Annual Report on the Privacy Act 2020–21
Annual Report on the Privacy Act 2020–21 (PDF, 18 pages, 1.61 MB)
Table of contents
- General
- Purpose of the Privacy Act
- 1. Statistical report
- 2. Practices and procedures
- 3. Delegation of authority
- 4. Complaints and appeals to the Federal Court
- 5. Privacy impact assessments
- 6. Disclosure under paragraphs 8(2)(e) or (m) of the Privacy Act
- 7. Data matching activities
- 8. Privacy breaches
- 9. Compliance
- Annex A: Statistical Information
- Annex B: Delegation Order
General
The Canadian Nuclear Safety Commission (CNSC) regulates the use of nuclear energy and materials to protect health, safety, security and the environment; to implement Canada’s international commitments on the peaceful use of nuclear energy; and to disseminate objective scientific, technical and regulatory information to the public.
The CNSC’s mandate, derived from the Nuclear Safety and Control Act, involves four major areas:
- regulation of the development, production and use of nuclear energy in Canada to protect health, safety and the environment
- regulation of the production, possession, use and transport of nuclear substances, and the production, possession and use of prescribed equipment and prescribed information
- implementation of measures respecting international control of the development, production, transport and use of nuclear energy and substances, including measures respecting the nonproliferation of nuclear weapons and nuclear explosive devices
- dissemination of scientific, technical and regulatory information concerning the activities of the CNSC, and the effects on the environment and the health and safety of persons, of the development, production, possession, transport and use of nuclear substances
The CNSC also provides advice with respect to the implementation of the Nuclear Liability and Compensation Act, works in partnership with the Impact Assessment Agency to conduct impact assessments for nuclear projects subject to the Impact Assessment Act, 2019, and implements Canada’s bilateral agreement with the International Atomic Energy Agency on nuclear safeguards verification.
Purpose of the Privacy Act
The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals for personal information about themselves held by a government institution and provide individuals with a right of access to that information.
Tabling of the annual report
This annual report is prepared and tabled in Parliament in accordance with section 72 of the Privacy Act.
1. Statistical report
I. Requests received under the Privacy Act
During the 2020–21 reporting period, the CNSC received 17 new requests pursuant to the Privacy Act. This represents a significant increase from the 5 requests received in 2019–20.
COVID-19 did not have any effect on the processing of Privacy Act requests during the period of April 1, 2020 to March 31, 2021.
| 2016-17 | 2017-18 | 2018-19 | 2019-20 | 2020-21 | |
|---|---|---|---|---|---|
| Received | 1 | 4 | 19 | 5 | 17 |
| Closed | 2 | 4 | 19 | 5 | 16 |
| Outstanding | 1 | 0 | 0 | 0 | 1 |
| Carried Forward | 0 | 0 | 0 | 0 | 2 |
II. Costs
During 2020–21, the CNSC Access to Information and Privacy (ATIP) Office incurred $38,571 in salary costs and $5,934 in goods and services costs to administer the Privacy Act.
See annex A for further statistical information.
2. Practices and procedures
At the CNSC, the IT Operations and Service Delivery Division (ITOSDD), within the Information Management and Technology Directorate (IMTD), administers the Privacy Act.
Privacy requests are received by the Records Office and forwarded to the ATIP Office within ITOSDD.
The CNSC also receives privacy requests through the ATIP online request portal available through the Treasury Board Secretariat website. ATIP Office staff process the requests in consultation with the appropriate CNSC directorates and with external parties, where necessary.
The CNSC has one full-time employee who dedicates some of their time to activities related to the Privacy Act.
During 2020-21, the CNSC continued to concentrate on providing employee training on information management, the Access to Information Act, the Privacy Act and information security. This involved a presentation in February during Security Awareness Week on privacy breaches and the management of personal information with an attendance of approximately 108 participants. The ATIP Office also conducted several formal and informal training sessions for individuals, at divisional meetings and for functional specialists (Inspection Fundamentals training). On August 26, 2020, the Director General of IMTD sent out a message to all CNSC staff encouraging them to complete the Canada School of Public Service online course on your obligations regarding the Privacy Act (Access to Information and Privacy Fundamentals I015). Additionally, the CNSC Human Resources Directorate, at the request of the ATIP Office, also added the online course to the list of mandatory training for all new staff. The ATIP Office continues working with the Corporate Security section providing ongoing training to staff regarding their obligations around safeguarding sensitive information, which includes personal information.
All training and awareness sessions, both formal and informal, focused on informing employees of their responsibilities under the legislation. ITOSDD offers an integrated training approach, emphasizing the connections between sound information management practices and an effective ATIP program. The ATIP Office also provides advice and support as required.
Documentation and training materials on the CNSC’s ATIP program are available through the corporate intranet along with links to other materials, such as legislation, Treasury Board Secretariat policies and guidance documents, and a range of information management and guidance tools.
Where relevant, employees are informed about the Treasury Board Secretariat’s Directive on Privacy Impact Assessment. The CNSC has implemented internal procedures to guide employees and consultants through the privacy impact assessment process. These procedures reflect changes to the Privacy Act policy suite. Governance and project management methodologies are in place within the Information Management and Technology Directorate to ensure that privacy considerations are identified and addressed throughout the entire system development cycle. The Senior ATIP Advisor and the Director of the ITOSDD participate actively in systems development initiatives.
In 2020–21, there were no internal audits conducted on the management of personal information at the CNSC.
3. Delegation of authority
The Governor in Council has delegated the authority to exercise the powers, duties and functions of the Privacy Act to the President of the CNSC. In turn, the President has designated the Vice-President of the Corporate Services Branch, the Director General of the Information Management and Technology Directorate, the Director of the IT Operations and Service Delivery Division and the Senior ATIP Advisor to exercise her powers, duties and functions, with respect to the Privacy Act.
See annex B for a copy of the instrument of delegation.
4. Complaints and appeals to the Federal Court
No complaints were registered with the Office of the Privacy Commissioner during the reporting period.
5. Privacy impact assessments
During the 2020–21 reporting period, there were no privacy impact assessments completed.
The CNSC posts summaries of completed privacy impact assessments on its website and forwards copies of completed privacy impact assessment reports to the Office of the Privacy Commissioner.
6. Disclosure under paragraphs 8(2)(e) or 8(2)(m) of the Privacy Act
The CNSC did not make any disclosures of personal information under paragraphs 8(2)(e) or 8(2)(m) of the Privacy Act during the reporting period.
7. Data matching activities
The CNSC has no new data matching and sharing activities to report for this reporting period.
8. Privacy breaches
No material privacy breaches at the CNSC were reported to the Treasury Board Secretariat or the Office of the Privacy Commissioner during the reporting period.
9. Compliance
The CNSC achieved a compliance rating of 100% for completed privacy requests closed within the legislated time frame in 2020-21. The ATIP Office has established a five-day service standard for subject matter experts to retrieve relevant records and obtain Director General sign-off. In addition, through training and awareness sessions, CNSC staff members were receptive to their obligations under the Privacy Act.
Annex A: Statistical Information
Name of institution: Canadian Nuclear Safety Commission
Reporting period: 2020-04-01 to 2021-03-31
Section 1: Requests Under the Privacy Act
| Number of Requests | |
|---|---|
| Received during reporting period | 17 |
| Outstanding from previous reporting period | 1 |
| Total | 18 |
| Closed during reporting period | 16 |
| Carried over to next reporting period | 2 |
Section 2: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More Than 365 Days | Total | |
| All disclosed | 0 | 2 | 0 | 0 | 0 | 0 | 0 | 2 |
| Disclosed in part | 0 | 5 | 0 | 6 | 1 | 0 | 0 | 12 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 7 | 0 | 6 | 1 | 0 | 0 | 16 |
| Section | Number of Requests |
|---|---|
| 18(2) | 0 |
| 19(1)(a) | 0 |
| 19(1)(b) | 0 |
| 19(1)(c) | 0 |
| 19(1)(d) | 0 |
| 19(1)(e) | 0 |
| 19(1)(f) | 0 |
| 20 | 0 |
| 21 | 0 |
| 22(1)(a)(i) | 0 |
| 22(1)(a)(ii) | 0 |
| 22(1)(a)(iii) | 0 |
| 22(1)(b) | 0 |
| 22(1)(c) | 0 |
| 22(2) | 0 |
| 22.1 | 0 |
| 22.2 | 0 |
| 22.3 | 0 |
| 23(a) | 0 |
| 23(b) | 0 |
| 24(a) | 0 |
| 24(b) | 0 |
| 25 | 0 |
| 26 | 11 |
| 27 | 9 |
| 28 | 0 |
| Section | Number of Requests |
|---|---|
| 69(1)(a) | 0 |
| 69(1)(b) | 0 |
| 69.1 | 0 |
| 70(1) | 0 |
| 70(1)(a) | 0 |
| 70(1)(b) | 0 |
| 70(1)(c) | 0 |
| 70(1)(d) | 0 |
| 70(1)(e) | 0 |
| 70(1)(f) | 0 |
| 70.1 | 0 |
| Paper | Electronic | Other formats |
|---|---|---|
| 0 | 14 | 0 |
2.5 Complexity
| Number of Pages Processed | Number of Pages Disclosed | Number of Requests |
|---|---|---|
| 3206 | 1481 | 14 |
| Disposition | Less Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More Than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| All disclosed | 2 | 18 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 3 | 35 | 8 | 1255 | 1 | 173 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 5 | 53 | 8 | 1255 | 1 | 173 | 0 | 0 | 0 | 0 |
| Disposition | Consultation Required | Legal Advice Sought | Interwoven Information | Other | Total |
|---|---|---|---|---|---|
| All disclosed | 0 | 0 | 1 | 0 | 1 |
| Disclosed in part | 6 | 2 | 3 | 0 | 11 |
| All exempted | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 6 | 2 | 4 | 0 | 12 |
2.6 Closed requests
| Requests closed within legislated timelines | |
|---|---|
| Number of requests closed within legislated timelines | 16 |
| Percentage of requests closed within legislated timelines (%) | 100 |
2.7 Deemed refusals
| Number of Requests Closed Past the Statutory Deadline | Principal Reason | |||
|---|---|---|---|---|
| Workload | External Consultation | Internal Consultation | Other | |
| 0 | 0 | 0 | 0 | 0 |
| Number of Days Past Deadline | Number of Requests Past Legislated Timelines Where No Extension Was Taken | Number of Requests Past Legislated Timelines Where an Extension Was Taken | Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 0 | 0 | 0 |
| 61 to 120 days | 0 | 0 | 0 |
| 121 to 180 days | 0 | 0 | 0 |
| 181 to 365 days | 0 | 0 | 0 |
| More than 365 days | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
| Translation Requests | Accepted | Refused | Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 3: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 0 | 0 | 0 | 0 |
Section 4: Requests for Correction of Personal Information and Notations
| Disposition for Correction Requests Received | Number |
|---|---|
| Notations attached | 0 |
| Requests for correction accepted | 0 |
| Total | 0 |
Section 5: Extensions
| Number of requests where an extension was taken | 15(a)(i) Interference with Operations | 15(a)(ii) Consultation | 15(b) Translation purposes or Conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 7 | 0 | 1 | 0 | 0 | 0 | 0 | 6 | 0 |
| Length of Extensions | 15(a)(i) Interference with Operations | 15(a)(ii) Consultation | 15(b) Translation purposes or Conversion | |||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 0 | 1 | 0 | 0 | 0 | 0 | 6 | 0 |
| 31 days or greater | 0 | |||||||
| Total | 0 | 1 | 0 | 0 | 0 | 0 | 6 | 0 |
Section 6: Consultations Received From Other Institutions and Organizations
| Consultations | Other Government of Canada Institutions | Number of Pages to Review | Other Organizations | Number of Pages to Review |
|---|---|---|---|---|
| Received during reporting period | 0 | 0 | 0 | 0 |
| Outstanding from the previous reporting period | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 |
| Closed during the reporting period | 0 | 0 | 0 | 0 |
| Pending at the end of the reporting period | 0 | 0 | 0 | 0 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Recommendation | Number of Days Required to Complete Consultation Requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 Days | 16 to 30 Days | 31 to 60 Days | 61 to 120 Days | 121 to 180 Days | 181 to 365 Days | More than 365 Days | Total | |
| All disclosed | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 7: Completion Time of Consultations on Cabinet Confidences
| Number of Days | Fewer Than 100 Pages Processed | 101-500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 5 | 0 | 1 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 5 | 0 | 1 | 0 | 0 | 0 | 0 | 0 |
| Number of Days | Fewer Than 100 Pages Processed | 101?500 Pages Processed | 501-1000 Pages Processed | 1001-5000 Pages Processed | More than 5000 Pages Processed | |||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | Number of Requests | Pages Disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 8: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 0 | 0 | 0 | 0 | 0 |
Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)
| Number of PIA(s) completed | 0 |
|---|
| Active | Created | Terminated | Modified |
|---|---|---|---|
| 60 | 0 | 0 | 0 |
Section 10: Material Privacy Breaches
| Number of material privacy breaches reported to TBS | 0 |
|---|---|
| Number of material privacy breaches reported to OPC | 0 |
Section 11: Resources Related to the Privacy Act
| Expenditures | Amount |
|---|---|
| Salaries | $38,571 |
| Overtime | $0 |
| Goods and Services | $5,934 |
Professional services contracts | $0 |
Other | $5,934 |
| Total | $44,505 |
| Resources | Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 0.381 |
| Part-time and casual employees | 0.000 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 0.000 |
| Students | 0.000 |
| Total | 0.381 |
Annex B: Delegation order
The President of the Canadian Nuclear Safety Commission, pursuant to section 73 of the Access to Information Act and section 73 of the Privacy Act, hereby designates the persons holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the President as the head of the Canadian Nuclear Safety Commission, under the provisions of the Act and related regulations set out in the schedule opposite each position. This designations replaces all previous delegation orders.
| Position | Privacy Act and Regulations | Access to Information Act and Regulations |
|---|---|---|
| Vice-President, Corporate Services Branch | Full authority | Full authority |
| Director General, Information Management and Technology Directorate | Full authority | Full authority |
| Director, Information Management Division | Full authority | Full authority |
| Senior ATIP Advisor | Full authority | Full authority |
Original signed by
Rumina Velshi
President
Canadian Nuclear Safety Commission
Date: April 30, 2021
Page details
- Date modified: