Language selection

Search


Annual Report on the Privacy Act 2019–20

General

The Canadian Nuclear Safety Commission (CNSC) regulates the use of nuclear energy and materials to protect health, safety, security and the environment; to implement Canada’s international commitments on the peaceful use of nuclear energy; and to disseminate objective scientific, technical and regulatory information to the public.

The CNSC’s mandate, derived from the Nuclear Safety and Control Act, involves four major areas:

  • regulation of the development, production and use of nuclear energy in Canada to protect health, safety and the environment
  • regulation of the production, possession, use and transport of nuclear substances, and the production, possession and use of prescribed equipment and prescribed information
  • implementation of measures respecting international control of the development, production, transport and use of nuclear energy and substances, including measures respecting the nonproliferation of nuclear weapons and nuclear explosive devices
  • dissemination of scientific, technical and regulatory information concerning the activities of the CNSC, and the effects on the environment and the health and safety of persons, of the development, production, possession, transport and use of nuclear substances

The CNSC also provides advice with respect to the implementation of the Nuclear Liability and Compensation Act, works in partnership with the Impact Assessment Agency to conduct impact assessments for nuclear projects subject to the Impact Assessment Act, 2019, and implements Canada’s bilateral agreement with the International Atomic Energy Agency on nuclear safeguards verification.

Purpose of the Privacy Act

The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals for personal information about themselves held by a government institution and provide individuals with a right of access to that information.

Tabling of the annual report

This annual report is prepared and tabled in Parliament in accordance with section 72 of the Privacy Act.

1. Statistical report

I. Requests received under the Privacy Act

During the 2019–20 reporting period, the CNSC received five new requests pursuant to the Privacy Act. While this represents a significant decrease from the 19 requests closed in 2018–19, it is typical of the CNSC’s annual volume of requests received under this act.

The CNSC had no Privacy Act requests or issues related to this act during the period of March 16 to March 31, 2020; therefore, COVID-19 did not affect the CNSC’s ability to fulfill its Privacy Act responsibilities.

Workload
2015-16 2016-17 2017-18 2018-19 2019-20
Received 9 1 4 19 5
Closed 9 2 4 19 5
Outstanding 1 1 0 0 0
Carried Forward 1 0 0 0 0

II. Costs

During 2019–20, the CNSC Access to Information and Privacy (ATIP) Office incurred $16,784 in salary costs and $4,881 in goods and services costs to administer the Privacy Act.

See annex A for further statistical information.

2. Practices and procedures

At the CNSC, the IT Operations and Service Delivery Division (ITOSDD), within the Information Management and Technology Directorate (IMTD), administers the Privacy Act.

Privacy requests are received by the Records Office and forwarded to the ATIP Office within ITOSDD.

The CNSC also receives privacy requests through the ATIP online request portal available through the Treasury Board Secretariat website. ATIP Office staff process the requests in consultation with the appropriate CNSC directorates and with external parties, where necessary.

The CNSC has one full-time employee who dedicates some of their time to activities related to the Privacy Act.

During 2019–20, the CNSC continued to concentrate on providing employee training on information management, the Access to Information Act, the Privacy Act and information security. This involved formal training over several sessions, including a directorate all-staff meeting of approximately 61 people, divisional sessions delivered to 33 people, and an inspection fundamentals program delivered to 23 people. There were also informal one-on-one awareness sessions.

All training and awareness sessions, both formal and informal, focused on informing employees of their responsibilities under the legislation. ITOSDD offers an integrated training approach, emphasizing the connections between sound information management practices and an effective ATIP program. The ATIP Office also provides advice and support as required.

Documentation and training materials on the CNSC’s ATIP program are available through the corporate intranet along with links to other materials, such as legislation, Treasury Board Secretariat policies and guidance documents, and a range of information management and guidance tools.

Where relevant, employees are informed about the Treasury Board Secretariat’s Directive on Privacy Impact Assessment. The CNSC has implemented internal procedures to guide employees and consultants through the privacy impact assessment process. These procedures reflect changes to the Privacy Act policy suite. Governance and project management methodologies are in place within the Information Management and Technology Directorate to ensure that privacy considerations are identified and addressed throughout the entire system development cycle. The Senior ATIP Advisor and the Director of the ITOSDD participate actively in systems development initiatives.

In 2019-20, an internal audit on the management of personal information at the CNSC was conducted. As a result of this audit, the CNSC produced a management action plan and is implementing new and updated policies, guidelines and procedures, as applicable.

3. Delegation of authority

The Governor in Council has delegated the authority to exercise the powers, duties and functions of the Privacy Act to the President of the CNSC. In turn, the President has designated the Vice-President of the Corporate Services Branch, the Director General of the Information Management and Technology Directorate, the Director of the IT Operations and Service Delivery Division and the Senior ATIP Advisor to exercise her powers, duties and functions, with respect to the Privacy Act.

See annex B for a copy of the instrument of delegation.

4. Complaints and appeals to the Federal Court

No complaints were registered with the Office of the Privacy Commissioner during the reporting period.

5. Privacy impact assessments

During the 2019–20 reporting period, one new privacy impact assessment was completed.

The CNSC posts summaries of completed privacy impact assessments on its external website and forwards copies of completed privacy impact assessment reports to the Office of the Privacy Commissioner.

6. Disclosure under paragraphs 8(2)(e) or 8(2)(m) of the Privacy Act

The CNSC did not make any disclosures of personal information under paragraphs 8(2)(e) or 8(2)(m) of the Privacy Act during the reporting period.

7. Data matching activities

The CNSC has no new data matching and sharing activities to report for this reporting period.

8. Privacy breaches

No material privacy breaches at the CNSC were reported to the Treasury Board Secretariat or the Office of the Privacy Commissioner during the reporting period.

9. Compliance

The CNSC achieved a compliance rating of 80% for completed privacy requests closed within the legislated time frame in 2019-20. Many factors led to this rate of compliance, including an electronic retrieval system in use since 2009. This electronic system has reduced the time needed for the ATIP Office to receive the required documents and prepare the files for review and approval. The ATIP Office has established a five-day service standard for subject matter experts to retrieve relevant records and obtain Director General sign-off. In addition, through training and awareness sessions, CNSC staff members were receptive to their obligations under the Privacy Act.

Annex A: Statistical Information

Name of institution: Canadian Nuclear Safety Commission

Reporting period: 2019-04-01 to 2020-03-31

Section 1: Requests Under the Privacy Act

1.1 Number of requests
Number of Requests
Received during reporting period 5
Outstanding from previous reporting period 0
Total 5
Closed during reporting period 5
Carried over to next reporting period 0

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time
Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 1 1 1 1 0 0 0 4
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 1 0 0 0 0 0 0 1
Request abandoned 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 2 1 1 1 0 0 0 5
2.2 Exemptions
Section Number of Requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 0
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 0
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 3
27 1
28 0
2.3 Exclusions
Section Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Paper Electronic Other formats
2 2 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of Pages Processed Number of Pages Disclosed Number of Requests
1568 366 4
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than 100
Pages
Processed
101-500
Pages
Processed
501-1000
Pages
Processed
1001-5000
Pages
Processed
More Than 5000
Pages
Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 0 0 0 0 0 0 0 0 0 0
Disclosed in part 1 5 2 157 0 0 1 204 0 0
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 1 5 2 157 0 0 1 204 0 0
2.5.3 Other complexities
Disposition Consultation
Required
Legal Advice
Sought
Interwoven
Information
Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 0 0 0 0
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 0 0 0 0 0

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines
  Requests closed within legislated timelines
Number of requests closed within legislated timelines 4
Percentage of requests closed within legislated timelines (%) 80

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated deadline
Number of Requests Closed Past the Statutory Deadline Principal Reason
Workload External Consultation Internal Consultation Other
1 0 0 1 0
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Deadline Number of Requests Past Legislated Timelines Where No Extension Was Taken Number of Requests Past Legislated Timelines Where an Extension Was Taken Total
1 to 15 days 0 1 1
16 to 30 days 0 0 0
31 to 60 days 0 0 0
61 to 120 days 0 0 0
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 0 1 1
2.8 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Section 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken 15(a)(i) Interference with Operations 15(a)(ii) Consultation 15(b)
Translation purposes or Conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
2 1 1 0 0 0 0 0 0
5.2 Length of extensions
Length of Extensions 15(a)(i) Interference with Operations 15(a)(ii) Consultation 15(b)
Translation purposes or Conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 1 1 0 0 0 0 0 0
31 days or greater               0
Total 1 1 0 0 0 0 0 0

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and organizations
Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Pending at the end of the reporting period 0 0 0 0
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services
Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000
Pages Processed
1001-5000
Pages Processed
More than 5000
Pages Processed
Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of Days Fewer Than 100 Pages Processed 101‒500 Pages Processed 501-1000
Pages Processed
1001-5000
Pages Processed
More than 5000
Pages Processed
Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
0 0 0 0 0

Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)

9.1 Privacy Impact Assessments
Number of PIA(s) completed 0
9.2 Personal Information Banks
Personal Information Banks Active Created Terminated Modified
69 0 0 0

Section 10: Material Privacy Breaches

Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

Section 11: Resources Related to the Privacy Act

11.1 Costs
Expenditures Amount
Salaries $16,784
Overtime $0
Goods and Services $4,881
Professional services contracts
$0
Other
$4,881
Total $21,665
11.2 Human resources
Resources Person Years Dedicated to Privacy Activities
Full-time employees 0.20
Part-time and casual employees 0.00
Regional staff 0.00
Consultants and agency personnel 0.00
Students 0.00
Total 0.20

Annex B: Delegation order

The President of the Canadian Nuclear Safety Commission, pursuant to section 73 of the Access to Information Act and section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the President as the head of the Canadian Nuclear Safety Commission, under the provisions of the Act and related regulations set out in the schedule opposite each position. This designations replaces all previous delegation orders.

Schedule
Position Privacy Act and Regulations Access to Information Act and Regulations
Vice-President, Corporate Services Branch Full authority Full authority
Director General, Information Management and Technology Directorate Full authority Full authority
Director, Information Management Division Full authority Full authority
Senior ATIP Advisor Full authority Full authority

Original signed by

Rumina Velshi
President
Canadian Nuclear Safety Commission

Date: July 29, 2020

Page details

Date modified: