We have archived this page on the web
The information was accurate at the time of publishing but may no longer reflect the current state at the Canada Border Services Agency. It is not subject to the Government of Canada web standards.
Annual Report to Parliament on the Privacy Act: 2020 to 2021
From: Canadian Border Services Agency
Chapter 1: Privacy Act report
Introduction
The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act, its annual report on the management of this Act. The report describes the activities that support compliance with the Privacy Act for the fiscal year commencing , and ending . During this period, the CBSA continued to build on successful practices implemented in previous years.
The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.Footnote 1
As stated in subsections 72(1) and 72(2) of the Privacy Act, “Every year the head of every government institution shall prepare a report on the administration of this Act within the institution during the period beginning on of the preceding year and ending on of the current year… Every report prepared under subsection (1) shall be laid before each House of Parliament on any of the first 15 days on which that House is sitting after September 1 of the year in which the report is prepared.”Footnote 2
Organization
I. About the Canada Border Services Agency
The CBSA has been, since 2003, an integral part of the Public Safety Canada (PS) portfolio, which was created to protect Canadians and maintain a peaceful and safe society. The Agency is responsible for providing integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation.Footnote 3
The CBSA carries out its responsibilities with a workforce of approximately 14,000 employees, including over 6,500 uniformed CBSA officers who provide services at approximately 1,200 points across Canada and at 39 international locations.Footnote 4
II. Information Sharing, Access to Information and Chief Privacy Office
The Information Sharing, Access to Information and Chief Privacy (ISATICP) Office is comprised of 6 units: an Administration section, 3 Case Management units, and 2 Policy units. The Administration section's function is to receive all incoming requests and consultations, to ensure quality control of all outgoing correspondence, and to support the Case Management units in their day-to-day business. The Case Management units assign branches and regions with retrieval requests, process requests under the Privacy Act, and provide daily operational guidance and support to CBSA employees. The ATIP Policy and Governance Unit develops policies, tools, and procedures to support ATIP requirements within the CBSA and provides training to employees. The Information Sharing and Collaborative Arrangement Policy Unit maintains the policy framework for the CBSA's information‑sharing and domestic written collaborative arrangements. On average, 80 full‑time equivalents, and 3 part‑time, casual and student employees were employed in the ISATICP Office during fiscal year 2020 to 2021.
The ATIP coordinator for the CBSA is the Executive Director of the ISATICP Office. The ISATICP Office is part of the Chief Data Office, which reports to the Vice-President (VP) of the Strategic Policy Branch. Consistent with best practices identified by the Treasury Board of Canada Secretariat (TBS),)Footnote 5 the CBSA's ATIP coordinator is positioned within 3 levels of the President and has full delegated authority, reporting directly to the Chief Data Officer, who in turn reports to the VP of the Strategic Policy Branch.
Key to maintaining compliance with the statutory time requirements of the Privacy Act is the CBSA ISATICP Office's ability to obtain personal information from branches and regions in a timely and reliable manner. Supported by a network of 21 ATIP liaison officers across the CBSA, the ISATICP Office is well‑positioned to receive, coordinate, and process requests for personal information under the Privacy Act.
The CBSA ISATICP Office works closely with other members of the PS portfolio, including the Canadian Security Intelligence Service, the Correctional Service of Canada, the Parole Board of Canada, and the Royal Canadian Mounted Police, to share best practices and develop streamlined processes for the retrieval of jointly held records within the 30-day legislated time frame required to respond to privacy requests.
Activities and accomplishments
I. Performance
Fiscal year 2020 to 2021 saw high volumes of privacy requests made to the CBSA. The volumes are largely attributable to individuals seeking copies of their history of arrival dates into Canada. In fiscal year 2020 to 2021, 79.9% of all the privacy requests received by the CBSA came from individuals seeking their Traveller History Report (THR), which contains information used to support residency requirements for programs administered by Immigration, Refugees and Citizenship Canada (IRCC) and Employment and Social Development Canada (ESDC).
In , IRCC, in consultation with the CBSA, introduced a new consent-based application form which sees applicants for citizenship provide consent on their applications for IRCC to view their travel history directly. The CBSA has allocated 100 accounts to the IRCC to verify (view only) clients' THR to Canada. IRCC has since viewed approximately 1.63 million THR, of which 79,011 were in fiscal year 2020 to 2021, that might otherwise have been requested formally through the CBSA by way of formal Privacy Act, or Access to Information Act requests.
The CBSA continued to see high volumes of privacy requests submitted through the Access to Information and Privacy Online Request tool. Through this tool, the agency received 10,847 requests, which amounted to 90.4% of all privacy requests received by the CBSA.
The CBSA continued to offer the electronic format for responses to privacy requests. Although electronic format made up only 82.5%, these requests accounted for 96.5% of all the pages the CBSA disclosed in their entirety or disclosed in part this fiscal year.
The ISATICP Office also provided case-by-case policy guidance to CBSA program areas related to the disclosure of information under section 8 of the Privacy Act and section 107 of the Customs Act. In total, the ISATICP Office received 2,523 requests for guidance in fiscal year 2020 to 2021, representing an increase of 32.5% over the previous year.
Finally, as per Section 73.1 of the Privacy Act, the CBSA ISATICP Office has not provided services related to any power, duty or function conferred or imposed on the CBSA under this Act to another government institution that is under the responsibility of the Minister of Public Safety and Emergency Preparedness and has not received such services from any other such government institution.
II. Education and training
In fiscal year 2020 to 2021, despite teleworking and minimal access, the CBSA ISATICP Office continued to provide support and guidance to employees. To do so, the Office adapted to numerous changes and explored alternative measures to delivery. Not being able to offer in-person training sessions, the CBSA ISATICP office shared it's training materials with 24 employees and also provided 3 virtual training sessions to 85 employees. The training sessions are designed to ensure that the participants fully understood their responsibilities under the Privacy Act and the Access to Information Act, with a focus on requests made pursuant to the Acts and the duty to assist principles.
It should be noted that the CBSA added the Canada School of Public Service's (CSPS) Access to Information and Privacy Fundamentals (I015) course to the list of mandatory training. This training must be successfully completed by all persons employed by the CBSA who occupy an indeterminate or term position on a full-time, part-time or seasonal basis, as well as students and casual employees. It also must be completed within 6 months of joining the CBSA. As of , 9,699 employees have successfully completed the course. This newly added course has replaced CBSA's Managing Information at the Canada Border Services Agency and the Access to Information Act and the Privacy Act (F5017-P) course, which has now been archived.
Moreover, the ISATICP Office delivered 2 training sessions on section 107 of the Customs Act, as well as basic information‑sharing, disclosure of intelligence-related information, and business line‑specific training sessions to 14 employees. In addition, before attending the training, employees are advised to complete the interactive online training course, regarding information sharing that was developed by the ISATICP Office.
Further, the ISATICP Office continues to raise employees' awareness of their obligations under the Privacy Act by leveraging the Agency's daily newsletter as a way to provide employees with important information. The communiqués include key dates, such as Data Privacy Day, and other activities at the CBSA to promote ATIP tools and resources. Additionally, a bi-annual message is sent to employees to promote the CBSA privacy breach protocol and the importance of reporting privacy breaches.
Finally, the CBSA ISATICP Office continues to actively participate in the TBS-led ATIP coordinators and ATIP practitioners meetings. These meetings provide opportunities for employees of the Office to liaise with employees from other institutions to discuss various issues and challenges that have been identified by the ATIP community.
III. New and revised privacy-related policies and procedures
During fiscal year 2020 to 2021, the CBSA ISATICP Office continued to revise existing policies, to develop new ones, and to introduce new procedures.
The Office has continued to take a number of measures to enhance and promote ATIP tools that are readily accessible to CBSA employees by utilizing Apollo (GCDocs). To this end, it ensures that the CBSA ISATICP Office intranet site is up to date and available to all CBSA employees. This allows the Office to quickly share information and best practices and to facilitate collaboration across the agency.
The CBSA continued to see a rise in ATIP related audio/video redacting requests. In response to this growth, the CBSA ISATICP Office, in partnership with the Chief Transformation Officer Branch and the Information, Science and Technology Branch, and as part of an Innovation Solution Canada challenge initiative, is currently involved in a project allowing private companies to introduce applied concept for the redaction of video recording. This solution will allow video and audio recordings to be automatically processed. This year, Phase 1 of the initiative was undertook and completed. Once available, this software will be promoted as the solution for processing video and audio recordings for the entirety of the Government of Canada.
As mentioned above, CBSA's high volumes of requests received are largely attributable to individuals seeking copies of their respective THRs which contains information used to support residency requirements for programs administered by IRCC and ESDC. To solve this problem, the CBSA ISATICP Office is actively working on the introduction of an online portal, which will allow travellers to obtain their own THR of their arrivals and departures from Canada.
The Covid-19 pandemic has also pressed the CBSA to look at new ways to offer documents to requesters. To this end, the CBSA ISATICP Office started sending documents safely via email to clients when consent was provided. The Office will soon adopt the Online Request Services/Online Management Tool developed by TBS, which will allow it to interact with the requesters directly, and also securely disclose documents to clients.
The CBSA ISATICP Office is also looking at introducing a new automated tool to register new incoming access to information and privacy requests without the requirement for human intervention. Currently, the Office requires employees to manually enter the information received from clients in our database. This automated tool will access the same information, and perform the same tasks, as the current employees who register new requests.
This year, the CBSA continued to be an active and key participant in the Privacy Act Modernization working group, which has helped establish the CBSA's position on the modernization of this Act. The CBSA believes that a modernized Act should facilitate the government work while continuing to respect individuals' privacy rights and the Canadian Charter of Rights and Freedom. The CBSA will continue to develop policy options, and to work on transition advice, alongside the Department of Justice, in the modernization of the Privacy Act.
The CBSA ISATICP Office continued to provide the service of informally reviewing CBSA records for internal programs as if they had been requested under the Privacy Act. The Office received 243 internal requests of this nature in fiscal year 2020 to 2021.
The CBSA closely monitors the time it takes to process privacy requests. Monthly reports, which show trends and performance, are submitted to the Assistant Directors of the Case Management units, and to the Executive Director of the ISATICP Office. Finally, monthly reports consisting of statistics on the performance of the offices of primary interest are also distributed to all ATIP liaison officers.
IV. Reading room
The CBSA, in accordance with the Privacy Act, maintains a reading room for applicants who wish to review material in person at the CBSA. Applicants may access the reading room by contacting the CBSA's ISATICP Office by telephone at 343-291-7021 or by sending an email to atip-aiprp@cbsa-asfc.gc.ca. The reading room is located at:
Place Vanier Complex
14 flr Tower A
333 N River Rd
Ottawa ON K1A 0L8
V. Audits of, and investigations into the privacy practices of the Canada Border Services Agency
In 2020 to 2021, there were no key issues raised as a result of privacy investigations, and no audits were conducted that related to privacy practices of the CBSA.
VI. Privacy impact assessments
In fiscal year 2020 to 2021, the CBSA completed 3 Privacy Impact Assessments (PIA), and 1 Privacy Compliance Evaluation (PCE). They were all sent to the Office of the Privacy Commissioner of Canada and TBS for review and comments.
The 3 PIAs and the PCE completed by the CBSA are:
- Mobile Border (PIA)
- Next Generation Handhelds (PIA)
- CBSA Assessment and Revenue Management (CARM) : Release 0 (PIA)
- Chain of Trust (PCE)
Full executive summaries of these PIAs are available.
Mobile Border
As part of the CBSA modernization initiative, a new service channel is being introduced to provide the ability for travellers to present, report goods and appear for an examination using a mobile application to communicate remotely with a border services officer (BSO). The introduction of mobile technology will help the CBSA address increasing difficulties in maintaining the required infrastructure and BSOs in regions with geographical challenges and low staffing levels. Mobile Border will be deployed in a phased approach starting with a soft launch to be tested as a voluntary, alternative option at existing telephone reporting sites in regions that have limited CBSA resources.
It is expected that by providing a more convenient and accessible reporting tool, travellers who do not currently fulfill their obligations when entering Canada will make an effort to be compliant. Mobile Border has the potential to reduce processing times and to simplify CBSA procedures by automating routine activities that are currently done manually by BSOs (for example verbal collection and manual entry of traveller information). Furthermore, it will enable the CBSA to achieve the required identity assurance level for remote primary processing in accordance with TBS Directive on Identity Management.
Following the soft launch, in summer 2021, the agency will evaluate the results to determine a strategy for future implementation of a mobile application as a nation-wide program and expansion to additional CBSA locations with larger volumes and varying operational models (for example airports, buses and cruise ships).
Next generation handhelds
Wireless handheld devices were introduced into the CBSA operations between 2014 and 2017, to support the Entry/Exit Initiative and Beyond the Border Action Plan. The devices were equipped with a mobile version of the Integrated Primary Inspection Line (IPIL) application to facilitate the secure and accurate capture and risk assessment of individual traveller and conveyance information. Devices were initially deployed to the CBSA service points that were not equipped with primary inspection booths, as well as ports of entry (POEs) where primary inspection booths were present, but did not support all types of traveller processing. An example of this would be bus processing at large ports where workstations are only available in adjacent booths or buildings, but not where BSOs process travellers directly. In this scenario, handheld devices allowed BSOs to complete traveller processing on the bus, rather than offloading passengers.
Today, at most POEs, booths equipped with IPIL Air and IPIL Highway along with fixed workstations and document readers, provide BSOs with a means of capturing traveller and conveyance (for example licence plate) information for risk assessment against customs, immigration and enforcement databases. Where no booth is available, BSOs must take licence plate and traveller information and run it at an IPIL workstation in an office adjacent to the primary inspection line. This forces the BSO to turn his/her back to the traveller and leave them unattended.
The use of handheld devices during primary processing allows a BSO to capture and risk assess conveyance and traveller information while remaining with the traveller, just as they would today, if they were working at a site with primary inspection booths.
CBSA Assessment and Revenue Management (CARM) : Release 0
The CBSA launched the CBSA Assessment and Revenue Management (CARM) solution to enable the CBSA to track duties and taxes payable on the importation of commercial goods, monitor payments and facilitate reimbursements in the event of an overpayment by importers. The solution encompasses connections to multiple existing CBSA applications and databases and integrates with the Revenue Ledger. The CARM solution requires connections with the Canada Revenue Agency (CRA) and with Public Services and Procurement Canada.
The information held within the CARM solution is mostly commercial in nature: corporate contact information, corporate business numbers, and carrier codes. CARM holds information about importers, carriers, duty free shop owners, warehouse owners and customs brokerages. In some cases, the importers or carriers may be small-scale, sole proprietors and, in those cases, the identity, CRA-issued business numbers and even carrier numbers could be considered to be personal information.
The first phase of CARM, the Accounts Receivable Ledger (ARL) solution, was implemented in . The CARM project launched the first release of Phase 2 in , wherein the ARL solution underwent a technology upgrade and was moved onto the SAP S/4HANA platform. No new personal information or functionality was introduced, and current connections with multiple CBSA applications and databases and other government departments remained in place. The PIA created for ARL has been updated for CARM.
Chain of trust
The global outbreak of the COVID-19 pandemic has introduced new travel restrictions in countries around the world, elevating the need for additional border requirements for international travellers. Prior to the pandemic, air travel volumes were increasing at a steady pace, and as international travel re-commences they are expected to return to pre-pandemic levels and potentially increase over the next several years. To address emerging risks and responsibilities, the CBSA is exploring ways to provide self-service options for travellers to facilitate a safe and seamless international border clearance process. This will contribute to a low-touch air travel ecosystem that supports the recovery of the air travel and related industries, while protecting and strengthening the economic prosperity and health of Canadians.
As part of the CBSA's modernization initiative, the agency is moving towards a risk-based compliance model using technology and intelligence to provide the information needed to expedite the flow of legitimate goods and people. The Chain of Trust pilot project will use innovative technology solutions, such as low-touch self-service option for travellers, that will enable the CBSA to collect traveller information and authenticate travel documents while reducing physical touch-points in the customs clearance process. Collecting a traveller's information electronically in advance of their arrival, will eliminate the need for physical handling of documents or interaction with kiosks, particularly in airports where volumes could exceed capacity. In addition, it will help low-risk travellers navigate through airport/border check points without any border services personnel intervention (unless necessary). This is expected to reduce congestion in primary inspection lines and minimize the risks of virus transmission in the airport environment. Furthermore, it will enable a more flexible and dynamic operational model for BSOs at international airports.
Disclosures made pursuant to paragraph 8(2)(e) of the Privacy Act
During the 2020 to 2021 fiscal year, the CBSA made 344 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act.
Disclosures made pursuant to paragraph 8(2)(m) of the Privacy Act
During the 2020 to 2021 fiscal year, the CBSA made no disclosures pursuant to paragraph 8(2)(m) of the Privacy Act.
Delegation order
Refer to Annex A for a signed copy of the delegation order.
Chapter 2: Statistical report
Statistical report on the Privacy Act
Refer to Annex B for the CBSA's statistical report on the Privacy Act.
Interpretation of the statistical report
I. Requests received and completed under the Privacy Act
The CBSA received 11,997 privacy requests in fiscal year 2020 to 2021, which was a decrease of 15% over the previous year. Moreover, the CBSA responded to 12,126 Privacy Act requests, representing 90.7% of the total number of requests received and outstanding from the previous reporting period. Of the 1,236 requests carried over to fiscal year 2021–2022, 1,044 were on time and 192 were late. Finally, the CBSA processed 391,203 pages under the Privacy Act.
For the past 5 years, the CBSA has consistently been among the top government departments in terms of workload. While receiving a substantial number of requests each year, the CBSA has been able to maintain its performance.
Image description
| Fiscal year | Requests received | Completed requests |
|---|---|---|
| 2016 to 2017 | 11,590 | 11,791 |
| 2017 to 2018 | 13,429 | 13,575 |
| 2018 to 2019 | 13,447 | 13,873 |
| 2019 to 2020 | 14,102 | 13,866 |
| 2020 to 2021 | 11,997 | 12,126 |
II. Completion time
In fiscal year 2020 to 2021, a total of 12,126 requests were completed. The table below presents the response times for the requests that the CBSA completed this fiscal year.
| Completion time (days) | Number of requests |
|---|---|
| 121 or more | 127 |
| 61 to 120 | 248 |
| 31 to 60 | 806 |
| 30 or less | 10,945 |
Of the 12,126 completed requests, the CBSA was successful in responding to 96.6% within the legislated timelines, a decrease from the 98.5% achieved last fiscal year.
Furthermore, the pie chart below provides an overview of the disposition of these completed requests.
Image description
| Fully disclosed | 71.44% |
| Partially disclosed | 15.59% |
| No records exist | 2.03% |
| Request abandoned | 10.89% |
| Other | 0.05% |
Of the completed requests, 8,663 records were fully disclosed and 1,891 were partially disclosed. Refer to Annex B for all the details on the disposition of the completed requests.
III. Extensions
In total, 344 extensions were applied for in fiscal year 2020 to 2021. This represents a decrease of 62.1% in extensions in comparison to the previous fiscal year. Extensions were applied 99.7% of the time because of workload and meeting the original 30-day time limit would have resulted in unreasonable interference with the CBSA operations. The remaining 0.3% of the time was for consulting with third parties or other government institutions, or for additional time for translation purposes or for the purposes of converting the personal information into an alternative format.
IV. Consultations received from other institutions and organizations
In 2020 to 2021, the CBSA completed 50 consultation requests from other government institutions and organizations. This represents a decrease of 37.5% in comparison to the previous fiscal year. To respond to these requests, 830 pages were reviewed, a decrease of more than 97.6% from the previous fiscal year.
V. Completion time of consultations on Cabinet confidences
Although Cabinet confidences are excluded from the application of the Privacy Act (section 70), the policies of TBS require agencies and departments to consult their legal services to determine if requested information should be excluded. If there is any doubt or if the records contain discussion papers, legal counsel must consult the Office of the Counsel to the Clerk of the Privy Council Office (PCO).
In 2020 to 2021, the CBSA did not consult CBSA Legal services regarding Cabinet confidence exclusions, due to the fact that requesters are excluding Cabinet confidences from their requests.
VI. Complaints and investigations
Subsection 29(1) of the Privacy Act describes how the Office of the Privacy Commissioner of Canada (OPC) receives and investigates complaints from individuals regarding their personal information held by a government institution. Examples of complaints the OPC may choose to investigate include a refusal of access to personal information; an allegation that personal information about an individual that is held by a government institution has been misused or wrongfully disclosed; or failure to provide access to personal information in the official language requested by the individual.
For 2020 to 2021, 53 Privacy Act complaints were filed against the CBSA, which represents a decrease of 10.1% compared to fiscal year 2019 to 2020. For context, the number of complaints filed relate to only 0.4% of the 12,126 privacy requests completed during this period. The complaints received during the fiscal year were related to the following issues: time delay (23); application of exemptions (17); missing / incomplete records (8); use and disclosure (2); and collection (3).
Of the 56 complaints that were closed in fiscal year 2020 to 2021, 13 were deemed well-founded, and 24 were deemed not well-founded. Additionally, 9 complaints were resolved; 4 were discontinued; and 6 were settled. Where complaints are substantiated, the matter is reviewed by the delegated Assistant Directors and processes are adjusted if required.
VII. Privacy breaches
During the 2020 to 2021 fiscal year, the CBSA notified the OPC and TBS of 3 material privacy breaches.
The first involved a breach of information in which a Port of Entry Immigration Examination Checklist from an Immigration file, was photographed by an employee using their personal cell phone and inadvertently posted to their social media platform for a short period of time. An internal review of the handling and storage of protected files, as well as corrective follow up action with the employee, has been undertaken to ensure that they are aware of all security requirements pertaining to the handling of protected information and documents.
The second occurred when a CBSA employee's personal vehicle was broken into by an unknown individual who stole a backpack containing CBSA assets and documents containing personal information. The documents that contained personal information were 2 CBSA target sheets, as well as a notebook that had written personal information of several individuals. A report has been filed with the local police and the unit involved has reviewed the policies regarding surveillance and storage of CBSA materials.
The third occurred in which CCTV video footage of an unrelated Third Party individual was accidentally disclosed as part of a disclosure package to an accused in the context of a criminal prosecution for Customs Act hindering. The Crown Prosecutor instructed the accused to immediately return the USB to the Crown. The accused has asserted to the Crown that they had no intention of disseminating the Third Party information. Public Prosecution Service Canada has been asked to consider whether further preventive measures are appropriate in the context of the ongoing criminal prosecution in order to mitigate any risk of further breach. The CBSA unit involved has implemented a more stringent verification process for DVDs of CCTV footage that are created for the purposes of release to internal, or external partners will be instituted. Additionally, the CBSA will conduct a review of the use of cameras in detention centres, and holding cells, as well as review CCTV policy.
When a Privacy Breach occurs, the CBSA's ISATICP Office follows the agency's Privacy Breach Protocol which adheres to the TBS guidelines for the Management of Privacy breaches. The office monitors all privacy breaches closely and has established notifications and remedial measures to address each situation. Additionally, the office provides advice and guidance to employees on containment and mitigation strategies to improve the protection of personal information of Canadians with professionalism and integrity.
VIII. COVID-19: Impact on the CBSA ISATICP Office
Since the beginning of the pandemic, the CBSA has played a critical role in managing the border in a safe and efficient manner, contributing to Canadians' health and security. During fiscal year 2020 to 2021, many CBSA employees were reassigned, and called upon to work around the clock to provide critical and essential services to Canadians and travelers. Despite the implementation of these new measures, the CBSA was able to maintain the ability to process requests received under the Privacy Act in a timely manner, responding to requests within their statutory timelines in more than 9 out of 10 cases.
This success is also due to the implementation of interim measures for processing Privacy Act requests. Since paper records were not accessible, the CBSA ISATICP Office contacted each requester, for new and outstanding requests, to offer that they limit their request to non-secret and electronic records, thereby making them retrievable remotely. This new measure was very well received by requesters, and has allowed the CBSA ISATICP Office to process 100% of the electronic, non-secret documents.
Being an agency that requires information to be stored nationally as well as internationally, the use of electronic filing systems has been crucial, especially last fiscal year. The office remote access capability and the transition to an entirely paperless environment that had enabled us to create a telework schedule prior to the beginning of the Covid-19 pandemic, allowed the transition to work from home full-time to occur seamlessly.
During this period, the CBSA ISATICP Office collaborated closely with TBS and coordinators in the access to information and privacy community. The CBSA ISATICP Office has completed, every 2 weeks, the TBS request capacity questionnaire on the status of ATIP offices during COVID-19, which is being published on the Open Government website.
During the Covid-19 pandemic, the CBSA implemented the Temporary Exceptional Procedures for Cabinet Confidences to allow access to some of the Cabinet Confidence Documents, classified up to “Secret”, on the corporate network. This exception applies only to the following Cabinet documents defined in the PCO Policy on the Security of Cabinet Confidences (Memoranda to Cabinet, decks, Treasury Board submissions, drafts and briefing materials, as well as policy development and analysis that could lead to Ministerial and/or cabinet consideration).
Finally, the CBSA ISATICP Office also played a critical role in ensuring that all privacy implications were considered when programs, such as the ArriveCAN mobile app, were implemented.
IX. Conclusion
The achievements portrayed in this report reflect the CBSA's commitment to ensuring that every reasonable effort is made to meet its obligations under the Privacy Act. The CBSA strives to provide Canadians with their personal information to which they have a right in a timely and helpful manner while protecting the privacy rights of all Canadians.
Annex A: Delegation order
Ministerial Order
Access to Information Act and Privacy Act
Pursuant to section 73 of the Access to Information ActFootnote 1 and section 73 of the Privacy ActFootnote 2, I hereby designate the persons holding the positions set out in the schedule hereto, or a person authorized to exercise the powers or perform the duties and functions of that position, to exercise or perform the powers, duties and functions of the Minister of Public Safety and Emergency Preparedness as the head of the Canada Border Services Agency under the provisions of the Act and related regulations set out in the schedule opposite each position.
This Order replaces previous designation orders and comes into force on the date on which it is signed.
Dated at Ottawa, Province of Ontario, this .
The Honourable Bill Blair, P.C., C.O.M., M.P.
Minister of Public Safety and Emergency Preparedness
| Positions | Access to Information Act and Regulations |
Privacy Act and Regulations |
|---|---|---|
| President | Full authority | Full authority |
| Executive Vice-President | Full authority | Full authority |
| Vice-President Strategic Policy Branch |
Full authority | Full authority |
| Director General Chief Data Office |
Full authority | Full authority |
| Executive Director Information Sharing, Access to Information and Chief Privacy (ISATICP)Office |
Full authority | Full authority |
| Assistant Director Information Sharing, ISATICP |
Full authority | Full authority (except 8(2)(m)) |
| Team Leader Information Sharing, ISATICP |
Full authority | Full authority (except 8(2)(m)) |
Annex B: Statistical Report
Statistical Report on the Privacy Act on the Privacy Act
Name of institution: Canada Border Services Agency
Reporting period: to
Section 1: Requests under the Privacy Act
| Received during reporting period | 11,997 |
| Outstanding from previous reporting period | 1,365 |
| Total | 13,362 |
| Closed during reporting period | 12,126 |
| Carried over to the next reporting period | 1,236 |
Section 2: Requests closed during the reporting period
| Disposition of requests | 1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | Total |
|---|---|---|---|---|---|---|---|---|
| All disclosed | 5,378 | 3,002 | 232 | 44 | 3 | 3 | 1 | 8,663 |
| Disclosed in part | 489 | 664 | 433 | 191 | 38 | 51 | 25 | 1,891 |
| All exempted | 0 | 1 | 2 | 1 | 0 | 0 | 0 | 4 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 114 | 96 | 25 | 10 | 1 | 0 | 0 | 246 |
| Request abandoned | 971 | 229 | 114 | 2 | 1 | 3 | 1 | 1,321 |
| Neither confirmed nor denied | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| Total | 6,953 | 3,992 | 806 | 248 | 43 | 57 | 27 | 12,126 |
| Section | Number of requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 731 |
| 19(1)(b) | 10 |
| 19(1)(c) | 5 |
| 19(1)(d) | 19 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 522 |
| 22(1)(a)(i) | 4 |
| 22(1)(a)(ii) | 2 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 1,098 |
| 22(1)(c) | 19 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 22.4 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 268 |
| 26 | 1,616 |
| 27 | 18 |
| 27.1 | 0 |
| 28 | 0 |
| Section | Number of requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
| Paper | Electronic | Other |
|---|---|---|
| 554 | 10,000 | 0 |
2.5 Complexity
| Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|
| 391,203 | 295,859 | 11,880 |
| Disposition | Less than 100 pages processed |
101 to 500 pages processed |
501 to 1000 pages processed |
1001 to 5000 pages processed |
More than 5000 pages processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 8,644 | 36,570 | 19 | 3,963 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1,135 | 21,125 | 664 | 158,663 | 74 | 48,001 | 18 | 26,149 | 0 | 0 |
| All exempted | 4 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 1,317 | 408 | 4 | 980 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 11,101 | 58,103 | 687 | 163,606 | 74 | 48,001 | 18 | 26,149 | 0 | 0 |
| Disposition | Consultation required |
Legal advice sought |
Interwoven information |
Other | Total |
|---|---|---|---|---|---|
| All disclosed | 1 | 0 | 0 | 0 | 1 |
| Disclosed in part | 3 | 0 | 1,616 | 0 | 1,619 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 4 | 0 | 1,616 | 0 | 1,620 |
2.6 Closed requests
| Number of requests closed within legislated timelines | 11,711 |
| Percentage of requests closed within legislated timelines | 96.6% |
2.7 Deemed refusals
| Number of requests closed past the legislated timelines | Principal reason |
|||
|---|---|---|---|---|
| Interference with operations and workload | External consultation | Internal consultation | Other | |
| 415 | 69 | 2 | 5 | 339 |
| Number of days past legislated timelines | Number of requests past legislated timeline where no extension was taken | Number of requests past legislated timeline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 |
| 31 to 60 | 122 | 0 | 122 |
| 61 to 120 | 58 | 108 | 166 |
| 121 to 180 | 8 | 35 | 43 |
| 181 to 365 | 14 | 43 | 57 |
| More than 365 | 3 | 24 | 27 |
| Total | 205 | 210 | 415 |
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 3: Disclosures under subsection 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Paragraph 8(5) | Total |
|---|---|---|---|
| 344 | 0 | 0 | 344 |
Section 4: Requests for correction of personal information and notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 5 |
| Requests for correction accepted | 1 |
| Total | 6 |
Section 5: Extensions
15(a)(i) |
15 (a)(ii) |
15(b) |
||||||
|---|---|---|---|---|---|---|---|---|
| Number of requests where an extension was taken | Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence section (Section 70) |
External | Internal | |
| 344 | 1 | 32 | 298 | 12 | 0 | 1 | 0 | 0 |
15(a)(i) |
15 (a)(ii) |
15(b) |
||||||
|---|---|---|---|---|---|---|---|---|
| Length of extensions | Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence section (Section 70) |
External | Internal | |
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 1 | 32 | 298 | 12 | 0 | 1 | 0 | 0 |
| 31 days or greater | N/A | N/A | N/A | N/A | N/A | N/A | N/A | 0 |
| Total | 1 | 32 | 298 | 12 | 0 | 1 | 0 | 0 |
Section 6: Consultations received from other institutions and organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during the reporting period | 58 | 861 | 1 | 39 |
| Outstanding from the previous reporting period | 0 | 0 | 1 | 39 |
| Total | 58 | 861 | 2 | 78 |
| Closed during the reporting period | 49 | 791 | 1 | 39 |
| Carried over to the next reporting period | 9 | 70 | 1 | 39 |
| Recommendation | 1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | Total |
|---|---|---|---|---|---|---|---|---|
| All disclosed | 11 | 5 | 2 | 0 | 1 | 0 | 0 | 19 |
| Disclosed in part | 6 | 11 | 4 | 2 | 0 | 0 | 0 | 23 |
| All exempted | 0 | 3 | 0 | 0 | 0 | 0 | 0 | 3 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 1 | 0 | 1 | 2 | 0 | 0 | 0 | 4 |
| Total | 18 | 19 | 7 | 4 | 1 | 0 | 0 | 49 |
| Recommendation | 1 to 15 | 16 to 30 | 31 to 60 | 61 to 120 | 121 to 180 | 181 to 365 | More than 365 | Total |
|---|---|---|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
Section 7: Completion time of consultations on Cabinet confidences
| Number of days | Fewer than 100 pages processed | 101 to 500 pages processed | 501 to 1,000 pages processed | 1,001 to 5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of days | Fewer than 100 pages processed | 101 to 500 pages processed | 501 to 1,000 pages processed | 1,001 to 5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and investigations notices received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 53 | 0 | 56 | 1 | 110 |
Section 9: Privacy impact assessments and personal information banks
| Number of privacy impact assessments completed | 3 |
|---|
| Active | Created | Terminated | Modified |
|---|---|---|---|
| 53 | 0 | 0 | 3 |
Section 10: Material privacy breaches
| Number of material privacy breaches reported to the Treasury Board of Canada Secretariat | 3 |
|---|---|
| Number of material privacy breaches reported to the Office of the Privacy Commissioner of Canada | 3 |
Section 11: Resources related to the Privacy Act
| Expenditures | Amount | |
|---|---|---|
| Salaries | $4,209,807 | |
| Overtime | $90,059 | |
| Goods and services: | $225,501 | |
Professional services contracts |
$0 | |
Other |
$225,501 | |
| Total | $4,525,367 | |
| Resources | Person years dedicated to privacy activities |
|---|---|
| Full-time employees | 52.86 |
| Part-time and casual employees | 1.88 |
| Regional staff | 0.00 |
| Consultants and agency personnel | 0.00 |
| Students | 0.00 |
| Total | 54.74 |
Annex C: Supplemental statistical report on the Access to Information Act and Privacy Act
Section 1: Capacity to receive requests
| Weeks | |
|---|---|
| Able to receive requests by mail | 52 |
| Able to receive requests by email | 52 |
| Able to receive requests through the digital request service | 52 |
Section 2: Capacity to process records
| No capacity | Partial capacity | Full capacity | Total | |
|---|---|---|---|---|
| Unclassified paper records | 52 | 0 | 0 | 52 |
| Protected B paper records | 52 | 0 | 0 | 52 |
| Secret and Top Secret paper records | 52 | 0 | 0 | 52 |
| No capacity | Partial capacity | Full capacity | Total | |
|---|---|---|---|---|
| Unclassified electronic records | 0 | 0 | 52 | 52 |
| Protected B electronic records | 0 | 0 | 52 | 52 |
| Secret and Top Secret electronic records | 52 | 0 | 0 | 52 |
- Date modified: