Canada Border Services Agency
Symbol of the Government of Canada

Privacy Act

Canada Border Services
Agency Annual Report
2012-2013

Table of Contents

Chapter One: Privacy Act Report

Chapter Two: Interpretation of Statistical Report

Chapter One: Privacy Act Report

Introduction

The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act, its Annual Report on the management of the act. The report describes the activities that support compliance with the Privacy Act for the fiscal year commencing April 1, 2012, and ending March 31, 2013. During this period, the CBSA has continued to build upon successful practices implemented in previous years.

"The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information". [1]

As stated in subsection 72(1) of the Privacy Act, "The head of every government institution shall prepare for submission to Parliament an annual report on the administration of this Act within the institution during each financial year." [2]

In fiscal year 2012–2013, the CBSA introduced new procedures and practices that will ensure the continued provision of timely service to Canadians who seek to exercise their right to access personal information under the Privacy Act, and which demonstrate leadership in the management of increasingly numerous and complex privacy requests.

Organization

I. About the Canada Border Services Agency

Since 2003, the CBSA has been an integral part of the Public Safety Canada portfolio, which was created to protect Canadians and maintain a peaceful and safe society. In support of these priorities, the CBSA is responsible for providing integrated border services which facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation.

The CBSA carries out its responsibilities with a workforce of approximately 13,000 employees, including over 7,200 uniformed CBSA officers who provide services at approximately 1,200 points across Canada and at 39 international locations. [3]

II. Access to Information and Privacy Division

The Access to Information and Privacy (ATIP) Division is comprised of four units:  an Administration section, two Case Management units, and a Policy and Training unit. The Administration section’s function is to receive all incoming requests and consultations, to ensure quality control on all outgoing correspondence, and to support both Case Management units in their day-to-day business. The Case Management units task all branches and regions with retrieval requests and provide daily operational guidance and support to CBSA employees. The Policy and Training unit develops policies, tools and procedures to support ATIP requirements within the CBSA and provides training to CBSA employees. On average, 41 full-time equivalents (FTE), 5 part-time and casual employees, and 4 consultants were employed in the ATIP Division during the fiscal year 2012–2013.

The ATIP Coordinator for the CBSA is the Director of the ATIP Division. The ATIP Division is part of the Corporate Secretariat Directorate, which reports to the Vice-President of the Corporate Affairs Branch. Consistent with the best practices identified by the Treasury Board of Canada Secretariat (TBS[4], the CBSA's ATIP Coordinator is positioned within three levels of the President, and has full delegated authority, reporting directly to the Director General, Corporate Secretariat, who in turn reports to the Corporate Affairs Branch.

The ATIP Division works closely with other members of the Public Safety Canada portfolio, including the Canadian Security Intelligence Service, Correctional Service of Canada, the Parole Board of Canada and the Royal Canadian Mounted Police (RCMP), to share best practices and develop streamlined processes for the retrieval of jointly held records within the 30-day legislated timeframe required to respond to privacy requests.

III. Information Sharing Unit

In fiscal year 2009-2010, the CBSA created the Information Sharing Unit, which is currently part of the Program, Integrated Policy Division, in the Strategic Risk and Modernization Directorate, of the Agency's Programs Branch.

This unit supports all the CBSA's programs by leading or coordinating strategic and/or horizontal information sharing initiatives. It identifies required regulatory or legislative changes, develops internal disclosure policy, reviews and contributes to Memoranda of Understanding (MOU) and Privacy Impact Assessments (PIAs) that contain an information sharing component, and coordinates information sharing activities on behalf of internal or external stakeholders, including international partners.

Within this mandate, the Information Sharing Unit provides policy guidance both broadly and on a case-by-case basis to CBSA programs related to the disclosure of information, under section 8 of the Privacy Act and section 107 of the Customs Act. The Information Sharing Unit is the functional authority for the CBSA's information sharing activities.

The Information Sharing Unit is also responsible for ensuring that information sharing legislation, policy and procedures are clearly and consistently understood throughout the CBSA. To this end, the unit develops and provides training to the CBSA employees in consultation with the Human Resource Branch's Training and Learning Directorate.

In fiscal year 2012–2013, the Information Sharing Unit accomplished multiple activities related to the Privacy Act that included:

  • Revising the information sharing policy for section 107 of the Customs Act. The new Policy Guidelines on the Disclosure of Customs Information has replaced the D–Memoranda: D1–16–1: Explanation of Section 107 of the Customs Act and D1–16–2: Interim Administrative Guidelines for the Provision to others, Allowing access to others, and Use of Customs Information – Section 107 of the Customs Act.
  • Providing support and guidance to programs areas of the CBSA to ensure an integrated and coordinated approach to information sharing with the United States (U.S.) as part of the Beyond the Border Action Plan suite of initiatives;
  • Leading an Agency-wide Information Sharing Working Group, which serves as a consultative body to support the development of the CBSA information sharing policy development and research;
  • Representing the CBSA in supporting policy initiatives led by Public Safety Canada concerning information sharing to support national security;
  • Leading the CBSA participation in the development and implementation of the Immigration Information Sharing Treaty with the U.S. (led by Citizenship and Immigration Canada (CIC));
  • Drafting the standard operation procedures for the Ministerial Direction for the Enforcement & Intelligence program;
  • Developing an Agency–wide policy for information sharing that encompasses the different legislation that govern the disclosure of CBSA information;
  • Developing an Agency–wide policy on the disclosure provisions of section 8 of the Privacy Act;
  • Co–drafting the Information Sharing Annex with CIC for the CIC/CBSA MOU;
  • Revised the training on information sharing for the new Border Services Officers;
  • Delivered the Basic Information Sharing training course to 448 employees;
  • Delivered training to more than 600 employees across the country on the new information sharing policy for section 107 and;
  • Providing functional guidance to the CBSA as a whole with regard to information sharing and disclosure activities.

At the end of the fiscal year 2012–2013 reporting period, 7 FTEs were employed in the Information Sharing Unit.

IV. Upcoming Resource Challenges

The CBSA is expecting an increase in the number of requests received due to its high profile role in key Government of Canada initiatives, such as the Beyond the Border Action Plan. To this end, the ATIP Division has proactively launched a process, through a standing offer, to retain the professional services of Intermediate ATIP Consultants, Senior ATIP Consultants and Advanced ATIP Consultants to augment existing resources and to address increases in workload. These new resources will assist with the management and processing of ATIP requests and the development and delivery of ATIP related training.

Additionally, the ATIP Division anticipates that additional resources will need to be dedicated to the completion of PIAs for those initiatives included in the Beyond the Border Action Plan. To this end, the ATIP Division has proactively launched a process, through a standing offer, to retain the professional services of individuals experienced in developing complex and sensitive PIAs for federal government organizations. Once the process is completed, the CBSA will have six qualified individuals available to assist with the management of all the phases related to the development of PIAs.

Furthermore, the ATIP Division is being solicited more and more by other government departments, such as CIC and Service Canada, to support their programs. The requirements needed by these institutions are related to the requests received by the general public regarding their history of arrival dates into Canada. During fiscal year 2012–2013, the ATIP Division has dedicated 8 FTEs for processing these requests.

To help mitigate the impact that these resource challenges have on the Agency's performance and to avoid pushing the ATIP Division beyond its operational capacity, the ATIP Division strongly believes that it will have to invest additional funding and resources for the CBSA to maintain its high performance with respect to its ATIP obligations.

Activities and Accomplishments

I. Leadership

The CBSA has always been an active participant in the support and promotion of privacy, and fiscal year 2012-2013 was no exception.

The ATIP Division receives, coordinates and processes requests for information under the Privacy Act, providing high quality and timely service to requesters. In addition, the ATIP Division supports a network of 18 ATIP Liaison Officers across the organization that assist with requests by searching and retrieving records, and coordinating recommendations from within their branch or region. This allows the ATIP Division to maximize efficiencies in request processing to ensure that requesters receive their information in the shortest time possible.

The ATIP Division further strengthened the administration of the privacy program throughout the CBSA by implementing a rigorous and more accountable consultation process. As of January 2013, all branches and regions are required to provide at least director-level approval and the inclusion of subject matter expertise for each office of primary interest involved in the consultation for records responsive to a privacy request. The new process is another step for the CBSA's new functional approach to the administration of the program.

The CBSA is also participating in the "whole of government" ATIP solution initiative led by TBS. This initiative is focusing on finding solutions and ways, to be used by all federal departments and agencies, of centralizing and modernizing the administration of ATIP by improving service quality and ease of access for citizens while reducing the processing costs for institutions. One of the proposed solutions is to explore the development of an ATIP request processing software suite for use by all federal government institutions.

Finally, the CBSA maintains a reading room, available for individuals from the general public who wish to review the Agency's publications or other public materials. Individuals may access the reading room by contacting the ATIP Director of the CBSA, by telephone at 613-941-7431, or by sending an e-mail to the following address: ATIP-AIPRP@cbsa-asfc.gc.ca. The reading room is located at:

Leima Building, 10th Floor
410 Laurier Avenue West
Ottawa, Ontario
K1A 0L8

II. Performance

The CBSA received 13,379 requests under the Privacy Act in fiscal year 2012–2013. The CBSA has maintained a compliance rate of 88.1% in relation to the legislated time frames to respond to requests, a remarkable accomplishment, considering that the number of privacy requests the CBSA received has increased by 100.5% over the last year. This is in addition to the 130.5% increase received the previous fiscal year.

As mentioned in the "Upcoming Resource Challenges" section of this report, the increase in the number of privacy requests is largely attributable to individuals seeking copies of their history of arrival dates into Canada. Currently, 76.6% of all the privacy requests received by the CBSA come from individuals seeking their Traveller History Report (THR), which are used to prove residency requirements for benefits programs administered by CIC and Service Canada. In light of the increase in THR requests, the CBSA has initiated discussion with CIC to develop a more effective approach to provide THR access to CIC.  As a result of these discussions, CIC introduced a new consent-based application form for Canadian Citizenship, and CIC's Case Processing Centre in Sydney, Nova Scotia, was given direct access to the CBSA system that generates the THR. Despite implementing these initiatives, THR requests continue to be referred to the CBSA from other parts of CIC. The THR requests are also having a direct impact on the CBSA Border Information Service telephone lines, as individuals are calling to enquire about the status of their request. Applicants are also approaching the CBSA ports of entry and regional offices directly in an attempt to gain access to their THR faster. The increase in requests is impacting the ATIP Division's ability to sustain compliance with the time requirements of the Access to Information Act and the Privacy Act. The compliance rate for privacy requests has dropped below the Agency's performance standard of 90%. Although some progress has been made, the CBSA will continue the discussions with CIC and Service Canada, and will continue to explore alternatives to accommodate these clients while reducing the burden on the CBSA.

The CBSA also continues to modernize its service delivery model. As indicated in the Agency's 2011–2012 Annual Report, a new Electronic Consultation Process was negotiated with CIC to promote the timely completion of consultations on records pertaining to routine client immigration files. In fiscal year 2012–2013, the Electronic Consultation Process was implemented and allowed both institutions to transmit client file related consultation packages at the Protected B classification level or lower through an encrypted messaging arrangement. This process provides improvements and facilitates the processing of ATIP requests by both parties, reduces duplication of effort, and promotes consistency in the treatment of these requests.

The CBSA continues to offer the electronic delivery of responses to privacy requests. In fiscal year 2012–2013, the electronic responses made up 5.3% of all formal privacy requests closed.

In Round IX of the Management Accountability Framework (MAF) Assessment, the CBSA received a rating of "Strong" for all three ATIP lines of evidence (LoE): 12.4 – Access to Information, 12.5 – Privacy and Protection of Personal Information, and 12.6 – Governance and Capacity. For the CBSA to maintain its "Strong" rating in future MAF assessments, TBS made the following recommendations for LoE 12.4 and 12.5:

  • Provide "principles for assisting applicants" to the applicant proactively and explicitly;
  • Establish a timeframe for the review of policies, procedures and supporting documentation; and,
  • Clarify how privacy breaches are addressed (for LoE 12.5 only).

The CBSA has addressed all of these recommendations. In order to address the first recommendation, text was incorporated on the principles for assisting applicants in all ATIP acknowledgement letter templates.

In response to TBS recommendation that the ATIP Division establish a timeframe for the review of its policy, procedures and supporting documentation, a Privacy Policy and Procedural Review Chart was developed which provides timelines for updating all key divisional policies and procedures.

Finally, in response to TBS recommendation that the CBSA clarify how privacy breaches are addressed, a comprehensive Privacy Breach Protocol was developed, in consultation with Security and Professional Standards Directorate, and approved by the Agency's Executive Committee. The Privacy Breach Protocol incorporates a four-step process that includes a privacy breach checklist; a breach incident report; a risk assessment with scoring matrix; and sample notification letters. The Privacy Breach Protocol scoring matrix enables the Agency to determine the level of risk to both the individual and to the CBSA, allowing for more complete assessments of all circumstances surrounding a privacy breach.

Based on progress to date, and in continuing to strengthen the administration of the ATIP program within the CBSA, it is anticipated that the Agency will maintain its "Strong" rating for all three lines of evidence in future MAF assessments.

III. Human Resources

Finding and recruiting individuals who possess the necessary skills and experience for the ATIP discipline remains a challenge confronting all federal institutions. As a result, the market for ATIP Analysts is extremely competitive. Establishing the right organization with positions at the right levels is crucial to the success of the ATIP Division recruitment and retention efforts.

The ATIP Division implemented several human resource strategies over the past two fiscal years that better position the Division to maintain and minimize the impact on its current performance despite predicted privacy request workload increases. Part of the ATIP Division's success is attributable to its excellent core group of experienced staff who have been provided with opportunities to expand their knowledge and expertise through acting and assignment opportunities. These are part of the strategies implemented by the ATIP Division since fiscal year 2010–2011 and have continued in fiscal year 2012–2013.

The ATIP Division has hired and assigned six new FTEs to assist with the overflow of request attributable to individuals seeking copies of their history of arrival dates into Canada. The ATIP Division also hired a university student on a casual basis who joined the Policy and Training Unit, and is exploring the possibility of continuing this practice in the 2013–2014 fiscal year.

IV. Education and Training

In fiscal year 2012–2013, the ATIP Division continued to conduct bilingual training sessions that supported the implementation of streamlined processing procedures and built an awareness of ATIP obligations. Specifically, 17 sessions were offered in which 377 National Capital Region employees took part. These sessions are designed to ensure that the participants fully understand their responsibilities under the Access to Information Act and the Privacy Act, with a focus on requests made pursuant to the Acts, and the duty to assist principles, as well as the other elements required by TBS directives. The same session has also been delivered 9 times to 166 employees in 2 regions, with the intention of delivering this session to more regions in the new fiscal year.

The ATIP Division has also delivered customized sessions to particular audiences in high-demand areas. Specifically, 2 customized sessions were offered and have been well-received by 63 employees of the CBSA's Appeal Division. These sessions and targeted training will be offered again during the course of the new fiscal year.

In addition, the ATIP Division organized quarterly National ATIP Liaison Officers Learning Events through conference calls. The purpose of these conference calls, that convene 18 ATIP Liaison Officers from branches and regions, is to exchange information about the challenges encountered in the branches and regions, discuss the latest policies and procedural developments and, otherwise, improve the ATIP Division – ATIP Liaison Officers relationship. These conference calls will be offered again during the course of the new fiscal year to ensure continued improvement and, safeguard the continual flow of communication that provides the necessary tools and training required by ATIP Liaison Officers in performing their duties.

The ATIP Division continues to participate in a TBS–led working group mandated in the area of community development, which more specifically examines the design of generic organizational ATIP models, work descriptions and associated generic competencies that will respond to various issues and challenges that have been identified by the ATIP community and support employees and organizational development in the ATIP field across the core public administration.

Finally, the CBSA was invited by the Office of the Privacy Commissioner (OPC) to participate in a panel discussion during the 4th Annual PIA Workshop. The panel, represented by employees of the CBSA ATIP Division, CIC and the RCMP, shared the approach they used to coordinate a multi-institutional PIA process.

V. New and Revised Privacy-related Policies and Procedures

Over the past two years, the CBSA has worked diligently to address TBS recommendations to improve its chapter for Info Source. The CBSA content of the chapter for Info Source is now organized by institutional functions, programs and activities, and all Classes of Records and Personal Information Banks are aligned under their related program and activities. The CBSA chapter for Info Source meets TBS requirements, and the CBSA will continue to update its Info Source throughout the 2013–2014 fiscal year in accordance with TBS requirements.

Moreover, as part of the Info Source modernization initiative, TBS launched a Decentralized Publishing Pilot Project in which the CBSA agreed to participate. The CBSA has been praised by TBS for their participation and their support in this pilot project. This participation provides the CBSA with a decreased reporting burden, an enrichment of information on the Agency's website, increased transparency, and a full content accessibility to users. For fiscal year 2013–2014, the CBSA has agreed to continue to collaborate with TBS in reaching their goal to have all institutions self-publishing Info Source chapters by December 2013. Furthermore, the CBSA will assist TBS with the interim and long-term implementation process, by assisting in the development of appropriate procedures, sharing best practices, improving the functionality of Info Source publications, and by mentoring new institutions joining this process.

The ATIP Division has also developed ATIP Outgoing Consultation Directives, in response to recommendations made by the Office of the Information Commissioner of Canada (OIC) related to their investigation of delays in the processing of requests. These directives provide instruction to staff to ensure that a unified approach is in place for consultations sent to other government departments under the ATIP Acts, decisions pertaining to time extensions are based on consultation requirements and processes, and, that timelines are respected in processing the requests. Furthermore, the ATIP Division has developed directives on incoming consultations received from other government departments to ensure requests are processed in a timely manner, that all stakeholders are given an opportunity to provide recommendations as to their disclosure and, that these consultation requests are given the same importance as the ATIP requests received directly by the CBSA.

The ATIP Division continues to provide the service of informally severing CBSA records, for internal programs, as if they had been requested under the Privacy Act. The ATIP Division received 93 informal requests of this nature in fiscal year 2012–2013.

VI. Progress on the Privacy Management Framework Action Plan

The Privacy Management Framework (PMF) is a gap analysis of how the CBSA administers the Privacy program, and provides a set of recommendations for training, tools, performance measures, and governance structures to address these gaps. Based on these recommendations, the ATIP Division has, in consultation with key program areas, developed and presented, in 2011, a three-year Action Plan to implement the PMF recommendations. Considerable progress has been made during fiscal year 2012–2013, by implementing some of the most critical recommendations found in Phase 2 of the PMF, thereby demonstrating transparency, accountability, and leadership in the protection of privacy rights:

  • The ATIP Division worked with the Information Management program to design a joint ATIP and Information Management online virtual learning tool for CBSA employees. This session allows employees to increase their knowledge on information management, the Access to Information Act, the Privacy Act, as well as related TBS policies and directives. By learning the measures related to the ATIP request and the importance of information management, employees will have a better understanding of their role and responsibilities in supporting the Minister to fulfill his obligations under both Acts. It is anticipated that this tool will be available to all employees in the first quarter of fiscal year 2013–2014.
  • In response to the critical recommendation concerning the implementation of specialized ATIP Training on PIAs and Info Source, the CBSA included in their ATIP Awareness sessions a section dedicated exclusively to what Info Source is, and how the primary purpose of Info Source is to assist individuals in exercising their rights under the ATIP Acts. The ATIP Division has also developed resources to assist CBSA employees in the preparation of a PIA. A Privacy Impact Questionnaire (PIQ) was developed as a first step, for program areas to determine whether or not a PIA, or some other measures, is required. Once completed, the PIQ is reviewed by the ATIP Division who will recommend the appropriate course of action to be implemented by the programs. If a PIA is recommended, the ATIP Division will meet with the program to explain, step by step, all the requirements needed to complete a PIA document. In addition, the ATIP Division as created an annotated PIA template that guides the program in each section. In 2013–2014, the ATIP Division will continue to refine the procedures and create a new section in the ATIP Awareness training session that covers these measures.
  • In support of the fundamental obligations related to the privacy rights, the CBSA has announced the appointment of a CBSA Chief Privacy Officer (CPO) and the creation of a Privacy Oversight Committee. The CPO is responsible to help bring focus, awareness, support and leadership to complex privacy issues at the executive level. Chaired by the CPO, the Privacy Oversight Committee consist of executives, from key program and corporate areas, who meet quarterly to consider new policies, compliance issues, privacy breaches, PIAs and privacy awareness initiatives.
  • As mentioned in the "Performance" section of this report, developed in consultation with Security and Professional Standards Directorate, the ATIP Division has launched the CBSA Privacy Breach Protocol. The protocol outlines the steps that must be followed by employees, agents, students or contractors who discover a possible breach of privacy. The protocol will help to ensure that when a breach happens, it is quickly contained and future breaches are prevented.

In fiscal year 2013–2014, the CBSA will continue to implement some of the most critical recommendations found in the PMF by launching Phase 3 of the plan. Some of the key recommendations that will be addressed are the creation of a Privacy Code of Ethics for CBSA. The ATIP Division will also work with the Information Management Division to develop and implement an Agency-wide "clean up" of disused personal information, an initiative that will focus on the adequate disposition of the personal information that is no longer required for programs purposes. The PMF and its associated Action Plan will greatly strengthen the CBSA's compliance with legislative and policy requirements.

VII. Audits into the Privacy Practices of the Canada Border Services Agency

There were no audits into the privacy practices of the CBSA during the 2012–2013 fiscal year

VIII. Privacy Impact Assessments

In fiscal year 2012–2013, the CBSA initiated four PIAs and completed two PIAs initiated in previous years. The two completed PIAs – High-Integrity Personnel Security Screening Standard (HIPSSS), and Phase I Entry/Exit – were submitted to the OPC for review and comments.

High-Integrity Personnel Security Screening Standard

In November 2007, the CBSA Executive Management Committee approved the development of all required processes to implement enhanced personnel security screening measures allowable to decrease the risk of infiltration and corruption and maintain program integrity under the Policy on Government Security for all CBSA positions; and the creation of a CBSA High-Integrity Personnel Security Screening Standard. A PIA Summary was posted on the CBSA ATIP website at: http://www.cbsa.gc.ca/agency-agence/reports-rapports/pia-efvp/atip-aiprp/hipsss-nieesp-eng.html.

Phase I Entry/Exit

In 2011, Canada and the U.S. issued the Beyond the Border: A Shared Vision for Perimeter Security and Economic Competitiveness which establishes a new long-term partnership built upon a perimeter approach to security and economic competitiveness and subsequently, the Perimeter Security and Economic Competitiveness Action Plan (Action Plan) which sets out the joint Canada–U.S. priorities for achieving this vision. As part of delivering on its commitments in the Action Plan, Canada and the U.S. are undertaking the Entry/Exit Initiative. A PIA Summary was posted on the CBSA ATIP website at:  ttp://www.cbsa.gc.ca/btb-pdf/es-se-eng.html.

Disclosures Made Pursuant to Paragraph 8(2)(e) of the Privacy Act

During the 2012–2013 fiscal year, 199 disclosures pursuant to paragraph 8(2)(e) of the
Privacy Act, were made by the CBSA.

Disclosures Made Pursuant to Paragraph 8(2)(m) of the Privacy Act

During the 2012–2013 fiscal year, 12 disclosures pursuant to paragraph 8(2)(m) of the
Privacy Act, were made by the CBSA. In each case, only the fact that the individuals were being removed from Canada in accordance with the Immigration and Refugee Protection Act was disclosed.

These disclosures served to demonstrate that the objectives and integrity of the immigration system and the protection of the health and safety of Canadians were being maintained in Canada. It is in the interest of the public to know that Public Safety Canada is committed to carrying out this mandate.

The balance between the public's need to know and protection of an individual's privacy is of utmost concern to the CBSA, and in each of these cases, it was determined that public interest in the disclosure of these individual's removal status outweighed any injury to the individuals.

In each case the OPC was notified of the disclosure.

Delegation Order

See Annex A for a signed copy of the Delegation Order.

Chapter Two: Interpretation of Statistical Report

Statistical report and Supplemental Reporting Requirements

See Annex B for the CBSA’s statistical report on the Privacy Act.

Interpretation of the Statistical reports

I. Overview

In fiscal year 2012–2013, the CBSA continued to refine its practices to maintain a high level of service to requesters while addressing increased workload-related issues. Statistics suggest these refinements are having a positive effect as evidenced by a continued high completion rate of requests within the legislated timelines.

II. Requests Received Under the Privacy Act

The CBSA received 13,379 privacy requests in fiscal year 2012–2013, representing an increase of 100.5% from the previous year. The CBSA responded to 13,191 Privacy Act requests during fiscal year 2012–2013, representing 98.6% of the total number of requests received. In total, 650 requests were carried forward from fiscal year 2011–2012 and 838 requests, outstanding from fiscal year 2012–2013, were carried over to the 2013–2014 period.

Privacy Requests Received/Completed

Of the 13,191 requests completed during fiscal year 2012–2013, the CBSA processed over 496,176 pages, an average of 37.6 pages per request. Of the 13,191 requests completed, the CBSA disclosed all the information to requesters in 32,175 pages processed (6.5%). Requests disclosed in part comprise the largest disposition category with 461,333 pages, representing 93% of the pages processed. Moreover, the CBSA has fully exempt 181 pages processed (less than 0.1%). Finally, the CBSA has processed 2,487 pages (0.5%) for requests that were, at the end, abandoned by the requester. The increase in the number of pages processed throughout the last few years is affecting the processing of the requests, as more time is required for revision and approval.

Pages Processed/Disclosed

III. Completion Time

Of the 13,191 requests completed during the fiscal year 2012–2013, the CBSA responded to 4,592 requests within 30 days or less, representing 34.8% of all the requests completed. The CBSA has responded to 5,698 requests (43.2%) within 31 to 60 days, 2,820 requests (21.4%) within 61 to 120 days, and 81 requests (0.6%) required 121 days or more to be completed.

Completion Time

Of all the requests completed, the CBSA was successful in respondingto 88.1% within the statutory time frames. This result reflects the CBSA's commitment to ensuring that every reasonable effort is made to complete the requests in a timely manner.

IV. Extension

The Privacy Act allows departments to extend the legislated deadline of a request if the request cannot be completed within the legislated 30 day time limit. Section 15 of the Privacy Act permits extensions if:

  • Meeting the original time limit would unreasonably interfere with the operations of the government institution;
  • Consultations are necessary to comply with the request that cannot reasonably be completed within the original time limit; or
  • Additional time is necessary for translation purposes or for the purposes of converting the personal information into an alternative format

In total, 8,028 extensions were applied to requests in fiscal year 2012–2013. This uncharacteristic amount of extension requested by the CBSA is largely attributable to the increase in traveller history requests received. In this matter, extensions were required in 7,831 instances (97.5%) as meeting the original time limit would interfere with the operations of the institution. Additionally, extensions were required in 197 instances (2.5%) for consultation. The ATIP Division did not invoke any extensions for the translation of documents.

Extensions
V. Disposition of Requests Completed

Of the 13,191 privacy requests processed in fiscal year 2012–2013, the CBSA provided full release of the information requested for 78.2% of the requests completed (10,318 requests), the most frequent outcome during the reporting period. Moreover, partial disclosure of the information requested has been applied in 13% of the requests (1,714 requests). Additionally, 4.9% (641 requests) were requests for which no documentation exists. As well, of the completed requests, 3.9% were abandoned (512 requests). Such an action may occur at any point in the processing of a request. Finally, less than 0.1% of the requests were either completely exempted or completely excluded from disclosure (6 requests and 0 requests respectively).

Disposition of Requests Completed

VI. Exemptions Invoked

Sections 18 through 28 of the Privacy Act set out the exemptions intended to protect information pertaining to a particular public or private interest.

While most information is of a sensitive nature, the CBSA is making every effort to release as much information as possible, to remain consistent with the spirit of the Privacy Act. The majority of the exemptions invoked by the CBSA fell under four sections of the Privacy Act. Section 26, which protects information about another individual, was used in 1,362 cases (45.2%). Section 22, which protects the disclosure of materials that could reasonably be expected to be injurious to the enforcement of any law of Canada or a province or conduct of lawful investigations, was used in 782 cases (26%). Section 21, which keeps the disclosure of materials that could reasonably be expected to be injurious to the conduct of international affairs, the defence of Canada or any other state allied or associated with Canada, was used in 439 cases (14.6%). Section 19, which exempt records of personal information obtained in confidence, was used in 395 cases (13.1%). The remaining 32 cases (1.1%) are shared between section 20, section 25 and section 27 of the Privacy Act.

In terms of how the CBSA reports exemptions, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five exemptions.  If the same exemption was used several times for the same request, it would be reported only once.

Exemptions Invoked

VII. Exclusions Cited

Pursuant to section 69 of the Privacy Act, the Act does not apply to library or museum material preserved solely for public reference or exhibition and material deposited with the Library and Archives Canada. Personal information that the Canadian Broadcasting Corporation collects uses or disclosed for journalistic, artistic or literary purposes are excluded pursuant to section 69.1 of the Privacy Act. Finally, records considered to be confidences of the Queen's Privy Council of Canada are excluded pursuant to section 70 of the Privacy Act.

In this manner, exclusions were invoked a total of 2 times, or in less than 0.1% of the requests completed in fiscal year 2012–2013.

Exclusions cited in fiscal year 2012–2013 Number of exclusions cited

S. Art. 69 (1)(a)

0

S. Art. 69 (1)(b)

0

S. Art. 69.1

0

S. Art. 70 (1)(a)

1

S. Art. 70 (1)(b)

0

S. Art. 70 (1)(c)

1

S. Art. 70 (1)(d)

0

S. Art. 70 (1)(e)

0

S. Art. 70 (1)(f)

0

S. Art. 70.1

0

Total

2
VIII. Consultations

The CBSA received 105 Privacy Act consultations, either from other government institutions, or from other organizations, in fiscal year 2012–2013. The CBSA closed 110 consultations during fiscal year 2012–2013. In total, 10 consultations were outstanding from fiscal year 2011–2012 and 5 consultations, outstanding from fiscal year 2012–2013, were carried over to the 2013–2014 period.

Of the 110 consultations closed during fiscal year 2012–2013, 89 consultations (80.9%) were completed in 30 days or less. Of these 89 consultations, recommendation of full disclosure was applied in 46 instances (51.7%) and, recommendation of partial disclosure was applied in 42 instances (47.2%). Finally, the CBSA has provided the recommendation to consult with another institution in 1 instance (1.1%).

The remaining 21 consultations (19.1%) went beyond 30 days. Of these 21 consultations, recommendation of full disclosure was applied in 1 instance (4.8%) and, recommendation of partial disclosure was applied in 19 instances (90.4%). Finally, the CBSA has provided the recommendation to consult with another institution in 1 instance (4.8%).

Recommendations on Consultations

IX. Complaints and Investigations

Subsection 29(1) of the Privacy Act describes how the OPC receives and investigates complaints from individuals in respect to their personal information held by a government institution. Examples of complaints the OPC may choose to investigate include: refusal of access to personal information, an allegation that personal information about them held by a government institution has been misused or wrongfully disclosed, or if an individual has not been given access to personal information in the official language requested by the individual.

Throughout the 2012–2013 fiscal year, 28 Privacy Act complaints were filed against the CBSA, a decrease of 48% compare to fiscal year 2011-2012. This number represents 0.2% of all the requests completed during this period. The complaints received during the fiscal year were related to the following: time delay (13), application of exemptions or exclusions (6), use and disclosure (5), time extension (1), refusal to disclose (1), language (1) and miscellaneous reasons (1).

Complaints Received

There were 24 active complaints outstanding from fiscal year 2011-2012. The CBSA received 28 privacy complaints in fiscal year 2012–2013. The OPC resolved 26 privacy complaints with the CBSA. A total of 26 complaints, outstanding from fiscal year 2012–2013, are being carried forward into the 2013–2014 fiscal year.

Complaint Workload

Of the complaints resolved, 8 were well founded, 10 were not well founded, 7 were abandoned or discontinued and 1 was not substantiated. Where complaints are substantiated, the matter is reviewed by the delegated managers and processes are adjusted if required. For example, extensions may be reviewed to determine whether the length of time taken was appropriate, given the complexity of the request.

Complaints Closed in 2012–2013
Well founded with recommendations – Resolved
Well founded with recommendations – Not Resolved
Well founded without recommendations – Resolved
Not well founded 10 
Abandoned/discontinued
Not substantiated
Total  26 

No key issues were raised as a result of privacy complaints and investigations.

X. Appeals

There were no appeals to the Federal Court during the 2012–2013 fiscal year.

XI. Conclusion

The fiscal year 2012–2013 has proved to be challenging for the CBSA. New processes and employee training have helped streamline the Agency's response times in the face of growing volumes and case complexity. Moreover, the CBSA's human resource activities have allowed the improvement of ATIP expertise and increased ability to retain and develop employees. Challenges remain, however, and ongoing development of the Agency's employees and programs will be of the utmost importance in fiscal year 2013–2014. Furthermore, the implementation of new measures, and focusing on finding solutions to address the continual increase of Privacy Act requests, will be essential for the CBSA to sustain compliance with the time requirements of the Act.

Annex A – Delegation Order

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Access to Information Act and section 73 of the Privacy Act, hereby designates the persons holding positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister of Public Safety and Emergency Preparedness as the head of Canada Border Services Agency under the provisions of the Act and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders.

Schedule Canada Border Services Agency
Position Access to Information Act and Regulations Privacy Act and Regulations
President Full Authority Full Authority
Executive Vice-President Full Authority Full Authority
Vice-President, Corporate Affairs Branch Full Authority Full Authority
Director-General, Corporate Secretariat Full Authority Full Authority
Director, ATIP Division Full Authority Full Authority
Manager, ATIP Division Full Authority Full Authority
(except 8(2)(m))
Team Leader, ATIP Division Full Authority Full Authority
(except 8(2)(m))

Annex B – Statistical Report TBS/SCT 350-63-2012: Statistical Report on the Privacy Act


[1] Privacy Act R.S., 1985, Chapter P-21, p. 1

[2] Ibid., p. 42-43

[3] Canada Border Services Agency website, About Us – What we do, accessed April 12, 2013

[4] Treasury Board of Canada Secretariat website, Report on the TBS Study of Best Practices for Access to Information Requests Subject to Particular Processing, accessed April 12, 2013