Canada Border Services Agency
Symbol of the Government of Canada

ARCHIVED - Privacy Act

Warning This page has been archived.

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Canada Border Services
Agency Annual Report
2011-2012

Table of Contents

Chapter One: Privacy Act Report

Chapter Two: Interpretation of Statistical Report

Chapter One: Privacy Act Report

Introduction

The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act (the Act), its Annual Report on the management of the Act.  The report describes the activities that support compliance with the Act for the fiscal year commencing April 1st, 2011 and ending March 31st, 2012.  During this period, the CBSA continued to build upon successful practices implemented in previous years.

“The purpose of the Privacy Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information”. [1]

As stated in subsection 72(1) of the Privacy Act, “The head of every government institution shall prepare for submission to Parliament an annual report on the administration of this Act within the institution during each financial year.” [2]

In fiscal year 2011–2012, the CBSA introduced new procedures and practices that will ensure the continued provision of timely service to Canadians who seek to exercise their right to access personal information under the Privacy Act, and which demonstrate leadership in the management of increasingly numerous and complex privacy requests, and in the management of increasingly voluminous, sensitive, and complex collections of personal information.

Return to Top of Page

Organization

I. About the Canada Border Services Agency (CBSA)

Since 2003, the CBSA has been an integral part of the Public Safety Canada portfolio, which was created to protect Canadians and maintain a peaceful and safe society.  In support of these priorities, the CBSA is responsible for providing integrated border services which facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation.

The CBSA carries out its responsibilities with a workforce of approximately 13,000 employees, including over 7,200 uniformed CBSA officers who provide services at approximately 1,200 points across Canada and at 39 international locations. [3]

II. Access to Information and Privacy Division

On April 1st, 2004, the CBSA established the Access to Information and Privacy Section.  This section was initially staffed with six employees based on an estimated annual workload of between 250 and 350 requests.  During the 2007–2008 fiscal year, due to growing demand on the CBSA, the Access to Information and Privacy Section was expanded to become the CBSA’s Access to Information and Privacy Division.

The Access to Information and Privacy Division is comprised of four units:  an Administration section, two Case Management units, and a Policy and Training unit.  The Administration section’s function is to receive all incoming requests and consultations, ensuring quality control on all outgoing correspondence and supporting both Case Management units in their day-to-day business.  The Case Management units task all branches and regions with records retrieval requests and provide daily operational guidance and support to CBSA employees.  The Policy and Training unit develops policies, tools and procedures to support privacy requirements within the CBSA and provides training to CBSA employees.  On average, 40 full time equivalents (FTE) and three consultants were employed in the Access to Information and Privacy Division during the fiscal year 2011–2012 reporting period.

The Access to Information and Privacy Coordinator for the CBSA is the Director of the Access to Information and Privacy Division.  The Access to Information and Privacy Division is part of the Corporate Secretariat Directorate, which reports to the Vice-President of the Corporate Affairs Branch.  Consistent with the best practices as identified by the Treasury Board of Canada Secretariat (TBS) [4], the CBSA’s Access to Information and Privacy Coordinator is positioned within three levels of the President, and has full delegated authority reporting directly to the Director General, Corporate Secretariat, who in turn reports to the Vice-President.

The Access to Information and Privacy Division works closely with other members of the Public Safety Canada portfolio, such as the Canadian Security Intelligence Service (CSIS), Correctional Service of Canada (CSC), the Parole Board of Canada (PBC) and the Royal Canadian Mounted Police (RCMP), in order to share best practices and develop streamlined processes for the retrieval of jointly held records in order to comply with the 30 day legislated timeframe to respond to privacy requests.

Return to Top of Page
III. Information Sharing Unit

In fiscal year 2009-2010, the CBSA created the Information Sharing Unit, which is part of the Program, Planning and Legislation Division, in the Planning and Performance Management Directorate, Programs Branch.

This unit supports all the CBSA programs by leading or coordinating strategic and/or horizontal information sharing initiatives.  It identifies required regulatory or legislative changes, develops internal disclosure policy, reviews and contributes to memoranda of understanding and Privacy Impact Assessments (PIAs) that contain an information sharing component, and coordinates information sharing activities on behalf of internal or external stakeholders, including international partners.  Within this mandate, the Information Sharing Unit provides policy guidance to the CBSA programs related to the disclosure of information, under section 8 of the Privacy Act and section 107 of the Customs Act.

The Information Sharing Unit is also responsible for ensuring that information sharing legislation, policy and procedures are clearly and consistently understood throughout the CBSA.  To this end, the unit develops and provides training to the CBSA employees in consultation with the Human Resource Branch’s Training and Learning Directorate. 

In fiscal year 2011–2012, the Information Sharing Unit accomplished multiple activities related to the Privacy Act that included:

  • Undertaking a comprehensive review of key information sharing activities, initiatives and gaps between the CBSA and United States counterparts.
  • Providing support and guidance to programs areas of the CBSA to ensure an integrated and coordinated approach to information sharing with the United States as part of the Beyond the Border Action Plan suite of initiatives.
  • Leading a CBSA-wide Information Sharing Working Group, which serves as a consultative body to support the development of the CBSA information sharing policy development and research;
  • Representing the CBSA in supporting policy initiatives led by Public Safety Canada concerning information sharing to support national security.
  • Leading the CBSA participation in the development and implementation of the Immigration Information Sharing Treaty with the United States (led by Citizenship and Immigration Canada (CIC)).
  • Developing a CBSA–wide policy for information sharing that encompasses the different legislation that govern the disclosure of CBSA information.
  • Revised the training on information sharing for the new Border Services Officer.
  • Developed and put into place information sharing training for supervisors, investigators and management.
  • Revised the information sharing policy for section 107 of the Customs Act. The new policy will replace the D-Memoranda: D1-16-1: Explanation of Section 107 of the Customs Act and D1-16-2: Interim Administrative Guidelines for the Provision to others, Allowing access to others, and Use of Customs Information – Section 107 of the Customs Act.
  • Delivered training to more than 600 employees across the country on the new information sharing policy for section 107.

At the end of the fiscal year 2011–2012 reporting period, seven full time equivalents were employed in the Information Sharing Unit.

IV. Upcoming Resource Challenges

The CBSA is expecting an increase in the number of requests received due to its high profile role in key Government of Canada initiatives, such as the Beyond the Border Action Plan and the Deficit Reduction Action Plan.  Additionally, the Access to Information and Privacy Division anticipates that significant resources will need to be dedicated to the completion of PIAs for those initiatives affected by the Beyond the Border Action Plan.

The Access to Information and Privacy Division has implemented several operational and human resource strategies which it believes will help to mitigate some of the impact of these initiatives and enable the CBSA to maintain its current high performance with respect to its privacy obligations.

Return to Top of Page

Activities and Accomplishments

I. Leadership

The Access to Information and Privacy Division receives, coordinates and processes requests for information under the Privacy Act, providing high quality and timely service to requesters.  In addition, the Access to Information and Privacy Division supports a network of 18 Access to Information and Privacy Liaison contacts across the branches and regions of the CBSA who assist with requests by searching and retrieving records, and coordinating recommendations from within their branch or region.  This allows the Access to Information and Privacy Division to maximize efficiencies in request processing to ensure that requesters received their information in the shortest time possible.

The Access to Information and Privacy Division further strengthened the administration of the privacy program throughout the CBSA by implementing a rigorous and more accountable records retrieval process.  As of January 2012, all branches and regions were required to provide at least director-level approval and the inclusion of subject matter expertise for each office of primary interest involved in the search, retrieval, and provision of recommendations for records responsive to a privacy request.  The new process is the first step for the CBSA’s new functional approach to the administration of the program.  A similar process will be implemented for consultations by the end of the fiscal year.  Procedures will be put in place that will address delays in processing consultation requests from other institutions and will streamline the process for consultations sent to other government institutions to improve response times.

The CBSA also maintains a reading room, available for individuals who wish to review our publications or other public materials.  Individuals may access the reading room by contacting the Access to Information and Privacy Director of the CBSA.  The reading room is located at:

Leima Building, 10th Floor
410 Laurier Avenue West
Ottawa, Ontario
K1A 0L8
Telephone: 613-941-7431
atip-aiprp@cbsa-asfc.gc.ca

The CBSA is also a member of a working group led by TBS that is exploring the development of an access to information and privacy request processing software suite for use by all federal government institutions.  As the CBSA collects large volumes of sensitive personal information, it has requested the inclusion of a privacy management component to this software suite to better enable institutions to manage PIAs and other privacy aspects not pertaining to requests for personal information.

One of the primary drivers for the CBSA’s receipt of a “Strong” rating in the Management Accountability Framework 2.6 – Governance and Capacity was its implementation and management of a moderated discussion group for Access to Information and Privacy professionals across the federal government on the Treasury Board Secretariats’ GC Forums.  The Access to Information and Privacy Professionals Forum is an opportunity for access and privacy specialists to share best practices, discuss coordinated solutions, post training material, and generally cooperate to strengthen the administration of access and privacy across government.  TBS has assumed responsibility for moderating the discussion group, and commended the CBSA for its efforts in establishing it and making the group a success.

CBSA has always been an active participant in the support and promotion of privacy, and fiscal year 2011–2012 was no exception.  Aside from the above, the CBSA engaged in numerous leadership activities including:

  • The Access to Information and Privacy Division participated in a panel discussion of the Computer Assisted Immigration Processing System and the Field Operations Support System as part of the 2011 National Citizenship and Immigration Law Professional Development Conference;
  • The Access to Information and Privacy Division delivered a presentation on the CBSA’s Privacy Management Framework and Action Plan at the Privacy Information Agency’s second annual Privacy Workshop;
  • The CBSA and Public Safety met with Ms. Sigrid Arzt, Commissioner of the Federal Institute of Access and Protection of Information.  Ms. Arzt is one of five Commissioners representing the highest authority of Mexico’s Institute for Access and Protection of Information.  The issue of confidentiality of information in relation to public safety and national security was broadly discussed and information on Canada’s Access to Information Act and Privacy Act was shared at the meeting;
  • The Access to Information and Privacy Division hosted a Public Safety Portfolio Access to Information and Privacy Director-level meeting to exchange best practices and discuss challenges moving forward.  The CBSA’s new Delegation Orders; Public Interest Disclosure Operating Guidelines; Record Retrieval process and duty to assist text were shared at the meeting; and
  • The Access to Information and Privacy Director travelled to Washington to confer with his counterpart in the United States Customs and Border Protection and the Department of Homeland Security in order to exchange best practices and promote closer coordination and cooperation in the protection of privacy rights, which will be of fundamental importance given our central role in the trans-border sharing of personal information.
Return to Top of Page
II. Performance

The CBSA received 6,674 requests under the Privacy Act in fiscal year 2011–2012. The CBSA has maintained a compliance rate of 97.6% in relation to the legislated time frames to respond to requests, a remarkable accomplishment, considering that the number of privacy requests the CBSA received has increased by 130.5% over the last year.  This is in addition to the 109.1% increase received the previous fiscal year.

The increase in the number of privacy requests is largely attributable to individuals seeking copies of their history of arrival dates into Canada.  Currently, 77% of the privacy requests received by the CBSA are from individuals seeking their traveler history records, which they use to prove residency requirements of benefits programs administered by Human Resources and Skills Development Canada and CIC.  Currently the Access to Information and Privacy Division is exploring alternatives to facilitate these clients while reducing the burden on the CBSA.

The Access to Information and Privacy Division continues to modernize its service delivery model.  Aside from the introduction of a more rigorous records retrieval process, a new electronic consultation process was negotiated with CIC to promote the timely completion of consultations on records pertaining to routine client immigration files.  Client immigration files make up 17% of the CBSA’s privacy workload, and as client immigration files are a shared responsibility of CBSA and CIC, consultations from CIC represent 50% of the CBSA’s external consultations.

The CBSA continues to offer the electronic delivery of responses to privacy requests, and in fact electronic responses made up 7.5% of all formal privacy requests closed in fiscal year 2011–2012.

III. Human Resources

Finding and recruiting individuals who possess the necessary skills and experience for the Access to Information and Privacy discipline remains a challenge confronting all federal institutions.  As a result, the market for Access to Information and Privacy Analysts is extremely competitive.  Establishing the right organization with positions at the right levels is crucial to the success of our recruitment and retention efforts.

The Access to Information and Privacy Division implemented several human resource strategies over the past two fiscal years that better position the Division to maintain, or at least minimize the impact on, our current performance in spite of predicted privacy request workload increases.  We have an excellent core group of experienced staff who have been given several avenues to expand their knowledge and expertise through acting and assignment opportunities.  These are part of strategies implemented by the Division in fiscal year 2010-2011 and continued in fiscal year 2011–2012.

The Access to Information and Privacy Division also hired a university student on a casual basis who joined the Policy and Training Unit, and is exploring the possibility of continuing this practice in the 2012-2013 fiscal year.

The Access to Information and Privacy Division continues to participate in a TBS-led working group mandated to help design generic organizational Access to Information and Privacy models, work descriptions and associated generic competencies that will respond to various issues and challenges that have been identified by the Access to Information and Privacy community and support employees and organizational development in the Access to Information and Privacy field across the core public administration.

The position of Strategic Advisor to the Access to Information and Privacy Director was established to allow for the development of key strategic initiatives such as a CBSA Privacy Breach Protocol, a Chief Privacy Officer and a Privacy Oversight Committee governance model.  In anticipation of the complex and voluminous privacy work that will result from the Action Plan on Perimeter Security and Economic Competitiveness Initiatives, the Strategic Advisor will become responsible in fiscal year 2012-2013 for managing all PIAs related to that initiative over the next five years.

Return to Top of Page
IV. Education and Training

In fiscal year 2011–2012, resources were focused on educational initiatives that supported the implementation of streamlined processing procedures and built an awareness of access obligations throughout the CBSA.  To this end, the Access to Information and Privacy Division held half-day Access to Information and Privacy Awareness Sessions at the Ottawa Public Library in which 242 National Capital Region employees took part.  These sessions are designed to ensure that the participants fully understand their responsibilities under the Access to Information Act and the Privacy Act, with a focus on requests made pursuant to the Acts, and the duty to assist principles, as well as the other elements required by Appendix B of the related TBS directives.  The same session has also been delivered to 220 employees in three regions, with the intention of delivering it to the remaining regions in the new fiscal year.

The Access to Information and Privacy Division has also delivered customized sessions to particular audiences in high-demand areas, such as the Intelligence program.  These customized sessions have been well-received by 146 employees.  The large sessions and targeted training will be offered again in the new fiscal year.

The Access to Information and Privacy Division worked with the Information Management program and the Training and Learning Directorate to design a joint Access to Information and Privacy and Information Management online training session.  This session will be finalized and delivered in fiscal year 2012-2013.

In fiscal year 2011–2012 the Access to Information and Privacy Division began delivering specialized PIA training to project managers and staff throughout the CBSA.  The primary purpose of this training was to strongly emphasize that privacy should be a central consideration from the outset of a project rather than as a costly upgrade following implementation.

In addition, the Access to Information and Privacy Division organized a National Access to Information and Privacy Liaison Officers Learning Event in February 2012.  This conference was a forum, bringing together 23 employees of the CBSA, to learn, discuss and exchange information about the challenges encountered in the branches and regions, as well as discuss potential improvements to the new records retrieval process.  The Access to Information and Privacy Division staff also participated in the Canadian Access and Privacy Association Conference that took place in November 2011 in Ottawa.  Employees also attended courses provided by the Treasury Board of Canada Secretariat such as the Parliamentary Reporting Requirement course.  Two employees are enrolled in the International Association of Privacy Practitioners professional accreditation program at the University of Alberta.  Finally, employees were also provided with ongoing mentoring by senior analysts, team leaders and managers within the Access to Information and Privacy Division.

Return to Top of Page
V. New and Revised Privacy-related Policies and Procedures

In fiscal year 2011–2012, the Access to Information and Privacy Division submitted an updated chapter for Info Source in relation to TBS requirements.  Specific TBS concerns raised in the previous year’s Management Accountability Framework were addressed:

  • The CBSA’s Info Source chapter has been reorganized to mirror the CBSA’s 2011 Program Activity Architecture (PAA) to the sub-activity level;
  • The Access to Information and Privacy Division undertook an extensive review of its Personal Information Banks (PIBs).  As a result, CBSA revised many CBSA specific PIBs to ensure they accurately described respective collections of personal information for specific programs, activities and their authorities, rather then their umbrella programs, organizational units, or project;
  • The CBSA registered ten new PIBs;
  • The CBSA replaced several institution-specific PIBs with TBS Standard PIBS.

The Access to Information and Privacy Division will continue to revise its Info Source throughout the 2012-2013 fiscal year in accordance with TBS requirements.

The Division created a focus group of experienced employees from the various teams.  The group meets monthly to discuss ongoing operational issues, and in conjunction with the quarterly program review to be undertaken with the Access to Information and Privacy Liaison network will be instrumental in the review and improvement of operational procedures and processes in the coming fiscal year.

The CBSA also updated its Access to Information and Privacy internal and external websites, internal routing documents, and correspondence to Access to Information and Privacy requesters with its duty to assist commitment to process requests in a timely, transparent and efficient manner.

The Access to Information and Privacy Division has provided the service of informally severing CBSA records as if they had been requested under the Privacy Act.  In light of the increase in both formal and informal requests received by the CBSA over the past year, and in order to better manage its workload, the Access to Information and Privacy Division has created service standards for the processing of records within the CBSA.  These standards were communicated to CBSA staff in July 2011.  The Access to Information and Privacy Division received 123 informal requests of this nature in fiscal year 2011–2012.

In fiscal year 2011–2012, it was brought to our attention that CBSA offices had been referring individuals who have made requests for customs information to the Access to Information and Privacy Division, adding unnecessary delay and additional work to the access process.  In consultation with the CBSA’s Information Sharing Unit, the Access to Information and Privacy Division prepared a memorandum reminding staff of the policy authority for the disclosure of customs information under Policy Guidelines for the Disclosure of Customs Information: Section 107 of the Customs Act.  The policy identifies the various CBSA officials who are authorized to disclose customs information under subsection 107(9).  The memorandum was sent to Regional Director Generals on September 1, 2011.

The CBSA has also implemented numerous measures respecting the privacy practices of the CBSA.  These measures include:

  • The implementation of  new electronic processes, tools, and templates for PIAs, PIBs, privacy notice statements, reviews of memoranda of understanding, and privacy complaints and corrections;
  • The drafting of a privacy protocol guidance document to assist programs in developing privacy protocols when collecting, using, or disclosing information for non-administrative purposes.  This document will be finalized in fiscal year 2012-2013;
  • The introduction of new policy and guidelines for Written Collaborative Arrangements (WCAs) that identify the Access to Information and Privacy Division as a key stakeholder in the development of new WCAs that collect, use, and disclose personal information;
  • The development of standard operating procedures for the disclosure of personal information pursuant to sub-paragraph 8(2)(m)(i) of the Privacy Act.  The procedures were developed in consultation with the Information Sharing Unit in September 2011 in light of the launch of the “Wanted by the CBSA” website.
Return to Top of Page
VI. Management Accountability Framework

For its efforts in promoting and strengthening its access to information program in fiscal year 2011–2012, the CBSA received a “Strong” rating in all three Management Accountability Framework lines of evidence:  12.4 – Access to Information, 12.5 – Privacy and Protection of Personal Information, and 12.6 – Governance and Capacity.

The CBSA is confident that our achievements over the past year, along with the continued support of the Executive Committee, provide the solid foundation required to continue building and optimizing a robust and effective Access to Information and Privacy program for the CBSA.

VII. Progress on the Privacy Management Framework Action Plan

In October 2010, the CBSA’s Privacy Management Framework (PMF) was completed and shared with the Office of the Privacy Commissioner (OPC).  In March 2011, the CBSA’s PMF Action Plan was presented to the Comptrollership Standing Committee, and the Committee asked that the plan be modified and presented again in the Fall 2011 to reflect current budget restraints.  The PMF is a gap analysis of how the CBSA administers the Privacy program, and provides a set of recommendations for training, tools, performance measures, and governance structures to address these gaps.  Based on these recommendations, the Access to Information and Privacy Division has, in consultation with key program areas, developed and presented a three-year Action Plan to implement the PMF recommendations.  Considerable progress has been made on several of the key recommendations: 

  • The CBSA has drafted the terms and references for a proposed Chief Privacy Officer (CPO) and Privacy Oversight Committee, and will look to implement these roles in fiscal year 2012-2013.  As a senior executive, the CPO will be responsible for championing privacy protection and will ensure that key strategic goals are developed and implemented in full consideration of privacy principles.  The proposed Privacy Oversight Committee will help to share accountability for privacy across the senior management echelon and secure “buy-in” through a consensus-based approach to strategic privacy management across the CBSA and will consist of executives from key program and corporate areas;
  • The Access to Information and Privacy Division began developing a PIA Governance Framework, which will strengthen the capacity for programs to complete fulsome PIAs commensurate to the risk involved in new or substantially modified programs followed by comprehensive action plans that will better enable the CBSA to meet its privacy obligations;
  • A CBSA Privacy Breach Protocol is in its final stage of development by the Access to Information and Privacy Division in consultation with Security and Professional Standards and other key stakeholders, and will be implemented in the new fiscal year.  In the interim, in the event of a privacy breach, the CBSA adheres to the Treasury Board’s guidelines for privacy breaches.

The CBSA believes that the PMF and its associated Action Plan will greatly strengthen the CBSA’s compliance with legislative and policy requirements, thereby demonstrating transparency, accountability, and leadership in the protection of privacy rights.

Return to Top of Page
VIII. Audits into the Privacy Practices of the Canada Border Services Agency
Update to the Audit of Closed-Circuit Television (CCTV) at Canada’s International Airports

In October 2010, the OPC initiated an audit of air traveler privacy in Canada, and in particular, the use by the CBSA of CCTV cameras at Canada’s International Airports.  As part of this audit, there was an assessment of the CBSA’s personal information management practices in relation to video vis-à-vis the Privacy Act and the Treasury Board of Canada Secretariat policy requirements.  The OPC provided draft results of their audit in July 2011.   The CBSA accepted their recommendations, and devised an action plan for the implementation of several measures, including:

  • The development of templates for WCAs to be negotiated as necessary for CCTV initiatives;
  • The development of appropriate privacy notices for signage to inform the public of audio-video monitoring and recording; and
  • The implementation of a CBSA Policy on the Overt Use of Audio-Video Monitoring and Recording Technology.

In June 2012, the Minister of Public Safety directed the CBSA to halt audio monitoring, with the exception of recorded interviews, until a Privacy Impact Assessment can be submitted, and recommendations from the Privacy Commissioner can be reviewed by the Government.

Audit of the Protection and Privacy of Personal Information at the CBSA

The Audit Committee approved an audit of the Protection and Privacy of Personal Information in fiscal year 2013-2014 as part of the CBSA’s Risk-Based Audit Plan 2011–2012 to 2013-2014.  The preliminary objective of this audit will be to determine whether the CBSA is in compliance with the requirements of the Privacy Act, with a focus in areas of high risk for personal information.

Return to Top of Page

Privacy Impact Assessments

In fiscal year 2011-2012, the CBSA initiated seven PIAs, two of which were completed in the same fiscal year.  The two PIAs – ccmMercury Ministerial/Executive Correspondence System and Customs Controlled Areas (CCA) – were submitted to the OPC for review and comment during fiscal year 2011–2012.

The ccmMercury Ministerial/Executive Correspondence System is used to track all Ministerial and Executive correspondence, including constituency correspondence that is not processed in the CBSA and is usually returned to the author or the Minister of Public Safety Canada, CIC or related government department offices.  A PIA Summary will be posted on the CBSA Access to Information and Privacy website at http://www.cbsa-asfc.gc.ca/agency-agence/reports-rapports/pia-efvp/atip-aiprp/pias-sefp-eng.html.

The implementation of the CCA Regulations at designated locations is expected to take place in the spring of 2012. These designated areas are intended to address potential problems resulting from internal conspiracies where domestic employees may misuse their positions at certain border-related facilities to engage in criminal activities when in contact with uncleared international travelers and/or goods.  On June 11, 2009, legislative amendments to the Customs Act (Bill S-2) were required to improve the operational functionality of the CCA initiative were given Royal Assent.  While current collections of personal information will not be expanded by the implementation of CCAs, the changes to the Act allow for more operational flexibility by the CBSA.  The PIA addresses privacy concerns identified during the process as well as recommendations provided by the OPC in 2010.  A PIA Summary will be posted on the CBSA Access to Information and Privacy website at http://www.cbsa-asfc.gc.ca/agency-agence/reports-rapports/pia-efvp/atip-aiprp/pias-sefp-eng.html.

Disclosures Made Pursuant to Paragraph 8(2)(e) of the Privacy Act

During the 2011–2012 fiscal year, 167 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act, were made by the CBSA.

Return to Top of Page

Disclosures Made Pursuant to Paragraph 8(2)(m) of the Privacy Act

During the 2011–2012 fiscal year, 20 disclosures pursuant to paragraph 8(2)(m) of the Privacy Act, were made by the CBSA. In each case, only the fact that the individuals were being removed from Canada in accordance with the Immigration and Refugee Protection Act (IRPA) was disclosed.

These disclosures served to demonstrate that the objectives and integrity of the immigration system, and the protection of the health and safety of Canadians were being maintained in Canada. It is in the interest of the public to know that the Department of Public Safety and its portfolio partners are committed to carrying out this mandate.

The balance between the public’s need to know and protection of an individual’s privacy is of utmost concern to the CBSA, and in each of these cases it was determined that public interest in the disclosure of these individual’s removal status outweighed any injury to the individuals.

In each case the Office of the Privacy Commissioner was notified prior to the disclosure.

Delegation Order

In fiscal year 2011–2012, the CBSA revised the Delegation Order for Access to Information and Privacy.  The new Delegation Orders ensure greater autonomy of the Access to Information and Privacy Director and restrict authorities to the President, Executive Vice President, Vice-President of Corporate Affairs Branch, Director General of the Corporate Secretary, and the Access to Information and Privacy Division.  See Annex A for a signed copy of the Delegation Order.

Return to Top of Page

Chapter Two: Interpretation of Statistical Report

Statistical report and Supplemental Reporting Requirements

See Annex B for the CBSA’s statistical report on the Privacy Act.

Interpretation of the Statistical reports

I. Overview

In fiscal year 2011–2012, the CBSA continued to refine its practices to maintain a high level of service to requesters while addressing increased workload-related issues.  Statistics suggest these refinements are having a positive effect as evidenced by a continued high completion rate of requests within the legislated timelines.

II. Requests Received Under the Privacy Act

Overall, the CBSA received 6,674 privacy requests in fiscal year 2011–2012, an increase of 130.5% from the previous year.  The CBSA responded to 6,330 privacy requests during fiscal year 2011–2012, representing 94.8% of the total number of requests that it received.  In total, 306 requests were carried forward from fiscal year 2010-2011 and 650 requests were carried over to the current 2012-2013 period.

Privacy Requests Received/Completed

Of the 6,330 requests completed, the CBSA reviewed over 368,496 pages, an average of 58 pages per request.  The increase in the number of pages is affecting the processing of the requests, as more time is required for revision and processing.

Pages Reviewed

Return to Top of Page
III. Completion Time

Of the 6,330 requests completed during the fiscal year 2011–2012, the CBSA responded to 5,709 requests within 30 days or less, representing 90.2% of all the requests completed.  Further, the CBSA has responded to 445 requests (7%) within 31 to 60 days, 103 requests (1.6%) within 61 to 120 days, and 73 requests (1.2%) required 121 days or more to be completed.

Completion Time

Of all the requests completed, the CBSA was successful in responding to 97.6% within the statutory time frames.  This result reflects the CBSA’s commitment to ensuring that every reasonable effort is made to complete the requests in a timely manner.

IV. Extension

The Privacy Act allows departments to extend the legislated deadline of a request if the request cannot be completed within the legislated 30 day time limit.   Section 15 of the Privacy Act permits extensions if:

  • Meeting the original time limit would unreasonably interfere with the operations of the government institution;
  • Consultations are necessary to comply with the request that cannot reasonably be completed within the original time limit; or
  • If additional time is necessary for translation purposes or for the purposes of converting the personal information into an alternative format

In total, 386 extensions were applied to requests in fiscal year 2011–2012.  Due to the nature of the records handled by the CBSA, the majority of the extensions requested were to undertake consultations with other government departments such as CIC, the RCMP and the Department of Foreign Affairs and International Trade.  In this matter, extensions were required in 289 instances (74.9%) for consultation.  Additionally, extensions were required in 97 instances (25.1%) as meeting the original time limit would interfere with the operations of the institution.  The Access to Information and Privacy Division did not invoke any extensions for the translation of documents.

Extensions

Return to Top of Page
V. Disposition of Requests Completed

Of the 6,330 privacy requests processed in  fiscal year 2011–2012, the CBSA provided full release of the information requested for 48.1% of the requests completed (3,046 requests).  Due to the nature of our work, the most frequent outcome of the requests processed during the reporting period required that exemptions be invoked in 40.3% of the requests (2,553 requests).  Only 0.03% of the requests were completely exempted from disclosure (two requests).

For the remaining 11.5% of the requests completed (729 requests), 6.7% (421 requests) were requests for which no documentation exists.  As well, of the completed requests, 4.9% were abandoned (308 requests).  Such an action may occur at any point in the processing of a request.   Finally, there were no requests that did not fall under the control of the CBSA or that were compelled by the exclusionary provisions the Privacy Act.

Disposition of Completed Requests

VI. Exemptions Invoked

Sections 18 through 28 of the Privacy Act set out the exemptions intended to protect information pertaining to a particular public or private interest.

While most information is of a sensitive nature, the CBSA is making every effort to release as much information as possible, to remain consistent with the spirit of the Privacy Act.  The majority of the exemptions invoked by the CBSA fell under four sections of the Privacy Act.  Paragraph 22(1)(b), which protects the disclosure of materials that could reasonably be expected to be injurious to the enforcement of any law of Canada or a province or conduct of lawful investigations, was used in 1,578 cases (23.8%).  Section 26, which protects information about another individual, was used in 1,148 cases (17.3%).  Section 21, which keeps the disclosure of materials that could reasonably be expected to be injurious to the conduct of international affairs, the  defence of Canada or any other state allied or associated with Canada, was used in 456 cases (6.8%).  Paragraph 19(1)(a), which exempt records of personal information obtained in confidence, was used in 296 cases (4.5%).

In terms of how the CBSA reports exemptions, if five different exemptions were used in one request, one exemption under each relevant section would be reported for a total of five exemptions.  If the same exemption was used several times for the same request, it would be reported only once.

Exemptions Invoked

Return to Top of Page
VII. Exclusions Cited

In fiscal year 2011–2012, section 70 of the Privacy Act (records considered to be confidences of the Queen's Privy Council of Canada) was not invoked.

VIII. Complaints and Investigations

Subsection 29(1) of the Privacy Act describes how the OPC receives and investigates complaints from individuals in respect to their personal information held by a government institution.  Examples of complaints the OPC may choose to investigate include:  refusal of access to personal information, an allegation that personal information about them held by a government institution has been misused or wrongfully disclosed, or if an individual has not been given access to personal information in the official language requested by the individual.

Throughout the 2011–2012 fiscal year, 54 privacy complaints were filed against the CBSA.  This number represents less than 0.9% of all the requests completed during this period.  The complaints received during the fiscal year were related to the following: time delay (eight), application of exemptions or exclusions (seven), use and disclosure (three), time extension (two), refusal to disclose (13) and miscellaneous reasons (21).

Complaints Received Profile

There were 13 active complaints outstanding from fiscal year 2010-2011.  The Access to Information and Privacy Division received 54 privacy complaints in fiscal year 2011–2012.  A total of 24 complaints are being carried forward into the 2012–2013 fiscal year.  During the 2011–2012 fiscal year, the OPC resolved 43 privacy complaints with the CBSA.

Complaint Workload

Of the complaints resolved, 10 were well founded, 21 were not well founded and 12 were abandoned or discontinued.  Where complaints are substantiated, the matter is reviewed by the delegated managers and processes are adjusted if required.  For example, extensions may be reviewed to determine whether the length of time taken was appropriate, given the complexity of the request.

Complaints Closed in 2011-2012
Well founded with recommendations – Resolved 1
Well founded with recommendations – Not Resolved 0
Well founded without recommendations – Resolved 9
Not well founded 21
Abandoned/discontinued 12
Not substantiated 0
Total 43
Return to Top of Page
IX. Appeals

There were no appeals to the Federal Court during the 2011–2012 fiscal year.

X. Conclusion

The year fiscal year 2011–2012 has seen the CBSA further evolve its capacity to respond to privacy requests while safeguarding access rights.  The CBSA’s human resource activities have allowed us to retain and develop our privacy expertise.  New processes and employees training and outreach have helped streamline our response times in the face of growing volumes and complexity.   Challenges remain however, notably in the area of PIAs.  However, implementing measures set out in the CBSA’s Privacy Management Framework will help us to meet these and other challenges in the years to come.

Return to Top of Page

Annex A – Delegation Order

The Minister of Public Safety and Emergency Preparedness, pursuant to section 73 of the Access to Information Act and section 73 of the Privacy Act, hereby designates the persons holding positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister of Public Safety and Emergency Preparedness as the head of Canada Border Services Agency under the provisions of the Act and related regulations set out in the schedule opposite each position. This designation replaces all previous delegation orders.

Position Access to Information Act and Regulations Privacy Act and Regulations
President Full Authority Full Authority
Executive Vice-President Full Authority Full Authority
Vice-President, Corporate Affairs Branch Full Authority Full Authority
Director-General, Corporate Secretariat Full Authority Full Authority
Director, ATIP Division Full Authority Full Authority
Manager, ATIP Division Full Authority Full Authority
(except 8(2)(m))
Team Leader, ATIP Division Full Authority Full Authority
(except 8(2)(m))

Annex B – Report 350-63-2011:  Privacy Act


[1] Privacy Act R.S., 1985, Chapter P-21, p. 1

[2] Ibid., p. 42-43

[3] Canada Border Services Agency website, About Us – What we do, accessed April 12, 2012

[4] Treasury Board of Canada Secretariat website, Report on the TBS Study of Best Practices for Access to Information Requests Subject to Particular Processing, accessed April 12, 2012