2016 to 2017 Annual report on the Privacy Act

Information contained in this publication or product may be used and reproduced, in part or in whole, and by any means, for personal or public non-commercial purposes, without charge or further permission, unless otherwise specified, provided that you do the following:

Commercial reproduction and distribution is prohibited, except with written permission from Public Services and Procurement of Canada (PSPC). For more information, please contact PSPC at questions@tpsgc-pwgsc.gc.ca.

The official symbols of the Government of Canada, including the Canada Wordmark and the flag symbol may not be reproduced, whether for commercial or non-commercial purposes.

© Her Majesty the Queen in Right of Canada, represented by the Minister of Public Services and Procurement, 2016

Aussi disponible en français

ISSN 2369-4149
Cat. No.: P1-31E-PDF

On this page

Preface

The Privacy Act (Revised Statutes of Canada, 1985, Chapter P-21) was proclaimed on July 1, 1983. The act was amended as a result of the royal assent of the Federal Accountability Act on December 12, 2006. Certain provisions came into force on December 12, 2006, and others took effect on April 1, 2007, and September 1, 2007.

The Privacy Act gives Canadian citizens, permanent residents and individuals present in Canada a right of access to information about themselves held by the government, subject to specific and limited exceptions. The act also provides individuals the right to a reasonable expectation of privacy, including a basic right to exercise control over the collection, use and disclosure of their personal information.

Section 72 of the Privacy Act requires that the head of every federal government institution prepare for submission to Parliament an annual report on the administration of the act within their institution during each fiscal year.

This annual report provides a summary of the management and administration of the Privacy Act within Public Services and Procurement Canada for the fiscal year 2016 to 2017.

Part I: Introduction

1. Background

The department, founded in 1841 and originally known as The Board of Works, was instrumental in the building of our nation's canals, roads and bridges, the Houses of Parliament, post offices and federal buildings across the country.

In 1993, the department became Public Works and Government Services Canada (PWGSC) through the amalgamation of the former Supply and Services Canada, Public Works Canada, Government Telecommunications Agency (Communications Canada), and the Translation Bureau (Secretary of State of Canada). In November 2015, the department's name changed to Public Services and Procurement Canada (PSPC).

The Department of Public Works and Government Services Act, passed in 1996, established the current department and set out the legal authorities for PSPC services. The act established PSPC as a common service organization that provides government departments, boards and agencies with support services for their programs.

PSPC employs approximately 12,500 permanent employees working in locations across Canada and headquartered in the National Capital Area.

The Office of the Procurement Ombudsman, an independent office, and part of the portfolio of the Minister of Public Services and Procurement, was established on May 5, 2008, as one of the final steps in the implementation of the Federal Accountability Act.

Our services are provided across Canada through 5 regional operations. We also operate international offices in Koblenz and Washington.

For more information about our department refer to our organizational chart and the organization of Public Services and Procurement Canada.

2. Raison d'être and responsibilities

PSPC plays an important role in the daily operations of the Government of Canada. It supports federal departments and agencies in the achievement of their mandated objectives as their central purchasing agent, real property manager, linguistic authority, treasurer, accountant, pay and pension administrator, and common service provider. The department's vision is to excel in government operations, and our strategic outcome and mission is to deliver high-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions. The goal is to manage business in a way that demonstrate integrity, accountability, efficiency, transparency, and adds value for client departments and agencies, and Canadians.

PSPC is a leader in transforming its back-office. By enabling government-wide critical programs and services as well as delivering major transformation initiatives, the department is helping the Government of Canada do business in line with the modern standards defining a renewed organization such as efficiency, effectiveness, connectivity and better value for clients and Canadians.

The Office of the Procurement Ombudsman, which reports to the minister and operates independently, reviews complaints from suppliers. It also reviews procurement practices in departments and agencies, and makes recommendations for the improvement of those practices to ensure fairness, openness and transparency in the procurement process.

3. Strategic outcome and program alignment architecture

PSPC's program alignment architecture (PAA), as approved by the Treasury Board, supports the strategic outcome to deliver high-quality, central programs and services that ensure sound stewardship on behalf of Canadians and meet the program needs of federal institutions. The following lists the programs that comprise PSPC's PAA.

  • Acquisitions
  • Accommodation management and real property services
  • Receiver General for Canada
  • Integrity programs and services
  • Federal pay and pension administration
  • Linguistic management and services
  • Specialized programs and services
  • Procurement OmbudsmanFootnote 1
  • Internal services

Part II: The Public Services and Procurement Canada Access to Information and Privacy Program

1. Access to Information and Privacy Program Directorate structure and responsibilities

The Access to Information and the Privacy (ATIP) Directorate administers the Access to Information Act and the Privacy Act for PSPC, including one special operating agency, the Translation Bureau, as well as the Office of the Procurement Ombudsman.

In 2016 to 2017, the ATIP Directorate operated with up to 25 ATIP officers and 3 students who worked under the supervision of 4 team leaders to manage the requests received within the department. The directorate also employed 1 policy advisor and 5 senior ATIP policy advisors. The directorate was supported by a team of 5 clerical staff.

The director, ATIP, reports to the Director General, Ministerial Services and Access to Information (DG-MSAI), who, in turn, reports to the Assistant Deputy Minister, Policy, Planning and Communications Branch (ADM-PPCB). Reporting to the director, ATIP, the teams are overseen by 3 managers of ATIP operations, and a manager of privacy and policy. The operational units are responsible for processing access to information requests, consultations, complaints, and court cases; the Privacy and Policy Unit is responsible for the Privacy Program as well as ATIP policy, advice, training, monitoring and reporting. The administrative functions are supported by an office manager and a team of support staff.

The directorate is responsible for establishing and directing all activities within PSPC relating to the management of the departmental ATIP Program, in accordance with the departmental delegation instruments and the provisions of the act, regulations, directives, policies and guidelines.

At PSPC, the administration of the act is also supported at the branch and regional office levels. Each organizational branch has an ATIP liaison officer who coordinates the collection of information and provides guidance to branch managers on the application of the acts, as well as related departmental directives and procedures.

2. Delegation instrument

Under section 3 of the Privacy Act, the minister of the department is designated as the head of the government institution for purposes of the administration of the act. Pursuant to section 73, the minister may delegate any powers, duties or functions under the act by signing an order authorizing one or more officers or employees of the institution, who are at the appropriate level, to exercise or perform the powers, duties or functions of the head, specified in the order.

Within PSPC, this delegation instrument is based on a centralized process with the director and managers of the Access to Information and Privacy Directorate having full delegated authority under the act, with the exception of paragraph 8(2)(m). Certain administrative functions are also delegated to the ATIP team leaders to accelerate request processing. Full authority under the act is also delegated to the ADM-PPCB and the DG-MSAI who are responsible for the program.

An excerpt of the delegation of authorities approved at the ministerial level is attached in Annex A: Delegation of authorities (Excerpt).

3. Privacy management framework

3.1 Governance

PSPC's DG-MSAI is the departmental chief privacy officer (CPO) and chairs the Privacy Oversight Committee, represented at the DG-level by branches with major personal information holdings.

The ATIP Directorate consolidated its privacy and policy functions within one unit now called Privacy and Policy. This additional focus on privacy ensures that it is managed proactively as a priority, and allows for allocation of dedicated resources to manage departmental privacy risks.

3.2 Review of Public Services and Procurement Canada Privacy Management Framework

An internal audit of the PSPC Departmental Privacy Framework was conducted in 2014 and the results indicated that although elements of a comprehensive management framework were in place, opportunities for improvement were identified to help ensure compliance with Treasury Board and departmental policies, and associated directives/requirements under the Privacy Act.

The following activities were undertaken in 2016 to 2017 to address the identified gaps:

  • develop a privacy impact assessment (PIA) environmental scan and update the list of ongoing and anticipated PIAs
  • publish the privacy breach protocol on the departmental intranet site
  • finalize the departmental protocol for non-administrative uses of personal information
  • prepare a communications plan to make PSPC employees aware of the new privacy policy instruments

4. Policies and procedures

4.1 Departmental policies on access to information and privacy

For the reference of all employees, departmental policies are posted on PSPC's intranet website.

The Policy on the Access to Information and Privacy Program outlines the delegation of authority, establishes relevant definitions, and sets out the roles and responsibilities of all stakeholders within PSPC.

The Policy on Protection of Personal and Private Information in the Workplace sets out definitions as well as the roles and responsibilities of employees with respect to the protection of personal information in the workplace.

The privacy breach protocol was approved by the chief privacy officer in June 2015 and updated in March 2016. The document outlines the steps to be followed by a PSPC employee, agent, student or contractor who discovers any actual or suspected breach of privacy. The guidance provided in the protocol ensures that when a privacy breach occurs, it is quickly controlled and similar breaches are prevented from occurring in the future.

The protocol for non-administrative use of personal information was implemented in December 2016. The document outlines the privacy protection principles and procedures to be followed by programs and activities to ensure that low-risk, non-administrative use of personal information is handled in a manner that is consistent with the Privacy Act and the Treasury Board Secretariat (TBS) policies and directives.

4.2 Access to Information and Privacy liaison officer handbook

The ATIP liaison officer handbook complements the department policy on ATIP. It is produced by the ATIP Directorate as a guide to introduce departmental ATIP liaison officers across the department to the Access to Information Act and the Privacy Act and regulations, to outline the roles and responsibilities of each PSPC ATIP stakeholder, and to provide national processing standards and guidelines for the centralized handling of requests.

4.3 Access to Information and Privacy Directorate desk procedures

The ATIP Directorate has an ATIP officer desk procedures manual in place to standardize the work procedures used by staff, to facilitate the training of new ATIP employees and to complement the functionality of the electronic ATIP tracking system.

5. Training

5.1 Departmental employees

An overview of privacy is incorporated into the general ATIP information sessions. During the fiscal year, the ATIP Directorate delivered 29 training and awareness sessions to 355 managers and employees at various levels from branches across the department.

A new awareness session was developed in 2016 to 2017 on the management and prevention of privacy breaches.

The ATIP Directorate also undertook consultations with senior management teams of targeted branches responsible for large amounts of personal information. While the purpose of this exercise was primarily to obtain the branches' perspectives regarding privacy, the ATIP Directorate took the opportunity to provide awareness to senior management on key privacy requirements. A total of 10 sessions were held with 176 participants.

As well, ATIP participates in the department's Orientation Program for new employees. This section provides information on employee obligations under the act, including an explanation of the duty to assist, a reminder that only those delegated under the act can make disclosure decisions, a reference to procedures for reporting suspected contraventions, as well as a link to the departmental policy on ATIP.

5.2 Access to Information and Privacy Directorate staff

The ATIP officer Development Program created in 2006 was revised in 2016 to 2017 to update the mandatory training section and to allow for internal deployment of qualified employees at level into the program. The objective of the program is to address the department's mid and long-term shortage of skilled ATIP professionals by recruiting new employees at the junior level, and preparing them to fill senior ATIP officer positions at the PM-4 group and level up to a 5-year horizon. The program is also intended to reduce the costs associated with the competitive staffing process and eliminate the need for consultants.

ATIP employees have the opportunity to take advantage of the ATIP training offered in house and by the Treasury Board Secretariat, and also attend conferences such as the Canadian Access and Privacy Association (CAPA) conference.

6. Personal information banks

In accordance with section 10 of the Privacy Act, all personal information under the control of the institution that is used for an administrative purpose, or that is retrievable by name or personal identifier must be described in personal information banks (PIBs).

Also, as required by the TBS directives on privacy practices and PIA, any new or substantially modified PIB must be approved by TBS before implementing the new or modified program or activity.

No PIBs were revised and submitted to TBS in 2016 to 2017.

7. Collection of personal information

The PSPC Forms Management Policy requires that all new and revised forms that collect personal information be reviewed by the ATIP Directorate to ensure compliance with privacy legislative and policy requirements. As well, the ATIP Directorate reviews electronic forms on departmental intranet and internet sites, including surveys and public opinion research. It also assists with the development of the related privacy notices and consent statements.

8. Material privacy breaches

A privacy breach involves improper or unauthorized collection, use, disclosure, retention or disposal of personal information. A privacy breach may occur within an institution or off-site and may be the result of inadvertent errors or malicious actions by employees, third parties, partners in information-sharing agreements or intruders.

A breach is deemed "material" if the breach involves sensitive personal information and could reasonably be expected to cause serious injury or harm to the individual, or involves a large number of affected individuals.

During the fiscal year 12 material privacy breaches were reported to the ATIP Directorate and the Corporate Security Directorate. In accordance with the TBS guidelines for privacy breaches, the ATIP Directorate reported the incidents to the Office of the Privacy Commissioner (OPC) and TBS.

Eleven of the breaches were related to the modernization of the pay program and the launch of the Phoenix Pay System. These breaches fell into 3 categories:

  • breaches related to security parameters improperly linked to certain pages
  • breaches related to coding
  • breaches related to user input errors

There is no evidence that employees' personal information ever left the hands of federal employees or government contractors as a result of these breaches. The department has taken measures to address each situation. System adjustments and fixes were quickly implemented to prevent further breaches. The issues that caused each breach have been resolved. The Phoenix team is conducting a system-wide review to ensure there are no issues that could lead to further disclosures of personal information.

The remaining material breach occurred when an excel spreadsheet (which contained PSPC employees' personal information) attached to an email was sent in error to 180 employees. An email from the deputy minister was sent to all PSPC employees to notify affected individuals.

Part III: Statistical report — Interpretation and explanation of trends

The 2016 to 2017 statistical report on the Privacy Act is attached in Annex B: Statistical report on the Privacy Act.

1. Departmental overview of requests received

The ATIP Directorate processes all requests received by the department pursuant to the Privacy Act. Each request is first reviewed for clarity and then assigned to one or more organizational units of the department that are then responsible for locating and retrieving the records containing the information sought.

Organizational units review their relevant records and provide recommendations to the ATIP Directorate on potential sensitivities that could result from their disclosure. When necessary, the ATIP Directorate also undertakes consultations with other organizations before a skilled analyst reviews each record to make a decision on disclosure. The ATIP Directorate then notifies the requester and provides access to all of the records that may be disclosed.

2. Requests under the Privacy Act

The department received 485 requests under the Privacy Act in 2016 to 2017. The requests mainly related to pension and pay files, labour relations matters, other employment related records, staffing processes, security clearances as well as correspondence and other personal information pertaining to the requesters.

Compared to the previous fiscal year, PSPC experienced a 90% increase in the total number of privacy requests received. Chart I provides an overview of the trends related to the volume of requests processed by PSPC over the past 3 fiscal years.

Chart I: Processing trends for privacy requests

Volume of privacy requests processed by PSPC over the past 3 fiscal years. Text version below the chart

Summary of Chart I: Processing trends for privacy requests
  • 2014 to 2015: 71 requests outstanding from previous fiscal year, 166 requests received, 224 requests completed and 13 requests carried forward to next fiscal year
  • 2015 to 2016: 13 requests outstanding from previous fiscal year, 255 requests received, 241 requests completed and 27 requests carried forward to next fiscal year
  • 2016 to 2017: 27 requests outstanding from previous fiscal year, 485 requests received, 345 requests completed and 167 requests carried forward to next fiscal year

3. Requests closed during the reporting period

Of the 512 requests in progress, 345 requests (67%) were completed during the 2016 to 2017 reporting period. The remaining 167 requests (33%) were carried forward to the next fiscal year. Of the 345 cases where the department completed the request, information was released either in whole or in part in 227 requests (66%). Chart II provides an overview of the disposition of requests closed by PSPC during the fiscal year.

Chart II: Disposition of privacy requests closed

Volume and percentage of privacy requests closed by PSPC, by disposition of requests. Text version below the chart
Summary of Chart II: Disposition of privacy requests closed
  • All disclosed: 131 requests (38%)
  • Disclosed in part: 96 requests (28%)
  • All exempted; all excluded: 1 request (0%)
  • No records exist: 68 requests (20%)
  • Abandoned: 49 requests (14%)
  • Neither confirmed nor denied: 0 request (0%)

4. Exemptions and exclusions

Sections 18 through 28 of the Privacy Act set out the exemptions intended to protect information pertaining to a particular public or private interest.

Pursuant to section 69, the act does not apply to material that is published or available for purchase, library or museum material preserved solely for public record, material deposited with the Library and Archives Canada. Records considered to be confidences of the Queen's Privy Council of Canada are also excluded pursuant to section 70 of the act.

These limited and specific exemption and exclusion provisions form the only basis for withholding information that is requested under the act.

Annex B: Statistical report on the Privacy Act shows the types of exemptions and exclusions invoked to refuse access. For clarity, if 5 different exemptions and/or exclusions were applied in one request, each relevant section would be reported, for a total of 5. If the same exemption or exclusion was used several times for the same request, it would be reported only once.

As noted in Annex B: Statistical report on the Privacy Act, information about another individual (section 26 of the act) accounts for the majority of the exemptions applied by the department.

5. Format of information released

Of the 227 requests in which information was released (all disclosed or disclosed in part), records were provided in the form of paper copies for 79 requests (35%), whereas 148 cases (65%) were in electronic format.

6. Complexity

PSPC processed more than 86,000 pages during the reporting period. This represents a 215% increase compared with the previous fiscal year. While on average, files contained 89 pages to be processed, 28 requests had over 500 pages, and 34 had more than 1,000 pages. Chart III provides the trends related to the relevant pages processed and disclosed by PSPC over the past 3 fiscal years.

Chart III: Trends for relevant pages processed and disclosed

Number of pages processed and disclosed by PSPC over the past 3 fiscal years.  Text version below the chart
Summary of Chart III: Trends for relevant pages processed and disclosed
  • 2014 to 2015: 62,728 pages processed and 27,501 pages disclosed
  • 2015 to 2016: 40,836 pages processed and 37,449 pages disclosed
  • 2016 to 2017: 103,337 pages processed and 86,852 pages disclosed

7. Processing time

Of the 345 requests completed during the fiscal year, 119 requests (35%) required an extension in accordance with section 15 of the act. In all cases, meeting the original time limit would have unreasonably interfered with the operations of the department. There was no need to consult with other government institutions.

Despite the volume, 316 requests (62%) were completed within the initial 30-day period, while 15 requests (3%) were completed within 31 to 60 days. The average processing time for all requests completed was 30 days. This is 2 days more than the previous fiscal year.

Owing to the volume of records to be processed, 29 requests (5%) fell in a deemed refusal status and were closed after the statutory deadline. This represents the same situation as last fiscal year. In 22 cases (76%), the maximum 30-day time extension allowed under the Act was not sufficient to complete the review. On average, PSPC needed an additional 50 days to complete these late files.

The ATIP Directorate workload was the principal reason of delays in 59% of the 29 late cases. Factors such as complexity of requests and the reassignment of files within the ATIP Directorate also contributed to the delays.

The department's timeliness and compliance for completing requests is closely monitored by the ATIP Directorate.

8. Translation

There was no request for the translation of information from one official language to another.

9. Disclosures under subsection 8(2) of the act

During 2016 to 2017, the department made 23 disclosures of personal information to investigative bodies pursuant to paragraph 8(2)(e) of the act. A copy of every request received under paragraph 8(2)(e), and a record of any information disclosed pursuant to the request, is kept in accordance with subsection 8(4) of the act.

There was one disclosure made under paragraph 8(2)(m) of the act. In this instance, personal information was shared with another institution. The public interest in disclosing the information clearly outweighed any possible invasion of privacy. The Office of the Privacy Commissioner was notified prior to the disclosure.

10. Requests for correction of personal information and notations

There was one request for the correction of personal information or for notations to be placed on a file.

11. Consultations from other government institutions and organizations

The department received 11 privacy consultations in 2016 to 2017, for an additional 369 pages of records to review. PSPC closed 10 of these consultations and took 12 days on average to respond. This is 3 days more than the previous fiscal year.

12. Complaints and requests for judicial review

Table I provides the breakdown of complaints made to the Office of the Privacy Commissioner of Canada and of requests for judicial review filed with the Federal Court of Canada, for which PSPC has been informed of over the past 3 fiscal years.

Table I
Complaints and requests for judicial review
Reporting period Complaints Judicial reviews
2014 to 2015 7 0
2015 to 2016  2 0
2016 to 2017  25 0

12.1 Complaints to the Office of the Privacy Commissioner of Canada

In 2016 to 2017, the OPC notified PSPC's ATIP Directorate of 13 complaints relating to the processing of requests. From the 13 complaints received, 8 were regarding delays in retrieving records, 2 of the complaints were regarding exemptions applied to information released, and 3 of the complaints were for missing records.

The OPC closed 2 complaints regarding PSPC's request processing in 2016 to 2017. Of these, one was well-founded and one was resolved. PSPC regularly reviews investigative findings to improve its administration of the Privacy Act.

In 2016 to 2017, the Office of the Privacy Commissioner received 12 complaints regarding the management and protection of personal information. Of these, one was a collection complaint, and 11 were use and disclosure complaints. The OPC closed 9 complaints regarding PSPC's management and protection of personal information in 2016 to 2017. These complaints were well-founded and PSPC took the required corrective action.

12.2 Requests for judicial review

There were no requests made to the Federal Court of Canada seeking a judicial review.

13. Privacy impact assessments

In accordance with the TBS Directive on privacy impact assessment (PIA), a PIA must be initiated for a program or activity in the following circumstances:

  • when personal information is used for or is intended to be used as part of a decision-making process that directly affects the individual
  • upon substantial modifications to existing programs or activities where personal information is used or intended to be used for an administrative purpose
  • when contracting out or transferring a program or activities to another level of government or the private sector results in substantial modifications to the program or activities

The ATIP Directorate provides advice and guidance to PSPC managers throughout the PIA process, including the review of PIA reports and liaison with the Office of the Privacy Commissioner.

Summaries of the PIAs completed by PSPC are published on the Access to information and privacy at Public Services and Procurement Canada site. The site is intended to facilitate the public's understanding of the Access to Information Act, the Privacy Act and associated departmental procedures.

Table II provides the number of assessments conducted in the last 3 fiscal years.

Table II
Privacy impact assessments
Reporting period Completed
2014 to 2015 2
2015 to 2016 1
2016 to 2017 0

During the 2016 to 2017 fiscal year, no PIA was completed or sent to the Privacy Commissioner of Canada or the Treasury Board of Canada Secretariat.

14. Resources related to the Privacy Act

The total salary costs associated for the Privacy Program amounted to $913,961.00 and operations and maintenance costs to $48,221.00, for a combined total of $962,182.00. The number of employee and temporary resources was estimated at 11.5 person years for the 2016 to 2017 fiscal year.

Annex A: Delegation of authorities (Excerpt)

Please note that the November 4, 2011 version has been updated as follows:

Changes to schedule 1

  • Integration of "printing" under goods procurement within department-wide authorities. While printing is currently covered under standing offers which offer specific authorities, integrating printing within the goods procurement will provide additional clarity and flexibility
  • Increased limits for the software licensing supply arrangements (SLSA) from $40K to $100K upon review of business volumes in collaboration with Acquisitions Branch
  • Integration of new travel authorities and revision of hospitality, events and conferences authorities in order to be aligned and compliant with the revised TB Directive on travel, hospitality, conference and event expenditures, effective August 1, 2013
  • Integration of a new authority for the Chief Financial Officer to act as the delegated travel and hospitality approval authority in situations where the deputy minister participates at the hospitality event or is the traveler
  • Modification of the delegations pursuant to the Access to Information Act and the Privacy Act in order to reflect the transfer of the mandate for these authorities from the director general (DG), executive secretariat to the DG responsible for the ATIP program, and the provision of additional authorities to team leaders
  • Amendment to revenue agreement memorandum of understanding (MOU)s and specific service agreement (SSA)s authorities in order to allow incumbents of certain real property positions (level 3 and 4) to perform low risk transactions in order to avoid project delays
  • Modification of the authority to make changes to the table of equivalent positions in order to allow the deputy minister to perform changes to the specific delegation of authorities in accordance with the TB Directive on delegation of financial authorities for disbursements
  • Addition or change to the "table of equivalent positions" and "specific delegation of authorities" tables to reflect the current organizational structures

Minister's and deputy minister's delegation of authorities

We hereby delegate the powers vested in the offices of the Minister and Deputy Minister of Public Works and Government Services, in the manner defined in Schedules 1 to 4, the associated tables of equivalent positions and specific delegations in the notes to these schedules, including officers appointed on a temporary or acting basis to positions so defined, subject to the principles, guidelines, limitations and restrictions described in the department's delegation of authorities manual and all relevant legislation, regulations and policies.

Specifically, this instrument is intended to delegate authority, as defined by:

Schedule 1
"Department-wide authorities", the "table of equivalent positions" for schedule 1 and the specific delegations contained in the "notes to schedule 1"
Schedule 2
"Real property authorities", the "table of equivalent positions" for schedule 2 and the specific delegations contained in the "notes to schedule 2"
Schedule 3
"Common service acquisition authorities", the "table of equivalent positions" for schedule 3 and the specific delegations contained in the "notes to schedule 3"
Schedule 4
"Receiver General for Canada authorities"

Further, these delegations are made on the explicit understanding that they are to be used only to:

  • commensurate with the level of responsibility assigned to the position and when required to undertake the duties of that position as described in the operational plans of the department
  • attain departmental objectives, within the departmental mandate
  • attain clients' objectives when providing common services to client departments

The department's delegation of authorities manual documents the delegated authorities of Public Services and Procurement Canada and includes important information on the conditions under which we have made these delegations. All officers of the department who are acting on our behalf in any matter related to these delegations must make themselves familiar with the contents of the manual to ensure that they are fully cognizant of the conditions and implications of doing so.

Original signed by

The Honourable Judy M. Foote
P.C., M.P. (Bonavista-Burin-Trinity)
Minister of Public Services and Procurement
February 19, 2016

George Da Pont
Deputy Minister of Public Services and Procurement
January 19, 2016

Administrative authorities: Approvals
  Asset disposals Asset write-offs Asset loans Project approval: IT-enabled projects and business projects Treasury Board submission Amendment to the table of equivalent positions and specific delegations Access to Information Act Privacy Act Use of government vehicles Exemption from parking charges Certification of true copies Release settlement documents
Departmental limit Full Full Full Full and Project complexity risk assessment (PCRA) level 3 Full Full Full Full Full Full Full Full
Generic levels
Level 1 See notes Full Full See notes See notes See notes See notes See notes See notes See notes See notes See notes
Level 2 See notes Full Full n/a n/a n/a See notes See notes See notes n/a n/a See notes
Level 3 See notes See notes See notes n/a n/a n/a See notes See notes See notes n/a n/a n/a
Level 4 See notes See notes See notes n/a n/a n/a See notes See notes See notes n/a n/a n/a
References to notes to schedule 1 50 51 52 53 54 55 56 57 58 59 60 61

Supplementary information

Columns 50 to 52 are administrative authorities that allow managers to identify assets for disposal, write-off or loan. The authority to complete these transactions is only delegated to officers of Materiel Management in Corporate Services or Regional Corporate Services, Strategic Management & Communications.

Departmental limit: Full means the authority to dispose, write-off or loan assets for which the department is responsible.

Level 1: Full means the authority to dispose, write-off or loan assets for which the manager is responsible.

Column 53 for IT-enabled projects, obtaining the approval from the Chief Information Officer for PSPC is also required.

Column 54 is a primary control on spending when that spending is outside the limits of departmental authority. This is the authority to initiate a TB submission. Only the minister and deputy minister may approve a submission to the Treasury Board.

Columns 55 to 61 are administrative authorities which are delegated to positions with assigned responsibility. Exercising of these authorities must also comply with relevant legislation, regulation and policy requirements and limitations.

Column 57 Privacy Act

Specific delegation of authority
Level of authority Applicable equivalent positions at that level Type of delegated authority
Level 1 Assistant deputy minister responsible for the ATIP program Full
Director General responsible for the ATIP program Full
Level 2 Director, Access to Information and Privacy Fulltable 1 note 1
Level 3 Manager, Access to Information and Privacy Fulltable 1 note 1
Level 4 Chief / Team leader, Access to Information and Privacy Fulltable 1 note 2
ATIP officer Fulltable 1 note 3

Table 1 Notes

Table 1 Note 1

Except for section 8(2)(m) of the Privacy Act regarding personal information to be disclosed in the public interest.

Return to table 1 note 1 referrer

Table 1 Note 2

Only in regard to sections 14, 15, 26 and 27 of the Privacy Act; and section 9 of the Privacy Regulation.

Return to table 1 note 2 referrer

Table 1 Note 3

Only in regard to section 15 of the Privacy Act.

Return to table 1 note 3 referrer

Annex B: Statistical report on the Privacy Act

Statistical report on the Privacy Act

Name of institution:
Public Services and Procurement Canada
Reporting period:
April 1, 2016 to March 31, 2017

Part 1: Requests under the Privacy Act

1.1 Number of requests
Type Number of requests
Received during reporting period 485
Outstanding from previous reporting period 27
Total 512
Closed during reporting period 345
Carried over to next reporting period 167

Part 2: Requests closed during the reporting period

2.1 Disposition and completion time of requests
Disposition of requests Completion time
1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
All disclosed 17 71 38 4 1 0 0 131
Disclosed in part 3 23 46 17 3 4 0 96
All exempted 0 1 0 0 0 0 0 1
All excluded 0 0 0 0 0 0 0 0
No records exist 59 7 2 0 0 0 0 68
Request abandoned 37 2 10 0 0 0 0 49
Neither confirmed or denied 0 0 0 0 0 0 0 0
Total 116 104 96 21 4 4 0 345
2.2 Type of exemptions applied
Section Number of requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 1
22(1)(a)(i) 1
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 0
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 1
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 92
27 11
28 0
2.3 Type of exclusions invoked
Section Number of requests
69(1)(a) 1
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Disposition Paper Electronic Other formats
All disclosed 61 70 0
Disclosed in part 18 78 0
Total 79 148 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Disposition of requests Number of pages processed Number of pages disclosed Number of requests
All disclosed 32,245 31,070 131
Disclosed in part 71,092 55,782 96
All exempted 0 0 1
All excluded 0 0 0
Request abandoned 0 0 49
Neither confirmed or denied 0 0 0
Total 103,337 86,852 277
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100 pages processed 101 to 500 pages processed 501 to 1,000 pages processed 1001 to 5,000 pages processed More than 5,000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 65 1,680 46 10,458 13 9,090 7 9,842 0 0
Disclosed in part 31 420 23 6,529 15 9,959 26 33,489 1 53,85
All exempted 1 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 49 0 0 0 0 0 0 0 0 0
Neither confirmed or denied 0 0 0 0 0 0 0 0 0 0
Total 146 2,100 69 16,987 28 19,049 33 43,331 1 5,385
2.5.3 Other complexities
Disposition Consultation required Legal advice sought Interwoven information Other Total
All disclosed 0 0 2 2 4
Disclosed in part 1 0 1 1 3
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 18 18 36
Neither confirmed or denied 0 0 0 0 0
Total 1 0 21 21 43

2.6 Deemed refusals

2.6.1 Reasons for not meeting statutory deadline
Principal reason
Number of requests closed past the statutory deadline Workload External consultation Internal consultation Other
29 17 0 0 12
2.6.2 Number of days past deadline
Number of days past deadline Number of requests past deadline where no extension was taken Number of requests past deadline where an extension was taken Total
1 to 15 days 3 8 11
16 to 30 days 1 3 4
31 to 60 days 2 4 6
61 to 120 days 0 3 3
121 to 180 days 1 3 4
181 to 365 days 0 1 1
More than 365 days 0 0 0
Total 7 22 29
2.7 Request for translation
Translation requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Part 3: Number of disclosures made under subsections 8(2) and 8(5)

Number of disclosures made under subsections 8(2) and 8(5)
Paragraph 8(2)(e) Paragraph 8(2)(m) Sub-section 8(5) Total
23 1 0 24

Part 4: Request for corrections

Number of request for corrections
Status Number
Notations attached 0
Requests for correction accepted 1
Total 0

Part 5: Extensions

5.1 Reasons for extensions and disposition of requests
Disposition of requests where an extension was taken 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation or conversion
Section 70 Other
All disclosed 42 0 0 0
Disclosed in part 66 0 0 0
All exempted 0 0 0 0
All excluded 0 0 0 0
No records exist 2 0 0 0
Request abandoned 9 0 0 0
Total 119 0 0 0
5.2 Length of extensions
Length of extensions 15(a)(i) Interference with operations 15(a)(ii) Consultation 15(b) Translation or conversion
Section 70 Other
1 to 15 days 0 0 0 0
16 to 30 days 119 0 0 0
Total 119 0 0 0

Part 6: Consultations received from other institutions and organizations

6.1 Consultations received from other government institutions and organizations
Consultations Other government institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 11 371 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 11 371 0 0
Closed during the reporting period 10 369 0 0
Pending at the end of the reporting period 1 2 0 0
6.2 Recommendations and completion time for consultations received from other government institutions
  Number of days required to complete consultation requests
Recommendations 1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
Disclose entirely 6 2 0 0 0 0 0 8
Disclose in part 1 1 0 0 0 0 0 2
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 7 3 0 0 0 0 0 10
6.3 Recommendations and completion time for consultations received from other organizations
Number of days required to complete consultation requests
Recommendations 1 to 15 days 16 to 30 days 31 to 60 days 61 to 120 days 121 to 180 days 181 to 365 days More than 365 days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Part 7: Completion time of consultations on Cabinet confidences

7.1 Requests with Legal Services
Number of days Fewer than 100 pages processed 101 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of Requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Part 8: Complaints and investigations notices received

Number of Complaints and investigations notices received
Section 31 Section 33 Section 35 Court action Total
25 3 0 0 28

Part 9: Privacy impact assessments

Number of PIA(s) completed: 0

Part 10: Resources related to the Privacy Act

10.1 Costs of resources associated with the privacy program
Expenditures Amount
Salaries $913,961.00
Overtime $0.00
Goods and services
  • Professional services contracts: $0.00
  • Other: $48,221.00
$48,221.00
Total $962,18.00
10.2 Number of employee and temporary resources
Resources Person years dedicated to privacy activities
Full-time employees 11
Part-time and casual employees 0.5
Regional staff 0
Consultants and agency personnel 0
Students 0
Total 11.5
Report a problem or mistake on this page
Date modified: