Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Offices of the Information and Privacy Commissioners of Canada

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.



Office of the Information Commissioner of Canada

Office of the Privacy Commissioner of Canada



Table of Contents

Office of the Privacy Commissioner of Canada

Section I: Overview

1.1 Message from the Privacy Commissioner of Canada
1.2 Management Representation Statement
1.3 Raison d'Être
1.4 Organizational Information
1.5 Values
1.6 Expected Results
1.7 Voted and Statutory Items Displayed in Main Estimates
1.8 Departmental Planned Spending and Full-Time Equivalents
1.9 Financial and Human Resources

Section II: Plans and Priorities

2.1 Factors Influencing Privacy and the OPC
2.2 Summary of OPC Plans and Priorities for 2008-2009
2.3 Link Between Priorities, Expected Results and Program Activities
2.4 Analysis by Program Activity

Section III: Supplementary Information

3.1 Link to the Government of Canada Outcomes
3.2 Resource Tables
3.3 Sources of Additional Information

Office of the Information Commissioner of Canada

Section I: Overview*

1.1Message from the Information Commissioner of Canada*

1.2Management Representation Statement*

1.3Raison d’être*

1.4Organizational Information*

1.5Program Activity Architecture (PAA) Crosswalk*

1.6Expected Results*

1.7Voted and Statutory Items Displayed in Main Estimates*

1.8Planned Spending and Full-Time Equivalents*

1.9Financial and Human Resources*

Section II: Plans and Priorities*

2.1Factors Influencing the OIC*

2.2Summary of OIC Plans and Priorities for 2008-2009*

2.3Analysis by Program Activity*

Section III: Supplementary Information*

3.1Link to the Government of Canada Outcomes*

3.2Services Received Without Charge*

3.3Sources of Additional Information*




2008-2009
Reports on Plans and Priorities



Office of the Privacy Commissioner of Canada






The Honourable Robert D. Nicholson, P.C., Q.C., M.P.
Minister of Justice and Attorney General of Canada




Section I: Overview

1.1 Message from the Privacy Commissioner of Canada

Jennifer StoddartI am pleased to present this 2008-2009 Report on Plans and Priorities, which sets out the strategic directions, priorities, expected results and spending estimates for the Office of the Privacy Commissioner of Canada (OPC) for the coming fiscal year.

Globalization raises the challenge of trying to find a cross-border privacy language.  Technological advances hold out the promise of greater convenience, but sometimes at a cost to human rights such as privacy and the ability to control our personal information.

Meanwhile, governments and businesses have a seemingly insatiable appetite for personal information. 

Governments appear to believe – mistakenly, I would argue – that the key to national security and public safety is collecting mountains of personal data.  Privacy often receives short shrift as new anti-terrorism and law enforcement initiatives are rolled out.

Personal information has also become a hot commodity in the private sector.   Our names, addresses, purchases, interests, likes and dislikes are recorded, analysed and stored – all so companies can sell us more products and services. 

Adding to our concerns is the fact many businesses fail to adequately protect this sensitive information – leaving it vulnerable to hackers and identity thieves. 

The list of issues that the Office of the Privacy Commissioner deals with on a daily basis – through investigations, for example – will always be a lengthy one.  In the 2008-2009 Report on Plans and Priorities, we have identified four priority privacy issues: information technology, national security, identity integrity and protection, and genetic information.

The OPC has identified five corporate priorities for the planning period of this Report on Plans and Priorities to give focus to its activities and move further towards achieving its Strategic Outcome of protecting the privacy rights of individuals.  The five priorities are as follows:

  • Continue to improve service delivery through focus and innovation;
  • Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information);
  • Strategically advance global privacy protection for Canadians;
  • Support Canadians to make informed privacy decisions; and
  • Build a sustainable organizational capacity.

We have set an ambitious agenda for ourselves over the coming few years.  My commitment to Canadians is to be passionate and persistent in defending their privacy rights as we work to address all of these crucial issues.

 

Jennifer Stoddart
Privacy Commissioner of Canada

1.2 Management Representation Statement

I submit for tabling in Parliament the 2008-2009 Report on Plans and Priorities (RPP) for the Office of the Privacy Commissioner of Canada (OPC).

This document has been prepared based on the reporting principles contained in Guide for the Preparation of Part III of the 2008-2009 Estimates: Reports on Plans and Priorities and Departmental Performance Reports:

  • It adheres to the specific reporting requirements outlined in the Treasury Board Secretariat guidance;
  • It is based on the OPC’s Strategic Outcome and Program Activity Architecture structure approved by the Treasury Board;
  • It presents consistent, comprehensive, balanced and reliable information;
  • It provides a basis of accountability for the results achieved with the resources and authorities entrusted to the OPC; and
  • It reports finances based on approved planned spending numbers from the Treasury Board Secretariat.

 

Jennifer Stoddart
Privacy Commissioner of Canada

1.3 Raison d'Être

The mandate of the OPC is to protect and promote the privacy rights of individuals. 

The OPC is responsible for overseeing compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.   

The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate.

The Commissioner is an advocate for the privacy rights of Canadians and her powers include:

  • Investigating complaints, conducting audits and pursuing court action under two federal laws;
  • Publicly reporting on the personal information-handling practices of public and private sector organizations;
  • Supporting, undertaking and publishing research into privacy issues; and
  • Promoting public awareness and understanding of privacy issues.

The Commissioner works independently from any other part of the government to investigate complaints from individuals with respect to the federal public sector and the private sector.  In public sector matters, individuals may complain to the Commissioner about any matter specified in Section 29 of the Privacy Act.  This Act applies to personal information held by Government of Canada institutions. 

For matters relating to personal information in the private sector, the Commissioner may investigate all complaints under Section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Québec, British Columbia, and Alberta.   Ontario now falls into this category with respect to personal health information held by health information custodians under its health sector privacy law.  However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees.  Also, PIPEDA applies to all personal data that flows across provincial or national borders, in the course of commercial transactions involving organizations subject to the Act or to substantially similar legislation. 

We focus on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate.  However, if voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence.  In cases that remain unresolved, particularly under PIPEDA, the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.

As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:

  • Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
  • Pursuing legal action before Federal Courts where matters remain unresolved;
  • Assessing compliance with obligations contained in the Privacy Act and PIPEDA through the conduct of independent audit and review activities and publicly reporting on findings;
  • Advising on, and reviewing, privacy impact assessments (PIAs) of new and existing government initiatives;
  • Providing legal and policy analyses to help guide Parliament’s review of legislation and government programs to ensure respect for individuals’ right to privacy;
  • Responding to inquiries from Parliamentarians, individual Canadians and organizations seeking information and guidance and taking proactive steps to inform them of emerging privacy issues;
  • Promoting public awareness and compliance, and fostering understanding of privacy rights and obligations through: proactive engagement with federal government institutions, industry associations, legal community, academia, professional associations, and other stakeholders; and the preparation and dissemination of public education materials, positions on evolving legislation, regulations and policies, guidance documents and research findings for use by the general public, federal government institutions and private sector organizations;
  • Providing legal opinions and litigating court cases to advance the interpretation and application of federal privacy laws;
  • Monitoring trends in privacy practices, identifying systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
  • Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever-increasing flow of data across borders.

1.4 Organizational Information

The OPC organizational chart is as follows, and each function is described underneath.

Organizational Chart

The Research, Education and Outreach Relations Branch is responsible for researching privacy and technology issues to support policy development, investigations, audits and reviews.  It administers the Contributions Program, which was launched in 2004 to support cutting-edge research into privacy promotion and protection.  In addition, the Branch carries out public education and outreach activities, including international outreach and stakeholder engagement activities.

The Communications Branch provides strategic advice on external and internal communications activities undertaken by the OPC. The Branch is responsible for analyzing public perception of privacy issues through media monitoring and the interpretation of public opinion polling. Branch activities that inform Canadians include proactive media relations, the planning and distribution of corporate publications, and the oversight of the OPC Web site.

The Investigations and Inquiries Branch is responsible for investigating complaints received from individuals and incidents of mismanagement of personal information.  The Branch’s Inquiries Division responds to thousands of inquiries annually from the general public and organizations. 

The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws.  The Branch also analyses and provides recommendations on privacy impact assessment reports (PIAs) submitted to the OPC pursuant to the Treasury Board Secretariat Policy on PIAs.

The Legal Services and Policy Branch provides specialized legal advice to the Commissioner, the Investigations and Inquiries Branch and the Audit and Review Branch to support the interpretation and application of both enabling laws.  The Legal Services and Policy Branch represents the OPC in privacy matters that proceed before the Federal Courts, conducts legal and policy review and analyses of Bills tabled in Parliament and generally advises the Commissioners on a variety of corporate legal matters.  The Branch also develops and advises on legal and policy positions for the OPC, and is responsible for parliamentary affairs.

The Human Resources Branch is responsible for the provision of strategic advice, management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation.

The Corporate Services Branch, headed by the Chief Financial Officer, provides advice and integrated administrative services (corporate planning, finance, information management/technology and general administration) to managers and staff.

1.5 Values

The OPC is committed to the upholding values and ethics in the workplace and senior managers agree, as part of their performance management agreements, to:

  • Lead a representative workplace in which every employee feels valued, respected, informed, involved and engaged in their work; and
  • Effectively manage financial resources within delegated authorities in accordance with the principles of modern comptrollership.

In addition, the OPC is committed to the principles of Employment Equity and achieving equality in the workplace.  Our Employment Equity program aims to ensure that all designated groups are fully represented.  Members of the Senior Management Committee discuss their accountability for the Employment Equity Plan and the achievement of employment equity goals and objectives at least once a year.

1.6 Expected Results

The OPC continues to pursue the protection of individuals’ privacy rights as articulated in its Results Framework, shown in Figure 1, which identifies the outcomes that Parliamentarians and Canadians may expect to benefit from the OPC activities.

Figure 1: OPC Results Framework


Strategic Outcome The privacy rights of individuals are protected.
 
Ultimate Outcome The Office of the Privacy Commissioner plays a lead role in influencing federal government institutions and private sector organizations to respect the privacy rights of individuals and protect their personal information.
  Program Activity 1:
Compliance activities
Program Activity 2:
Research and policy development
Program Activity 3:
Public outreach
Intermediate Outcomes Individuals receive effective responses to their inquiries and complaints.

Federal government institutions and private sector organizations meet their obligations under federal privacy legislation and implement modern principles of personal information protection.

Parliamentarians and others have access to clear, relevant information, and timely and objective advice about the privacy implications of evolving legislation, regulations and policies.

 

Individuals have relevant information about privacy rights and are enabled to guard against threats to their personal information.

Federal government institutions and private sector organizations understand their obligations under federal privacy legislation.

 
Immediate Outcomes The process to respond to inquiries and investigate complaints is effective and efficient.

The process to conduct audits and reviews is effective and efficient, including effective review of privacy impact assessments (PIAs) for new and existing government initiatives.

The work of Parliamentarians is supported by an effective capacity to identify privacy issues, and to develop policy positions for the federal public and private sectors, which are respectful of privacy.

Knowledge about systemic privacy issues in Canada is enhanced through research, with a view to raising awareness and improving privacy management practices.

Individuals receive and have easy access to relevant information about privacy and personal data protection, enabling them to better protect themselves and exercise their rights.

Federal government institutions and private sector organizations receive useful guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance.

 
The Management Component enables the OPC to deliver its privacy business The Office of the Privacy Commissioner achieves a standard of organizational excellence, and managers and staff apply sound business management practices.
  • Key elements of the OPC Management Accountability Framework are integrated into management practices and influence decision-making at all levels.
  • The OPC has a productive, principled, sustainable and adaptable workforce that achieves results in a fair, healthy and enabling workplace.
  • HR management practices reflect new accountabilities stemming from Public Service Modernization Act (PSMA) and Public Service Employment Act (PSEA).
  • Managers and staff demonstrate exemplary professional and ethical conduct in all of their work, and are responsive to the highly visible and complex nature of the environment in which they operate.
  • The performance of the OPC is defined, measured and reported upon regularly in a meaningful and transparent manner.

1.7 Voted and Statutory Items Displayed in Main Estimates

($000)



Vote or
Statutory Item
Truncated Vote or Statutory Wording 2008–2009
Main Estimates
2007–2008
Main Estimates
45 Program expenditures 15,898 16,262
(S) Contributions to employee benefit plans 1,929 2,084
  Total Department or Agency 17,827 18,346

1.8 Departmental Planned Spending and Full-Time Equivalents


 

($000)

Forecast
Spending
2007–2008
Planned
Spending
2008–2009
Planned
Spending
2009–2010
Planned
Spending
2010–2011
 

 

 

 

 

Compliance Activities 10,084 9,675 9,672 9,672
Research & Analysis 4,606 4,386 4,385 4,385
Public Outreach 3,656 3,766 3,785 3,785
Total Planned Spending 18,346 17,827 17,842 17,842
         
Adjustments        
Implementation of the Federal Accountability Act 1,365 1,152 1,155 1,159
         
Total Planned Spending $19,711 $18,979 $18,997 $19,001
Full Time Equivalents 154 150 150 150

The amounts under “Adjustments” include resources that will be required for new responsibilities related to the implementation of the Federal Accountability Act (FedAA); namely the creation of an office to manage access to information and privacy requests and additional privacy investigators to handle new organizations that are now subject to the Privacy Act.  Funds for the implementation of the FedAA within the OPC have been earmarked within the Government of Canada fiscal framework.  However, final spending plans will only be determined once a detailed business case has been prepared and submitted to the Parliamentary Panel on the Funding of Officers of Parliament and subsequently approved by Treasury Board ministers.

1.9 Financial and Human Resources

The following two tables present the financial and human resources of the OPC over the next three fiscal years.

Financial Resources (planned)


2008-2009 2009-2010 2010-2011
$18,979,000 $18,997,000 $19,001,000

Human Resources (planned)


2008-2009 2009-2010 2010-2011
150 FTEs* 150 FTEs 150 FTEs

* FTE: Full-Time Equivalent



Section II: Plans and Priorities

2.1 Factors Influencing Privacy and the OPC

Operating Environment

This section describes the operating environment of the OPC in three parts. The first part describes the major program delivery mechanisms; the second and third parts describe important internal and external factors affecting program delivery.

Major Program Delivery Mechanisms

Investigations and Inquiries

The OPC seeks to promote fair information management practices by both public and private sector organizations in Canada in accordance with two federal privacy laws.  The Privacy Act was enacted in 1983, and PIPEDA, which began coming into effect in 2001, came into full force in 2004.  Complaint investigations, which are conducted by the OPC’s Investigations and Inquiries Branch, are the principal means of enforcement. The Branch investigates complaints from individuals alleging that their personal information has been collected, used or disclosed inappropriately. 

In conducting this work, the Investigations and Inquiries Branch is supported by activities of other branches, such as the Legal Services and Policy Branch and the Research, Education and Outreach Branch.  The Legal Services and Policy Branch provides legal and policy advice on the interpretation and application of both Acts and represents the OPC in matters that proceed before Federal Court. The Research, Education and Outreach Branch provides investigators with research material to assist with the development of needed expertise in such areas as newly emerging technologies, which are the subject of an increasing number of complaints to the OPC.

The Investigations and Inquiries Branch also responds to inquiries from members of the general public, government institutions, private sector organizations, and the legal community, who contact the OPC on a wide variety of privacy-related issues.   

Audits and Reviews

To safeguard Canadians’ right to privacy and encourage the application of fair information practices by federal government institutions, the OPC’s Audit and Review Branch conducts compliance reviews under Section 37 of the Privacy Act.   These reviews assess systems and practices for managing personal information, from collection to disposal, by federal departments and agencies.  The OPC also has the mandate, under Section 18 of PIPEDA, to conduct audits of the personal information management practices in the private sector where the Commissioner has reasonable grounds to believe there is non-compliance with PIPEDA.  The Audit and Review Branch is likewise supported by the Legal Services and Policy Branch and the Research, Education and Outreach Branch as needed. 

Privacy Impact Assessments

The Government of Canada’s Policy on Privacy Impact Assessments (PIA) has added to the responsibilities of the OPC.  Our role, as defined in the Policy, is to assess the extent to which a department’s PIA has succeeded in identifying privacy risks associated with a new or significantly changed program, project or system and to comment on the appropriateness of the measures proposed to mitigate privacy risks.  The OPC views PIAs as an important part of the federal government’s privacy management framework.

Support to Parliament

The Commissioner acts as Parliament’s advisor on privacy issues, bringing issues which have an impact on the privacy rights of Canadians to the attention of Parliament.  We do this by tabling reports to Parliament, by appearing before Parliamentary Committees to provide legal and policy advice on the privacy implications of proposed legislation and government initiatives, and by researching and analyzing issues that we believe should be brought to Parliament’s attention.   

The OPC also assists Parliament in becoming better informed about privacy rights by acting as a resource or centre of expertise on privacy issues.  This includes responding to a significant number of inquiries from Senators and Members of Parliament. 

Research, Education and Outreach

The OPC carries out research on a broad spectrum of privacy issues, using in-house expertise as well as drawing upon specialized knowledge through contracts.  The OPC also develops guidance documents on the implementation of PIPEDA for private sector organizations, and regularly issues fact sheets on a variety of privacy matters.  An important component of our research function is the Contributions Program, which fosters an understanding of the importance of privacy by furthering the development of a national research capacity in Canada.

The Privacy Commissioner is specifically mandated under PIPEDA to conduct public education activities to ensure that all Canadians are aware of the law and of the fair information practices it seeks to promote.  The OPC has started to put in place a regional outreach capacity across the country, which we see as fundamental to our mandate. The best approach to building citizen awareness, as well as adherence by organizations to privacy obligations, is to reach out to Canadians at home.  We want to move the OPC beyond the role of ensuring compliance through audits and investigations to one focussed also on helping organizations and individuals make better privacy decisions before privacy infringements arise. 

Communications

It is essential that we maintain an effective and responsive relationship with Canadians, both through proactive media relations and communication with the general public. To ensure that the OPC is addressing the concerns and preoccupations of Canadians on privacy issues, we monitor the public environment by analyzing media coverage of privacy issues and interpreting the results of public opinion polling. The results are used to inform research undertaken by the OPC, the creation of public education materials, the preparation of corporate publications and the maintenance of the OPC’s Web site.  This information is also used to guide the OPC’s participation in public communications activities such as speeches and special events.

Internal Factors Affecting Program Delivery

In November 2005, the OPC presented a three-year business case to the House of Commons Advisory Panel on the Funding of Officers of Parliament. The fiscal year 2007-2008 was the second year of implementation for this business case. Newly approved resources include an over 40% increase in personnel, and the OPC has invested a lot in organizational design, staffing and classification requirements. Like other organizations, the OPC has experienced challenges in recruiting qualified staff, and has not reached its full complement of staff allocated as part of the business case.  We will continue to improve our human resources management practices, with a particular focus on the recruitment and retention of people with the skills and experience so vital to the success of the OPC.

In the fall of 2007, we launched a project to update our investigation process. A cornerstone component of this project will be to modernize our case management system. With this project we will create a more effective and efficient inquiries and complaints management system, leading to improved collaboration and more timely response to individuals and organizations. This initiative will continue in 2008-2009.

External Factors Affecting Privacy and the OPC

The privacy landscape is continuously evolving.  As a result, our Office must give a high priority to “staying ahead of the game” in anticipating and assessing threats to privacy and putting forward realistic ways to address these threats.  Staying on top of such an active and dynamic field as privacy requires time, planning and effort.  Yet we believe Canadians expect us to do so because privacy promotion and protection is a key concern of theirs.


In 2007 our Office commissioned EKOS Research to survey Canadians on their preoccupations regarding privacy.  Some of the more interesting findings, from the point of view of how we carry out our work, are:
  • Four in five Canadians place great importance on having strong privacy laws.
  • However, seven in ten Canadians are of the view that their personal information is less well protected today than it was ten years ago.
  • Only a small proportion of Canadians—17 percent—believes the government takes protecting personal information very seriously.
  • An even smaller proportion—13 percent—believes that businesses take the protection of personal information very seriously.

Their concerns (refer to text box) drive our work and we see it as an integral part of our mandate.  Canadians’ preoccupations are shared by other key external stakeholders who impact what we do — Parliamentarians, private sector organizations, privacy advocates, and federal and provincial government organizations with an interest in privacy.

We must have access to both the knowledge and expertise required to tackle the myriad of privacy challenges coming our way.  And we are required to do this while continuing to discharge the key responsibilities that come with our mandate — informing Canadians of their privacy rights and obligations, investigating complaints, auditing organizations for compliance with privacy legislation, and advising Parliament.

It also means that we need to develop our applied research capacity, with a view to building on findings and trends that develop from our audits and investigations.  Quite often, the our audits of public sector organizations, or the general trends that emerge from investigations into various fields, raise the need to further develop knowledge and expertise.  Through a more fully developed applied research capacity, we hope to be able to provide better and more precise guidance to government, commercial sector organizations, and the population at large.

In the international arena, the OPC is involved in a number of important international privacy promotion initiatives which have driven our work in the recent past. We will need to continue to devote time and resources to these activities in the next fiscal year (refer to Section 2.2 – Our third corporate priority being to “strategically advance global privacy protection for Canadians”).

Focus on four privacy issues

Much of our attention in the coming fiscal year (and more) will focus on four privacy issues where the threats to privacy are particularly pronounced: (1) information technology, (2) national security, (3) identity integrity and protection, and (4) genetic information.

Information Technology

Chief among the new challenges to privacy is the impact of emerging information technologies, which ironically can both threaten Canadians’ privacy as well as enhance it. 

For instance, miniature computing devices, such as radio frequency identification (RFID) devices and nanotechnologies, will fundamentally transform how businesses manage their supply chains, as electronic tags now allow goods and products—and the people who have them in their possession—to be monitored, often from a considerable distance. 

The Internet, too, presents an ever evolving combination of challenges to privacy.  Social networking sites, for example, increasingly expose users—especially young people—to inadvertently sharing personal information they may later regret having revealed. 

Because of new technologies, more organizations today have access to more information about more people than ever before in human history.  How this information is used, processed, transformed and disclosed represents a significant challenge to privacy rights. 

And with every inadvertent loss or careless handling of personal information, the risk to privacy intensifies.  Add to this the threats posed by criminal hackers, dishonest employees who have access to personal data, and identity thieves and the plethora of challenges to privacy arising from information technologies becomes a cause for concern that should leave no one indifferent.

National Security

The OPC has for the past few years been particularly concerned with the gradual erosion of privacy rights in the post 9-11 national security environment.  Government measures such as the Anti-terrorism Act and travel-related security programs like the “no-fly” list have undermined the privacy rights we have until recently taken for granted. 

Yet, there are signs that the tide may be turning, and that governments as well as public opinion are beginning to reconsider the wisdom of these measures, especially from the point of view of protecting fundamental human rights, such as the right to privacy.

The OPC will undoubtedly be at the forefront of any public debate on this matter.  Parliamentarians in particular will want to hear from us, and we need to be ready and able to provide them with informed advice.

Identity Integrity and Protection

A fundamental tenet of privacy is that individuals should have the ability to control when and how their personal information is collected and by whom, and how this information is used and disclosed.  Victims of identity theft lose control over their personal information.  The OPC is of the view that the federal government needs to take the lead in putting in place a comprehensive strategy against identity theft. 

The good news is that this has already started, with the recent introduction by the federal government of amendments to the Criminal Code that would make it illegal to surreptitiously collect personal information for the purpose of trafficking or using it.

What is still required, however, is a coordinated effort—led by the federal government—to bring together all of the key players in identity protection, with a view to putting in place a comprehensive strategy safeguarding the personal information of Canadians.  These players include the provinces, private sector organizations, as well as various government departments and law enforcement agencies.  Our Office plans to play a role in promoting and fostering such an effort.

Genetic Information

If ever there was a field of activity where continuous developments are challenging privacy, it is the area of genetic privacy and biobanking.  Biobanks are a collection of physical specimens from which DNA or the data from DNA samples can be derived, or both.  They include a wide range of collections, such as pathology samples, newborn baby blood samples, samples sent to laboratories for testing, and forensic investigation samples.

Biobanks of all types have been multiplying at a rapid pace in recent years.  The implications of this from a privacy perspective—as well as from ethical and legal perspectives—are astounding.  Biobanks and the data that can be distilled from them can reveal extraordinary amounts of information about people, information heretofore left in the private domain.  The OPC is concerned that the collection, use and disclosure of DNA samples and biobank-derived information may increasingly become open-ended, without any clear privacy protection norms being applied to how personal information is treated.

As one well-known expert in this area recently put it, despite control mechanisms and safeguards, the collection and processing of genetic samples constitutes a large scale loss of privacy for both individuals and groups.  This is why we have made it a priority in the coming fiscal year to examine genetic privacy and biobanking more closely, and intervene—before key government decision-makers and the public at large— to increase awareness of this issue.

Continuing our work on previously identified privacy issues

The above-described four priority privacy issues do not preclude the need for the OPC to continue to work on previously identified priority issues.  Our work on Electronic Health Records (EHR) is one such example.

Efforts continue in Canada on the development of EHR systems, with the Canada Health Infoway (CHI) playing a lead role in this area.  The OPC has joined with its provincial and federal counterparts and ministries of health, through the newly created CHI Privacy Forum, to create some common ground between privacy offices and ministries concerning EHR issues such as accountability, transborder data flows, consent, and secondary uses of EHRs.  The OPC plans to pursue its research agenda on EHRs, notably with respect to how patient privacy can be protected in the circumstance of secondary uses of EHRs for research purposes.  We also plan to organize a capacity-building workshop on the privacy and oversight challenges associated with investigating and auditing issues related to EHRs.

2.2 Summary of OPC Plans and Priorities for 2008-2009

Having considered the present internal and external business environment1 surrounding the OPC, senior management established five (5) corporate priorities to give focus to its activities and further advance towards the achievement of its single Strategic Outcome and its ultimate, intermediate and immediate outcomes (presented in Figure 1).  The priorities are presented below and the plans to deliver on each priority are described in the paragraphs that follow:


Strategic Outcome:
The privacy rights of individuals are protected.
OPC Priorities for 2008-2009:
1. Continue to improve service delivery through focus and innovation
2. Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information)
3. Strategically advance global privacy protection for Canadians
4. Support Canadians to make informed privacy decisions
5. Build a sustainable organizational capacity

1 This refers to the work that supports priority-setting at OPC, namely: annual corporate risk profiling and ongoing monitoring of risks, annual self-assessment against the management accountability framework (MAF), annual brainstorming on priority privacy issues, as well as annual and monthly performance reporting (i.e., Departmental Performance Report, monthly Scorecard reports, financial reporting, other).

1.  Continue to improve service delivery through focus and innovation

The OPC is continuing to improve service delivery on several fronts, principally on two main products for Canadians: investigations of complaints and audits of federal institutions.

Investigations

As part of our continued commitment to improve service delivery and to further reduce the backlog of investigations, the OPC is designing new and innovative investigative strategies.  These strategies will make the complaints resolution process more efficient and effective in meeting present and future expectations of Canadians.  For example, a new priority rating system or public interest criteria will be applied to complaints received.  This will assist investigators in identifying priority cases for Canadians and fast tracking these complaints for immediate action.

As well, the complaint resolution process is being expanded to include an early resolution unit and a mediation unit.  It is expected that these two units will generate faster complaints resolution, thereby improving service delivery.  In addition, the creation of a specialized IT/Internet investigation unit in 2008-2009 will increase our capacity to monitor and address new and emerging technological privacy challenges.

Another improvement will be the standardization of the OPC letter responses to complainants and respondents, which will offer Canadians a more consistent and simplified presentation of information to enable them to better understand the Office’s responses to their complaints and inquiries.

Audits

The OPC has developed a three-year audit plan to focus limited resources for examining the privacy systems and practices of federal institutions subject to the Privacy Act.  This plan is reviewed and updated twice a year.

In addition to completing audits now in process (i.e., RCMP Exempt Data Banks, FINTRAC, and Passport Canada), the following projects are currently planned for the next three years:

  • A concurrent audit with the Office of the Auditor General to examine the management of personal information systems of selected federal departments and agencies. This will be the subject of a special report in November 2008.
  • Assessment of annual privacy reporting by federal departments and agencies
  • Examination of programs relating to national security and travel:
    • Follow-up to determine the status of actions taken by the Canada Border Services Agency (CBSA) in response to the 1996 audit of trans-border data flows.
    • Passenger Protect Program (no fly list)
    • RCMP and Integrated Border Enforcement Teams
    • Nexus and Canpass programs
    • CBSA Passenger History Project
    • Management of personal information by the Canadian Transportation Security Agency
  • Review of the National DNA Data Bank and use of such information by the RCMP.
  • Review of Health Canada’s privacy management framework including electronic health records and the protection of personal information in the Canada Health Infoway project.
  • Examination of the identification and authentication controls of the Canada Revenue Agency
  • Review of the protection of personal information as accessed and transmitted through Secure Channel (Government-on-line)
  • Review of how Correctional Services protect the personal information of prison guards and other employees.
  • Examination of how entities ensure the destruction of personal information when electronic equipment is disposed or paper records are destroyed.
  • Assessment of how well departments and agencies are protecting personal information when wireless technologies are used.
  • Examination of how departments protect personal information under tele-working arrangements.
  • Review of how privacy requirements are met under contracting out arrangements by federal institutions
  • Review of the privacy management practices of the Canada Broadcasting Corporation.
  • Review of the life cycle management of personal information by the Canada Firearms program.

At the time of preparing this report, no new audits are planned in the private sector under Section 18 of the PIPEDA. We will be further developing and applying a process for selecting PIPEDA audits based on reasonable grounds.

In addition to conducting formal audits, we will be experimenting with innovative means of making quick interventions with organizations in the private and public sectors in order to mitigate and resolve particular privacy issues that may come to our attention.

2.  Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information)

In an effort to become more strategic in our allocation of resources and to achieve greater impact, the OPC has designated four priority privacy issues on which to focus efforts over the next three years.  These priorities will help in priorizing incoming requests to the organization, building capacity within the organization and assisting OPC in taking a more holistic approach in addressing emerging privacy issues.

The four priority privacy issues areas are:  information technology, national security, identity integrity and protection, and genetic information.  Operational plans will be developed in the coming months to coordinate the activities of the relevant branches within OPC in 2008-2009 and longer (Refer to Section 2.1 for a description of the four priority privacy issues).

3.  Strategically advance global privacy protection for Canadians

The rapid growth of the online environment, coupled with tremendous advances in information technology, have resulted in ever-increasing availability of personal information and ever-expanding opportunities for that information to be collected,  analyzed, repackaged and shared.  Increasingly, we see web-based activities where personal information moves rapidly and invisibly across international borders.  Transborder data flows, government-to-government information sharing, and outsourcing to foreign jurisdictions are also issues common to all jurisdictions.

The OPC is seeking legislative amendments to PIPEDA as well as co-operating informally with other data protection authorities to ensure that privacy protection measures are comprehensive and harmonious. These arrangements include the establishment of working relationships and the ongoing transfer of knowledge with our foreign counterparts, as well as with supra-national bodies such as the International Standards Organization (ISO), the International Civil Aviation Organization (ICAO), the International Air Transport Association (IATA), the Organization for Economic Cooperation and Development (OECD), and Asia Pacific Economic Cooperation (APEC).

In 2007-2008 the OPC hosted the 29th International Data Protection and Privacy Commissioners Conference, in Montreal.  Important resolutions were adopted at the Conference that will require us to work strategically on international cooperative initiatives.  Resolutions focused on the need for global standards to safeguard passenger data, the need to develop international standards in the area of information technology, and the need to increase international cooperation between data protection authorities (DPAs).

The Privacy Commissioner also chairs a volunteer group of the OECD, which has been reviewing how cooperation between data protection authorities and other privacy rights enforcement agencies may be enhanced, notably with regards to complaints arising from trans-border data flows.  The volunteer group has developed a policy framework, a statement of high level policy objectives, and a description of the steps that member countries can take to achieve these objectives.  Work on practical initiatives to implement the framework is now underway.

We are heavily involved in the APEC Data Privacy Sub-Group.  The Sub-Group was established with a view to developing an effective privacy framework for APEC member states.  In 2004, APEC ministers endorsed a new APEC Privacy Framework.  The Sub-Group is currently working on a series of practical projects to develop a system for the use of cross-border privacy rules by business, which includes developing effective mechanisms for privacy regulators to share information and cooperate in enforcement between economies.

The OPC has accepted an invitation from the Standards Council of Canada to participate more formally in the international standards development process by providing a resource to act as convener for the Canadian shadow group to a recently created ISO Working Group on Identity Management and Privacy Technologies.  This activity is seen as a natural extension to the work that we are already doing in consultation with privacy stakeholders from other jurisdictions at the international level — for example, with the OECD and APEC — to address global privacy issues that result from ever-increasing trans-border data flows.

The OPC also participates in the International Working Group on Data Protection in Telecommunications, which was founded in 1983 in the framework of the International Conference of Data Protection and Privacy.  Originally intended to focus on improving the protection of privacy in telecommunications, the Group has in recent years focused more effort on privacy on the Internet.

Finally, a new development in which the OPC has played a lead role is the creation of an international association of data protection authorities and other enforcement agencies from francophone states.  This association is in the very early stages of its existence, and we will be called on to play a significant role in the months to come in defining the general framework governing its operations.

4.  Support Canadians to make informed privacy decisions

Through the monitoring of complaints received by the Office, issues highlighted in regular and specialized public opinion research and high-profile cases raised by the media, the OPC identifies instances where Canadians have been exposed to significant privacy risk.  In response, we develop materials in a variety of media and formats to help Canadians better understand their privacy rights and take action to protect these rights.

While the OPC continues to prepare and distribute explanatory publications and interpretive guidelines in print and on the web, it is also exploring the application of new technologies in its public awareness campaigns. In 2008-2009, we will continue to reach out using new and interactive technologies such as blogs, online videos and relationships within social networks. These are exploratory techniques but reflect the need to adapt to the changing patterns of communications among Canadians – particularly the young.

We already have a regular program of awareness activities underway to address the specific needs of targeted groups, in particular young Canadians, the owners and managers of small businesses, and college and university students. We are expanding our public speaking program to reach more of these groups and to speak to them about relevant and timely topics — like the impact of rapid technological change on their studies, work and lives. We are also developing specialized guides and online learning resources to help these groups understand their rights and obligations under our legislation.

In 2008-2009, the OPC will be implementing a social marketing campaign designed to encourage awareness and prompt action on children’s privacy online. This campaign will build from basic research on the needs and challenges facing children online and will include in-class teaching modules, participatory activities for youth and a significant online education component.

We will also be putting into place education and outreach programs in partnership with privacy commissioners from across Canada. Recent consultations in the Yukon and elsewhere have revealed that, despite the private sector legislation being seven years old, some regions can still benefit from expanded campaigns to inform the general public about privacy issues.

These programs will be developed in partnership with our provincial and territorial colleagues, and will draw upon the experience and resources of experienced partners in the not-for-profit sector as well.

5.  Build a sustainable organizational capacity

The OPC has been in development mode for the past two years and this situation will continue in 2008-2009.  In order to build an organizational capacity that is sustainable, the organization will focus primarily on its human resources and on increased support for its operations derived from information management and technological tools.

Human Resources

Our OPC human resources plan, which is currently being updated for the next three fiscal years, has two main components: a staffing strategy that allows us to build our workforce, and a retention strategy that responds to current needs to better coordinate our collective efforts to engage, motivate, develop and retain our staff.

The staffing strategy is an ambitious agenda for the OPC to focus on: substantially growing our organization in order to balance workload internally and manage the increasing level of demand for our services.  We will explore all resourcing options. The retention strategy identifies issues associated with staff departures and includes processes and suggestions that reflect a wide range of best practices across the federal government.  Our goal on the retention front is to respond to: issues identified in the 2005 Public Service Employee Survey, human resources management challenges common throughout the federal public service, and concerns identified through internal consultation.  We want to offer our employees a stimulating work environment that is also adaptable to their evolving expectations.

In addition to the two priority areas of staffing and retention, the OPC human resources plan also includes activities to respond to the Values, Learning and People components of the OPC Management Accountability Framework (MAF) and to measure the performance of our human resources efforts through the OPC Performance Measurement Framework.

Information Management/Technology

Over the last two years we have increased our efforts to leverage technology to achieve OPC’s goals.  We began an information management renewal project to ensure our information holdings are well managed and accessible to all staff.  Our efforts in this regard will continue in 2008-2009. We have started to realize the benefits of our efforts: knowledge can now be more easily shared.  This coming year we will introduce scanning technology to facilitate information flows within work processes.  Through the use of current technologies we will update the inquiry and investigation processes and modernize our case management system.

We will continue to focus on creating a collaborative work environment where information from one functional source will more easily inform other functions.  For example, our inquiries database will inform our public education and communication efforts; our complaint investigations will inform our audit work; and the efforts of our technology experts will inform and assist our investigation efforts.  

We will also continue our efforts to maintain a technologically sustainable work environment.   

2.3 Link Between Priorities, Expected Results and Program Activities

The priorities, as discussed in the previous section, will serve to further advance the achievement of the OPC results in 2008-2009 and longer.  Priorities are refined annually based on the changing environment of the OPC while the results expected from OPC (See OPC Results Framework in Figure 1 of this Report on Plans and Priorities) remain relatively stable, being based on our mandate to protect and promote the privacy rights of individuals. 

The Results Framework is aligned to the OPC Program Activity Architecture (PAA)2.  The PAA provides the structure for planning and reporting on the OPC activities.  Our program has three operational activities aimed at achieving one strategic outcome on behalf of Canadians, plus a management activity to support the first three operational activities.  Section 2.4 that follows describes each Program Activity, presents the OPC’s expected results by Program Activity while associating performance indicators to each expected result, and links Program Activities and results to the annual priorities for 2008-2009.


Strategic Outcome Protection of the privacy rights of individuals
Program Activities 1. Compliance activities 2. Research and policy development 3. Public outreach
4. Management Excellence

2 The structure of the PAA has remained unchanged (since the last RPP).

2.4 Analysis by Program Activity

This section provides information on the OPC’s outcomes, expected results and performance indicators on the basis of the Program Activity Architecture (PAA) and links the 2008-2009 priorities described in Section 2.2 to the Program Activities. 

In 2007-2008, the OPC started to implement its Performance Measurement Framework. This implementation process will continue over the next two years.  The section identifies the performance indicators against which the OPC will measure its performance in 2008-2009, recognizing that more indicators will be introduced in the next report on plans and priorities as the current indicators become operational.  In addition to ‘performance’ indicators that generate information about the extent of achievement of ‘results’, the OPC uses ‘volume’ indicators or statistics to collect relevant information about its ‘activities’; this information is useful to track the demand for OPC services (e.g. number of inquiries, complaints, hits on web site) and also levels of service provided (e.g. number of appearances before Parliamentary Committee, speeches delivered compared to requested, media interviews compared to those requested).  The level of discussion included in a report on plans and priorities does not warrant listing the volume indicators; those are normally referred to in the OPC Annual Reports and also inform the departmental performance report.


Office of the Privacy Commissioner of Canada
Expected Result Performance Indicator
Ultimate Outcome for Canadians
The OPC plays a lead role in influencing federal government institutions and private sector organizations to respect the privacy rights of individuals and protect their personal information. Extent and direction of change in the privacy practices of federal government institutions and private sector organizations.

 


Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $18,979,000 $18,997,000 $19,001,000
Human Resources 154 FTEs 150 FTEs 150 FTEs

Program Activity 1: Compliance Activities

Activity Description

The OPC is responsible for investigating complaints and responding to inquiries received from individuals and organizations that contact the OPC for advice and assistance on a wide range of privacy-related issues.  The OPC also assesses through audits and reviews how well organizations are complying with requirements set out in the two federal laws and provides recommendations on PIAs pursuant to the Treasury Board Secretariat policy.  This activity is supported by a legal team that provides specialized legal advice and litigation support, and a research team with senior technical and risk assessment support.


Expected Results Performance Indicators
Intermediate Outcomes
Individuals receive effective responses to their inquiries and complaints. Timeliness of OPC responses to inquiries3 and complaints
Federal government institutions and private sector organizations meet their obligations under federal privacy legislation and implement modern principles of personal information protection. Extent to which audit, investigation and PIA review recommendations are accepted and implemented over time
Immediate Outcomes
The process to respond to inquiries and investigate complaints is effective and efficient. Timeliness of OPC responses to inquiries2 and complaints
The process to conduct audits and reviews is effective and efficient, including effective review of privacy impact assessments (PIAs) for new and existing government initiatives. Proportion of audits completed as scheduled and within planned times
Proportion of PIA reviews completed within planned times

3 During 2008-2009, the OPC will upgrade the information system that tracks the timeliness of OPC responses to inquiries; until this upgrade is in place, the OPC only tracks the volume of inquiries and responses.

Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $10,537,000 $10,536,000 $10,539,000
Human Resources 103 FTEs 103 FTEs 103 FTEs

Priority for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priority:


Priorities Type
Continue to improve service delivery through focus and innovation Ongoing
Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information) New

Program Activity 2: Research and Policy Development

Activity Description

The OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends and technological developments, monitoring legislative and regulatory initiatives, providing legal, policy and technical analyses on key issues, and developing policy positions that advance the protection of privacy rights.  An important part of the work done involves supporting the Commissioner and senior officials in providing advice to Parliament on potential privacy implications of proposed legislation, government programs and private sector initiatives.  Given the importance of information technology impacts, an important component of this work is analysis of IT initiatives embedded in projects.


Expected Results Performance Indicators
Intermediate Outcome
Parliamentarians and others have access to clear, relevant information, and timely and objective advice about the privacy implications of evolving legislation, regulations and policies. Proportion of privacy-relevant cases in which OPC was consulted for advice

Proportion of cases in which the final outcome was more privacy protective than the original version4

Immediate Outcomes
The work of Parliamentarians is supported by an effective capacity to identify privacy issues, and to develop policy positions for the federal public and private sectors, which are respectful of privacy. Key privacy issues identified and positions articulated to influence the evolution of bills through the drafting stage at the departmental level and the legislative process through Parliament
Knowledge about systemic privacy issues in Canada is enhanced through research, with a view to raising awareness and improving privacy management practices. Key privacy issues identified, analysed, and potential impacts assessed

4 These two new indicators have replaced the following indicator published in the 2007-2008 Report on Plans and Priorities: Number of potential privacy-relevant legislative initiatives and bills on which the OPC: (i) was consulted before the introduction and/or during the legislative review process and (ii) appeared before Parliamentary committees

Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $4,542,000 $4,541,000 $4,542,000
Human Resources 24 FTEs 24 FTEs 24 FTEs

Priorities for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priorities:


Priorities Type
Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information) New
Strategically advance global privacy protection for Canadians New

Program Activity 3: Public Outreach

Activity Description

The OPC plans and implements a number of public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material.


Expected Results Performance Indicators
Intermediate Outcomes
Individuals have relevant information about privacy rights and are enabled to guard against threats to their personal information. Reach of target audience with OPC public education materials
Federal government institutions and private sector organizations understand their obligations under federal privacy legislations. Degree of organizational awareness and understanding of privacy responsibilities 5
Immediate Outcomes
Individuals receive and have easy access to relevant information about privacy and personal data protection, enabling them to better protect themselves and exercise their rights. Reach of target audience with OPC public education materials
Federal government institutions and private sector organizations receive useful guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance. Reach of organizations with OPC policy positions, promotional activities and promulgation of best practices

5 This particular performance indicator is being implemented in stages starting in 2007-2008, with select audiences/groups polled each year.

Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $3,900,000 $3,920,000 $3,920,000
Human Resources 23 FTEs 23 FTEs 23 FTEs

Priorities for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priorities:


Priorities Type
Support Canadians to make informed privacy choices New
Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information) New

Other Activities: Management Excellence

Activity Description

The OPC continues to enhance and improve its management practices in order to meet the highest standards of performance and accountability.  The resources associated with Corporate Services have been apportioned to the three first Program Activities, which they support.  All managers of the OPC are expected to take responsibility for the expected results, and to integrate the necessary activities in their operational plans.


Expected Results Performance Indicators
Intermediate Outcome
The OPC achieves a standard of organizational excellence, and managers and staff apply sound business management practices. Ratings against MAF (as being the expectations for high organizational performance in modern public service management)
Immediate Outcomes
Key elements of the OPC Management Accountability Framework (MAF) are integrated into management practices and influence decision-making at all levels. Ratings against MAF (as being the expectations for high organizational performance in modern public service management)
The OPC has a productive, principled, sustainable and adaptable workforce that achieves results in a fair, healthy and enabling workplace. Employee satisfaction; number of grievances received; quality of labour relations; retention of staff
HR management practices reflect new accountabilities stemming from Public Service Modernization Act and Public Service Employment Act. Full, unconditional staffing delegation from PSC

HR planning integrated into business planning at the OPC

Managers and staff demonstrate exemplary professional and ethical conduct in all of their work, and are responsive to the highly visible and complex nature of the environment in which they operate. Feedback from employees on fairness, respect and engagement
The performance of the OPC is defined, measured and reported upon regularly in a meaningful and transparent manner. OPC reports, particularly RPP and DPR, are well received by Central Agencies and stakeholders

Priorities for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priority:


Priority Type
Build a sustainable organizational capacity Previous



Section III: Supplementary Information

3.1 Link to the Government of Canada Outcomes

The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate.  Our expected outcomes are detailed in Section 1.6 of this document.

3.2 Resource Tables

3.2.1 Spending by Program Activity (2008-2009)


Program Activity ($000) Operating Contributions Total
Main Estimates
1. Compliance Activities 10,537 10,537
2. Research and Policy Development 4,042 500 4,542
3. Public Outreach 3,900 3,900
Total 18,479 500 18,979

3.2.2 Services Provided Without Charge

The reader may obtain information on the Services Provided Without Charge table by accessing the Treasury Board Secretariat’s website at: http://www.tbs-sct.gc.ca/rpp/2008-2009/info/info-eng.asp.

3.3 Sources of Additional Information

Legislation Administered by the Privacy Commissioner


Privacy Act R.S.C. 1985, ch. P21, amended 1997, c.20, s. 55
Personal Information Protection and Electronic Documents Act 2000, c.5

Statutory Annual Reports, other Publications and Information

Statutory reports, publications and other information are available from the Office of the Privacy Commissioner of Canada, Ottawa, Canada K1A 1H3; tel.: (613) 995-8210 and on the OPC's Web site at www.privcom.gc.ca:

  • Privacy Commissioner's annual reports
  • Reports on Plans and Priorities from previous years
  • Performance Report to Parliament for the period ending March 31, 2006
  • Your Privacy Rights: A Guide for Individuals to the Personal Information Protection and Electronic Documents Act
  • Your Privacy Responsibilities: A Guide for Businesses and Organizations to the Personal Information Protection and Electronic Documents Act

Contact for Further Information on the Report on Plans and Priorities

Mr. Tom Pulcine
Director General, Corporate Services/Chief Financial Officer
Office of the Privacy Commissioner of Canada
Place de Ville, Tower B
112 Kent St., Suite 300
Ottawa, Ontario K1A 1H3
Telephone: (613) 996-5336
Facsimile: (613) 947-6850



3.2.2 Services Provided Without Charge


($000) Forecast
Spending
2007–2008
Planned
Spending
2008–2009
Planned
Spending
2009–2010
Planned
Spending
2010–2011
Accommodation provided by Public Works and Government Services Canada 958 983 997 997
Contributions covering employer’s share of employee’s insurance premiums and expenditures paid by the Treasury Board Secretariat 840 818 818 818
Audit of the financial statements by the Office of the Auditor General of Canada 90 90 90 90
Total Spending 1,888 1,891 1,905 1,905




2008-2009
Reports on Plans and Priorities



Office of the Information Commissioner of Canada






The Honourable Robert D. Nicholson, P.C., Q.C., M.P.
Minister of Justice and Attorney General of Canada




Section I: Overview

1.1 Message from the Information Commissioner of Canada

Robert MarleauI am pleased to present this 2008-2009 Report on Plans and Priorities, which sets out the strategic direction, priorities, expected results and spending estimates for the Office of the Information Commissioner of Canada for the coming fiscal year.

When I took office on January 15, 2007, my first commitment to Parliament as Information Commissioner of Canada was to continue the great tradition of the Office in advocating the benefits of open government and ensuring that the rights of Canadians who submit a request under the Access to Information Act are respected. Canadians expect their government to be accountable. It is my role to provide independent oversight of the handling of access to information requests by federal institutions. Canadians complain if they feel they have not had fair access to information under the control of the federal government. My Office will be unwavering in its pursuit to uphold Canadians’ right to information on the government’s activities in a fair and comprehensive manner.

This year marks the 25th Anniversary of the Access to Information Act. Today, we live in a very different world than that of 1983, when the Act came into force. I believe the Act, and the administration of the Act, is sound in terms of concept, structure and balance, but in this era of information and knowledge-based society, the Act needs to adapt to the realities of the 21st century and to the complexity of the issues facing government today. The OIC will work collaboratively with the Department of Justice and the Treasury Board Secretariat to advance legislative and administrative reform of the Act.

The Office has maintained a consistent record of resolving almost all complaints without recourse to legal action. However, our efforts to improve the timeliness of our investigations have not been equally successful due to a combination of factors. The coming into force of the Federal Accountability Act, which has substantially increased the number of institutions that are subject to the Access to Information Act, and the Office’s large workload, are testing our ability to deliver on our mandate.

As such, the next fiscal year promises to be a challenging one. The Office of the Information Commissioner will make it a priority to build its organizational capacity to improve its service delivery to Canadians. We will continue to work toward the successful resolution of individual complaints through a collaborative approach with federal institutions. We will make it our priority to improve the timeliness of our own response to complaints by streamlining our investigative process. An important step to achieve this goal will be to take firm action to address the backlog of investigations that has built up over time. We propose to achieve this by the end of fiscal year 2009-2010. We will proactively address systemic issues and federal institutions’ overall performance by way of a revised Report Cards process and aim to strengthen their influence on government. This process will be aligned with the government’s performance measurement cycle and allow for more meaningful review by parliamentarians. We will also focus on enhanced transparency for the Office’s work as we strive to maximize the information we provide to parliamentarians, government institutions and Canadians about our processes and decisions, while preserving confidentiality under our Act.

Robert Marleau
Information Commissioner of Canada

 

1.2 Management Representation Statement

I submit for tabling in Parliament, the 2008-2009 Report on Plans and Priorities (RPP) for the Office of the Information Commissioner of Canada (OIC).

This document has been prepared based on the reporting principles contained in Guide for the Preparation of Part III of the 2008-2009 Estimates: Reports on Plans and Priorities and Departmental Performance Reports:

  • It adheres to the specific reporting requirements outlined in the Treasury Board Secretariat guidance;
  • It is based on the OIC’s Strategic Outcome and Program Activity Architecture;
  • It presents consistent, comprehensive, balanced and reliable information;
  • It provides a basis of accountability for the results achieved with the resources and authorities entrusted to it; and
  • It reports finances based on approved planned spending numbers from the Treasury Board Secretariat.

 

                                                                                        

Suzanne Legault
Assistant Commissioner

Policy, Communications and Operations

 

1.3 Raison d’être

The Office of the Information Commissioner ensures that the rights conferred by the Access to Information Act (Act) are respected, thereby enhancing transparency and accountability across the federal government.

The OIC is also committed to undertaking thorough, fair and timely investigations of complaints made against federal institutions under the Act. As such, it will afford complainants, heads of government institutions, and all third parties affected by complaints, a reasonable opportunity to make representations.

1.4 Organizational Information

The Office of the Information Commissioner’s organizational chart below is followed by a description of each function.

Organizational Chart

The Information Commissioner carries out the duties and responsibilities set out for him in the Access to Information Act. In particular, he promotes the need for openness of government, active participation of citizenry in the democratic process and accountability of federal institutions with regard to their handling of information under their control. He takes responsible actions to ensure that the Act is working effectively. As an agent of Parliament, he provides relevant information to Parliament, as well as objective advice, about the access to information implications of legislation, jurisprudence, regulations and policies.

The Assistant Commissioner, Complaints Resolution and Compliance, directs investigations and dispute resolution efforts concerning complaints filed under the Access to Information Act, oversees broad systemic reviews of institutions’ compliance with the Act, provides advice and recommendations on solutions or measures to be taken in regard to complaints received or initiated by the Commissioner under the Act, and acts as ombudsperson with senior officials of federal institutions to resolve complaints.

The Assistant Commissioner, Policy, Communications and Operations leads the overall strategic and corporate planning of the OIC, directs the provision of corporate management and operational services, ensures the updating and relevance of the Office’s policy, procedure and governing frameworks, contributes to the development of governmental policy as it relates to access to information, leads outreach and external relations program including dealings with Parliament, and directs system wide compliance programs.

The Director of Legal Services and General Counsel represents the Commissioner before the courts and provides legal advice on investigative, legislative and administrative matters.

The Director of Human Resources provides strategic advice, management and delivery of human resource management programs such as staffing, classification, staff relations, employment equity, planning, learning and development, compensation and official languages.

1.5 Program Activity Architecture (PAA) Crosswalk

The Office of the Information Commissioner’s Strategic Outcome and Program Activity Architecture (PAA) structure have remained unchanged in its substance: a single Strategic Outcome and a single Program Activity. Only minor terminology revisions were made twice to the PAA: first in May 2007 to comply with Step 1 implementation of the Management Resources and Results Structure (MRRS) Policy, and second in November 2007 to comply with Step 2 implementation of the same policy. The former and current PAA is listed below:


Former PAA shown in our last RPP

Current PAA

Strategic Outcome: Strategic Outcome:
Individuals’ rights under the Access to Information Act are safeguarded. Requestors’ rights under the Access to Information Act are respected.
Program Activity:

Assess, investigate, review, pursue judicial enforcement, and provide advice

Program Activity:

Compliance with access to information obligations


1.6 Expected Results

Figure 1 (below) outlines the results that parliamentarians and Canadians may expect to attain from the Office of the Information Commissioner activities.

Figure 1: OIC Results Framework


Strategic Outcome

Requestors’ rights under the Access to Information Act are respected.

Program Activity

Compliance with access to information obligations

Expected Results Requestors benefit from a fair and effective complaints resolution process.

 

 

Stakeholders understand the role and perspective of OIC in ensuring compliance with the Access to Information Act. Federal institutions meet their obligations under the Access to Information Act. The Courts receive useful representations and relevant evidence about access issues, the proper interpretation of the provisions of the Access to Information Act, related statutes, regulations and jurisprudence. Parliament receives clear, relevant information and timely, objective advice about the access to information implications of legislation, jurisprudence, regulations and policies.
   
Outputs Reports of Findings to Complainants Departmental reviews ("Report cards") Communications activities and materials Judicial activities

1.7 Voted and Statutory Items Displayed in Main Estimates

($ thousands)


Vote or
Statutory Item

Truncated Vote or Statutory Wording

2008–2009
Main Estimates

2007–2008
Main Estimates

40

Program expenditures

6,733

6,684

(S)

Contributions to employee benefit plans

932

976

  Total Department

7,665

7,660


1.8 Planned Spending and Full-Time Equivalents


 

($ thousands)

Forecast Spending

PLANNED SPENDING

 

 

2007-2008

2008-2009

2009-2010

2010-2011

Compliance with access to information obligations

7,660

 

7,665

6,923

 

6,923

 

Total Main Estimates

7,660

7,665

6,923

6,923

Adjustments        
Other        
TB Vote 22 - Operating budget carry forward

327

     
TB Vote 15 - Collective Agreements

49

   

 

 

TB Vote 23 – Paylist requirements

186

     
Funding to comply with the requirements Federal Accountability Act
 

1,973

1,589

1,589

Total Adjustments

562

1,973

1,589

1,589

Total Planned Spending

8,222

9,638

8,512

8,512

Plus: Cost of services received without charge

1,197

1,605

1,571

1,585

Total Departmental Spending

9,419

11,243

10,083

10,097

Full-time Equivalents

61

90

82

82


Explanation of spending trend: the decrease in total planned spending and the number of FTEs in 2009-2010 and ongoing is related to the temporary resources to eliminate the backlog received to the end of 2008-2009 only.

1.9 Financial and Human Resources

The following two tables present the financial and human resources of the OIC over the next three fiscal years.

Financial Resources ($ thousands)


2008-2009

2009-2010

2010-2011

$9,638

$8,512

$8,512


Human Resources (planned)


2008-2009

2009-2010

2010-2011

90 FTEs*

82 FTEs*

82 FTEs*


* FTE: Full-Time Equivalent



Section II: Plans and Priorities

2.1 Factors Influencing the OIC

Operating Environment

This section describes the main operations of the OIC and the impact of external and internal factors on its program delivery, in particular during the period covered by this Report on Plans and Priorities.

Major Program Delivery Mechanisms

Complaints Resolution

The OIC receives and investigates complaints from individuals who believe that federal institutions have not respected their rights under the Access to Information Act. The Office usually receives two types of complaints: those that are administrative in nature (for example, fees, delays and extensions) and those stemming from federal institutions’ refusal to disclose information (for example, when they apply exemptions and exclusions).

The Commissioner makes recommendations to institutions on the resolution of complaints. He has, however, no order-making powers so when an institution does not follow his recommendations, his only recourse is to the Federal Court of Canada. This being said, the Commissioner favours alternative means of dispute resolution, such as mediation, over formal hearings and the exercise of judicial powers during investigations. The Commissioner believes a "three Cs" approach – collaboration, cooperation and consultation – yields positive results. The Commissioner is nevertheless prepared to pursue judicial review in situations where there is an important principle of law.

Advocacy and Compliance

The Commissioner encourages federal institutions to develop and follow sound information-handling practices. The Office monitors the performance of federal institutions engaging in systemic or repeated breaches of the Act and recommends actions to improve compliance. The Office aims to be vigorous and responsible in ensuring that the Act is working effectively. The Office also provides relevant information and objective advice about the access to information implications of legislation, jurisprudence, regulations and policies.

The Commissioner gives an annual account of his activities to Parliament in a report which is issued no later than three months after the end of the fiscal year. He also delivers special reports to Parliament on important or urgent issues.

External Factors Affecting the OIC

The Federal Accountability Act

The introduction of the Federal Accountability Act (FedAA) has had two major impacts on the OIC during 2007-2008 which will be felt in 2008-2009 and subsequent years. First, it has greatly expanded the number of institutions which are subject to the Access to Information Act. More specifically, 70 institutions were added bringing the total to more than 250 institutions now subject to the Act (an increase of 37%). This is expected to have a significant impact on the OIC workload. In fact, the Office has handled an unprecedented caseload since April 2007, receiving double the number of complaints compared to the same time the previous year. In addition, the Office anticipates that the number of requests made to the government will continue to grow, which will likely mean a corresponding rise in the number of complaints we are called on to investigate, although by how much is uncertain at this point.

Secondly, as a result of the coming into force of the FedAA, the OIC itself has become subject to the Access to Information Act and the Privacy Act. This has meant that we have been required to implement legal and operational measures to comply with both Acts, as well as to establish a process that will allow for independent investigations of any complaints made against the Information Commissioner pursuant to the Act. It is expected that the Office will receive about 200 requests this year. A further increase can be expected once the public becomes fully aware that the OIC is now subject to the Act.

Information Technology and Governance

A major challenge for the Office as well as for any federal institution resides in profound changes in the technological environment in which they operate. Advances in technology have resulted in an increase in the speed of decision-making at all levels of government, with an increase in the quantity of data that is stored within federal institutions, and with that, new challenges in keeping appropriate records of electronic information. Adding to this is the growing number of interdepartmental or complementary issues that require the involvement of several departments and institutions. Indeed, many issues, such as environmental, security and health issues, which are shared by many federal institutions, have contributed to a more complex environment.

Internal Factors Affecting Program Delivery

Backlog

The OIC began the last year with a significant backlog of 1,030 investigations which adversely affected program delivery by reducing the OIC’s capacity to handle current and incoming complaints. To address this backlog, the Office is devising a comprehensive strategy and expects to have the backlog significantly reduced or eliminated during the 2009-2010 fiscal year, given adequate resources are in place. Section 2.2 below under Priority 1 on improved service delivery to information requestors contains further detail on the backlog strategy.

Organizational Capacity

When the Information Commissioner took office last year, there were inherent weaknesses within the organization that hampered its ability to deliver services to parliamentarians, federal institutions and Canadians. Organizational and operational challenges arose from underfunding of the Office itself, insufficient investigative capacity, a lack of internal support services for parliamentary relations, policy development and communications, as well as under-developed administrative services in areas such as finance, information technology and records management.

Staffing

Access to information is a specialized field. There is a shortage of qualified workforce across the government, which was amplified by the substantial increase in the number of institutions now subject to the Act requiring experienced ATIP administrators. The Office will draw on various skill sets and experience in order to staff and train investigators, for example, auditors, evaluators and investigators from other fields or those with a background in law. Large resource investments in training are also expected.

Internal Audit Function

The revised Treasury Board Internal Audit Policy came into effect on April 1, 2006, with the requirement that all Officers of Parliament implement it by April 1, 2009. As a result, the Office is working at establishing an internal audit function. The OIC received approval for new funding to assist in meeting this requirement. The added assurance that the internal audit function will bring to the OIC processes related to risk management, control and governance is aligned to the whole renewal exercise that was embarked on internally.

2.2 Summary of OIC Plans and Priorities for 2008-2009

Based on our program activity and having considered the present internal and external business environment surrounding the OIC, senior management established five (5) priorities to give focus to its activities and further advance towards the achievement of its single Strategic Outcome and single Program Activity and associated expected results (presented earlier in Figure 1). The priorities are presented below and the plans to deliver on each priority are described in the paragraphs that follow:


Strategic Outcome:

Requestors’ rights under the Access to Information Act are respected.

OIC Priorities for 2008-2009:

1. Improve service delivery to information requestors
2. Renew the approach to the performance assessment of federal institutions
3. Integrate, to the operations, the implications of the coming into force of the Federal Accountability Act
4. Modernize Access to Information
5. Build organizational capacity

1. Improve service delivery to information requestors

The Office has devised a backlog strategy and set challenging goals that are expected to be fully implemented during fiscal year 2009-2010. As a first step in 2008-2009, a comprehensive review of the OIC complaints handling process will be completed. This will include a review of service standards, the development of an approach for the triage and prioritization of complaints, and an assessment of the resources required to fully implement the strategy. The Office has already determined that benefits can be attained from a dedicated intake function and an early resolution function: an enhanced client-service focus, improved response time for more straightforward complaints, and more productive use of investigative staff. Using available resources, the Office will start implementing these two new functions on a pilot basis in 2008-2009.

2. Renew the approach to the performance assessment of federal institutions

Report cards have proven to be a valuable tool in triggering more compliance with the Act and instigating process-related changes. However, in recent years, they have not been as effective as they could be in leading institutions to reach the highest level of compliance based on the grading scale. A renewed approach to performance reviews and the dissemination of best practices is proposed.

On a preliminary basis, two areas for improvement that could, once change is implemented, make report cards more relevant and hopefully more useful to Parliament have been identified. A first finding is that the current process does not accurately reflect or communicate ongoing efforts by institutions to improve compliance, or does not clearly identify the reasons why selected institutions are performing the way they are. A second finding is that the process is not linked to the fiscal year performance management framework, and hence, it has limited impact in holding heads of institutions accountable for the access to information performance of their institution in a timely fashion.

In 2008-2009, reviews will consider all contextual elements that may affect performance. Along the report cards, the Office will concurrently publish action plans and responses from the selected federal institutions. The aim is to provide more detailed information and content that goes beyond a simple rating of access to information request delays. The current review period will also be changed to put it in line with the government’s performance management cycle and will begin the review process at the end of fiscal year 2007-2008.

3. Integrate, to the operations, the implications of the coming into force of the Federal Accountability Act

The FedAA and resulting amendments to the Access to Information Act and the Privacy Act, which came into force on April 1, 2007, have made the Office one of 70 Crown corporations and their wholly owned subsidiaries, foundations and agencies that are now subject to the Acts for the first time.

The Office now has a dual role of processing access to information requests and investigating complaints against federal institutions on their handling of access to information requests. This brings with it significant challenges and notable financial and operational implications that we will continue to address in 2008-2009.

A first challenge is to establish an exemplary access to information and privacy process for the Office, since the public and others will carefully scrutinize the OIC’s compliance with the Acts, and management and disclosure of information. A second challenge is dealing with the conflict that arises as a result of being subject to the Act while still being mandated to independently and impartially investigate complaints arising from requests under it. The FedAA does not include safeguards against this situation; nonetheless, the Office is legally required to establish and implement a mechanism to address it. To that end, former Supreme Court of Canada Justice, the Honourable Peter de C. Cory, was engaged to undertake the role of ad hoc Commissioner, with the same functions and powers as the Information Commissioner to conduct investigations of, and make recommendations to, the Office on its obligations under the Act. In 2008-2009 Mr. Cory will be supported by qualified investigators and an administrative coordinator, as required. A third challenge is managing the larger volume of complaints and reviews, and providing assistance to the institutions that have just become subject to the Act as they gain experience in administering the Act and the complaint process.

4. Modernize Access to Information

The Commissioner stands ready to assist the Parliament and government in modernizing the access to information program. Over the next year, the Office will continue to work with the Department of Justice and the Treasury Board Secretariat in developing legislative and administrative initiatives about access to information.

Part of this priority is also closely monitoring new statutory requirements in the ATIA such as the concept of the "duty to assist" that now requires the head of an institution to make every reasonable effort to assist a requestor, respond to the requestor accurately and completely, and provide access to the record in the format requested.

5. Build organizational capacity

When the Information Commissioner took office last year, the state of the affairs of the Office seriously affected its ability to deliver services to parliamentarians, federal institutions and Canadians. Not only was the investigative capacity deficient, but support services, as well as administrative and corporate services, were either undeveloped or nonexistent.

As a first order of business, the OIC sought and received approval for additional funds to comply with the requirements of the Access to Information Act as amended by the Federal Accountability Act, as well as to establish and maintain an internal audit function.

The OIC also received approval for funding to undertake a review of operations and funding levels (A-base review) to determine whether current levels may adversely impact the ability of the Office to deliver on the legislative mandate and put the integrity of the program at risk.

Further, considerable efforts continue to be put towards building organizational capacity and develop the core functions of the organization.

Staffing

In order to improve service delivery (priority 1) through addressing the backlog and to implement changes contained in the Federal Accountability Act (priority 3), the Office will increase its investigative capacity through competitions, deployments, secondments and exchange opportunities where feasible, to attract individuals to the PM-02 to PM-05 levels that either have experience in access to information administration or relevant skill sets and experience in conducting investigations, audits or evaluations in other fields, or a legal background. New staff joining the organization will be trained based on personal learning plans.

Parliamentary Relations

As an Officer of Parliament, the Commissioner has a special rapport with Parliament. Parliamentarians rely on the Commissioner for objective advice about access to information implications of legislation, jurisprudence, regulations and policies. As such, the Commissioner is devoted to assist Parliament in playing its vital role of holding federal institutions and officials to account for the proper administration of the Act. In order to better achieve this goal, the OIC has set up a function dedicated to responding to inquiries of parliamentarians and be more proactive in informing legislators and decision-makers on access to information issues.

Communications

An area where significant improvements are required relates to the Office’s capability to communicate with various stakeholders to promote the role and perspective of the Office in ensuring compliance with the Act. Work started in 2007-2008 with the hiring of a Communications Advisor. The Communications Advisor will have the task of setting up a communications unit. Over the next year, the unit will be responsible for undertaking an overhaul of the website, revamping the Annual Report, establishing a media relations function and preparing for special events, such as the 25th Anniversary of the Act and Right to Know Week.

Internal Audit

As a result of the Treasury Board Policy on Internal Audit, the Office will establish an internal audit function that complies with the policy and directives while also preserving the OIC’s independence from government. This includes the appointment of a chief audit executive, development of a risk-based internal audit plan, and setting up of an independent audit committee formed with members external to the Office and the Public Service of Canada.

IM/IT

Another area where significant changes will occur is information management. The Office is working with the Library and Archives Canada on a pilot project which will develop documentation standards for a small organization such as the OIC. This project will be helpful for establishing accountability and stewardship under the Management Accountability Framework (MAF), assessing performance under Management, Resources and Results Structure (MRRS) and facilitating access to information. In terms of information technologies, the Office will modernize its systems to provide investigators with more effective tools to do their work.

Policy Development

Moving forward, the Office will strengthen its internal policy and research capabilities to provide advice to Parliament, but also to federal institutions, as well as bringing the Office’s unique perspective and expertise in developing sound policies. During 2007-2008, the Office took part in inter-institutional policy projects with Officers of Parliament, provincial and territorial regulators and/or federal institutions. Bolstering this important capacity will contribute to putting issues relating to access to information at the forefront, thereby supporting the Office’s chief goal of fostering a culture of openness.

2.3 Analysis by Program Activity

The priorities, discussed in the previous section, serve to advance the achievement of the OIC’s results over the next three fiscal years with an emphasis on 2008-2009. Priorities are refined annually based on the changing environment of the OIC while the results expected from OIC (see OIC Results Framework in Figure 1 of this Report on Plans and Priorities) remain relatively stable, being based on the Office’s mandate.

The OIC Program Activity Architecture (PAA) is composed of a single strategic outcome and a single program activity as follows, which are supported by internal services:


Strategic Outcome Requestors’ rights under the Access to Information Act are respected.
Program Activity Compliance with access to information obligations

Section 2.3 presents the OIC’s expected results with the associated performance indicators against which the Office will measure its success starting in 2008-2009. This section links the 2008-2009 priorities (described in Section 2.2) to the PAA and to the expected results.

The OIC has developed its performance measurement framework as part of Step 2 implementation of the MRRS Policy in the fall of 2007. The new performance measurement framework will be implemented at OIC over 2008-2009 and 2009-2010. While Step 2 of the MRRS did not include internal services, the OIC intends to articulate expected results and performance indicators for its internal services in the near future. The internal services are essential to support the Program Activity.


Office of the Information Commissioner of Canada

Strategic Outcome

Performance Indicators

Requestors’ rights under the Access to Information Act are respected.
  • Proportion of recommendations that are adopted (recommendations from investigations in response to complaints and Commissioner-initiated investigations)
  • Timeliness of the follow-up actions on recommendations


Planned Resources

2008-2009

2009-2010

2010-2011

Financial Resources ($ thousands)

$9,638

$8,512

$8,512

Human Resources

90 FTEs

82 FTEs

82 FTEs


Program Activity: Compliance with access to information obligations

Activity Description

The Access to Information Act is the legislative authority for the activities of the Information Commissioner as an independent ombudsman:

  • To investigate complaints from individuals;
  • To review the performance of government institutions;
  • To report the results of investigations/reviews and recommendations to complainants, federal institutions, and Parliament;
  • To pursue judicial review; and
  • To provide advice to Parliament on access to information matters.

Expected Results

Performance Indicators

1. Requestors benefit from a fair and effective  complaints resolution process.

 

Quality and timeliness of the investigation process (including investigation, legal review, approval and report of findings)
2. Stakeholders understand the role and perspective of OIC in ensuring compliance with the Access to Information Act. Reach to, and feedback from, stakeholders (i.e., the public, requestors, ATIP Coordinators community, other) through: public events, speaking engagements, access to proper web-based and other tools and information
3. Federal institutions meet their obligations under the Access to Information Act. Proportion of investigation recommendations that are adopted

Proportion of Report Card recommendations (made in the annual Access to Information Performance of Government Institutions) that are adopted

4. The Courts receive useful representations and relevant evidence about access issues, the proper interpretation of the provisions of the Access to Information Act, related statutes, regulations and jurisprudence. Proportion of the court cases where judgments support OIC representations (either to sustain or clarify interpretation of the statutes) and/or where OIC evidence was considered as part of the Courts’ deliberations
5. Parliament receives clear, relevant information and timely, objective advice about the access to information implications of legislation, jurisprudence, regulations and policies. Value of OIC information and advice provided to parliamentarians and Parliamentary Committees


Planned Resources

2008-2009

2009-2010

2010-2011

Financial Resources ($ thousands)

$9,638

$8,512

$8,512

Human Resources

90 FTEs

82 FTEs

82 FTEs


Priorities for the Program Activity

Over the next three years, and particularly in 2008-2009, the OIC will progress towards achieving the above expected results by pursuing the following priorities:


Priorities

Type

Improve service delivery to information requestors

New

Renew the approach to the performance assessment of federal institutions

New

Integrate, to the operations, the implications of the coming into force of the Federal Accountability Act

New

Modernize Access to Information

New


Other Activity: Internal Services

Activity Description

Internal services offer essential support to the Program Activity – Compliance with Access to information obligations. These internal services, for which the definition is not yet definitive, cover: management, financial, human resources, information management and technology, public affairs/communications, internal audit and evaluation, and administrative services. Resources associated with internal services have been incorporated to the Program Activity they support.

Priority for this Program Activity

Over the next three years, and particularly in 2008-2009, the OIC will pursue the following priority in the area of internal services:


Priority

Type

Build organizational capacity

New




Section III: Supplementary Information

3.1 Link to the Government of Canada Outcomes

The Information Commissioner of Canada is an Officer of Parliament who reports directly to the House of Commons and the Senate. The Strategic Outcome of, and the expected results from, the Office of the Information Commissioner are detailed in Section 1.6 of this Report on Plans and Priorities.

3.2 Services Received Without Charge


Services received without charge ($ thousands)

2008-2009

Accommodation provided by Public Works and Government Services Canada

992

Contributions covering employers' share of employees' insurance premiums and expenditures paid by Treasury Board of Canada Secretariat 

498

 

Office of the Auditor General of Canada – Audit Services

115 

Total services received without charge

1,605


3.3 Sources of Additional Information

Legislation Administered by the Information Commissioner

Access to Information Act R.S.C. 1985, ch. A-1, amended 1997, c.23, s. 21.

Statutory Annual Reports and Other Publications

Statutory reports, publications and other information are available from the Office of the Information Commissioner of Canada, 112 Kent Street, Ottawa, Canada K1A 1H3; tel.: (613) 995-2410 and on the OIC's Web site at www.infocom.gc.ca

  • Information Commissioner's Annual Reports
  • Report on Plans and Priorities for 2007-2008
  • Performance Report to Parliament for the period ending March 31, 2007.

Contact for Further Information

Josée Villeneuve
Director of Strategic Planning, Parliamentary Relations and Communications
Office of the Information Commissioner of Canada
Place de Ville, Tower B
112, Kent Street, 4th Floor Ottawa, Ontario K1A 1H3<
Telephone: (613) 947-2223 Facsimile: (613) 995-1501



3.2 Services Received Without Charge


Services received without charge ($ thousands)

2008-2009

Accommodation provided by Public Works and Government Services Canada

992

Contributions covering employers' share of employees' insurance premiums and expenditures paid by Treasury Board of Canada Secretariat

498

Office of the Auditor General of Canada – Audit Services

115

Total services received without charge

1,605