Annual Report to Parliament on the Administration of the Privacy Act 2020-2021

Pursuant to subsection 72(1) of the Privacy Act, this document contains the Annual Report to Parliament on the Administration of the Privacy Act for 2020-2021 as submitted by the Minister of National Defence.

Alternate format: Annual Report to Parliament on the Administration of the Privacy Act 2020-2021 (PDF, 662 KB)

Table of contents

Introduction

The purpose of the Privacy Act is to extend the laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a federal government institution, and to provide individuals with a right of access to that information.

Canadians value their privacy and the protection of their personal information. They expect government institutions to respect the spirit and requirements of the Privacy Act. The Government of Canada is committed to protecting the privacy of individuals with respect to personal information that is under the control of government institutions. The government recognizes that this protection is an essential element in maintaining public trust.

This is the eighth annual report prepared by the Communications Security Establishment (CSE) and tabled in Parliament in accordance with section 72 of the Act. It presents an overview of the agency’s activities and describes how the Access to Information and Privacy (ATIP) Office carried out its responsibilities under the Privacy Act during the reporting period 1 April 2020 to 31 March 2021.

Mandate of the Communications Security Establishment

On August 1st, 2019 the Communications Security Establishment Act (CSE Act) entered into force as part of Bill C-59 (An Act respecting national security matters). The CSE Act sets out the five aspects of CSE’s mandate:

  • helping to protect and defend Canada’s most important cyber systems;
  • acquiring foreign intelligence in support of the Government of Canada’s intelligence priorities;
  • conducting defensive foreign cyber operations;
  • conducting active foreign cyber operations; and
  • assisting federal law enforcement and security agencies, the Canadian Forces and the Department of National Defence to carry out their lawful mandates.

The CSE Act provides CSE with a modern set of authorities and also enhances the accountability framework with new oversight and review functions.

Structure of the Access to Information and Privacy Office

The ATIP Office is part of the Policy, Disclosure and Review group in CSE’s Policy and Communications Branch. The Minister of National Defence delegated all authorities under section 73 of the Privacy Act to the Deputy Chief, Policy and Communications, the Director General, Policy, Disclosure and Review, the Director, Disclosures and Information Sharing, and to the Manager, Disclosures. He also delegated limited authorities to the Supervisor, Access to Information and Privacy Operations and the Supervisor, Privacy, Policy and Governance. A copy of the Delegation Order setting out the responsibilities under the Act appears in Appendix I of this report.

The protection of privacy is a fundamental part of our organizational culture and remains of paramount importance in all functions across the organization. The Access to Information and Privacy Office includes a manager responsible for ten (10) mandated full-time positions working in two distinct teams: ATIP Operations and, Privacy Policy and Governance. At the end of the reporting period, the ATIP Operations team consisted of one (1) supervisor, and four (4) analysts, while the Privacy Policy and Governance team consisted of one (1) supervisor and four (4) analysts.

In addition to preparing reports for Parliament and Treasury Board Secretariat (TBS), the ATIP Office acts on behalf of CSE as the delegated authority in dealings with TBS, and representatives of the federal Information and Privacy Commissioners regarding CSE’s administration of the Access to Information Act and Privacy Act.

Specifically, the ATIP Operations team is responsible for the following activities:

  • Processing requests under the Access to Information Act and Privacy Act;
  • Responding to consultation requests from other government institutions;
  • Providing advice and guidance to senior management and staff of CSE on ATIP legislation and policy-related matters;
  • Supporting CSE’s legislative compliance obligations under the Acts, including the application of their associated regulations, policies and guidelines;
  • Representing CSE in ATIP Communities of practice, such as the TBS ATIP Community meetings;
  • Drafting and implementing internal ATIP procedures, guidance documents and working aids; and,
  • Providing training to CSE staff on the administration of the Access to Information Act and the Privacy Act.

The Privacy Policy and Governance team is responsible for the following activities:

  • Providing advice and guidance to senior management and staff of CSE on privacy legislation and policy-related matters;
  • Providing expert privacy advice and assistance to business lines in the undertaking of Privacy Impact Assessments, privacy breach management, drafting of Privacy Notice Statements, and maintenance of Personal Information Banks;
  • Supporting CSE’s legislative compliance obligations under the Privacy Act, including the application of associated regulations, policies and guidelines;
  • Representing CSE in privacy protection communities of practice;
  • Coordinating the annual update of the institution’s Info Source publication, which includes a description of the agency’s organizational structure and record holdings;
  • Drafting and implementing privacy-related policies, internal procedures, guidance documents and working aids; and,
  • Providing training to CSE staff on the administration of the Privacy Act focusing on the protection of personal information.

Key activities and accomplishments

Education and training

CSE continues its commitment to the learning and development of its employees and provides comprehensive privacy awareness training sessions to ensure all employees are up to date on their responsibilities with regard to the management of personal information in both mission and non-mission related activities. These training sessions were delivered to specific audience groups such as operational units, new staff and coop students on a regular and ad hoc basis, reaching 170 employees. In addition, 422 employees further completed the online privacy awareness training module, which is a training program deployed in 2019-2020 that aims to improve the availability of privacy awareness training to CSE employees.

Additional privacy educational initiatives in 2020-2021 included promoting privacy awareness through the organization of Privacy Awareness Week at CSE from May 11, 2020 to May 15, 2020. Privacy Awareness Week is an event that provides CSE’s Privacy Policy and Governance team with the opportunity to educate and raise employee awareness of their responsibilities regarding personal information and of the various resources available to them, including the Privacy Policy and Governance team and privacy awareness training.

Collectively, these efforts provided opportunities to showcase privacy across the organization, resulting in a greater number of program managers and stakeholders consulting with CSE’s ATIP Operations Office and Privacy Policy and Governance team. The teams’ support included guidance on CSE privacy policies, procedures, and best practices for personal information management.

Institutional privacy policies and procedures

The CSE privacy policy suite includes a broad-scoped CSE Administrative Privacy Policy which outlines CSE’s obligations to manage and protect personal information in the course of its corporate functions in accordance with the Privacy Act, its regulations and Treasury Board Secretariat (TBS) policies relating to privacy. CSE initiated a review of its corporate privacy policy instruments in 2020-2021 to streamline the policy suite. The initiative is expected to be completed in the upcoming fiscal year.

In 2020-2021, CSE updated its internal privacy compliance and impact assessment process, based on CSE client feedback, to further streamline the process in the development of new services and programs. The process examines how personal information is involved in a program or activity, and how the activity may affect the privacy of an individual. This allows CSE program managers to examine the effectiveness of privacy protection measures and identify appropriate additional measures to mitigate the impact where necessary.

Other initiatives

CSE was onboarded into the ATIP Online Request Service (AORS) late in FY2018-19, giving CSE the ability to receive requests under section 12(1) directly online from the requestor. The AORS is a centralized website developed by TBS that enables users to complete access to information and privacy requests and submit them to any of the institutions that are subject to the Government of Canada’s Privacy Act. The current reporting period includes the second full year CSE has accepted requests through the AORS system. CSE received twenty-one (21) requests in this manner, representing approximately 91% of the total requests received, a significant increase from the 56% received through AORS in the previous reporting period.

In 2020-2021, the ATIP Operations team also collaborated with CSE Offices of Primary Interest (OPIs) to address the challenges and restrictions created by the COVID-19 pandemic, and impacts to the regular operational posture. The pandemic limited access of staff to CSE facilities and infrastructure, which in turn restricted access to classified information responsive to requests, as well as ATIP analysts’ ability to review the classified material and process the requests.

COVID-19

CSE was impacted by COVID-19 pandemic during the reporting period and transitioned a significant portion of its activities to a work-from-home posture. In support of this transition, the Privacy Policy and Governance Team promptly transitioned its business processes to effectively support its internal clients, and support CSE’s continuing compliance with the Privacy Act. In particular, the transition to a work-from-home posture for CSE led, in a very short period of time, to an unprecedented use of cloud-based communications services and the deployment of a significant number of new in-house applications on its internal network. CSE’s Privacy Policy and Governance team provided advice and guidance to support the initiative and ensure that privacy guidelines are integrated.

On the other hand, ATIP operations experienced significant challenges to continue regular operations due to the limited access of staff to CSE facilities and infrastructure, which in turn restricted access to classified information responsive to requests, as well as ATIP analysts’ ability to review the classified material and process the requests. CSE is examining ways in which to modify its processes to further enable analysts to perform some of their duties remotely where possible in 2020-2021.

Privacy impact assessments

During the 2020-2021 reporting period, CSE completed one (1) Privacy Impact Assessment related to an operational initiative through the creation of an information sharing process. The Privacy Policy and Governance team is further supporting the development of six Assessments related to various operational and corporate activities. During this fiscal year, the Privacy Policy and Governance team also conducted a Gap Analysis to identify CSE’s Privacy Impact Assessment priorities for the next five years.

Statistical report on the administration of the Privacy Act

Number of formal requests

During this reporting period, CSE received 23 requests under section 12(1) the Privacy Act, which is a decrease from the previous fiscal year when 36 new requests were received. This decrease may simply be a regular year-to-year fluctuation, however it may also be reasonably attributed to the COVID-19 pandemic. In addition, nineteen (19) requests outstanding from the previous reporting period were carried over, giving CSE a total of 42 requests to process. By the end of 2020-2021, CSE closed 23 requests and carried forward 19 into 2021-2022.

Table: Received Requests - Long description follows
 
Long description - Table: 1
Table: Received Requests
  Number of Received Requests
2016-2017 2017-2018 2018-2019 2019-2020 2020-2021
Privacy 23 10 12 36 23
Privacy Consultations 1 2 1 1 0
 

Disposition of completed requests

CSE closed 23 requests during this reporting period. Of these, 13 (56.5%) were disclosed in part, none were disclosed in full and two were abandoned by the applicants. There were also eight requests where the existence of records was neither confirmed nor denied. This can be attributed to requests for records which, if they exist, would be located in CSE’s exempt personal information bank (CSE PPU 040) which contains records relating to CSE’s foreign intelligence files. There were no requests which were exempted or excluded in full.

Table: Closed Requests - Long description follows
 
Long description - Table: 2
Table: Closed Requests
  Number of Closed Requests
2016-2017 2017-2018 2018-2019 2019-2020 2020-2021
Privacy 22 8 8 28 23
Privacy Consultations 1 2 1 1 0
 
Table: Disposition of Completed Requests - Long description follows
 
Long description - Table: 3
Table: Disposition of completed requests
Disposition Number of requests
2016-2017 2017-2018 2018-2019 2019-2020 2020-2021
All disclosed 0% 0% 0% 0% 0%
Disclosed in part 27% 50% 50% 61% 57%
All Exempted 0% 0% 0% 4% 0%
All Excluded 0% 0% 0% 0% 0%
No records exist 36% 13% 0% 7% 0%
Request abandoned 9% 25% 25% 11% 9%
Neither confirm nor Deny 27% 13% 25% 18% 35%
 

Neither confirm nor deny

Section 16(2) of the Act indicates that institutions do not have to tell a requester whether personal information exists. Section 16(2) was designed to address situations in which the mere confirmation of a record’s existence (or non-existence) would reveal information that could be protected under the Act. It is recommended that the application of section 16(2) be limited to circumstances where the confirmation or denial of the existence of a record would be injurious to Canada’s foreign relations, the defence of Canada, law enforcement activities, or the safety of individuals. When notifying a requester that it is invoking this provision, institutions must also indicate the part of the Act on which a refusal could reasonably be expected to be based if the record existed. The application of subsection 16(2) was used on eight occasions during the 2020-2021 fiscal year.

Completion time

Section 16(2) of the Act indicates that institutions do not have to tell a requester whether personal information exists. Section 16(2) was designed to address situations in which the mere confirmation of a record’s existence (or non-existence) would reveal information that could be protected under the Act. It is recommended that the application of section 16(2) be limited to circumstances where the confirmation or denial of the existence of a record would be injurious to Canada’s foreign relations, the defence of Canada, law enforcement activities, or the safety of individuals. When notifying a requester that it is invoking this provision, institutions must also indicate the part of the Act on which a refusal could reasonably be expected to be based if the record existed. The application of subsection 16(2) was used on eight occasions during the 2020-2021 fiscal year.

Table: Completion Time - Long description follows
 
Long description - Table: 4
Table: Completion time
Completion time Number of requests
2016-2017 2017-2018 2018-2019 2019-2020 2020-2021
Closed within 30 days 100% 88% 75% 50% 35%
31 to 60 days 0% 0% 13% 18% 0%
61 to 120 days 0% 13% 0% 14% 9%
121 to 180 days 0% 0% 0% 18% 22%
181 to 365 days 0% 0% 13% 0% 26%
More than 365 days 0% 0% 0% 0% 9%
 

Exemptions to the release of information

The most common exemptions applied at CSE were sections 21 and 26 of the Privacy Act. Of the 13 requests that were disclosed in part, section 21 was applied in all cases to protect information which could be reasonably expected to be injurious to the defense of Canada. Section 26 was applied in 12 requests to protect information about an individual other than the applicant. The application of these exemptions is consistent with previous reporting periods.

Extension of the time limit

Two (2) extensions, based on Section 15 (a)(i) of the Privacy Act relating to interference of operations, were taken on requests under the Privacy Act during the 2020-2021 fiscal year. Extensions were taken on two (2) additional requests under Section 15(a)(ii) due to the need for external consultations.

Consultations

CSE did not receive any consultations from other government departments during the reporting period. This could be attributed to year-to-year fluctuation.

Disclosure of personal information under paragraph 8(2)(m)

Subsection 8(2) of the Privacy Act describes the circumstances under which a government institution may disclose personal information under its control without the consent of the individual to whom the information relates. Such disclosures are discretionary and are subject to any other Act of Parliament.

Paragraph 8(2)(m) stipulates that an institution may disclose personal information for any purpose where, in the opinion of the head of the institution, the public interest in the disclosure clearly outweighs any invasion of privacy that could result from it or where the disclosure would clearly benefit the individual to whom the information relates. CSE did not disclose any personal information pursuant to paragraph 8(2)(m) during the reporting period.

Fees and costs

Total expenditures to administer the Privacy Act were $712,052. This represents an increase in expenditures from the previous fiscal year due to an expansion of the Privacy Policy and Governance team.

Complaints, judicial review and audits

Individuals who are not satisfied with the processing of their privacy request or who feel that their personal information has been improperly collected, used or disclosed can file a complaint with the Office of the Privacy Commissioner of Canada (OPC).

CSE received two (2) complaints during the fiscal year. One (1) privacy request carried over from 2017-2018 continued to be under judicial review in 2020-2021. Three (3) complaints were closed during the reporting period. Two (2) of the closed complaints were received prior to 2020-2021.

The first complaint closed during the reporting period was an exemption complaint received in July of 2018. CSE responded to the initial request neither confirming nor denying the existence of responsive records. CSE made representations to the OPC at the time the complaint was received. The OPC found that the complaint was not well founded in July 2020.

The second complaint closed was also an exemption complaint received in September of 2019. The complainant indicated that they had not received the release package as reported. A second release package was prepared and provided to the complainant and representations made to the OPC in October 2019. The OPC subsequently challenged the application of paragraph 19(1)(a) and section 21 on parts of the released package. CSE agreed to invite the complainant to view the information onsite in accordance with paragraph 17(1)(a) to review the information that was severed under paragraph 19(1)(a) and section 21. As a result, the OPC found the complaint to be well founded and resolved in February 2021.

The third complaint closed was a delay complaint which CSE had received in July 2020. CSE prioritized processing of the associated request and provided a response to the complainant in September 2020. The OPC found the complaint to be well founded and resolved in October 2020.

CSE has made representations to the OPC on the remaining complaint received during the current reporting period and will continue to communicate with the OPC to resolve it.

Monitoring compliance

Using our case management software, the ATIP Office continued to produce reports on the time taken to process requests. These reports were shared with our ATIP Coordinator throughout the fiscal year. CSE’s Executive Committee (made up of DM and ADM level executives) is also informed of the status of Privacy Act requests on a weekly basis.

Material privacy breaches

There were no material privacy breaches reported during the 2020-2021 fiscal year.

Appendix I: Delegation of Authority

Communications Security Establishment

Privacy Act Delegation Order

The Minister of National Defense, pursuant to section 73 of the Privacy Act, hereby designates the persons holding the positions set out below, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Minister of National Defense as the head of the Communications Security Establishment, under the provisions of the Act and related regulations set out below for each position.

  • Chief, Communications Security Establishment: joint authority under paragraph 8(2) (m) (public interest disclosure) with the Deputy Chief, Policy and Communications.
  • Deputy Chief, Policy and Communication: full authority, except joint authority under paragraph 8(2) (m) (public interest disclosure) with the Chief, Communications Security Establishment.
  • Director General, Policy. Disclosure and Review: full authority, except for paragraph 8(2) (m) (public interest disclosure).
  • Director, Disclosures, and Information Sharing: full authority, except for paragraph 8(2) (m) (public interest disclosure).
  • Manager, Disclosures: full authority, except for paragraph 8(2) (m) (public interest disclosure).
  • Supervisor, Access to Information and Privacy Operations: subsection 8(2) (use and disclosure) except for paragraph 8(2)(m) (public interest disclosure), subsection I 4(a) only when no records exist (notice) and section IS (extension of time limits).
  • Supervisor, Privacy, Policy and Governance: subsection 8(2) (use and disclosure) except for paragraph 8(2) (m) (public interest disclosure)
  • Manager, Counselling and Advisory Program: paragraph 8(2)(m) (public interest disclosure) when it is believed that there is a duty to report child abuse under provincial or territorial legislation as part of their official duties; or where it is believed that there is a threat of harm to self or other.
  • Counsellor, Counselling and Advisory Program: paragraph 8(2)(m) (public interest disclosure) when it is believed that there is a duty to report child abuse under provincial or territorial legislation as part of their official duties; or where it is believed that there is a threat of harm to self or other.

This delegation order replaces all previous delegation orders.

Dated at Ottawa this 26 day of April 2018

The Hon. Harijit S. Saijan. PC. OMM, MSM. CD. MP

Appendix II: Statistical Report on the Privacy Act

Name of institution: Communications Security Establishment

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Requests Under the Privacy Act
  Number of requests
Received during reporting period 23
Outstanding from previous reporting period 19
Total 42
Closed during reporting period 23
Carried over to next reporting period 19

Section 2: Requests closed during the reporting period

2.1 Disposition and completion time
Disposition of requests Completion time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 2 3 6 2 13
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 0 0 0 0 0 0 0 0
Request abandoned 2 0 0 0 0 0 0 2
Neither confirmed nor denied 1 5 0 0 2 0 0 8
Total 3 5 0 2 5 6 2 23
2.2 Exemptions
Section Number of requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 13
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 1
22(1)(c) 0
22(2) 0
22.1 0
22.2 0
22.3 1
22.4 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 12
27 2
27.1 0
28 1
 
2.3 Exclusions
Section Number of requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
 

2.4 Format of information released

Paper Electronic Other
2 11 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of pages processed Number of pages disclosed Number of requests
10870 5800 23
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 0 0 0 0 0 0 0 0 0 0
Disclosed in part 2 92 7 1305 2 677 2 3726 0 0
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 2 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 7 0 1 0 0 0 0 0 0 0
Total 11 92 8 1305 2 677 2 3726 0 0
2.5.3 Other complexities
Disposition Consultation required Assessment of fees Legal advice sought Other Total
All disclosed 0 0 0 0 0
Disclosed in part 2 0 0 0 2
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 2 0 0 0 2

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines
  Requests closed within legislated timelines
Number of requests closed within legislated timelines 8
Percentage of requests closed within legislated timelines (%) 34.8

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines
Number of Requests Closed Past the Legislated Timelines Principal Reason
Interference with Operations / Workload External Consultation Internal Consultation Other
15 3 0 7 5
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Where No Extension Was Taken Number of Requests Past  Legislated Timelines Where an Extension Was Taken Total
1 to 15 days 0 0 0
16 to 30 days 0 0 0
31 to 60 days 1 0 1
61 to 120 days 3 0 3
121  to 180 days 4 1 5
181 to 365 days 3 1 4
More than 365 days 0 2 2
Total 11 4 15
2.8 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures under subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Section 4: Requests for correction of personal information and notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken 15(a)(i) Interference with operations 15 (a)(ii) Consultation 
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet ConfidenceSection (Section 70) External Internal 15(b)
Translation purposes or conversion
4 0 2 0 0 0 2 0 0
5.2 Length of extensions
Length of Extensions 15(a)(i) Interference with operations 15 (a)(ii)
Consultation
Further review required to determine exemptions Large volume of pages Large volume of requests Documents
are difficult to obtain
Cabinet
Confidence
Section
(Section 70)
External Internal 15(b)
Translation purposes or conversion
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 0 2 0 0 0 2 0 0
31 days or greater    0
Total 0 2 0 0 0 2 0 0

Section 6: Consulations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of
Canada institutions
Number of pages
to review
Other
organizations
Number of pages
to review
Received during the reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Pending at the end of the reporting period 0 0 0 0
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of days required to complete consultation requests
1 to 15
days
16 to 30
days
31 to 60
days
61 to 120
days
121 to 180
days
181 to 365
days
More than 365
days
Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15
days
16 to 30
days
31 to 60
days
61 to 120
days
121 to 180
days
181 to 365
days
More than 365
days
Total
All disclosed 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 7: Completion time of consultations on Cabinet Confidences

7.1 Requests with Legal Services
Number of days Fewer than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 days 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of days Fewer than 100
pages processed
101-500
pages processed
501-1000
pages processed
1001-5000
pages processed
More than 5000
pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 days 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
Section 8: Complaints and investigations notices received
Section 31 Section 33 Section 35 Court action Total
2 0 2 0 4
Section 9: Privacy Impact Assessments (PIAs)
Number of PIA(s) completed 1
9.2 Personal Information Banks
Active Created Terminated Modified
2 0 0 0

Section 10: Material Privacy Breaches

Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

Section 11: Resources related to the Privacy Act

11.1 Costs
Expenditures Amount
Salaries $695,918
Overtime $0
Goods and Services $16,134
Goods and Services - Professional services contracts $0
Goods and Services - Other $16,134
Total $712,052
11.2 Human Resources
Resources Person Years Dedicated to Privacy Activities
Full-time employees 7.469
Part-time and casual employees 0.00
Regional staff 0.00
Consultants and agency personnel 0.00
Students 0.280
Total 7.749

Note: Enter values to two decimal places.

Supplemental Statistical Report on the Access to Information Act and Privacy Act

Name of institution: Communications Security Establishment

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Capacity to Receive Requests

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.
  Number of Weeks
Able to receive requests by mail 41
Able to receive requests by email 41
Able to receive requests through the digital request service 41

Section 2: Capacity to Process Records

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.
  No Capacity Partial Capacit Full Capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 11 41 0 52
Secret and Top Secret Paper Records 11 41 0 52
2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.
  No Capacity Partial Capacit Full Capacity Total
Unclassified Electronic Records 0 0 52 52
Protected B Electronic Records 11 41 0 52
Secret and Top Secret Electronic Records 11 41 0 52

Mission

Mission

Discover CSE's impactful mission

Careers

Careers

Join our team and help keep Canadians safe

Culture and community

Culture and community

Learn how we support our employees and our community

Report a problem on this page

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please select all that apply:

Thank you for your help!

You will not receive a reply. For enquiries, please contact us.

Date modified: