
Received from 2019-04-01 to 2020-03-136
Row
2
Received from 2020-03-14 to 2020-03-310
Row
3
Total Table 4 - Footnote 16
Table 4 - Footnote 1

Total for Row 3 should equal the total in the Privacy Statistical Report Section 1.1 Row 1

Return to Table 4 - Footnote 1

The following table reports the total number of requests closed within the legislated timelines and the number of closed requests that were deemed refusals during two periods 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 5 – Requests Closed

 Col. 1Col. 2
Number of requests
closed within the
legislated timelines
Number of requests
closed past the
legislated timelines
Row
1
Received from 2019-04-01 to
2020-03-13 and outstanding from
previous reporting periods
60
Row
2
Received from 2020-03-14 to
2020-03-31
00
Row
3
Total Table 5 - Footnote 160
Table 5 - Footnote 1

Total for Row 3 Col. 1 should equal the total in the Privacy Statistical Report Section 2.6.1 Row 1 -- Total for Row 3 Col. 2 should equal the total in the Privacy Statistical Report Section 2.7.1. Col. 1 Row 1

Return to Table 5 - Footnote 1

The following table reports the total number of requests carried over during two periods; 2019-04-01 to 2020-03-13 and 2020-03-14 to 2020-03-31.

Table 6 – Requests Carried Over

 Col. 1
Number of requests
Row
1
Requests received from 2019-04-01 to 2020-03-13 and
outstanding from previous reporting period that were
carried over to the 2020-2021 reporting period
0
Row
2
Requests received from 2020-03-14 to 2020-03-31 that
were carried over to the 2020-2021 reporting period
0
Row
3
Total Table 6 - Footnote 10
Table 6 - Footnote 1

Total for Row 3 should equal the total in the Privacy Statistical Report Section 1.1 Row 5

Return to Table 6 - Footnote 1

APPENDIX B

DESIGNATION / DÉLÉGATION

PRIVACY ACT /
LOI SUR LA PROTECTION DES RENSEIGNEMENTS PERSONNELS

Privacy Act Designation Order

By this order made pursuant to section 73 of the Privacy Act, I hereby authorize those officers and employees of the Office of the Superintendent of Financial Institutions occupying, on an acting basis or otherwise, the positions identified within the attached schedule to perform on my behalf any of the powers, duties or functions specified therein.

This designation replaces and repeals all previous orders.

Dated in Ottawa on this 5 day of July, 2016

Arrêté sur la délégation en vertu de la Loi sur la protection des renseignements personnels

Par le présent arrêté pris en vertu de l'article 73 de la Loi sur la protection des renseignements personnels, j'autorise les agents et les employés du Bureau du surintendant des institutions financières occupant, par intérim ou autrement, les postes identifiés dans l'annexe ci-jointe à exercer en mon nom, les attributions, les fonctions et les pouvoirs qui y sont spécifiés.

Le présent document remplace et annule tous les arrêtés antérieurs.

Fait à Ottawa en ce 5 jour de juillet, 2016

Jeremy Rudin

Superintendent of Financial Institutions/
Le surintendant des institutions financières

SCHEDULE 2

Designation Order - Privacy Act

SectionPowers, Duties or FunctionsAssistant
Superintendent,
Corporate
Services
Director,
Enterprise
Information
Management
Manager,
Privacy &
Access to
Information
ATIP
Coordinator
8(2)(j)To disclose personal information
when satisfied that the purpose for
which the information is disclosed
cannot reasonably be accomplished
unless the information is provided in a
form that identifies the person to
whom it relates and obtain a written
undertaking that no subsequent
disclosure of the information will be
made in a form that could reasonably
be expected to identify the individual
to whom it relates
X
8(2)(m)To disclose personal information
when public interest outweighs
invasion of privacy or when disclosure
benefits the individual
X
8(4)To keep copies of requests made
under 8(2)(e), keep records of
information disclosed pursuant to such
requests and to make those copies and
records available to Privacy
Commissioner
XXXX
8(5)To notify the Privacy Commissioner
in writing of disclosure under
paragraph 8(2)(m)
XXXX
9(1)To retain a record of use of personal
information.
XXXX
9(4)To notify the Privacy Commissioner
of consistent use of personal
information and update index
accordingly
XXXX
10To include personal information in
personal information banks
XXXX
14(a)To give written notice as to whether or
not access will be given
XXXX
14(b)To give access to requesterXXXX
15To extend time limit and give notice
of extension
XXXX
17(2)(b)To determine the necessity for a
translation or interpretation of a record
XXX
17(3)To determine whether a record should
be provided in an alternative format
XXX
18(2)To refuse to disclose personal
information referred to in that section
X
19(1)To refuse to disclose personal
information referred to in that section
X
19(2)To disclose, with consent, personal
information referred to in that
subsection
XXX
20To refuse to disclose personal
information referred to in that section
X
21To refuse to disclose personal
information referred to in that section
X
22To refuse to disclose personal
information referred to in that section
X
22.3To refuse to disclose personal
information referred to in that section
X
23To refuse to disclose personal
information referred to in that section
X
24To refuse to disclose personal
information under that section
X
25To refuse to disclose personal
information under that section
X
26To refuse to disclose personal
information under that section
X
27To refuse to disclose personal
information under that section
X
28To refuse to disclose personal
information under that section
X
31To receive notice of investigation by
the Privacy Commissioner
XXX
33(2)To make representations to the
Privacy Commissioner
XXXX
35(1)To receive the report of findings of the
investigation and give notice of action
taken or proposed to be taken or
reasons why no action has been or is
proposed to be taken
XXX
35(4)To provide access to personal
information
XXX
36(3)To receive the report of findings of the
investigation of files in exempt banks
XXX
37(3)To receive the report of findings after
investigation in respect of personal information
XXX
51(2)(b)To request that the matter be heard
and determined in the National Capital
Region
XXX
51(3)To request the opportunity to make
representations ex parte
XXX
72(1)To prepare annual report for
submission to Parliament
XXXX

Privacy Regulations

SectionPowers, Duties or FunctionsAssistant
Superintendent,
Corporate
Services
Director,
Enterprise
Information
Management
Manager,
Privacy &
Access to
Information
ATIP
Coordinator
9Reasonable facilities and time
provided to examine personal
information
XXXX
11(2)Notification that correction to personal
information has been made
XXXX
11(4)Notification that correction to personal
information has been refused
XXXX
13(1)Disclosure of personal information
relating to physical or mental health
may be made to qualified medical
practitioner or psychologist for an
opinion on whether to release
information to requestor
X
14Disclosure of personal information
relating to physical or mental health
may be made to requestor in presence
of qualified medical practitioner or
psychologist
X