Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Offices of the Information and Privacy Commissioners of Canada


Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Section I: Overview

1.1 Message from the Privacy Commissioner of Canada

Jennifer StoddartI am pleased to present this 2008-2009 Report on Plans and Priorities, which sets out the strategic directions, priorities, expected results and spending estimates for the Office of the Privacy Commissioner of Canada (OPC) for the coming fiscal year.

Globalization raises the challenge of trying to find a cross-border privacy language.  Technological advances hold out the promise of greater convenience, but sometimes at a cost to human rights such as privacy and the ability to control our personal information.

Meanwhile, governments and businesses have a seemingly insatiable appetite for personal information. 

Governments appear to believe – mistakenly, I would argue – that the key to national security and public safety is collecting mountains of personal data.  Privacy often receives short shrift as new anti-terrorism and law enforcement initiatives are rolled out.

Personal information has also become a hot commodity in the private sector.   Our names, addresses, purchases, interests, likes and dislikes are recorded, analysed and stored – all so companies can sell us more products and services. 

Adding to our concerns is the fact many businesses fail to adequately protect this sensitive information – leaving it vulnerable to hackers and identity thieves. 

The list of issues that the Office of the Privacy Commissioner deals with on a daily basis – through investigations, for example – will always be a lengthy one.  In the 2008-2009 Report on Plans and Priorities, we have identified four priority privacy issues: information technology, national security, identity integrity and protection, and genetic information.

The OPC has identified five corporate priorities for the planning period of this Report on Plans and Priorities to give focus to its activities and move further towards achieving its Strategic Outcome of protecting the privacy rights of individuals.  The five priorities are as follows:

  • Continue to improve service delivery through focus and innovation;
  • Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information);
  • Strategically advance global privacy protection for Canadians;
  • Support Canadians to make informed privacy decisions; and
  • Build a sustainable organizational capacity.

We have set an ambitious agenda for ourselves over the coming few years.  My commitment to Canadians is to be passionate and persistent in defending their privacy rights as we work to address all of these crucial issues.

 

Jennifer Stoddart
Privacy Commissioner of Canada

1.2 Management Representation Statement

I submit for tabling in Parliament the 2008-2009 Report on Plans and Priorities (RPP) for the Office of the Privacy Commissioner of Canada (OPC).

This document has been prepared based on the reporting principles contained in Guide for the Preparation of Part III of the 2008-2009 Estimates: Reports on Plans and Priorities and Departmental Performance Reports:

  • It adheres to the specific reporting requirements outlined in the Treasury Board Secretariat guidance;
  • It is based on the OPC’s Strategic Outcome and Program Activity Architecture structure approved by the Treasury Board;
  • It presents consistent, comprehensive, balanced and reliable information;
  • It provides a basis of accountability for the results achieved with the resources and authorities entrusted to the OPC; and
  • It reports finances based on approved planned spending numbers from the Treasury Board Secretariat.

 

Jennifer Stoddart
Privacy Commissioner of Canada

1.3 Raison d'Être

The mandate of the OPC is to protect and promote the privacy rights of individuals. 

The OPC is responsible for overseeing compliance with both the Privacy Act, which covers the personal information-handling practices of federal government departments and agencies, and the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s private sector privacy law.   

The Privacy Commissioner of Canada, Jennifer Stoddart, is an Officer of Parliament who reports directly to the House of Commons and the Senate.

The Commissioner is an advocate for the privacy rights of Canadians and her powers include:

  • Investigating complaints, conducting audits and pursuing court action under two federal laws;
  • Publicly reporting on the personal information-handling practices of public and private sector organizations;
  • Supporting, undertaking and publishing research into privacy issues; and
  • Promoting public awareness and understanding of privacy issues.

The Commissioner works independently from any other part of the government to investigate complaints from individuals with respect to the federal public sector and the private sector.  In public sector matters, individuals may complain to the Commissioner about any matter specified in Section 29 of the Privacy Act.  This Act applies to personal information held by Government of Canada institutions. 

For matters relating to personal information in the private sector, the Commissioner may investigate all complaints under Section 11 of PIPEDA except in the provinces that have adopted substantially similar privacy legislation, namely Québec, British Columbia, and Alberta.   Ontario now falls into this category with respect to personal health information held by health information custodians under its health sector privacy law.  However, even in those provinces with substantially similar legislation, and elsewhere in Canada, PIPEDA continues to apply to personal information collected, used or disclosed by all federal works, undertakings and businesses, including personal information about their employees.  Also, PIPEDA applies to all personal data that flows across provincial or national borders, in the course of commercial transactions involving organizations subject to the Act or to substantially similar legislation. 

We focus on resolving complaints through negotiation and persuasion, using mediation and conciliation if appropriate.  However, if voluntary co-operation is not forthcoming, the Commissioner has the power to summon witnesses, administer oaths and compel the production of evidence.  In cases that remain unresolved, particularly under PIPEDA, the Commissioner may take the matter to Federal Court and seek a court order to rectify the situation.

As a public advocate for the privacy rights of Canadians, the Commissioner carries out the following activities:

  • Investigating complaints and issuing reports with recommendations to federal government institutions and private sector organizations to remedy situations, as appropriate;
  • Pursuing legal action before Federal Courts where matters remain unresolved;
  • Assessing compliance with obligations contained in the Privacy Act and PIPEDA through the conduct of independent audit and review activities and publicly reporting on findings;
  • Advising on, and reviewing, privacy impact assessments (PIAs) of new and existing government initiatives;
  • Providing legal and policy analyses to help guide Parliament’s review of legislation and government programs to ensure respect for individuals’ right to privacy;
  • Responding to inquiries from Parliamentarians, individual Canadians and organizations seeking information and guidance and taking proactive steps to inform them of emerging privacy issues;
  • Promoting public awareness and compliance, and fostering understanding of privacy rights and obligations through: proactive engagement with federal government institutions, industry associations, legal community, academia, professional associations, and other stakeholders; and the preparation and dissemination of public education materials, positions on evolving legislation, regulations and policies, guidance documents and research findings for use by the general public, federal government institutions and private sector organizations;
  • Providing legal opinions and litigating court cases to advance the interpretation and application of federal privacy laws;
  • Monitoring trends in privacy practices, identifying systemic privacy issues that need to be addressed by federal government institutions and private sector organizations and promoting integration of best practices; and
  • Working with privacy stakeholders from other jurisdictions in Canada and on the international scene to address global privacy issues that result from ever-increasing flow of data across borders.

1.4 Organizational Information

The OPC organizational chart is as follows, and each function is described underneath.

Organizational Chart

The Research, Education and Outreach Relations Branch is responsible for researching privacy and technology issues to support policy development, investigations, audits and reviews.  It administers the Contributions Program, which was launched in 2004 to support cutting-edge research into privacy promotion and protection.  In addition, the Branch carries out public education and outreach activities, including international outreach and stakeholder engagement activities.

The Communications Branch provides strategic advice on external and internal communications activities undertaken by the OPC. The Branch is responsible for analyzing public perception of privacy issues through media monitoring and the interpretation of public opinion polling. Branch activities that inform Canadians include proactive media relations, the planning and distribution of corporate publications, and the oversight of the OPC Web site.

The Investigations and Inquiries Branch is responsible for investigating complaints received from individuals and incidents of mismanagement of personal information.  The Branch’s Inquiries Division responds to thousands of inquiries annually from the general public and organizations. 

The Audit and Review Branch audits organizations to assess their compliance with the requirements set out in the two federal privacy laws.  The Branch also analyses and provides recommendations on privacy impact assessment reports (PIAs) submitted to the OPC pursuant to the Treasury Board Secretariat Policy on PIAs.

The Legal Services and Policy Branch provides specialized legal advice to the Commissioner, the Investigations and Inquiries Branch and the Audit and Review Branch to support the interpretation and application of both enabling laws.  The Legal Services and Policy Branch represents the OPC in privacy matters that proceed before the Federal Courts, conducts legal and policy review and analyses of Bills tabled in Parliament and generally advises the Commissioners on a variety of corporate legal matters.  The Branch also develops and advises on legal and policy positions for the OPC, and is responsible for parliamentary affairs.

The Human Resources Branch is responsible for the provision of strategic advice, management and delivery of comprehensive human resource management programs in areas such as staffing, classification, staff relations, human resource planning, learning and development, employment equity, official languages and compensation.

The Corporate Services Branch, headed by the Chief Financial Officer, provides advice and integrated administrative services (corporate planning, finance, information management/technology and general administration) to managers and staff.

1.5 Values

The OPC is committed to the upholding values and ethics in the workplace and senior managers agree, as part of their performance management agreements, to:

  • Lead a representative workplace in which every employee feels valued, respected, informed, involved and engaged in their work; and
  • Effectively manage financial resources within delegated authorities in accordance with the principles of modern comptrollership.

In addition, the OPC is committed to the principles of Employment Equity and achieving equality in the workplace.  Our Employment Equity program aims to ensure that all designated groups are fully represented.  Members of the Senior Management Committee discuss their accountability for the Employment Equity Plan and the achievement of employment equity goals and objectives at least once a year.

1.6 Expected Results

The OPC continues to pursue the protection of individuals’ privacy rights as articulated in its Results Framework, shown in Figure 1, which identifies the outcomes that Parliamentarians and Canadians may expect to benefit from the OPC activities.

Figure 1: OPC Results Framework


Strategic Outcome The privacy rights of individuals are protected.
 
Ultimate Outcome The Office of the Privacy Commissioner plays a lead role in influencing federal government institutions and private sector organizations to respect the privacy rights of individuals and protect their personal information.
  Program Activity 1:
Compliance activities
Program Activity 2:
Research and policy development
Program Activity 3:
Public outreach
Intermediate Outcomes Individuals receive effective responses to their inquiries and complaints.

Federal government institutions and private sector organizations meet their obligations under federal privacy legislation and implement modern principles of personal information protection.

Parliamentarians and others have access to clear, relevant information, and timely and objective advice about the privacy implications of evolving legislation, regulations and policies.

 

Individuals have relevant information about privacy rights and are enabled to guard against threats to their personal information.

Federal government institutions and private sector organizations understand their obligations under federal privacy legislation.

 
Immediate Outcomes The process to respond to inquiries and investigate complaints is effective and efficient.

The process to conduct audits and reviews is effective and efficient, including effective review of privacy impact assessments (PIAs) for new and existing government initiatives.

The work of Parliamentarians is supported by an effective capacity to identify privacy issues, and to develop policy positions for the federal public and private sectors, which are respectful of privacy.

Knowledge about systemic privacy issues in Canada is enhanced through research, with a view to raising awareness and improving privacy management practices.

Individuals receive and have easy access to relevant information about privacy and personal data protection, enabling them to better protect themselves and exercise their rights.

Federal government institutions and private sector organizations receive useful guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance.

 
The Management Component enables the OPC to deliver its privacy business The Office of the Privacy Commissioner achieves a standard of organizational excellence, and managers and staff apply sound business management practices.
  • Key elements of the OPC Management Accountability Framework are integrated into management practices and influence decision-making at all levels.
  • The OPC has a productive, principled, sustainable and adaptable workforce that achieves results in a fair, healthy and enabling workplace.
  • HR management practices reflect new accountabilities stemming from Public Service Modernization Act (PSMA) and Public Service Employment Act (PSEA).
  • Managers and staff demonstrate exemplary professional and ethical conduct in all of their work, and are responsive to the highly visible and complex nature of the environment in which they operate.
  • The performance of the OPC is defined, measured and reported upon regularly in a meaningful and transparent manner.

1.7 Voted and Statutory Items Displayed in Main Estimates

($000)



Vote or
Statutory Item
Truncated Vote or Statutory Wording 2008–2009
Main Estimates
2007–2008
Main Estimates
45 Program expenditures 15,898 16,262
(S) Contributions to employee benefit plans 1,929 2,084
  Total Department or Agency 17,827 18,346

1.8 Departmental Planned Spending and Full-Time Equivalents


 

($000)

Forecast
Spending
2007–2008
Planned
Spending
2008–2009
Planned
Spending
2009–2010
Planned
Spending
2010–2011
 

 

 

 

 

Compliance Activities 10,084 9,675 9,672 9,672
Research & Analysis 4,606 4,386 4,385 4,385
Public Outreach 3,656 3,766 3,785 3,785
Total Planned Spending 18,346 17,827 17,842 17,842
         
Adjustments        
Implementation of the Federal Accountability Act 1,365 1,152 1,155 1,159
         
Total Planned Spending $19,711 $18,979 $18,997 $19,001
Full Time Equivalents 154 150 150 150

The amounts under “Adjustments” include resources that will be required for new responsibilities related to the implementation of the Federal Accountability Act (FedAA); namely the creation of an office to manage access to information and privacy requests and additional privacy investigators to handle new organizations that are now subject to the Privacy Act.  Funds for the implementation of the FedAA within the OPC have been earmarked within the Government of Canada fiscal framework.  However, final spending plans will only be determined once a detailed business case has been prepared and submitted to the Parliamentary Panel on the Funding of Officers of Parliament and subsequently approved by Treasury Board ministers.

1.9 Financial and Human Resources

The following two tables present the financial and human resources of the OPC over the next three fiscal years.

Financial Resources (planned)


2008-2009 2009-2010 2010-2011
$18,979,000 $18,997,000 $19,001,000

Human Resources (planned)


2008-2009 2009-2010 2010-2011
150 FTEs* 150 FTEs 150 FTEs

* FTE: Full-Time Equivalent