Treasury Board of Canada Secretariat
Symbol of the Government of Canada

ARCHIVED - Offices of the Information and Privacy Commissioners of Canada

Warning This page has been archived.

Archived Content

Information identified as archived on the Web is for reference, research or recordkeeping purposes. It has not been altered or updated after the date of archiving. Web pages that are archived on the Web are not subject to the Government of Canada Web Standards. As per the Communications Policy of the Government of Canada, you can request alternate formats on the "Contact Us" page.

Section II: Plans and Priorities

2.1 Factors Influencing Privacy and the OPC

Operating Environment

This section describes the operating environment of the OPC in three parts. The first part describes the major program delivery mechanisms; the second and third parts describe important internal and external factors affecting program delivery.

Major Program Delivery Mechanisms

Investigations and Inquiries

The OPC seeks to promote fair information management practices by both public and private sector organizations in Canada in accordance with two federal privacy laws.  The Privacy Act was enacted in 1983, and PIPEDA, which began coming into effect in 2001, came into full force in 2004.  Complaint investigations, which are conducted by the OPC’s Investigations and Inquiries Branch, are the principal means of enforcement. The Branch investigates complaints from individuals alleging that their personal information has been collected, used or disclosed inappropriately. 

In conducting this work, the Investigations and Inquiries Branch is supported by activities of other branches, such as the Legal Services and Policy Branch and the Research, Education and Outreach Branch.  The Legal Services and Policy Branch provides legal and policy advice on the interpretation and application of both Acts and represents the OPC in matters that proceed before Federal Court. The Research, Education and Outreach Branch provides investigators with research material to assist with the development of needed expertise in such areas as newly emerging technologies, which are the subject of an increasing number of complaints to the OPC.

The Investigations and Inquiries Branch also responds to inquiries from members of the general public, government institutions, private sector organizations, and the legal community, who contact the OPC on a wide variety of privacy-related issues.   

Audits and Reviews

To safeguard Canadians’ right to privacy and encourage the application of fair information practices by federal government institutions, the OPC’s Audit and Review Branch conducts compliance reviews under Section 37 of the Privacy Act.   These reviews assess systems and practices for managing personal information, from collection to disposal, by federal departments and agencies.  The OPC also has the mandate, under Section 18 of PIPEDA, to conduct audits of the personal information management practices in the private sector where the Commissioner has reasonable grounds to believe there is non-compliance with PIPEDA.  The Audit and Review Branch is likewise supported by the Legal Services and Policy Branch and the Research, Education and Outreach Branch as needed. 

Privacy Impact Assessments

The Government of Canada’s Policy on Privacy Impact Assessments (PIA) has added to the responsibilities of the OPC.  Our role, as defined in the Policy, is to assess the extent to which a department’s PIA has succeeded in identifying privacy risks associated with a new or significantly changed program, project or system and to comment on the appropriateness of the measures proposed to mitigate privacy risks.  The OPC views PIAs as an important part of the federal government’s privacy management framework.

Support to Parliament

The Commissioner acts as Parliament’s advisor on privacy issues, bringing issues which have an impact on the privacy rights of Canadians to the attention of Parliament.  We do this by tabling reports to Parliament, by appearing before Parliamentary Committees to provide legal and policy advice on the privacy implications of proposed legislation and government initiatives, and by researching and analyzing issues that we believe should be brought to Parliament’s attention.   

The OPC also assists Parliament in becoming better informed about privacy rights by acting as a resource or centre of expertise on privacy issues.  This includes responding to a significant number of inquiries from Senators and Members of Parliament. 

Research, Education and Outreach

The OPC carries out research on a broad spectrum of privacy issues, using in-house expertise as well as drawing upon specialized knowledge through contracts.  The OPC also develops guidance documents on the implementation of PIPEDA for private sector organizations, and regularly issues fact sheets on a variety of privacy matters.  An important component of our research function is the Contributions Program, which fosters an understanding of the importance of privacy by furthering the development of a national research capacity in Canada.

The Privacy Commissioner is specifically mandated under PIPEDA to conduct public education activities to ensure that all Canadians are aware of the law and of the fair information practices it seeks to promote.  The OPC has started to put in place a regional outreach capacity across the country, which we see as fundamental to our mandate. The best approach to building citizen awareness, as well as adherence by organizations to privacy obligations, is to reach out to Canadians at home.  We want to move the OPC beyond the role of ensuring compliance through audits and investigations to one focussed also on helping organizations and individuals make better privacy decisions before privacy infringements arise. 


It is essential that we maintain an effective and responsive relationship with Canadians, both through proactive media relations and communication with the general public. To ensure that the OPC is addressing the concerns and preoccupations of Canadians on privacy issues, we monitor the public environment by analyzing media coverage of privacy issues and interpreting the results of public opinion polling. The results are used to inform research undertaken by the OPC, the creation of public education materials, the preparation of corporate publications and the maintenance of the OPC’s Web site.  This information is also used to guide the OPC’s participation in public communications activities such as speeches and special events.

Internal Factors Affecting Program Delivery

In November 2005, the OPC presented a three-year business case to the House of Commons Advisory Panel on the Funding of Officers of Parliament. The fiscal year 2007-2008 was the second year of implementation for this business case. Newly approved resources include an over 40% increase in personnel, and the OPC has invested a lot in organizational design, staffing and classification requirements. Like other organizations, the OPC has experienced challenges in recruiting qualified staff, and has not reached its full complement of staff allocated as part of the business case.  We will continue to improve our human resources management practices, with a particular focus on the recruitment and retention of people with the skills and experience so vital to the success of the OPC.

In the fall of 2007, we launched a project to update our investigation process. A cornerstone component of this project will be to modernize our case management system. With this project we will create a more effective and efficient inquiries and complaints management system, leading to improved collaboration and more timely response to individuals and organizations. This initiative will continue in 2008-2009.

External Factors Affecting Privacy and the OPC

The privacy landscape is continuously evolving.  As a result, our Office must give a high priority to “staying ahead of the game” in anticipating and assessing threats to privacy and putting forward realistic ways to address these threats.  Staying on top of such an active and dynamic field as privacy requires time, planning and effort.  Yet we believe Canadians expect us to do so because privacy promotion and protection is a key concern of theirs.

In 2007 our Office commissioned EKOS Research to survey Canadians on their preoccupations regarding privacy.  Some of the more interesting findings, from the point of view of how we carry out our work, are:
  • Four in five Canadians place great importance on having strong privacy laws.
  • However, seven in ten Canadians are of the view that their personal information is less well protected today than it was ten years ago.
  • Only a small proportion of Canadians—17 percent—believes the government takes protecting personal information very seriously.
  • An even smaller proportion—13 percent—believes that businesses take the protection of personal information very seriously.

Their concerns (refer to text box) drive our work and we see it as an integral part of our mandate.  Canadians’ preoccupations are shared by other key external stakeholders who impact what we do — Parliamentarians, private sector organizations, privacy advocates, and federal and provincial government organizations with an interest in privacy.

We must have access to both the knowledge and expertise required to tackle the myriad of privacy challenges coming our way.  And we are required to do this while continuing to discharge the key responsibilities that come with our mandate — informing Canadians of their privacy rights and obligations, investigating complaints, auditing organizations for compliance with privacy legislation, and advising Parliament.

It also means that we need to develop our applied research capacity, with a view to building on findings and trends that develop from our audits and investigations.  Quite often, the our audits of public sector organizations, or the general trends that emerge from investigations into various fields, raise the need to further develop knowledge and expertise.  Through a more fully developed applied research capacity, we hope to be able to provide better and more precise guidance to government, commercial sector organizations, and the population at large.

In the international arena, the OPC is involved in a number of important international privacy promotion initiatives which have driven our work in the recent past. We will need to continue to devote time and resources to these activities in the next fiscal year (refer to Section 2.2 – Our third corporate priority being to “strategically advance global privacy protection for Canadians”).

Focus on four privacy issues

Much of our attention in the coming fiscal year (and more) will focus on four privacy issues where the threats to privacy are particularly pronounced: (1) information technology, (2) national security, (3) identity integrity and protection, and (4) genetic information.

Information Technology

Chief among the new challenges to privacy is the impact of emerging information technologies, which ironically can both threaten Canadians’ privacy as well as enhance it. 

For instance, miniature computing devices, such as radio frequency identification (RFID) devices and nanotechnologies, will fundamentally transform how businesses manage their supply chains, as electronic tags now allow goods and products—and the people who have them in their possession—to be monitored, often from a considerable distance. 

The Internet, too, presents an ever evolving combination of challenges to privacy.  Social networking sites, for example, increasingly expose users—especially young people—to inadvertently sharing personal information they may later regret having revealed. 

Because of new technologies, more organizations today have access to more information about more people than ever before in human history.  How this information is used, processed, transformed and disclosed represents a significant challenge to privacy rights. 

And with every inadvertent loss or careless handling of personal information, the risk to privacy intensifies.  Add to this the threats posed by criminal hackers, dishonest employees who have access to personal data, and identity thieves and the plethora of challenges to privacy arising from information technologies becomes a cause for concern that should leave no one indifferent.

National Security

The OPC has for the past few years been particularly concerned with the gradual erosion of privacy rights in the post 9-11 national security environment.  Government measures such as the Anti-terrorism Act and travel-related security programs like the “no-fly” list have undermined the privacy rights we have until recently taken for granted. 

Yet, there are signs that the tide may be turning, and that governments as well as public opinion are beginning to reconsider the wisdom of these measures, especially from the point of view of protecting fundamental human rights, such as the right to privacy.

The OPC will undoubtedly be at the forefront of any public debate on this matter.  Parliamentarians in particular will want to hear from us, and we need to be ready and able to provide them with informed advice.

Identity Integrity and Protection

A fundamental tenet of privacy is that individuals should have the ability to control when and how their personal information is collected and by whom, and how this information is used and disclosed.  Victims of identity theft lose control over their personal information.  The OPC is of the view that the federal government needs to take the lead in putting in place a comprehensive strategy against identity theft. 

The good news is that this has already started, with the recent introduction by the federal government of amendments to the Criminal Code that would make it illegal to surreptitiously collect personal information for the purpose of trafficking or using it.

What is still required, however, is a coordinated effort—led by the federal government—to bring together all of the key players in identity protection, with a view to putting in place a comprehensive strategy safeguarding the personal information of Canadians.  These players include the provinces, private sector organizations, as well as various government departments and law enforcement agencies.  Our Office plans to play a role in promoting and fostering such an effort.

Genetic Information

If ever there was a field of activity where continuous developments are challenging privacy, it is the area of genetic privacy and biobanking.  Biobanks are a collection of physical specimens from which DNA or the data from DNA samples can be derived, or both.  They include a wide range of collections, such as pathology samples, newborn baby blood samples, samples sent to laboratories for testing, and forensic investigation samples.

Biobanks of all types have been multiplying at a rapid pace in recent years.  The implications of this from a privacy perspective—as well as from ethical and legal perspectives—are astounding.  Biobanks and the data that can be distilled from them can reveal extraordinary amounts of information about people, information heretofore left in the private domain.  The OPC is concerned that the collection, use and disclosure of DNA samples and biobank-derived information may increasingly become open-ended, without any clear privacy protection norms being applied to how personal information is treated.

As one well-known expert in this area recently put it, despite control mechanisms and safeguards, the collection and processing of genetic samples constitutes a large scale loss of privacy for both individuals and groups.  This is why we have made it a priority in the coming fiscal year to examine genetic privacy and biobanking more closely, and intervene—before key government decision-makers and the public at large— to increase awareness of this issue.

Continuing our work on previously identified privacy issues

The above-described four priority privacy issues do not preclude the need for the OPC to continue to work on previously identified priority issues.  Our work on Electronic Health Records (EHR) is one such example.

Efforts continue in Canada on the development of EHR systems, with the Canada Health Infoway (CHI) playing a lead role in this area.  The OPC has joined with its provincial and federal counterparts and ministries of health, through the newly created CHI Privacy Forum, to create some common ground between privacy offices and ministries concerning EHR issues such as accountability, transborder data flows, consent, and secondary uses of EHRs.  The OPC plans to pursue its research agenda on EHRs, notably with respect to how patient privacy can be protected in the circumstance of secondary uses of EHRs for research purposes.  We also plan to organize a capacity-building workshop on the privacy and oversight challenges associated with investigating and auditing issues related to EHRs.

2.2 Summary of OPC Plans and Priorities for 2008-2009

Having considered the present internal and external business environment1 surrounding the OPC, senior management established five (5) corporate priorities to give focus to its activities and further advance towards the achievement of its single Strategic Outcome and its ultimate, intermediate and immediate outcomes (presented in Figure 1).  The priorities are presented below and the plans to deliver on each priority are described in the paragraphs that follow:

Strategic Outcome:
The privacy rights of individuals are protected.
OPC Priorities for 2008-2009:
1. Continue to improve service delivery through focus and innovation
2. Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information)
3. Strategically advance global privacy protection for Canadians
4. Support Canadians to make informed privacy decisions
5. Build a sustainable organizational capacity

1 This refers to the work that supports priority-setting at OPC, namely: annual corporate risk profiling and ongoing monitoring of risks, annual self-assessment against the management accountability framework (MAF), annual brainstorming on priority privacy issues, as well as annual and monthly performance reporting (i.e., Departmental Performance Report, monthly Scorecard reports, financial reporting, other).

1.  Continue to improve service delivery through focus and innovation

The OPC is continuing to improve service delivery on several fronts, principally on two main products for Canadians: investigations of complaints and audits of federal institutions.


As part of our continued commitment to improve service delivery and to further reduce the backlog of investigations, the OPC is designing new and innovative investigative strategies.  These strategies will make the complaints resolution process more efficient and effective in meeting present and future expectations of Canadians.  For example, a new priority rating system or public interest criteria will be applied to complaints received.  This will assist investigators in identifying priority cases for Canadians and fast tracking these complaints for immediate action.

As well, the complaint resolution process is being expanded to include an early resolution unit and a mediation unit.  It is expected that these two units will generate faster complaints resolution, thereby improving service delivery.  In addition, the creation of a specialized IT/Internet investigation unit in 2008-2009 will increase our capacity to monitor and address new and emerging technological privacy challenges.

Another improvement will be the standardization of the OPC letter responses to complainants and respondents, which will offer Canadians a more consistent and simplified presentation of information to enable them to better understand the Office’s responses to their complaints and inquiries.


The OPC has developed a three-year audit plan to focus limited resources for examining the privacy systems and practices of federal institutions subject to the Privacy Act.  This plan is reviewed and updated twice a year.

In addition to completing audits now in process (i.e., RCMP Exempt Data Banks, FINTRAC, and Passport Canada), the following projects are currently planned for the next three years:

  • A concurrent audit with the Office of the Auditor General to examine the management of personal information systems of selected federal departments and agencies. This will be the subject of a special report in November 2008.
  • Assessment of annual privacy reporting by federal departments and agencies
  • Examination of programs relating to national security and travel:
    • Follow-up to determine the status of actions taken by the Canada Border Services Agency (CBSA) in response to the 1996 audit of trans-border data flows.
    • Passenger Protect Program (no fly list)
    • RCMP and Integrated Border Enforcement Teams
    • Nexus and Canpass programs
    • CBSA Passenger History Project
    • Management of personal information by the Canadian Transportation Security Agency
  • Review of the National DNA Data Bank and use of such information by the RCMP.
  • Review of Health Canada’s privacy management framework including electronic health records and the protection of personal information in the Canada Health Infoway project.
  • Examination of the identification and authentication controls of the Canada Revenue Agency
  • Review of the protection of personal information as accessed and transmitted through Secure Channel (Government-on-line)
  • Review of how Correctional Services protect the personal information of prison guards and other employees.
  • Examination of how entities ensure the destruction of personal information when electronic equipment is disposed or paper records are destroyed.
  • Assessment of how well departments and agencies are protecting personal information when wireless technologies are used.
  • Examination of how departments protect personal information under tele-working arrangements.
  • Review of how privacy requirements are met under contracting out arrangements by federal institutions
  • Review of the privacy management practices of the Canada Broadcasting Corporation.
  • Review of the life cycle management of personal information by the Canada Firearms program.

At the time of preparing this report, no new audits are planned in the private sector under Section 18 of the PIPEDA. We will be further developing and applying a process for selecting PIPEDA audits based on reasonable grounds.

In addition to conducting formal audits, we will be experimenting with innovative means of making quick interventions with organizations in the private and public sectors in order to mitigate and resolve particular privacy issues that may come to our attention.

2.  Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information)

In an effort to become more strategic in our allocation of resources and to achieve greater impact, the OPC has designated four priority privacy issues on which to focus efforts over the next three years.  These priorities will help in priorizing incoming requests to the organization, building capacity within the organization and assisting OPC in taking a more holistic approach in addressing emerging privacy issues.

The four priority privacy issues areas are:  information technology, national security, identity integrity and protection, and genetic information.  Operational plans will be developed in the coming months to coordinate the activities of the relevant branches within OPC in 2008-2009 and longer (Refer to Section 2.1 for a description of the four priority privacy issues).

3.  Strategically advance global privacy protection for Canadians

The rapid growth of the online environment, coupled with tremendous advances in information technology, have resulted in ever-increasing availability of personal information and ever-expanding opportunities for that information to be collected,  analyzed, repackaged and shared.  Increasingly, we see web-based activities where personal information moves rapidly and invisibly across international borders.  Transborder data flows, government-to-government information sharing, and outsourcing to foreign jurisdictions are also issues common to all jurisdictions.

The OPC is seeking legislative amendments to PIPEDA as well as co-operating informally with other data protection authorities to ensure that privacy protection measures are comprehensive and harmonious. These arrangements include the establishment of working relationships and the ongoing transfer of knowledge with our foreign counterparts, as well as with supra-national bodies such as the International Standards Organization (ISO), the International Civil Aviation Organization (ICAO), the International Air Transport Association (IATA), the Organization for Economic Cooperation and Development (OECD), and Asia Pacific Economic Cooperation (APEC).

In 2007-2008 the OPC hosted the 29th International Data Protection and Privacy Commissioners Conference, in Montreal.  Important resolutions were adopted at the Conference that will require us to work strategically on international cooperative initiatives.  Resolutions focused on the need for global standards to safeguard passenger data, the need to develop international standards in the area of information technology, and the need to increase international cooperation between data protection authorities (DPAs).

The Privacy Commissioner also chairs a volunteer group of the OECD, which has been reviewing how cooperation between data protection authorities and other privacy rights enforcement agencies may be enhanced, notably with regards to complaints arising from trans-border data flows.  The volunteer group has developed a policy framework, a statement of high level policy objectives, and a description of the steps that member countries can take to achieve these objectives.  Work on practical initiatives to implement the framework is now underway.

We are heavily involved in the APEC Data Privacy Sub-Group.  The Sub-Group was established with a view to developing an effective privacy framework for APEC member states.  In 2004, APEC ministers endorsed a new APEC Privacy Framework.  The Sub-Group is currently working on a series of practical projects to develop a system for the use of cross-border privacy rules by business, which includes developing effective mechanisms for privacy regulators to share information and cooperate in enforcement between economies.

The OPC has accepted an invitation from the Standards Council of Canada to participate more formally in the international standards development process by providing a resource to act as convener for the Canadian shadow group to a recently created ISO Working Group on Identity Management and Privacy Technologies.  This activity is seen as a natural extension to the work that we are already doing in consultation with privacy stakeholders from other jurisdictions at the international level — for example, with the OECD and APEC — to address global privacy issues that result from ever-increasing trans-border data flows.

The OPC also participates in the International Working Group on Data Protection in Telecommunications, which was founded in 1983 in the framework of the International Conference of Data Protection and Privacy.  Originally intended to focus on improving the protection of privacy in telecommunications, the Group has in recent years focused more effort on privacy on the Internet.

Finally, a new development in which the OPC has played a lead role is the creation of an international association of data protection authorities and other enforcement agencies from francophone states.  This association is in the very early stages of its existence, and we will be called on to play a significant role in the months to come in defining the general framework governing its operations.

4.  Support Canadians to make informed privacy decisions

Through the monitoring of complaints received by the Office, issues highlighted in regular and specialized public opinion research and high-profile cases raised by the media, the OPC identifies instances where Canadians have been exposed to significant privacy risk.  In response, we develop materials in a variety of media and formats to help Canadians better understand their privacy rights and take action to protect these rights.

While the OPC continues to prepare and distribute explanatory publications and interpretive guidelines in print and on the web, it is also exploring the application of new technologies in its public awareness campaigns. In 2008-2009, we will continue to reach out using new and interactive technologies such as blogs, online videos and relationships within social networks. These are exploratory techniques but reflect the need to adapt to the changing patterns of communications among Canadians – particularly the young.

We already have a regular program of awareness activities underway to address the specific needs of targeted groups, in particular young Canadians, the owners and managers of small businesses, and college and university students. We are expanding our public speaking program to reach more of these groups and to speak to them about relevant and timely topics — like the impact of rapid technological change on their studies, work and lives. We are also developing specialized guides and online learning resources to help these groups understand their rights and obligations under our legislation.

In 2008-2009, the OPC will be implementing a social marketing campaign designed to encourage awareness and prompt action on children’s privacy online. This campaign will build from basic research on the needs and challenges facing children online and will include in-class teaching modules, participatory activities for youth and a significant online education component.

We will also be putting into place education and outreach programs in partnership with privacy commissioners from across Canada. Recent consultations in the Yukon and elsewhere have revealed that, despite the private sector legislation being seven years old, some regions can still benefit from expanded campaigns to inform the general public about privacy issues.

These programs will be developed in partnership with our provincial and territorial colleagues, and will draw upon the experience and resources of experienced partners in the not-for-profit sector as well.

5.  Build a sustainable organizational capacity

The OPC has been in development mode for the past two years and this situation will continue in 2008-2009.  In order to build an organizational capacity that is sustainable, the organization will focus primarily on its human resources and on increased support for its operations derived from information management and technological tools.

Human Resources

Our OPC human resources plan, which is currently being updated for the next three fiscal years, has two main components: a staffing strategy that allows us to build our workforce, and a retention strategy that responds to current needs to better coordinate our collective efforts to engage, motivate, develop and retain our staff.

The staffing strategy is an ambitious agenda for the OPC to focus on: substantially growing our organization in order to balance workload internally and manage the increasing level of demand for our services.  We will explore all resourcing options. The retention strategy identifies issues associated with staff departures and includes processes and suggestions that reflect a wide range of best practices across the federal government.  Our goal on the retention front is to respond to: issues identified in the 2005 Public Service Employee Survey, human resources management challenges common throughout the federal public service, and concerns identified through internal consultation.  We want to offer our employees a stimulating work environment that is also adaptable to their evolving expectations.

In addition to the two priority areas of staffing and retention, the OPC human resources plan also includes activities to respond to the Values, Learning and People components of the OPC Management Accountability Framework (MAF) and to measure the performance of our human resources efforts through the OPC Performance Measurement Framework.

Information Management/Technology

Over the last two years we have increased our efforts to leverage technology to achieve OPC’s goals.  We began an information management renewal project to ensure our information holdings are well managed and accessible to all staff.  Our efforts in this regard will continue in 2008-2009. We have started to realize the benefits of our efforts: knowledge can now be more easily shared.  This coming year we will introduce scanning technology to facilitate information flows within work processes.  Through the use of current technologies we will update the inquiry and investigation processes and modernize our case management system.

We will continue to focus on creating a collaborative work environment where information from one functional source will more easily inform other functions.  For example, our inquiries database will inform our public education and communication efforts; our complaint investigations will inform our audit work; and the efforts of our technology experts will inform and assist our investigation efforts.  

We will also continue our efforts to maintain a technologically sustainable work environment.   

2.3 Link Between Priorities, Expected Results and Program Activities

The priorities, as discussed in the previous section, will serve to further advance the achievement of the OPC results in 2008-2009 and longer.  Priorities are refined annually based on the changing environment of the OPC while the results expected from OPC (See OPC Results Framework in Figure 1 of this Report on Plans and Priorities) remain relatively stable, being based on our mandate to protect and promote the privacy rights of individuals. 

The Results Framework is aligned to the OPC Program Activity Architecture (PAA)2.  The PAA provides the structure for planning and reporting on the OPC activities.  Our program has three operational activities aimed at achieving one strategic outcome on behalf of Canadians, plus a management activity to support the first three operational activities.  Section 2.4 that follows describes each Program Activity, presents the OPC’s expected results by Program Activity while associating performance indicators to each expected result, and links Program Activities and results to the annual priorities for 2008-2009.

Strategic Outcome Protection of the privacy rights of individuals
Program Activities 1. Compliance activities 2. Research and policy development 3. Public outreach
4. Management Excellence

2 The structure of the PAA has remained unchanged (since the last RPP).

2.4 Analysis by Program Activity

This section provides information on the OPC’s outcomes, expected results and performance indicators on the basis of the Program Activity Architecture (PAA) and links the 2008-2009 priorities described in Section 2.2 to the Program Activities. 

In 2007-2008, the OPC started to implement its Performance Measurement Framework. This implementation process will continue over the next two years.  The section identifies the performance indicators against which the OPC will measure its performance in 2008-2009, recognizing that more indicators will be introduced in the next report on plans and priorities as the current indicators become operational.  In addition to ‘performance’ indicators that generate information about the extent of achievement of ‘results’, the OPC uses ‘volume’ indicators or statistics to collect relevant information about its ‘activities’; this information is useful to track the demand for OPC services (e.g. number of inquiries, complaints, hits on web site) and also levels of service provided (e.g. number of appearances before Parliamentary Committee, speeches delivered compared to requested, media interviews compared to those requested).  The level of discussion included in a report on plans and priorities does not warrant listing the volume indicators; those are normally referred to in the OPC Annual Reports and also inform the departmental performance report.

Office of the Privacy Commissioner of Canada
Expected Result Performance Indicator
Ultimate Outcome for Canadians
The OPC plays a lead role in influencing federal government institutions and private sector organizations to respect the privacy rights of individuals and protect their personal information. Extent and direction of change in the privacy practices of federal government institutions and private sector organizations.


Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $18,979,000 $18,997,000 $19,001,000
Human Resources 154 FTEs 150 FTEs 150 FTEs

Program Activity 1: Compliance Activities

Activity Description

The OPC is responsible for investigating complaints and responding to inquiries received from individuals and organizations that contact the OPC for advice and assistance on a wide range of privacy-related issues.  The OPC also assesses through audits and reviews how well organizations are complying with requirements set out in the two federal laws and provides recommendations on PIAs pursuant to the Treasury Board Secretariat policy.  This activity is supported by a legal team that provides specialized legal advice and litigation support, and a research team with senior technical and risk assessment support.

Expected Results Performance Indicators
Intermediate Outcomes
Individuals receive effective responses to their inquiries and complaints. Timeliness of OPC responses to inquiries3 and complaints
Federal government institutions and private sector organizations meet their obligations under federal privacy legislation and implement modern principles of personal information protection. Extent to which audit, investigation and PIA review recommendations are accepted and implemented over time
Immediate Outcomes
The process to respond to inquiries and investigate complaints is effective and efficient. Timeliness of OPC responses to inquiries2 and complaints
The process to conduct audits and reviews is effective and efficient, including effective review of privacy impact assessments (PIAs) for new and existing government initiatives. Proportion of audits completed as scheduled and within planned times
Proportion of PIA reviews completed within planned times

3 During 2008-2009, the OPC will upgrade the information system that tracks the timeliness of OPC responses to inquiries; until this upgrade is in place, the OPC only tracks the volume of inquiries and responses.

Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $10,537,000 $10,536,000 $10,539,000
Human Resources 103 FTEs 103 FTEs 103 FTEs

Priority for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priority:

Priorities Type
Continue to improve service delivery through focus and innovation Ongoing
Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information) New

Program Activity 2: Research and Policy Development

Activity Description

The OPC serves as a centre of expertise on emerging privacy issues in Canada and abroad by researching trends and technological developments, monitoring legislative and regulatory initiatives, providing legal, policy and technical analyses on key issues, and developing policy positions that advance the protection of privacy rights.  An important part of the work done involves supporting the Commissioner and senior officials in providing advice to Parliament on potential privacy implications of proposed legislation, government programs and private sector initiatives.  Given the importance of information technology impacts, an important component of this work is analysis of IT initiatives embedded in projects.

Expected Results Performance Indicators
Intermediate Outcome
Parliamentarians and others have access to clear, relevant information, and timely and objective advice about the privacy implications of evolving legislation, regulations and policies. Proportion of privacy-relevant cases in which OPC was consulted for advice

Proportion of cases in which the final outcome was more privacy protective than the original version4

Immediate Outcomes
The work of Parliamentarians is supported by an effective capacity to identify privacy issues, and to develop policy positions for the federal public and private sectors, which are respectful of privacy. Key privacy issues identified and positions articulated to influence the evolution of bills through the drafting stage at the departmental level and the legislative process through Parliament
Knowledge about systemic privacy issues in Canada is enhanced through research, with a view to raising awareness and improving privacy management practices. Key privacy issues identified, analysed, and potential impacts assessed

4 These two new indicators have replaced the following indicator published in the 2007-2008 Report on Plans and Priorities: Number of potential privacy-relevant legislative initiatives and bills on which the OPC: (i) was consulted before the introduction and/or during the legislative review process and (ii) appeared before Parliamentary committees

Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $4,542,000 $4,541,000 $4,542,000
Human Resources 24 FTEs 24 FTEs 24 FTEs

Priorities for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priorities:

Priorities Type
Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information) New
Strategically advance global privacy protection for Canadians New

Program Activity 3: Public Outreach

Activity Description

The OPC plans and implements a number of public education and communications activities, including speaking engagements and special events, media relations, and the production and dissemination of promotional and educational material.

Expected Results Performance Indicators
Intermediate Outcomes
Individuals have relevant information about privacy rights and are enabled to guard against threats to their personal information. Reach of target audience with OPC public education materials
Federal government institutions and private sector organizations understand their obligations under federal privacy legislations. Degree of organizational awareness and understanding of privacy responsibilities 5
Immediate Outcomes
Individuals receive and have easy access to relevant information about privacy and personal data protection, enabling them to better protect themselves and exercise their rights. Reach of target audience with OPC public education materials
Federal government institutions and private sector organizations receive useful guidance on privacy rights and obligations, contributing to better understanding and enhanced compliance. Reach of organizations with OPC policy positions, promotional activities and promulgation of best practices

5 This particular performance indicator is being implemented in stages starting in 2007-2008, with select audiences/groups polled each year.

Planned Resources 2008-2009 2009-2010 2010-2011
Financial Resources $3,900,000 $3,920,000 $3,920,000
Human Resources 23 FTEs 23 FTEs 23 FTEs

Priorities for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priorities:

Priorities Type
Support Canadians to make informed privacy choices New
Provide leadership to advance four priority privacy issues (information technology, national security, identity integrity and protection, genetic information) New

Other Activities: Management Excellence

Activity Description

The OPC continues to enhance and improve its management practices in order to meet the highest standards of performance and accountability.  The resources associated with Corporate Services have been apportioned to the three first Program Activities, which they support.  All managers of the OPC are expected to take responsibility for the expected results, and to integrate the necessary activities in their operational plans.

Expected Results Performance Indicators
Intermediate Outcome
The OPC achieves a standard of organizational excellence, and managers and staff apply sound business management practices. Ratings against MAF (as being the expectations for high organizational performance in modern public service management)
Immediate Outcomes
Key elements of the OPC Management Accountability Framework (MAF) are integrated into management practices and influence decision-making at all levels. Ratings against MAF (as being the expectations for high organizational performance in modern public service management)
The OPC has a productive, principled, sustainable and adaptable workforce that achieves results in a fair, healthy and enabling workplace. Employee satisfaction; number of grievances received; quality of labour relations; retention of staff
HR management practices reflect new accountabilities stemming from Public Service Modernization Act and Public Service Employment Act. Full, unconditional staffing delegation from PSC

HR planning integrated into business planning at the OPC

Managers and staff demonstrate exemplary professional and ethical conduct in all of their work, and are responsive to the highly visible and complex nature of the environment in which they operate. Feedback from employees on fairness, respect and engagement
The performance of the OPC is defined, measured and reported upon regularly in a meaningful and transparent manner. OPC reports, particularly RPP and DPR, are well received by Central Agencies and stakeholders

Priorities for this Program Activity

Over the next three years, the OPC will advance work towards the achievement of the above outcomes by pursuing the following priority:

Priority Type
Build a sustainable organizational capacity Previous