Publications & Reports
Annual Report to Parliament 2007-2008
The Administration of the Privacy Act in the Department of National Defence and the Canadian Forces
Table of Contents
- About National Defence and the Canadian Forces
- The Directorate Access to information and Privacy (DAIP)
- Report on the Privacy Act
- Appendix A - Report on the Privacy Act
- Appendix B - Department of National Defence Ministerial Delegation Order
- Appendix to Designation Order
The Mission of the Department of National Defence and Canadian Forces
The mission of the Department of National Defence (DND) and the Canadian Forces (CF) is to defend Canada, its interests and values, while contributing to international peace and security.
The Defence Portfolio
In many respects, the Department of National Defence is an organization like other departments of government. It is established by a statute, the National Defence Act which sets out the Minister's responsibilities, including the Minister's responsibility for the Department. The National Defence Act establishes DND and the CF as separate entities operating in close co-operation under the authority of the Minister of National Defence. The Minister of National Defence has specific responsibilities under that Act, and responsibilities for the administration of other statutes, regulations and orders.
The Defence Portfolio comprises the Department of National Defence and Canadian Forces and eight distinct portfolio organizations including:
- National Search and Rescue Secretariat (NSS);
- Canadian Forces Grievance Board (CFGB);
- Military Police Complaints Commission of Canada (MPCC);
- Office of the National Defence and Canadian Forces Ombudsman;
- Communications Security Establishment Canada (CSEC);
- Office of the Chief Military Judge (CMJ);
- Office of the Communications Security Establishment Commissioner (OCSEC); and
- Defence Research and Development Canada (DRDC).
The CF includes the Environmental Commands (Navy, Army and Air Force), and Operational Commands (CANADACOM, CEFCOM, CANSOFCOM, and CANOSCOM) as well as the following support organizations and services:
- A police service, comprising the Military Police and the National Investigation Service, operating under the Canadian Forces Provost Marshal;
- A justice system, administered under the superintendence of the Judge Advocate General;
- Chaplaincy services;
- Extensive communications networks in Canada and abroad;
- Firefighting services;
- Medical and dental services because CF members are excluded from both the Canada Health Act of 1984 and the Public Service Health Care Plan;
- The Canadian Cadet Program and the Junior Canadian Rangers;
- The Canadian Defence Academy;
- The Canadian Forces Grievance Authority;
- The Canadian Forces Housing Agency; and
- The Canadian Forces Personnel Support Agency.
Together, the diverse elements of the Defence Portfolio provide the core services and capabilities required to defend Canada and Canadian interests, and form an important constituency within the broader Canadian national security community.
The relationship differs between DND and each of the Portfolio organizations, therefore, the level of service provided to each will vary accordingly. Each organization has varying needs and responsibilities so they must be treated fairly but differently from one another. These reporting arrangements are designed to ensure accountability while maintaining an “arm’s-length” relationship. This difference in associations is not unlike that of Portfolios in other government departments.
Treasury Board uses the Management Accountability Framework to place increased emphasis on Portfolio coordination. The Privy Council Office is also directing government-wide adherence to Portfolio coordination in accordance with the Federal Accountability Act. DND has a Portfolio Governance and Coordination section to address these requirements.
Accountability in DND and the CF is described in detail in Organization and Accountability: Guidance for Members of the Canadian Forces and Employees of the Department of National Defence. Specific accountability for results and associated performance measurements at the organizational level of the Assistant Deputy Ministers and the Environmental Chiefs of Staff are detailed in the Defence Plan On-Line.
The Departmental Organization and Structure
The DND/CF has a unique personnel structure made up of two separate components – one military and one civilian. This table depicts the number of personnel in each component:
|Departmental Personnel Figures by Component as of March 31, 2008|
Primary Reserve force:
|Civilian employees (Indeterminate):||25,966|
|Total Military and Civilian Personnel:||116,009|
The Chain of Command
National Defence Headquarters (NDHQ) in Ottawa provides broad direction for administration and operations, with specific execution being assigned to the various elements of the Department and the CF located across the country.
The DND/CF Ombudsman reports directly to and is accountable to the Minister of National Defence. His office was established to act as a direct source of information, referral and education to assist individuals to access existing channels of assistance and redress within DND/CF. To ensure the confidentiality of information brought to his attention, the Ombudsman has been given autonomy for Access to Information and Privacy (ATIP) matters related to his office. Accordingly, a separate annual report will be tabled respecting the administration of the Privacy Act (PA) within the Office of the Ombudsman.
The Canadian Forces Grievance Board, the Military Police Complaints Commission and the Office of the CSE Commissioner are institutions separate and apart from DND. Consequently, these institutions are not accounted for in this Annual Report.
The Organizational Chart
The Purpose of the Privacy Act
The Privacy Act came into force on July 1, 1983. Under subsection 12(1) of the Act, Canadian citizens, permanent residents (within the meaning of the Immigration Act), all inmates (within the meaning of Part 1 of the Corrections and Conditional Release Act), and individuals present in Canada (who are not Canadian citizens, permanent residents or inmates) have a right of access to their personal information that is under the control of the DND/CF.
This right of access is balanced against the legitimate need to protect sensitive information and to permit the effective functioning of government while promoting transparency and accountability in government institutions.
In addition, the Act protects an individual's privacy by preventing others from accessing his or her personal information and it speaks to the collection, retention, accuracy, disposal, use and disclosure of personal information.
The Mission of DAIP
The mission of DAIP is to deliver Access to Information and Privacy Services, professional advice and training within DND and the CF.
The Mandate of DAIP
The mandate of DAIP is to act on behalf of the Minister of National Defence in promoting awareness, enforcing compliance with legislation, regulations, and government policy and to create departmental directions, including standards, in all matters relating to the Access to Information Act and the Privacy Act. DAIP authority in this regard extends to all elements of DND/CF – except for the Office of the Ombudsman, the Military Police Complaints Commission, the Office of the CSE Commissioner and the Canadian Forces Grievance Board who are separate institutions under the control of the Minister of National Defence and are responsible for their own Access to Information and Privacy administration.
The Delegation Authority
At DND/CF, a single Coordinator, the Director of DAIP, administers and coordinates both the Access to Information Act and the Privacy Act within the organization. For organizational matters, DAIP comes under the authority of the Assistant Deputy Minister Finance and Corporate Services (ADM Fin CS), via the Director General Corporate and Shared Services (DGCSS). DAIP seeks advice on legal, public affairs, and policy matters from other organizations and specialists as required.
In accordance with section 73 of the ATIA and PA, a delegation of authority, signed by the Minister of National Defence, designates the person holding the position of Director Access to Information and Privacy and the person(s) holding the position(s) of Deputy Director Access to Information and Privacy to exercise all powers and functions of the Minister as the Head of institution under the Acts. It also designates other specific powers and functions to employees within DAIP. See annex B.
The Access to Information and Privacy (ATIP) organization within DND/CF operates with a staff of 60 civilians, 2 military personnel and 4 consultants. The DAIP work force is divided into working groups consisting of an Administration Support Service Group, a Privacy Group, three Access to Information (ATI) Groups and a Strategic Planning Group that handles all ATIP policies, training and IT needs.
DAIP establishes an annual business plan and sets annual performance objectives, which are monitored.
Personal Information Record Holdings
DAIP provides on a yearly basis an update of the Department’s information holdings to the Treasury Board Secretariat for publication. A description of the Personal Information Banks held by DND/CF can be found in the following publications:
- Info Source - Sources of Federal Government Information; and
- Info Source - Sources of Federal Employee Information .
The Info Source can be obtained through public and academic libraries, constituency offices of federal Members of Parliament, and on the Internet at http://www.infosource.gc.ca.
A reading room is available to individuals wanting to review DND/CF publications, and other public materials under the control of the institution. Individuals interested in visiting the reading room must phone ahead to make an appointment. The phone number to call is 613-995-3821.
The DND reading room is located at:
Place de Ville, B Tower, 17th Floor
112 Kent Street
DAIP Internet Site
DAIP Internet Site may be viewed at
Requests under the Act
The privacy client group for DND/CF consists, for the most part, of current and former federal public servants and Canadian Forces personnel. Requests relate to personnel, medical or staff relation issues.
During this reporting period National Defence received a total of 5,244 new requests under the Privacy Act, 932 were carried forward from 2006-2007 and 5,566 requests were completed. Of the 5,566 requests completed, 1,043 requests were either transferred to other federal institutions, could not be processed or were abandoned. A total of 760,568 pages were reviewed and 724,447 pages were disclosed, 610 requests were carried forward to the 2008–2009 fiscal year.
DND/CF also responded to 37 consultations regarding privacy requests involving DND/CF records or issues.
In addition, 2,525 informal requests for information were processed by DAIP in support of DND/CF broader objective of providing Canadians with relevant information on an informal and timely basis. These requests were from past and present CF employees seeking information from their personnel and pay files for the reserve pension buy-back program. In order to expedite the response process, DAIP assembled a temporary in-house privacy-working group to support the program.
Dispositions of Completed Requests
The disposition of the completed requests was as follows:
- 1,635 fully disclosed;
- 2,866 partially disclosed;
- 369 transferred or re-directed to another institution;
- 22 nothing disclosed;
- 422 abandoned; and
- 252 could not be processed.
Completion Time and Extensions
The 5,566 requests completed in 2007–2008 were processed in the following timeframes:
- 2,223 within 30 days or less (40%); and
- 975 within 31 to 60 days (18%);
- 1,009 within 61 to 120 days (18%);
- 1,359 on and over 121 (24%).
DND/CF invoked the following exemptions:
- 11 times under section 19 (Information received in confidence);
- 8 times under section 21 (International affairs and defence);
- 122 times under section 22 (Law enforcement and investigations);
- 2 under section 23 (Security clearances);
- 2 under section 25 (Safety of individuals);
- 2,814 times under section 26 (Personal information); and
- 36 times under section 27 (Solicitor-client privilege).
Complaints and Investigations
During this fiscal year 46 complaints were registered with the Privacy Commissioner:
- 23 Delay;
- 3 Miscellaneous;
- 5 Missing Information;
- 7 Refusal Exemption; and
- 8 Refusal General.
39 complaint investigations were completed and concluded as follows:
- 2 complaints were resolved,
- 7 complaints were discontinued,
- 6 complaints were not well founded, and
- 24 were well founded.
57 complaints were carried forward to 2008-2009.
Section 8 Disclosures
- 108 under paragraph 8(2)(e);
- 15 under paragraph 8(2)(f);
- 1 under paragraph 8(2)(g); and
- 2 under paragraph 8(2)(m) of the Act.
Of the two 8(2)(m) disclosures, the first one involved the release of a home address for a survey and the second one concerned a Hazardous Material Safety Report on a deceased civilian. As required by the Act, the Privacy Commissioner was duly notified in both cases.
Data Matching and Sharing Activities
No data matching or sharing initiatives were undertaken by DND/CF during this reporting period.
During 2007–2008, an estimated $1,261,305 in salary costs and $368,141 in administrative costs were incurred by DAIP to administer the Privacy Act. These costs do not include the resources expended by the program areas of DND to meet the requirements of the Act.
Privacy Impact Assessments
The Privacy Impact Assessment (PIA) Policy came into effect on May 2, 2002. Its objective is to assure Canadians that privacy principles are being taken into account during the design, implementation and evolution of programs and services that involve personal information. The policy requires that programs and services with potential privacy risks undergo a PIA.
During this reporting period one PIA on the outsourcing of a portion of the CF Pre-employment Screening
Process was completed and submitted to the Office of the Privacy Commissioner. The summary of the PIA is
posted on the department’s web site at:
During 2007–2008, DAIP continued to provide training sessions for employees on a regular basis. A total of 71 training sessions were given and 1,402 participants were familiarized with the Act and given a better understanding of their obligations, and of the process within DND/CF. Customized sessions were also provided to specialized groups. DAIP continues to fund training sessions outside of the National Capital Region. The training sessions are intrinsic to achieving increased compliance with both the Access to Information and Privacy legislation.
On site training sessions were provided to the DAIP staff members. Two officers from the Privy Council Office delivered information sessions on the application of section 70 of the Act. Two training sessions on section 27 of the Act were also provided.
In addition to the management of access and privacy requests, ATIP staff provides advice and guidance to DND/CF employees and managers on compliance requirements with the legislation, as well as information sessions on the processing of ATIP requests.
Summary of Significant Changes to Operations or Procedures
None to report.
Policies and Procedures Implemented or Revised
DAIP has undertaken to write a Departmental policy to deal with privacy violation. The policy should be in place in the next reporting period.
Changes Implemented as a Result of Issues Raised by the Privacy Commissioner
The Privacy Commissioner raised no issues.
Application to the Federal Court or Federal Court of Appeal
None to report.
Statistical Report on the Act
This report can be found at Appendix A.