Annual Report to Parliament on the Privacy Act: 2024 to 2025
Chapter One: Privacy Act Report
Introduction
The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act (PA), its annual report on the management of this Act. The report describes the activities that support compliance with the PA for the period of to .
The purpose of the PA is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information. Footnote 1
As stated in subsections 72(1) and 72(2) of the PA, “Every year the head of every government institution shall prepare a report on the administration of this Act within the institution during the period beginning on April 1 of the preceding year and ending on March 31 of the current year (…) Every report prepared under subsection (1) shall be laid before each House of Parliament on any of the first 15 days on which that House is sitting after September 1 of the year in which the report is prepared.” Footnote 2
Organization
I. About the Canada Border Services Agency
The CBSA has been an integral part of the Public Safety Canada portfolio since December 2003. It is responsible for protecting Canadians and maintaining a peaceful and safe society by providing integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation. Footnote 3
The CBSA carries out its responsibilities with a workforce of approximately 16,500 employees, including over 8,600 frontline CBSA officers who provide services at approximately 1,200 points across Canada and at 36 international locations.
II. Information Sharing, Access to Information and Chief Privacy Office
In accordance with section 73 of the PA, the head of a government institution may, by order, delegate any of their powers, duties or functions under this Act to one or more officers or employees of that institution. This includes specific powers and functions to employees within the CBSA’s Information Sharing, Access to Information, and Chief Privacy Office.
A copy of the Delegation Order is provided in Annex A.
Positioned within two levels of the President and with direct report to the Vice-President of the Communications, Parliamentary and Public Affairs Branch, the Director General of the Information Sharing, Access to Information, and Chief Privacy Office, acts as the departmental Chief Privacy Officer with full delegated authority to administer and coordinate the Access to Information Act (ATIA) and the PA.
The Information Sharing, Access to Information, and Chief Privacy Office’s primary role is to ensure that the CBSA is compliant with the requirements of the PA, ATIA, Customs Act, Security of Canada Information Disclosure Act (SCIDA), and the Avoiding Complicity in Mistreatment by the Foreign Entities Act (ACMFEA). This includes, but is not limited to, providing functional guidance and internal services pertaining to access rights, personal information handling practices, privacy impact assessments, disclosure, and privacy breaches.
The Information Sharing, Access to Information, and Chief Privacy Office builds upon relevant government policies, regulations, and guidelines to bring agency-wide awareness on privacy principles and is the CBSA’s main point of contact for the Office of the Privacy Commissioner and the Office of the Information Commissioner.
Managed by the Director General with the support of two directors, the workforce is divided into two main groups comprised of seven units: one Intake team, three Case Management units, and three Policy units:
- The Intake team receives all incoming requests and consultations, ensures quality control of all outgoing correspondence, and supports the Case Management units in their day-to-day business.
- The Case Management units assign branches and regions with retrieval requests, process requests for information under the PA, and provide daily operational guidance and support to CBSA employees.
- The Access to Information and Privacy (ATIP) Policy and Support Unit develops policies, tools, and procedures to support ATIP requirements within the CBSA and provides training to employees. The unit is also responsible for handling complaints related to ATIP requests.
- The Privacy Compliance and Governance Unit is responsible for conducting privacy impact assessments and compliance reviews, managing privacy breach reporting and response, providing expert advice on privacy requirements, and supporting internal governance and accountability mechanisms to ensure alignment with applicable privacy legislation.
- The Information Sharing and Collaborative Arrangements Policy (ISCAP) Unit provides policy and front line support related to information sharing activities and initiatives. The unit also provides functional guidance on the development and implementation of Written Collaborative Arrangements with Domestic and International partners. ISCAP is also responsible for the development and maintenance of associated policies and guidelines.
During FY 2024-2025, the Information Sharing, Access to Information, and Chief Privacy Office employed 118 full time equivalents and 24 part time, casual, and student employees.
To support the overall departmental compliance with the ATIA and the PA, the Information Sharing, Access to Information, and Chief Privacy Office seeks advice on legal, public affairs, policy, and operational security matters from other organizations and specialists as required, and consults internally with other CBSA branches and program areas.
Having access to corporate databases and information management systems is key to maintaining compliance with the statutory time requirements of the ATIA. The Information Sharing, Access to Information, and Chief Privacy Office’s ability to efficiently obtain records directly from the Global Case Management System, Field Operations Support System, Cognos, Integrated Customs Enforcement System, and the National Case Management System has allowed the CBSA to process a combined total of more than 60,000 requests.
Furthermore, supported by a network of ATIP liaison officers embedded within 19 offices of primary interest across the regions and branches of the CBSA, the Information Sharing, Access to Information, and Chief Privacy Office is optimally positioned to receive, coordinate, and process requests for information under the PA.
Lastly, to share best practices and develop streamlined processes for the retrieval of jointly held records within the 30-day legislated timeframe, the office works closely with the other agencies of the Public Safety portfolio, which include the Canadian Security Intelligence Service, the Correctional Service of Canada, the Parole Board of Canada, and the Royal Canadian Mounted Police.
Activities and Accomplishments
I. Performance
Fiscal year 2024-2025 saw record high volumes of privacy requests made to the CBSA. The volumes are largely attributable to individuals seeking copies of their history of dates for arrivals and exits from Canada and those seeking copies of their Immigration file. In addition, more requests were being submitted via Access to Information and Privacy Online Request Service (AORS) portal as privacy requests rather than access to information requests.
Despite challenges, including the unexpected outage of the case management system in February 2024, which continued into fiscal year 2024-2025, the CBSA was committed to maintaining service delivery. Significant effort was dedicated to recovering affected files and stabilizing operations to ensure continued support to requesters.
As part of the ongoing efforts to modernize and improve service efficiency, the CBSA implemented ATIPXpress, a case management solution made available through a government-wide procurement process. While the system offered some improvements, its configuration did not fully align with the operational needs of the CBSA and did not offer the anticipated efficiency gains originally sought. As a result, the transition to AMANDA, which is the new version of CBSA’s current ATIP case management system, is presently underway, with implementation and deployment targeted for completion by the end of fiscal year 2025–2026.
In pursuing the modernization of its ATIP program, the CBSA continued to develop the use of Robotic Process Automation (RPA) tools as part of its strategy to improve operational efficiency. The CBSA has five (5) active RPA tools which resulted in measurable efficiency gains equivalent to 25 Full-Time Equivalent positions, allowing the CBSA to reallocate resources to more complex tasks and enhance service delivery.
The CBSA also provided case-by-case policy guidance to program areas related to the disclosure of information under section 8 of the PA, section 107 of the Customs Act, and on written collaborative arrangements. In total, the CBSA received 3,814 requests for guidance in fiscal year 2024-2025, representing an increase of 2.17% over the previous year.
Lastly, as per Section 73.1 of the PA, the CBSA has not provided services related to any power, duty or function conferred or imposed on the CBSA under the PA to another government institution that is under the responsibility of the Minister of Public Safety and Emergency Preparedness and has not received such services from any other such government institution.
II. Education and Training
In FY 2024-2025, the Information Sharing, Access to Information, and Chief Privacy Office continued to provide support and guidance to CBSA employees and explore alternative measures to delivery, while adapting to numerous changes. Specifically, the Office delivered 11 Access to Information and Privacy sessions to over 450 employees. These training sessions are designed to ensure that the participants fully understand their responsibilities under the ATIA and the PA, with a focus on requests made pursuant to the Acts and the duty to assist principles.
The Canada School of Public Service’s Access to Information and Privacy Fundamentals (COR502) course also remained on the CBSA list of mandatory training. The course must be successfully completed, within six months of joining the CBSA, by all persons employed by the CBSA on a full-time, part-time, or seasonal basis and who occupy an indeterminate, term, casual, or student position.
Moreover, five (5) in-person and virtual information sharing training sessions on the disclosure of personal information pursuant to section 107 of the Customs Act, section 8 of the PA, and other relevant legislation were delivered to over 100 CBSA employees located in headquarters and regional offices. As a prerequisite, the CBSA also developed an information sharing introductory online course.
To raise employees’ awareness of their obligations under the PA and promote ATIP tools and resources, the CBSA continued to leverage the daily newsletter to communicate important information with employees.
The CBSA, as represented by the Chief Privacy Office, holds a membership to the ATIP Community Development Office (APCDO) and is an active participant in the Treasury Board of Canada Secretariat-led ATIP coordinators, ATIP practitioners, ADM Access to information and openness committee (ATIO), and ATIP Community meetings. These meetings provide opportunities for employees of the Office to liaise with colleagues from other institutions to discuss various issues and challenges that have been identified by the ATIP community.
III. New and Revised Privacy-related Policies and Procedures
To support compliance with the updated Policy on Privacy Protection and Directive on Privacy Practices, which came into effect on , the CBSA has taken concrete steps to meet the new Treasury Board of Canada Secretariat (TBS) requirements. These updates include the replacement of the now rescinded Directive on Privacy Impact Assessments (PIA) with a new Standard on PIAs. Specifically, the updated directive requires that all programs that collect, use or disclosure personal information be covered by a Personal Information Bank by . The CBSA tasked all branches and regions with reviewing their programs and activities to determine whether they have undergone, or will require, a PIA. To facilitate this exercise, the Information Sharing, Access to Information and Chief Privacy Office developed and distributed a questionnaire designed to support program areas in identifying potential privacy compliance gaps.
The CBSA closely monitors the time it takes to process privacy requests. Monthly reports, which show trends and performance, are submitted to the Director General and Chief Privacy Officer as well as the Director and Assistant Directors, within the Case Management division. Quarterly compliance reports, which provide performance statistics for the offices of primary interest, are also shared with Vice Presidents and Regional Director Generals to keep them informed of their Branch or Region’s compliance status.
The CBSA remains committed to upholding its duty to assist and ensuring the public’s right of access is respected. Guided by its core values of service, integrity, and protection, the CBSA will continue to implement strategic and innovative approaches that reinforce transparency, accountability, and trust in government operations.
IV. Reading Room
The CBSA, in accordance with the PA, maintains a reading room for applicants who wish to review material in person. Access to the reading room can be requested by contacting the CBSA's Information Sharing, Access to Information, and Chief Privacy Office by telephone at 343-291-7021 or email at ATIP-AIPRP@cbsa-asfc.gc.ca. The reading room is located at:
Place Vanier Complex, 14th Floor, Tower A
333 North River Road
Ottawa, Ontario K1A 0L8
V. Audits of, and Investigations into the Privacy Practices of the Canada Border Services Agency
In FY 2024-2025, there were no key issues raised as a result of privacy investigations, and no audits related to the CBSA’s privacy practices were conducted.
VI. Privacy Impact Assessments
In fiscal year 2024–2025, the CBSA completed four (4) Privacy Impact Assessments (PIA). They were all sent to the Office of the Privacy Commissioner of Canada and TBS for review and comments.
The completed PIAs are summarized below:
- CBSA Assessment and Revenue Management (CARM) Release 2
- Client Reporting and Engagement System (CRES) / ReportIn
- United States Preclearance in Canada
- Immigration National Security Screening Program
CBSA Assessment and Revenue Management (CARM) Release 2
The Canada Border Services Agency (CBSA) launched the CBSA Assessment and Revenue Management (CARM) solution to enable the CBSA to track duties and taxes payable on the importation of commercial goods, monitor payments and facilitate reimbursements in the event of an overpayment by importers. The solution encompasses connections to multiple existing CBSA applications and databases and integrates with the Revenue Ledger (RL). The CARM solution requires connections with the Canada Revenue Agency (CRA) and with Public Services and Procurement Canada (PSPC).
This project is a multi-year initiative that will transform the collection of duties and taxes for goods imported into Canada.
The CARM solution involves the modification of an existing solution and is intended by CBSA for long-term operation. The final Phase 2 release of CARM, Release 2, expands the functionalities of the CARM Client Portal by adding registration and enrolment capabilities, additional accounting functionality and electronic management of appeals and compliance actions. Release 2 will include the transition of functionality from CBSA legacy systems to the CARM solution.
Client Reporting and Engagement System (CRES) / ReportIn
The Canada Border Services Agency (CBSA) is responsible for monitoring and enforcing conditions imposed on persons in Canada who may be inadmissible, under the Immigration and Refugee Protection Act (IRPA) and the Immigration and Refugee Protection Regulations (IRPR).
The National Immigration Detention Framework (NIDF) was implemented to create a better, fairer immigration detention system that supports the humane and dignified treatment of individuals while protecting public safety. A key pillar to the framework is the Alternatives to Detention (ATD) program.
The ReportIn application allows individuals who have reporting conditions under the IRPA, and have been assessed as being eligible by the CBSA, to fulfil their reporting conditions remotely by confirming their identity and location via their smartphone or mobile device. This voluntary application benefits both the CBSA and individuals by facilitating a secure process to enroll and report without coming in person to a CBSA office (in person processing is still available).
United States Preclearance in Canada
Preclearance is a border management program designed to enhance border security and improve the cross-border flow of legitimate goods and travellers and allow for border infrastructure to be used more efficiently. Associated legislation, regulation and policy provide authority to border officers of an inspecting party (example, the US) to conduct customs, immigration, agriculture and public health and safety examinations inside the territory of a host party (example, Canada). By doing so, preclearance allows border officers of the inspecting party to determine the admissibility of goods and travellers before they enter into the territory of the inspecting party.
This PIA focuses exclusively on US preclearance operations in Canada, which impact the CBSA's collection of information on individuals and goods.
Immigration National Security Screening Program
The Immigration National Security Screening (INSS) Program is responsible for the screening of temporary and permanent residence applicants and refugee claimants who have been referred to the Canada Border Services Agency (CBSA) and the Canadian Security Intelligence Service (CSIS) by an Immigration, Refugee and Citizenship Canada (IRCC) immigration office abroad or in Canada, or from a CBSA Port of Entry (POE). The CBSA and CSIS provide security advice to the decision-maker, IRCC, ensuring that immigration applicants are not inadmissible to Canada for security, crimes against humanity or organized crime. The CBSA is responsible for providing a consolidated response to the decision-maker on the file in order to assist with a determination of admissibility.
The full executive summaries for the Privacy Impact Assessments can be found on CBSA’s website at Privacy Impact Assessments.
Note: Summary of Immigration National Security Screening Program will be posted imminently.
Disclosures Made Pursuant to Paragraph 8(2)(e) of the Privacy Act
In FY 2024-2025, the CBSA made 189 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act.
Disclosures Made Pursuant to Paragraph 8(2)(m) of the Privacy Act
In FY 2024-2025, the CBSA made two public interest disclosure pursuant to paragraph 8(2)(m) of the PA. The first disclosure is the ArriveCAN and Botler AI contracts. The Office of the Privacy Commissioner was notified after of the CBSA’s disclosure. The second disclosure is the audio interview with Diane Daly from the CBSA to the Standing Committee on Public Accounts. The Office of the Privacy Commissioner was notified after the disclosure.
Delegation order
See Annex A for a signed copy of the delegation order.
Chapter Two: Statistical Report
Statistical Report on the Privacy Act
See Annex B for the CBSA’s statistical report on the Privacy Act.
Interpretation of the Statistical Report
I. Requests Processed Under the Privacy Act
In FY 2024-2025, the CBSA received 57,924 new PA requests, a 47.27% increase from the previous reporting year. This increase in numbers compared to previous fiscal year is largely due to more requests being submitted via the AORS portal as privacy requests rather than ATIA requests.
A total of 59,080 requests were completed during the 2024-2025 reporting period, representing a 102% completion rate of the total requests received during the same period.
For the past five years, the CBSA has consistently been among the top government departments and agencies in terms of the number of PA requests received. Despite the substantial number of requests received annually, the CBSA has succeeded in maintaining its position as one of the top performing institutions, as evidenced by the five year trend depicted in the chart below.
Text description
| Fiscal year | Requests received | Completed requests |
|---|---|---|
| 2019 to 2020 | 14,102 | 13,866 |
| 2020 to 2021 | 11,997 | 12,126 |
| 2021 to 2022 | 14,230 | 13,086 |
| 2022 to 2023 | 21,577 | 18,773 |
| 2023 to 2024 | 39,333 | 36,742 |
| 2024 to 2025 | 57,924 | 59,080 |
II. Completion Time
The chart below presents the response times for the 59,080 requests that the CBSA completed during FY 2024-2025.
Text description
| Completion time (days) | Number of requests |
|---|---|
| 121 or more | 2,290 |
| 61 to 120 | 960 |
| 31 to 60 | 5,925 |
| 30 or less | 49,905 |
Out of the 59,080 completed requests during FY 2024-2025, 84.5% were completed in 30 days or less, and 94.5% were completed within 60 days. These figures reflect the CBSA’s continued commitment to service excellence and timely access to information, despite the challenges encountered.
The following chart provides an overview of the disposition of these completed requests. Please consult Annex B for the full details.
Text description
| Fully disclosed | 28.20% |
| Partially disclosed | 41.68% |
| No records exist | 5.24% |
| Incomplete disposition | 24.77% |
| Other | 0.11% |
Of the 59,080 completed requests, 16,661 records, representing 28.20% of requests, were fully disclosed and 24,627, representing 41.68% of requests, were partially disclosed.
As per the TBS Privacy Implementation Notice 2022-02: Identity Verification for Personal Information Requests, the CBSA is required to request and verify Identity (ID) documents of requesters to ensure adequate privacy protection of the personal information under its control prior to disclosure. As a result, the CBSA has implemented an “Incomplete disposition” to track and report on requests that are lacking the required documentation for ID verification. Specifically, 12,932 of the 14,632 incomplete requests received by the CBSA during the year were missing ID documentation, which represents 88.38% of all incomplete requests.
III. Extensions
A total of 4,795 extensions applied during FY 2024-2025, representing an increase compared to previous years. Despite this rise, the 4,795 extensions account to only 8.3% of all requests received during this period. The vast majority of extensions (99.9%) were applied due to high volume of records. The remaining 0.1% were required for consultations with other government institutions, for additional time for translation, or converting the personal information into an alternative format.
IV. Consultations received from other institutions and organizations
In FY 2024-2025, the CBSA completed 45 consultation requests from other government institutions and organizations. The following chart provides an overview of the recommendations and completion time for consultations received from other government institutions and organizations.
Text description
| Disclose entirely | Consult other institution | Exempt entirely | Disclose in part | Other | |
|---|---|---|---|---|---|
| 30 days or under | 4 | 0 | 0 | 24 | 0 |
| 31 days or over | 3 | 0 | 2 | 12 | 0 |
V. Completion time of consultations on Cabinet confidences
Although Cabinet confidences are excluded from the application of the PA (section 70), Treasury Board of Canada Secretariat policies require agencies and departments to consult their legal services to determine if requested information should be excluded. In case of any doubt, or if the records contain discussion papers, legal counsel must consult the Office of the Counsel to the Clerk of the Privy Council Office (PCO).
In 2024-2025, the CBSA did not consult CBSA Legal services regarding Cabinet confidence exclusions, due to the fact that many requesters are excluding Cabinet confidences from their requests.
VI. Complaints and Investigations
Subsection 29(1) of the PA describes how the Office of the Privacy Commissioner receives and investigates complaints from individuals regarding the information held by a government institution. Examples of complaints the Office of the Privacy Commissioner may choose to investigate include refusal to disclose records, missing information, or failure to provide information in the official language requested by the individual.
The CBSA observed a noticeable decrease in the number of privacy complaints for FY 2024-2025 compared to previous years. The number of complaints received by the CBSA constitutes only 0.03% of the total of privacy requests received.
Text description
| Fiscal Year | Number of complaints |
|---|---|
| 2020 to 2021 | 0 |
| 2021 to 2022 | 0 |
| 2022 to 2023 | 0 |
| 2023 to 2024 | 0 |
| 2024 to 2025 | 18 |
In FY 2024-2025, the CBSA received a total of 93 OPC complaints, of which, only 18 remain. 81% of the complaints were addressed.
Following a reorganization to improve complaint management, the CBSA significantly reduced both outstanding complaints from previous reporting periods and complaints received in FY 2024-2025. Regular collaboration with the OPC and the team’s continued efforts contributed to clearer, more efficient representations and a notable decrease in the overall volume of active complaints.
See Annex C for details related to the number of complaints.
VII. Privacy Breaches
There were a total of 31 privacy breaches during the fiscal year 2024-2025. Of the 31 breaches, five (5) were material privacy breaches and 26 were non-material privacy breaches.
In regards to the material breaches, all five (5) were reported to the Treasury Board of Canada Secretariat and the Office of the Privacy Commissioner of Canada.
In each case, the Agency took immediate action to contain the incidents, notified the affected individuals, and strengthened safeguards to prevent recurrence.
The first incident involved the inadvertent transmission of an email to both an internal distribution list and personal employees email accounts, containing information related to over 18,000 employees. The CBSA took swift action to recall the email, contacted all recipients with instructions to delete it, and temporarily restricted access to the system that generated the data to facilitate a review by the Chief Privacy Office.
The second breach occurred when a spreadsheet containing mandatory leave cash-out information for 2,608 employees was shared by email with financial advisors across the Agency. Containment measures included confirmation of deletion from all recipients. The Chief Privacy Office reviewed internal procedures and implemented stricter controls, including requiring justification for the collection and sharing of employee information.
The third incident involved the unauthorized sharing of a spreadsheet listing Category III Health Evaluation statuses of employees. The file was sent to 48 internal contacts, however, it did not contain any specific health information on employees, only pass/fail, and date to be retested. The breach was promptly contained, affected individuals were notified, and restrictions were placed on the production and distribution of such reports.
The fourth and fifth incidents were identified as a result of the CBSA’s review of the above mentioned incidents.
The CBSA takes the protection of personal information seriously. All breaches are addressed in accordance with the Agency’s Privacy Breach Protocol and the Privacy Code of Principles. The CBSA remains committed to ensuring that personal information is handled with care, and that employees uphold the highest standards of privacy and accountability.
VIII. Conclusion
The achievements portrayed in this report reflect the CBSA’s commitment to ensuring that every reasonable effort was made to meet its obligations under the PA. The CBSA strives to provide Canadians with the information to which they have a right to in a timely and helpful manner by balancing the right of access with the need to protect the integrity of the border services that support national security and public safety priorities.
Annex A – Delegation Order
Text description
Ministerial Order
Access to Information Act and Privacy Act
Pursuant to section 95 of the Access to Information Act and section 73 of the Privacy Act, I hereby designate the persons holding the positions set out in the schedule hereto, or a person authorized to exercise the powers or perform the duties and functions of that position, the authority to exercise or perform the powers, duties and functions of the Minister of Public Safety as the head of the Canada Border Services Agency under the provisions of these Acts and related regulations.
This Order replaces previous designation orders and comes into force on the date on which it is signed.
Dated at Ottawa, Province of Ontario, this .
The Honourable Dominic LeBlanc, P.C., M.P.
Minister of Public Safety
| Positions | Access to Information Act and Regulations | Privacy Act and Regulations |
|---|---|---|
| President | Full authority | Full authority |
| Executive Vice-President | Full authority | Full authority |
| Vice-President Strategic Policy Branch |
Full authority | Full authority |
| Director General and Chief Privacy Officer Information Sharing, Access to Information and Privacy Office (ISATICPO) |
Full authority | Full authority |
| Director ISATICPO |
Full authority | Full authority (except 8(2)(m)) |
| Assistant Director ISATICPO |
Full authority | Full authority (except 8(2)(m)) |
| Team Leader ISATICPO |
Full authority | Full authority (except 8(2)(m)) |
| Senior Analyst ISATICPO |
Full authority | Full authority (except 8(2)(m)) |
| Junior Analyst ISATICPO |
Section 19 authority | Section 26 authority |
Annex B – Statistical Report
Statistical report on the Privacy Act
Name of institution: Canada Border Services Agency
Reporting period: April 1, 2024, to March 31, 2025
Section 1: Requests under the Privacy Act
| Received during reporting period | 57924 |
Outstanding from previous reporting period
|
5846 |
| Total | 63770 |
| Closed during reporting period | 59080 |
Carried over to the next reporting period
|
4690 |
| Source | Number of requests |
|---|---|
| Online | 55100 |
| 2154 | |
| 601 | |
| In person | 0 |
| Phone | 0 |
| Fax | 69 |
| Total | 57924 |
Section 2: Informal requests
| Received during reporting period | 0 |
Outstanding from previous reporting period
|
0 |
| Total | 0 |
| Closed during reporting period | 0 |
| Carried over to next reporting period | 0 |
| Source | Number of requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
| Completion time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Less than 100 pages released | 100-500 Pages released | 501-1000 Pages released | 1001-5000 Pages released | More Than 5000 Pages released | |||||
|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released | Number of requests | Pages released |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests closed during the reporting period
| Disposition of requests | Completion time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| All disclosed | 2656 | 12273 | 884 | 116 | 110 | 506 | 116 | 16661 |
| Disclosed in part | 851 | 17840 | 4764 | 666 | 125 | 312 | 69 | 24627 |
| All exempted | 2 | 18 | 2 | 3 | 1 | 1 | 1 | 28 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 726 | 1740 | 149 | 38 | 17 | 65 | 358 | 3093 |
| Request abandoned | 11919 | 1850 | 124 | 134 | 154 | 449 | 2 | 14632 |
| Neither confirmed nor denied | 14 | 16 | 2 | 3 | 1 | 0 | 3 | 39 |
| Total | 16168 | 33737 | 5925 | 960 | 408 | 1333 | 549 | 59080 |
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 18(2) | 0 | 22(1)(a)(i) | 3 | 23(a) | 0 |
| 19(1)(a) | 12096 | 22(1)(a)(ii) | 3 | 23(b) | 0 |
| 19(1)(b) | 17 | 22(1)(a)(iii) | 1 | 24(a) | 0 |
| 19(1)(c) | 9 | 22(1)(b) | 21009 | 24(b) | 0 |
| 19(1)(d) | 14 | 22(1)(c) | 36 | 25 | 149 |
| 19(1)(e) | 0 | 22(2) | 0 | 26 | 14629 |
| 19(1)(f) | 0 | 22.1 | 0 | 27 | 12 |
| 20 | 0 | 22.2 | 0 | 27.1 | 0 |
| 21 | 12107 | 22.3 | 1 | 28 | 0 |
| 22.4 | 0 |
| Section | Number of requests | Section | Number of requests | Section | Number of requests |
|---|---|---|---|---|---|
| 69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
| 69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
| 69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
| 70(1)(c) | 0 | 70.1 | 0 |
| Paper | Electronic | Other | |||
|---|---|---|---|---|---|
| E-record | Data set | Video | Audio | ||
| 524 | 40765 | 0 | 3 | 4 | 0 |
3.5 Complexity
| Number of pages processed | Number of pages disclosed | Number of requests |
|---|---|---|
| 1208760 | 1001286 | 55987 |
| Disposition | Less than 100 pages processed | 100-500 pages processed | 501 to 1,000 pages processed | 1001-5000 pages processed | More than 5000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | Number of requests | Pages processed | |
| All disclosed | 16650 | 77739 | 9 | 3092 | 1 | 669 | 0 | 0 | 1 | 5544 |
| Disclosed in part | 23035 | 620436 | 1476 | 361900 | 98 | 90249 | 18 | 38008 | 0 | 0 |
| All exempted | 27 | 1841 | 1 | 597 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 14626 | 6876 | 5 | 1175 | 1 | 634 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 39 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 54377 | 706892 | 1491 | 366764 | 100 | 91552 | 18 | 38008 | 1 | 5544 |
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 2692 | 2356 | 4 |
| Disposition | Less than 60 minutes processed | 60-120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 1 | 34 | 2 | 197 | 1 | 2461 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 1 | 34 | 2 | 197 | 1 | 2461 |
| Number of minutes processed | Number of minutes disclosed | Number of requests |
|---|---|---|
| 419 | 185 | 3 |
| Disposition | Less than 60 minutes processed | 60-120 minutes processed | More than 120 minutes processed | |||
|---|---|---|---|---|---|---|
| Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 2 | 41 | 0 | 0 | 1 | 378 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 41 | 0 | 0 | 1 | 378 |
| Disposition | Consultation required | Legal advice sought | Interwoven information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 14 | 0 | 39256 | 0 | 39270 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 14 | 0 | 39256 | 0 | 39270 |
3.6 Closed requests
| Number of requests closed within legislated timelines | Percentage of requests closed within legislated timelines (%) |
|---|---|
| 54958 | 93.02301963 |
3.7 Deemed refusals
| Number of requests closed past the legislated timelines | Principal reason | |||
|---|---|---|---|---|
| Interference with operations / workload | External consultation | Internal consultation | Other | |
| 4122 | 1021 | 13 | 1 | 3087 |
| Number of days past legislated timelines | Number of requests past legislated timeline where no extension was taken | Number of requests past legislated timeline where an extension was taken | Total |
|---|---|---|---|
| 1 to 15 days | 683 | 130 | 813 |
| 16 to 30 days | 215 | 73 | 288 |
| 31 to 60 days | 153 | 94 | 247 |
| 61 to 120 days | 286 | 70 | 356 |
| 121 to 180 days | 761 | 33 | 794 |
| 181 to 365 days | 972 | 26 | 998 |
| More than 365 days | 623 | 3 | 626 |
| Total | 3693 | 429 | 4122 |
| Translation requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosures under subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 189 | 2 | 0 | 191 |
Section 5: Requests for correction of personal information and notations
| Disposition for correction requests received | Number |
|---|---|
| Notations attached | 35 |
| Requests for correction accepted | 19 |
| Total | 54 |
Section 6: Extensions
| Number of extensions taken | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence section (Section 70) | External | Internal | ||
| 4795 | 0 | 118 | 4677 | 0 | 0 | 0 | 0 | 0 |
| Length of extensions | 15(a)(i) Interference with operations | 15(a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 118 | 4677 | 0 | 0 | 0 | 0 | 0 |
| 31 days or greater | ||||||||
| Total | 0 | 118 | 4677 | 0 | 0 | 0 | 0 | 0 |
Section 7: Consultations received from other institutions and organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during reporting period | 45 | 3161 | 1 | 32 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 45 | 3161 | 1 | 32 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Carried over to next reporting period | 0 | 0 | 0 | 0 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 3 | 1 | 1 | 2 | 0 | 0 | 0 | 7 |
| Disclose in part | 13 | 11 | 6 | 4 | 1 | 0 | 1 | 36 |
| Exempt entirely | 0 | 0 | 2 | 0 | 0 | 0 | 0 | 2 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 16 | 12 | 9 | 6 | 1 | 0 | 1 | 45 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days | 16 to 30 days | 31 to 60 days | 61 to 120 days | 121 to 180 days | 181 to 365 days | More than 365 days | Total | |
| Disclose entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclose in part | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
Section 8: Completion time of consultations on cabinet confidences
| Number of days | Fewer than 100 pages processed | 100 to 500 pages processed | 501 to 1,000 pages processed | 1001 to 5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of days | Fewer than 100 pages processed | 100 to 500 pages processed | 501 to 1,000 pages processed | 1001 to 5,000 pages processed | More than 5,000 pages processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and investigations notices received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 3 | 3 | 0 | 0 | 6 |
Section 10: Privacy impact assessments (PIA) and personal information banks (PIB)
| Number of PIAs completed | 4 |
|---|---|
| Number of PIAs modified | 0 |
| Personal information banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution-specific | 56 | 0 | 0 | 2 |
| Central | 0 | 0 | 0 | 0 |
| Total | 56 | 0 | 0 | 2 |
Section 11: Privacy breaches
| Number of material privacy breaches reported to TBS | 5 |
| Number of material privacy breaches reported to OPC | 5 |
| Number of non-material privacy breaches 21 |
Section 12: Resources related to the Privacy Act
| Expenditures | Amount |
|---|---|
| Salaries | $6,294,493 |
| Overtime | $90,548 |
Goods and services:
|
$223,052 |
| Total | $6,608,093 |
| Resources | Person years dedicated to privacy activities |
|---|---|
| Full-time employees | 59.880 |
| Part-time and casual employees | 15.930 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 0.000 |
| Students | 0.000 |
| Total | 75.810 |
Annex C: Supplemental statistical report on the Privacy Act
Statistical report on the Access to Information Act and the Privacy Act
Name of institution: Canada Border Services Agency
Reporting period: , to
Section 1: Requests carried over and active complaints under the Access to Information Act
| Reporting period requests carried over were received | Requests carried over that are within legislated timelines as of | Requests carried over that are beyond legislated timelines as of | Total |
|---|---|---|---|
| Received in 2024 to 2025 | 174 | 23 | 197 |
| Received in 2023 to 2024 | 0 | 49 | 49 |
| Received in 2022 to 2023 | 0 | 6 | 6 |
| Received in 2021 to 2022 | 0 | 0 | 0 |
| Received in 2020 to 2021 | 0 | 1 | 1 |
| Received in 2019 to 2020 | 0 | 0 | 0 |
| Received in 2018 to 2019 | 0 | 0 | 0 |
| Received in 2017 to 2018 | 0 | 0 | 0 |
| Received in 2016 to 2017 | 0 | 0 | 0 |
| Received in 2015 to 2016 or earlier | 0 | 0 | 0 |
| Total | 174 | 79 | 253 |
| Fiscal year | Number of open complaints |
|---|---|
| Received in 2024 to 2025 | 93 |
| Received in 2023 to 2024 | 21 |
| Received in 2022 to 2023 | 8 |
| Received in 2021 to 2022 | 5 |
| Received in 2020 to 2021 | 4 |
| Received in 2019 to 2020 | 1 |
| Received in 2018 to 2019 | 0 |
| Received in 2017 to 2018 | 0 |
| Received in 2016 to 2017 | 0 |
| Received in 2015 to 2016 or earlier | 0 |
| Total | 132 |
Section 2: Requests carried over and active complaints under the Privacy Act
| Reporting period request carried over were received | Requests carried over that are within legislated timelines as of | Requests carried over that are beyond legislated timelines as of | Total |
|---|---|---|---|
| Received in 2024 to 2025 | 2842 | 901 | 3743 |
| Received in 2023 to 2024 | 0 | 701 | 701 |
| Received in 2022 to 2023 | 0 | 244 | 244 |
| Received in 2021 to 2022 | 0 | 1 | 1 |
| Received in 2020 to 2021 | 0 | 0 | 0 |
| Received in 2019 to 2020 | 0 | 1 | 1 |
| Received in 2018 to 2019 | 0 | 0 | 0 |
| Received in 2017 to 2018 | 0 | 0 | 0 |
| Received in 2016 to 2017 | 0 | 0 | 0 |
| Received in 2015 to 2016 or earlier | 0 | 0 | 0 |
| Total | 2842 | 1848 | 4690 |
2.2 Active complaints with the Privacy Commissioner of Canada, broken down by reporting period received
| Fiscal year | Number of open complaints |
|---|---|
| Received in 2024 to 2025 | 18 |
| Received in 2023 to 2024 | 0 |
| Received in 2022 to 2023 | 0 |
| Received in 2021 to 2022 | 0 |
| Received in 2020 to 2021 | 0 |
| Received in 2019 to 2020 | 0 |
| Received in 2018 to 2019 | 0 |
| Received in 2017 to 2018 | 0 |
| Received in 2016 to 2017 | 0 |
| Received in 2015 to 2016 or earlier | 0 |
| Total | 18 |
Section 3: Social Insurance Number
| Has your institution begun a new collection or a new consistent use of the SIN in 2024 to 2025? | No |
Section 4: Universal Access under the Privacy Act
| How many requests were received from confirmed foreign nationals outside of Canada in 2024 to 2025? | 10784 |
Page details
- Date modified: