Publications & Reports

Annual Report to Parliament 2007-2008

Canadian Forces Crest

The Administration of the Privacy Act in the Department of National Defence and the Canadian Forces

Table of Contents

  1. About National Defence and the Canadian Forces
  2. The Directorate Access to information and Privacy (DAIP)
  3. Report on the Privacy Act

1.  About National Defence and Canadian Forces

The Mission of the Department of National Defence and Canadian Forces

The mission of the Department of National Defence (DND) and the Canadian Forces (CF) is to defend Canada, its interests and values, while contributing to international peace and security.

The Defence Portfolio

In many respects, the Department of National Defence is an organization like other departments of government. It is established by a statute, the National Defence Act ­which sets out the Minister's responsibilities, including the Minister's responsibility for the Department. The National Defence Act establishes DND and the CF as separate entities operating in close co-operation under the authority of the Minister of National Defence. The Minister of National Defence has specific responsibilities under that Act, and responsibilities for the administration of other statutes, regulations and orders.

The Defence Portfolio comprises the Department of National Defence and Canadian Forces and eight distinct portfolio organizations including:

The CF includes the Environmental Commands (Navy, Army and Air Force), and Operational Commands (CANADACOM, CEFCOM, CANSOFCOM, and CANOSCOM) as well as the following support organizations and services:

Together, the diverse elements of the Defence Portfolio provide the core services and capabilities required to defend Canada and Canadian interests, and form an important constituency within the broader Canadian national security community.

The relationship differs between DND and each of the Portfolio organizations, therefore, the level of service provided to each will vary accordingly. Each organization has varying needs and responsibilities so they must be treated fairly but differently from one another. These reporting arrangements are designed to ensure accountability while maintaining an “arm’s-length” relationship. This difference in associations is not unlike that of Portfolios in other government departments.

Treasury Board uses the Management Accountability Framework to place increased emphasis on Portfolio coordination. The Privy Council Office is also directing government-wide adherence to Portfolio coordination in accordance with the Federal Accountability Act. DND has a Portfolio Governance and Coordination section to address these requirements.

Accountability in DND and the CF is described in detail in Organization and Accountability: Guidance for Members of the Canadian Forces and Employees of the Department of National Defence. Specific accountability for results and associated performance measurements at the organizational level of the Assistant Deputy Ministers and the Environmental Chiefs of Staff are detailed in the Defence Plan On-Line.

The Departmental Organization and Structure

The DND/CF has a unique personnel structure made up of two separate components – one military and one civilian. This table depicts the number of personnel in each component:

Departmental Personnel Figures by Component as of March 31, 2008
Military members:
Regular force:
Primary Reserve force:

Civilian employees (Indeterminate): 25,966
Total Military and Civilian Personnel: 116,009

The Chain of Command

National Defence Headquarters (NDHQ) in Ottawa provides broad direction for administration and operations, with specific execution being assigned to the various elements of the Department and the CF located across the country.

The DND/CF Ombudsman reports directly to and is accountable to the Minister of National Defence. His office was established to act as a direct source of information, referral and education to assist individuals to access existing channels of assistance and redress within DND/CF. To ensure the confidentiality of information brought to his attention, the Ombudsman has been given autonomy for Access to Information and Privacy (ATIP) matters related to his office. Accordingly, a separate annual report will be tabled respecting the administration of the Privacy Act (PA) within the Office of the Ombudsman.

The Canadian Forces Grievance Board, the Military Police Complaints Commission and the Office of the CSE Commissioner are institutions separate and apart from DND. Consequently, these institutions are not accounted for in this Annual Report.

The Organizational Chart

Top of Page

2. The Directorate Access to Information and Privacy (DAIP)

The Purpose of the Privacy Act

The Privacy Act came into force on July 1, 1983. Under subsection 12(1) of the Act, Canadian citizens, permanent residents (within the meaning of the Immigration Act), all inmates (within the meaning of Part 1 of the Corrections and Conditional Release Act), and individuals present in Canada (who are not Canadian citizens, permanent residents or inmates) have a right of access to their personal information that is under the control of the DND/CF.

This right of access is balanced against the legitimate need to protect sensitive information and to permit the effective functioning of government while promoting transparency and accountability in government institutions.

In addition, the Act protects an individual's privacy by preventing others from accessing his or her personal information and it speaks to the collection, retention, accuracy, disposal, use and disclosure of personal information.

The Mission of DAIP

The mission of DAIP is to deliver Access to Information and Privacy Services, professional advice and training within DND and the CF.

The Mandate of DAIP

The mandate of DAIP is to act on behalf of the Minister of National Defence in promoting awareness, enforcing compliance with legislation, regulations, and government policy and to create departmental directions, including standards, in all matters relating to the Access to Information Act and the Privacy Act. DAIP authority in this regard extends to all elements of DND/CF – except for the Office of the Ombudsman, the Military Police Complaints Commission, the Office of the CSE Commissioner and the Canadian Forces Grievance Board who are separate institutions under the control of the Minister of National Defence and are responsible for their own Access to Information and Privacy administration.

The Delegation Authority

At DND/CF, a single Coordinator, the Director of DAIP, administers and coordinates both the Access to Information Act and the Privacy Act within the organization. For organizational matters, DAIP comes under the authority of the Assistant Deputy Minister Finance and Corporate Services (ADM Fin CS), via the Director General Corporate and Shared Services (DGCSS). DAIP seeks advice on legal, public affairs, and policy matters from other organizations and specialists as required.

In accordance with section 73 of the ATIA and PA, a delegation of authority, signed by the Minister of National Defence, designates the person holding the position of Director Access to Information and Privacy and the person(s) holding the position(s) of Deputy Director Access to Information and Privacy to exercise all powers and functions of the Minister as the Head of institution under the Acts. It also designates other specific powers and functions to employees within DAIP. See annex B.

DAIP Organization

The Access to Information and Privacy (ATIP) organization within DND/CF operates with a staff of 60 civilians, 2 military personnel and 4 consultants. The DAIP work force is divided into working groups consisting of an Administration Support Service Group, a Privacy Group, three Access to Information (ATI) Groups and a Strategic Planning Group that handles all ATIP policies, training and IT needs.

DAIP establishes an annual business plan and sets annual performance objectives, which are monitored.

Personal Information Record Holdings

DAIP provides on a yearly basis an update of the Department’s information holdings to the Treasury Board Secretariat for publication. A description of the Personal Information Banks held by DND/CF can be found in the following publications:

The Info Source can be obtained through public and academic libraries, constituency offices of federal Members of Parliament, and on the Internet at

Reading Room

A reading room is available to individuals wanting to review DND/CF publications, and other public materials under the control of the institution. Individuals interested in visiting the reading room must phone ahead to make an appointment. The phone number to call is 613-995-3821.

The DND reading room is located at:

Place de Ville, B Tower, 17th Floor
112 Kent Street
Ottawa, Ontario.

DAIP Internet Site

DAIP Internet Site may be viewed at

Top of Page

3. Report on the Privacy Act

Requests under the Act

The privacy client group for DND/CF consists, for the most part, of current and former federal public servants and Canadian Forces personnel. Requests relate to personnel, medical or staff relation issues.

During this reporting period National Defence received a total of 5,244 new requests under the Privacy Act, 932 were carried forward from 2006-2007 and 5,566 requests were completed. Of the 5,566 requests completed, 1,043 requests were either transferred to other federal institutions, could not be processed or were abandoned. A total of 760,568 pages were reviewed and 724,447 pages were disclosed, 610 requests were carried forward to the 2008–2009 fiscal year.

DND/CF also responded to 37 consultations regarding privacy requests involving DND/CF records or issues.

In addition, 2,525 informal requests for information were processed by DAIP in support of DND/CF broader objective of providing Canadians with relevant information on an informal and timely basis. These requests were from past and present CF employees seeking information from their personnel and pay files for the reserve pension buy-back program. In order to expedite the response process, DAIP assembled a temporary in-house privacy-working group to support the program.

Dispositions of Completed Requests

The disposition of the completed requests was as follows:

Completion Time and Extensions

The 5,566 requests completed in 2007–2008 were processed in the following timeframes:

Exemptions Invoked

DND/CF invoked the following exemptions:

Complaints and Investigations

During this fiscal year 46 complaints were registered with the Privacy Commissioner: 

39 complaint investigations were completed and concluded as follows:

57 complaints were carried forward to 2008-2009.

Section 8 Disclosures

Of the two 8(2)(m) disclosures, the first one involved the release of a home address for a survey and the second one concerned a Hazardous Material Safety Report on a deceased civilian. As required by the Act, the Privacy Commissioner was duly notified in both cases.

Data Matching and Sharing Activities

No data matching or sharing initiatives were undertaken by DND/CF during this reporting period.


During 2007–2008, an estimated $1,261,305 in salary costs and $368,141 in administrative costs were incurred by DAIP to administer the Privacy Act. These costs do not include the resources expended by the program areas of DND to meet the requirements of the Act.

Privacy Impact Assessments

The Privacy Impact Assessment (PIA) Policy came into effect on May 2, 2002. Its objective is to assure Canadians that privacy principles are being taken into account during the design, implementation and evolution of programs and services that involve personal information. The policy requires that programs and services with potential privacy risks undergo a PIA.

During this reporting period one PIA on the outsourcing of a portion of the CF Pre-employment Screening Process was completed and submitted to the Office of the Privacy Commissioner.  The summary of the PIA is posted on the department’s web site at:

Training Sessions

During 2007–2008, DAIP continued to provide training sessions for employees on a regular basis. A total of 71 training sessions were given and 1,402 participants were familiarized with the Act and given a better understanding of their obligations, and of the process within DND/CF. Customized sessions were also provided to specialized groups. DAIP continues to fund training sessions outside of the National Capital Region. The training sessions are intrinsic to achieving increased compliance with both the Access to Information and Privacy legislation.

On site training sessions were provided to the DAIP staff members. Two officers from the Privy Council Office delivered information sessions on the application of section 70 of the Act. Two training sessions on section 27 of the Act were also provided.

In addition to the management of access and privacy requests, ATIP staff provides advice and guidance to DND/CF employees and managers on compliance requirements with the legislation, as well as information sessions on the processing of ATIP requests.

Summary of Significant Changes to Operations or Procedures

None to report.

Policies and Procedures Implemented or Revised

DAIP has undertaken to write a Departmental policy to deal with privacy violation. The policy should be in place in the next reporting period.

Changes Implemented as a Result of Issues Raised by the Privacy Commissioner

The Privacy Commissioner raised no issues.

Application to the Federal Court or Federal Court of Appeal

None to report.

Statistical Report on the Act

This report can be found at Appendix A.