Language selection

Search


We have archived this page on the web

The information on this page is for reference only. It was accurate at the time of publishing but may no longer reflect the current state at the Canada Border Services Agency. It is not subject to the Government of Canada web standards.

Annual Report to Parliament on the Privacy Act: 2020 to 2021

From: Canadian Border Services Agency

Chapter 1: Privacy Act report

Introduction

The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act, its annual report on the management of this Act. The report describes the activities that support compliance with the Privacy Act for the fiscal year commencing , and ending . During this period, the CBSA continued to build on successful practices implemented in previous years.

The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.Footnote 1

As stated in subsections 72(1) and 72(2) of the Privacy Act, “Every year the head of every government institution shall prepare a report on the administration of this Act within the institution during the period beginning on of the preceding year and ending on of the current year… Every report prepared under subsection (1) shall be laid before each House of Parliament on any of the first 15 days on which that House is sitting after September 1 of the year in which the report is prepared.”Footnote 2

Organization

I. About the Canada Border Services Agency

The CBSA has been, since 2003, an integral part of the Public Safety Canada (PS) portfolio, which was created to protect Canadians and maintain a peaceful and safe society. The Agency is responsible for providing integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation.Footnote 3

The CBSA carries out its responsibilities with a workforce of approximately 14,000 employees, including over 6,500 uniformed CBSA officers who provide services at approximately 1,200 points across Canada and at 39 international locations.Footnote 4

II. Information Sharing, Access to Information and Chief Privacy Office

The Information Sharing, Access to Information and Chief Privacy (ISATICP) Office is comprised of 6 units: an Administration section, 3 Case Management units, and 2 Policy units. The Administration section's function is to receive all incoming requests and consultations, to ensure quality control of all outgoing correspondence, and to support the Case Management units in their day-to-day business. The Case Management units assign branches and regions with retrieval requests, process requests under the Privacy Act, and provide daily operational guidance and support to CBSA employees. The ATIP Policy and Governance Unit develops policies, tools, and procedures to support ATIP requirements within the CBSA and provides training to employees. The Information Sharing and Collaborative Arrangement Policy Unit maintains the policy framework for the CBSA's information‑sharing and domestic written collaborative arrangements. On average, 80 full‑time equivalents, and 3 part‑time, casual and student employees were employed in the ISATICP Office during fiscal year 2020 to 2021.

The ATIP coordinator for the CBSA is the Executive Director of the ISATICP Office. The ISATICP Office is part of the Chief Data Office, which reports to the Vice-President (VP) of the Strategic Policy Branch. Consistent with best practices identified by the Treasury Board of Canada Secretariat (TBS),)Footnote 5 the CBSA's ATIP coordinator is positioned within 3 levels of the President and has full delegated authority, reporting directly to the Chief Data Officer, who in turn reports to the VP of the Strategic Policy Branch.

Key to maintaining compliance with the statutory time requirements of the Privacy Act is the CBSA ISATICP Office's ability to obtain personal information from branches and regions in a timely and reliable manner. Supported by a network of 21 ATIP liaison officers across the CBSA, the ISATICP Office is well‑positioned to receive, coordinate, and process requests for personal information under the Privacy Act.

The CBSA ISATICP Office works closely with other members of the PS portfolio, including the Canadian Security Intelligence Service, the Correctional Service of Canada, the Parole Board of Canada, and the Royal Canadian Mounted Police, to share best practices and develop streamlined processes for the retrieval of jointly held records within the 30-day legislated time frame required to respond to privacy requests.

Activities and accomplishments

I. Performance

Fiscal year 2020 to 2021 saw high volumes of privacy requests made to the CBSA. The volumes are largely attributable to individuals seeking copies of their history of arrival dates into Canada. In fiscal year 2020 to 2021, 79.9% of all the privacy requests received by the CBSA came from individuals seeking their Traveller History Report (THR), which contains information used to support residency requirements for programs administered by Immigration, Refugees and Citizenship Canada (IRCC) and Employment and Social Development Canada (ESDC).

In , IRCC, in consultation with the CBSA, introduced a new consent-based application form which sees applicants for citizenship provide consent on their applications for IRCC to view their travel history directly. The CBSA has allocated 100 accounts to the IRCC to verify (view only) clients' THR to Canada. IRCC has since viewed approximately 1.63 million THR, of which 79,011 were in fiscal year 2020 to 2021, that might otherwise have been requested formally through the CBSA by way of formal Privacy Act, or Access to Information Act requests.

The CBSA continued to see high volumes of privacy requests submitted through the Access to Information and Privacy Online Request tool. Through this tool, the agency received 10,847 requests, which amounted to 90.4% of all privacy requests received by the CBSA.

The CBSA continued to offer the electronic format for responses to privacy requests. Although electronic format made up only 82.5%, these requests accounted for 96.5% of all the pages the CBSA disclosed in their entirety or disclosed in part this fiscal year.

The ISATICP Office also provided case-by-case policy guidance to CBSA program areas related to the disclosure of information under section 8 of the Privacy Act and section 107 of the Customs Act. In total, the ISATICP Office received 2,523 requests for guidance in fiscal year 2020 to 2021, representing an increase of 32.5% over the previous year.

Finally, as per Section 73.1 of the Privacy Act, the CBSA ISATICP Office has not provided services related to any power, duty or function conferred or imposed on the CBSA under this Act to another government institution that is under the responsibility of the Minister of Public Safety and Emergency Preparedness and has not received such services from any other such government institution.

II. Education and training

In fiscal year 2020 to 2021, despite teleworking and minimal access, the CBSA ISATICP Office continued to provide support and guidance to employees. To do so, the Office adapted to numerous changes and explored alternative measures to delivery. Not being able to offer in-person training sessions, the CBSA ISATICP office shared it's training materials with 24 employees and also provided 3 virtual training sessions to 85 employees. The training sessions are designed to ensure that the participants fully understood their responsibilities under the Privacy Act and the Access to Information Act, with a focus on requests made pursuant to the Acts and the duty to assist principles.

It should be noted that the CBSA added the Canada School of Public Service's (CSPS) Access to Information and Privacy Fundamentals (I015) course to the list of mandatory training. This training must be successfully completed by all persons employed by the CBSA who occupy an indeterminate or term position on a full-time, part-time or seasonal basis, as well as students and casual employees. It also must be completed within 6 months of joining the CBSA. As of , 9,699 employees have successfully completed the course. This newly added course has replaced CBSA's Managing Information at the Canada Border Services Agency and the Access to Information Act and the Privacy Act (F5017-P) course, which has now been archived.

Moreover, the ISATICP Office delivered 2 training sessions on section 107 of the Customs Act, as well as basic information‑sharing, disclosure of intelligence-related information, and business line‑specific training sessions to 14 employees. In addition, before attending the training, employees are advised to complete the interactive online training course, regarding information sharing that was developed by the ISATICP Office.

Further, the ISATICP Office continues to raise employees' awareness of their obligations under the Privacy Act by leveraging the Agency's daily newsletter as a way to provide employees with important information. The communiqués include key dates, such as Data Privacy Day, and other activities at the CBSA to promote ATIP tools and resources. Additionally, a bi-annual message is sent to employees to promote the CBSA privacy breach protocol and the importance of reporting privacy breaches.

Finally, the CBSA ISATICP Office continues to actively participate in the TBS-led ATIP coordinators and ATIP practitioners meetings. These meetings provide opportunities for employees of the Office to liaise with employees from other institutions to discuss various issues and challenges that have been identified by the ATIP community.

III. New and revised privacy-related policies and procedures

During fiscal year 2020 to 2021, the CBSA ISATICP Office continued to revise existing policies, to develop new ones, and to introduce new procedures.

The Office has continued to take a number of measures to enhance and promote ATIP tools that are readily accessible to CBSA employees by utilizing Apollo (GCDocs). To this end, it ensures that the CBSA ISATICP Office intranet site is up to date and available to all CBSA employees. This allows the Office to quickly share information and best practices and to facilitate collaboration across the agency.

The CBSA continued to see a rise in ATIP related audio/video redacting requests. In response to this growth, the CBSA ISATICP Office, in partnership with the Chief Transformation Officer Branch and the Information, Science and Technology Branch, and as part of an Innovation Solution Canada challenge initiative, is currently involved in a project allowing private companies to introduce applied concept for the redaction of video recording. This solution will allow video and audio recordings to be automatically processed. This year, Phase 1 of the initiative was undertook and completed. Once available, this software will be promoted as the solution for processing video and audio recordings for the entirety of the Government of Canada.

As mentioned above, CBSA's high volumes of requests received are largely attributable to individuals seeking copies of their respective THRs which contains information used to support residency requirements for programs administered by IRCC and ESDC. To solve this problem, the CBSA ISATICP Office is actively working on the introduction of an online portal, which will allow travellers to obtain their own THR of their arrivals and departures from Canada.

The Covid-19 pandemic has also pressed the CBSA to look at new ways to offer documents to requesters. To this end, the CBSA ISATICP Office started sending documents safely via email to clients when consent was provided. The Office will soon adopt the Online Request Services/Online Management Tool developed by TBS, which will allow it to interact with the requesters directly, and also securely disclose documents to clients.

The CBSA ISATICP Office is also looking at introducing a new automated tool to register new incoming access to information and privacy requests without the requirement for human intervention. Currently, the Office requires employees to manually enter the information received from clients in our database. This automated tool will access the same information, and perform the same tasks, as the current employees who register new requests.

This year, the CBSA continued to be an active and key participant in the Privacy Act Modernization working group, which has helped establish the CBSA's position on the modernization of this Act. The CBSA believes that a modernized Act should facilitate the government work while continuing to respect individuals' privacy rights and the Canadian Charter of Rights and Freedom. The CBSA will continue to develop policy options, and to work on transition advice, alongside the Department of Justice, in the modernization of the Privacy Act.

The CBSA ISATICP Office continued to provide the service of informally reviewing CBSA records for internal programs as if they had been requested under the Privacy Act. The Office received 243 internal requests of this nature in fiscal year 2020 to 2021.

The CBSA closely monitors the time it takes to process privacy requests. Monthly reports, which show trends and performance, are submitted to the Assistant Directors of the Case Management units, and to the Executive Director of the ISATICP Office. Finally, monthly reports consisting of statistics on the performance of the offices of primary interest are also distributed to all ATIP liaison officers.

IV.  Reading room

The CBSA, in accordance with the Privacy Act, maintains a reading room for applicants who wish to review material in person at the CBSA. Applicants may access the reading room by contacting the CBSA's ISATICP Office by telephone at 343-291-7021 or by sending an email to atip-aiprp@cbsa-asfc.gc.ca. The reading room is located at:

Place Vanier Complex
14 flr Tower A
333 N River Rd
Ottawa ON  K1A 0L8

V.  Audits of, and investigations into the privacy practices of the Canada Border Services Agency

In 2020 to 2021, there were no key issues raised as a result of privacy investigations, and no audits were conducted that related to privacy practices of the CBSA.

VI.  Privacy impact assessments

In fiscal year 2020 to 2021, the CBSA completed 3 Privacy Impact Assessments (PIA), and 1 Privacy Compliance Evaluation (PCE). They were all sent to the Office of the Privacy Commissioner of Canada and TBS for review and comments.

The 3 PIAs and the PCE completed by the CBSA are:

Full executive summaries of these PIAs are available.

Mobile Border

As part of the CBSA modernization initiative, a new service channel is being introduced to provide the ability for travellers to present, report goods and appear for an examination using a mobile application to communicate remotely with a border services officer (BSO). The introduction of mobile technology will help the CBSA address increasing difficulties in maintaining the required infrastructure and BSOs in regions with geographical challenges and low staffing levels. Mobile Border will be deployed in a phased approach starting with a soft launch to be tested as a voluntary, alternative option at existing telephone reporting sites in regions that have limited CBSA resources.

It is expected that by providing a more convenient and accessible reporting tool, travellers who do not currently fulfill their obligations when entering Canada will make an effort to be compliant. Mobile Border has the potential to reduce processing times and to simplify CBSA procedures by automating routine activities that are currently done manually by BSOs (for example verbal collection and manual entry of traveller information). Furthermore, it will enable the CBSA to achieve the required identity assurance level for remote primary processing in accordance with TBS Directive on Identity Management.

Following the soft launch, in summer 2021, the agency will evaluate the results to determine a strategy for future implementation of a mobile application as a nation-wide program and expansion to additional CBSA locations with larger volumes and varying operational models (for example airports, buses and cruise ships).

Next generation handhelds

Wireless handheld devices were introduced into the CBSA operations between 2014 and 2017, to support the Entry/Exit Initiative and Beyond the Border Action Plan. The devices were equipped with a mobile version of the Integrated Primary Inspection Line (IPIL) application to facilitate the secure and accurate capture and risk assessment of individual traveller and conveyance information. Devices were initially deployed to the CBSA service points that were not equipped with primary inspection booths, as well as ports of entry (POEs) where primary inspection booths were present, but did not support all types of traveller processing. An example of this would be bus processing at large ports where workstations are only available in adjacent booths or buildings, but not where BSOs process travellers directly. In this scenario, handheld devices allowed BSOs to complete traveller processing on the bus, rather than offloading passengers.

Today, at most POEs, booths equipped with IPIL Air and IPIL Highway along with fixed workstations and document readers, provide BSOs with a means of capturing traveller and conveyance (for example licence plate) information for risk assessment against customs, immigration and enforcement databases. Where no booth is available, BSOs must take licence plate and traveller information and run it at an IPIL workstation in an office adjacent to the primary inspection line. This forces the BSO to turn his/her back to the traveller and leave them unattended.

The use of handheld devices during primary processing allows a BSO to capture and risk assess conveyance and traveller information while remaining with the traveller, just as they would today, if they were working at a site with primary inspection booths.

CBSA Assessment and Revenue Management (CARM) : Release 0

The CBSA launched the CBSA Assessment and Revenue Management (CARM) solution to enable the CBSA to track duties and taxes payable on the importation of commercial goods, monitor payments and facilitate reimbursements in the event of an overpayment by importers. The solution encompasses connections to multiple existing CBSA applications and databases and integrates with the Revenue Ledger. The CARM solution requires connections with the Canada Revenue Agency (CRA) and with Public Services and Procurement Canada.

The information held within the CARM solution is mostly commercial in nature: corporate contact information, corporate business numbers, and carrier codes. CARM holds information about importers, carriers, duty free shop owners, warehouse owners and customs brokerages. In some cases, the importers or carriers may be small-scale, sole proprietors and, in those cases, the identity, CRA-issued business numbers and even carrier numbers could be considered to be personal information.

The first phase of CARM, the Accounts Receivable Ledger (ARL) solution, was implemented in . The CARM project launched the first release of Phase 2 in , wherein the ARL solution underwent a technology upgrade and was moved onto the SAP S/4HANA platform. No new personal information or functionality was introduced, and current connections with multiple CBSA applications and databases and other government departments remained in place. The PIA created for ARL has been updated for CARM.

Chain of trust

The global outbreak of the COVID-19 pandemic has introduced new travel restrictions in countries around the world, elevating the need for additional border requirements for international travellers. Prior to the pandemic, air travel volumes were increasing at a steady pace, and as international travel re-commences they are expected to return to pre-pandemic levels and potentially increase over the next several years. To address emerging risks and responsibilities, the CBSA is exploring ways to provide self-service options for travellers to facilitate a safe and seamless international border clearance process. This will contribute to a low-touch air travel ecosystem that supports the recovery of the air travel and related industries, while protecting and strengthening the economic prosperity and health of Canadians.

As part of the CBSA's modernization initiative, the agency is moving towards a risk-based compliance model using technology and intelligence to provide the information needed to expedite the flow of legitimate goods and people. The Chain of Trust pilot project will use innovative technology solutions, such as low-touch self-service option for travellers, that will enable the CBSA to collect traveller information and authenticate travel documents while reducing physical touch-points in the customs clearance process. Collecting a traveller's information electronically in advance of their arrival, will eliminate the need for physical handling of documents or interaction with kiosks, particularly in airports where volumes could exceed capacity. In addition, it will help low-risk travellers navigate through airport/border check points without any border services personnel intervention (unless necessary). This is expected to reduce congestion in primary inspection lines and minimize the risks of virus transmission in the airport environment. Furthermore, it will enable a more flexible and dynamic operational model for BSOs at international airports.

Disclosures made pursuant to paragraph 8(2)(e) of the Privacy Act

During the 2020 to 2021 fiscal year, the CBSA made 344 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act.

Disclosures made pursuant to paragraph 8(2)(m) of the Privacy Act

During the 2020 to 2021 fiscal year, the CBSA made no disclosures pursuant to paragraph 8(2)(m) of the Privacy Act.

Delegation order

Refer to Annex A for a signed copy of the delegation order.

Chapter 2: Statistical report

Statistical report on the Privacy Act

Refer to Annex B for the CBSA's statistical report on the Privacy Act.

Interpretation of the statistical report

I. Requests received and completed under the Privacy Act

The CBSA received 11,997 privacy requests in fiscal year 2020 to 2021, which was a decrease of 15% over the previous year. Moreover, the CBSA responded to 12,126 Privacy Act requests, representing 90.7% of the total number of requests received and outstanding from the previous reporting period. Of the 1,236 requests carried over to fiscal year 2021–2022, 1,044 were on time and 192 were late. Finally, the CBSA processed 391,203 pages under the Privacy Act.

For the past 5 years, the CBSA has consistently been among the top government departments in terms of workload. While receiving a substantial number of requests each year, the CBSA has been able to maintain its performance.

Privacy requests received/completed
Image description
Privacy requests received/completed
Fiscal year Requests received Completed requests
2016 to 2017 11,590 11,791
2017 to 2018 13,429 13,575
2018 to 2019 13,447 13,873
2019 to 2020 14,102 13,866
2020 to 2021 11,997 12,126

II.  Completion time

In fiscal year 2020 to 2021, a total of 12,126 requests were completed. The table below presents the response times for the requests that the CBSA completed this fiscal year.

Response times for the requests that the CBSA completed this fiscal year (days)
Completion time (days) Number of requests
121 or more 127
61 to 120 248
31 to 60 806
30 or less 10,945

Of the 12,126 completed requests, the CBSA was successful in responding to 96.6% within the legislated timelines, a decrease from the 98.5% achieved last fiscal year.

Furthermore, the pie chart below provides an overview of the disposition of these completed requests.

Disposition of completed requests
Image description
Disposition of completed requests
Fully disclosed 71.44%
Partially disclosed 15.59%
No records exist 2.03%
Request abandoned 10.89%
Other 0.05%

Of the completed requests, 8,663 records were fully disclosed and 1,891 were partially disclosed. Refer to Annex B for all the details on the disposition of the completed requests.

III.  Extensions

In total, 344 extensions were applied for in fiscal year 2020 to 2021. This represents a decrease of 62.1% in extensions in comparison to the previous fiscal year. Extensions were applied 99.7% of the time because of workload and meeting the original 30-day time limit would have resulted in unreasonable interference with the CBSA operations. The remaining 0.3% of the time was for consulting with third parties or other government institutions, or for additional time for translation purposes or for the purposes of converting the personal information into an alternative format.

IV.  Consultations received from other institutions and organizations

In 2020 to 2021, the CBSA completed 50 consultation requests from other government institutions and organizations. This represents a decrease of 37.5% in comparison to the previous fiscal year. To respond to these requests, 830 pages were reviewed, a decrease of more than 97.6% from the previous fiscal year.

V.  Completion time of consultations on Cabinet confidences

Although Cabinet confidences are excluded from the application of the Privacy Act (section 70), the policies of TBS require agencies and departments to consult their legal services to determine if requested information should be excluded. If there is any doubt or if the records contain discussion papers, legal counsel must consult the Office of the Counsel to the Clerk of the Privy Council Office (PCO).

In 2020 to 2021, the CBSA did not consult CBSA Legal services regarding Cabinet confidence exclusions, due to the fact that requesters are excluding Cabinet confidences from their requests.

VI.  Complaints and investigations

Subsection 29(1) of the Privacy Act describes how the Office of the Privacy Commissioner of Canada (OPC) receives and investigates complaints from individuals regarding their personal information held by a government institution. Examples of complaints the OPC may choose to investigate include a refusal of access to personal information; an allegation that personal information about an individual that is held by a government institution has been misused or wrongfully disclosed; or failure to provide access to personal information in the official language requested by the individual.

For 2020 to 2021, 53 Privacy Act complaints were filed against the CBSA, which represents a decrease of 10.1% compared to fiscal year 2019 to 2020. For context, the number of complaints filed relate to only 0.4% of the 12,126 privacy requests completed during this period. The complaints received during the fiscal year were related to the following issues: time delay (23); application of exemptions (17); missing / incomplete records (8); use and disclosure (2); and collection (3).

Of the 56 complaints that were closed in fiscal year 2020 to 2021, 13 were deemed well-founded, and 24 were deemed not well-founded. Additionally, 9 complaints were resolved; 4 were discontinued; and 6 were settled. Where complaints are substantiated, the matter is reviewed by the delegated Assistant Directors and processes are adjusted if required.

VII.  Privacy breaches

During the 2020 to 2021 fiscal year, the CBSA notified the OPC and TBS of 3 material privacy breaches.

The first involved a breach of information in which a Port of Entry Immigration Examination Checklist from an Immigration file, was photographed by an employee using their personal cell phone and inadvertently posted to their social media platform for a short period of time. An internal review of the handling and storage of protected files, as well as corrective follow up action with the employee, has been undertaken to ensure that they are aware of all security requirements pertaining to the handling of protected information and documents.

The second occurred when a CBSA employee's personal vehicle was broken into by an unknown individual who stole a backpack containing CBSA assets and documents containing personal information. The documents that contained personal information were 2 CBSA target sheets, as well as a notebook that had written personal information of several individuals. A report has been filed with the local police and the unit involved has reviewed the policies regarding surveillance and storage of CBSA materials.

The third occurred in which CCTV video footage of an unrelated Third Party individual was accidentally disclosed as part of a disclosure package to an accused in the context of a criminal prosecution for Customs Act hindering. The Crown Prosecutor instructed the accused to immediately return the USB to the Crown. The accused has asserted to the Crown that they had no intention of disseminating the Third Party information. Public Prosecution Service Canada has been asked to consider whether further preventive measures are appropriate in the context of the ongoing criminal prosecution in order to mitigate any risk of further breach. The CBSA unit involved has implemented a more stringent verification process for DVDs of CCTV footage that are created for the purposes of release to internal, or external partners will be instituted. Additionally, the CBSA will conduct a review of the use of cameras in detention centres, and holding cells, as well as review CCTV policy.

When a Privacy Breach occurs, the CBSA's ISATICP Office follows the agency's Privacy Breach Protocol which adheres to the TBS guidelines for the Management of Privacy breaches. The office monitors all privacy breaches closely and has established notifications and remedial measures to address each situation. Additionally, the office provides advice and guidance to employees on containment and mitigation strategies to improve the protection of personal information of Canadians with professionalism and integrity.

VIII.  COVID-19: Impact on the CBSA ISATICP Office

Since the beginning of the pandemic, the CBSA has played a critical role in managing the border in a safe and efficient manner, contributing to Canadians' health and security. During fiscal year 2020 to 2021, many CBSA employees were reassigned, and called upon to work around the clock to provide critical and essential services to Canadians and travelers. Despite the implementation of these new measures, the CBSA was able to maintain the ability to process requests received under the Privacy Act in a timely manner, responding to requests within their statutory timelines in more than 9 out of 10 cases.

This success is also due to the implementation of interim measures for processing Privacy Act requests. Since paper records were not accessible, the CBSA ISATICP Office contacted each requester, for new and outstanding requests, to offer that they limit their request to non-secret and electronic records, thereby making them retrievable remotely. This new measure was very well received by requesters, and has allowed the CBSA ISATICP Office to process 100% of the electronic, non-secret documents.

Being an agency that requires information to be stored nationally as well as internationally, the use of electronic filing systems has been crucial, especially last fiscal year. The office remote access capability and the transition to an entirely paperless environment that had enabled us to create a telework schedule prior to the beginning of the Covid-19 pandemic, allowed the transition to work from home full-time to occur seamlessly.

During this period, the CBSA ISATICP Office collaborated closely with TBS and coordinators in the access to information and privacy community. The CBSA ISATICP Office has completed, every 2 weeks, the TBS request capacity questionnaire on the status of ATIP offices during COVID-19, which is being published on the Open Government website.

During the Covid-19 pandemic, the CBSA implemented the Temporary Exceptional Procedures for Cabinet Confidences to allow access to some of the Cabinet Confidence Documents, classified up to “Secret”, on the corporate network. This exception applies only to the following Cabinet documents defined in the PCO Policy on the Security of Cabinet Confidences (Memoranda to Cabinet, decks, Treasury Board submissions, drafts and briefing materials, as well as policy development and analysis that could lead to Ministerial and/or cabinet consideration).

Finally, the CBSA ISATICP Office also played a critical role in ensuring that all privacy implications were considered when programs, such as the ArriveCAN mobile app, were implemented.

IX.  Conclusion

The achievements portrayed in this report reflect the CBSA's commitment to ensuring that every reasonable effort is made to meet its obligations under the Privacy Act. The CBSA strives to provide Canadians with their personal information to which they have a right in a timely and helpful manner while protecting the privacy rights of all Canadians.

Annex A: Delegation order

Signed Ministerial order

Ministerial Order
Access to Information Act and Privacy Act

Pursuant to section 73 of the Access to Information ActFootnote 1 and section 73 of the Privacy ActFootnote 2, I hereby designate the persons holding the positions set out in the schedule hereto, or a person authorized to exercise the powers or perform the duties and functions of that position, to exercise or perform the powers, duties and functions of the Minister of Public Safety and Emergency Preparedness as the head of the Canada Border Services Agency under the provisions of the Act and related regulations set out in the schedule opposite each position.

This Order replaces previous designation orders and comes into force on the date on which it is signed.

Dated at Ottawa, Province of Ontario, this .

The Honourable Bill Blair, P.C., C.O.M., M.P.
Minister of Public Safety and Emergency Preparedness

Schedule
Ministerial Order under the Access to Information Act and the Privacy Act
Positions

Access to Information Act and Regulations

Privacy Act and Regulations

President Full authority Full authority
Executive Vice-President Full authority Full authority
Vice-President
Strategic Policy Branch
Full authority Full authority
Director General
Chief Data Office
Full authority Full authority
Executive Director
Information Sharing, Access to Information and Chief Privacy (ISATICP)Office
Full authority Full authority
Assistant Director
Information Sharing, ISATICP
Full authority Full authority 
(except 8(2)(m))
Team Leader
Information Sharing, ISATICP
Full authority Full authority 
(except 8(2)(m))

Annex B: Statistical Report

Statistical Report on the Privacy Act on the Privacy Act

Name of institution: Canada Border Services Agency

Reporting period: to

Section 1: Requests under the Privacy Act

1.1 Number of requests
Received during reporting period 11,997
Outstanding from previous reporting period 1,365
Total 13,362
Closed during reporting period 12,126
Carried over to the next reporting period 1,236

Section 2: Requests closed during the reporting period

2.1 Disposition and completion time (days)
Disposition of requests 1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365 Total
All disclosed 5,378 3,002 232 44 3 3 1 8,663
Disclosed in part 489 664 433 191 38 51 25 1,891
All exempted 0 1 2 1 0 0 0 4
All excluded 0 0 0 0 0 0 0 0
No records exist 114 96 25 10 1 0 0 246
Request abandoned 971 229 114 2 1 3 1 1,321
Neither confirmed nor denied 1 0 0 0 0 0 0 1
Total 6,953 3,992 806 248 43 57 27 12,126
2.2 Exemptions
Section Number of requests
18(2) 0
19(1)(a) 731
19(1)(b) 10
19(1)(c) 5
19(1)(d) 19
19(1)(e) 0
19(1)(f) 0
20 0
21 522
22(1)(a)(i) 4
22(1)(a)(ii) 2
22(1)(a)(iii) 0
22(1)(b) 1,098
22(1)(c) 19
22(2) 0
22.1 0
22.2 0
22.3 0
22.4 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 268
26 1,616
27 18
27.1 0
28 0
2.3 Exclusions
Section Number of requests
69(1)(a) 0
69(1)(b) 0
69.1 0
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0
2.4 Format of information released
Paper Electronic Other
554 10,000 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed
Number of pages processed Number of pages disclosed Number of requests
391,203 295,859 11,880
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition

Less than 100 pages processed

101 to 500 pages processed

501 to 1000 pages processed

1001 to 5000 pages processed

More than 5000 pages processed

Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
All disclosed 8,644 36,570 19 3,963 0 0 0 0 0 0
Disclosed in part 1,135 21,125 664 158,663 74 48,001 18 26,149 0 0
All exempted 4 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 1,317 408 4 980 0 0 0 0 0 0
Neither confirmed nor denied 1 0 0 0 0 0 0 0 0 0
Total 11,101 58,103 687 163,606 74 48,001 18 26,149 0 0
2.5.3 Other complexities
Disposition Consultation
required
Legal advice
sought
Interwoven
information
Other Total
All disclosed 1 0 0 0 1
Disclosed in part 3 0 1,616 0 1,619
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 4 0 1,616 0 1,620

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines
Number of requests closed within legislated timelines 11,711
Percentage of requests closed within legislated timelines 96.6%

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines
Number of requests closed past the legislated timelines

Principal reason

Interference with operations and workload External consultation Internal consultation Other
415 69 2 5 339
2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines Number of requests past legislated timeline where no extension was taken Number of requests past legislated timeline where an extension was taken Total
1 to 15 0 0 0
16 to 30 0 0 0
31 to 60 122 0 122
61 to 120 58 108 166
121 to 180 8 35 43
181 to 365 14 43 57
More than 365 3 24 27
Total 205 210 415
2.8 Requests for translation
Translation requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures under subsection 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Paragraph 8(5) Total
344 0 0 344

Section 4: Requests for correction of personal information and notations

Disposition for correction requests received Number
Notations attached 5
Requests for correction accepted 1
Total 6

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
 

15(a)(i)
Interference with operations

15 (a)(ii)
Consultation

15(b)
Translation purposes or conversion

Number of requests where an extension was taken Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet confidence section
(Section 70)
External Internal
344 1 32 298 12 0 1 0 0
5.2 Length of extensions
 

15(a)(i)
Interference with operations

15 (a)(ii)
Consultation

15(b)
Translation purposes or conversion

Length of extensions Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet confidence section
(Section 70)
External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 1 32 298 12 0 1 0 0
31 days or greater N/A N/A N/A N/A N/A N/A N/A 0
Total 1 32 298 12 0 1 0 0

Section 6: Consultations received from other institutions and organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada institutions Number of pages to review Other organizations Number of pages to review
Received during the reporting period 58 861 1 39
Outstanding from the previous reporting period 0 0 1 39
Total 58 861 2 78
Closed during the reporting period 49 791 1 39
Carried over to the next reporting period 9 70 1 39
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions (days)
Recommendation 1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365 Total
All disclosed 11 5 2 0 1 0 0 19
Disclosed in part 6 11 4 2 0 0 0 23
All exempted 0 3 0 0 0 0 0 3
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 1 0 1 2 0 0 0 4
Total 18 19 7 4 1 0 0 49
6.3 Recommendations and completion time for consultations received from other organizations (days)
Recommendation 1 to 15 16 to 30 31 to 60 61 to 120 121 to 180 181 to 365 More than 365 Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 1 0 0 0 0 0 0 1
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 1 0 0 0 0 0 0 1

Section 7: Completion time of consultations on Cabinet confidences

7.1 Requests with Legal Services
Number of days Fewer than 100 pages processed 101 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
Number of days Fewer than 100 pages processed 101 to 500 pages processed 501 to 1,000 pages processed 1,001 to 5,000 pages processed More than 5,000 pages processed
Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed Number of requests Pages disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and investigations notices received

Section 31 Section 33 Section 35 Court action Total
53 0 56 1 110

Section 9: Privacy impact assessments and personal information banks

9.1 Privacy impact assessments
Number of privacy impact assessments completed 3
9.2 Personal information banks
Active Created Terminated Modified
53 0 0 3

Section 10: Material privacy breaches

Number of material privacy breaches reported to the Treasury Board of Canada Secretariat 3
Number of material privacy breaches reported to the Office of the Privacy Commissioner of Canada 3

Section 11: Resources related to the Privacy Act

11.1 Costs
Expenditures Amount
Salaries $4,209,807
Overtime $90,059
Goods and services: $225,501

Professional services contracts

$0

Other

$225,501
Total $4,525,367
11.2 Human resources
Resources Person years dedicated to privacy activities
Full-time employees 52.86
Part-time and casual employees 1.88
Regional staff 0.00
Consultants and agency personnel 0.00
Students 0.00
Total 54.74

Annex C: Supplemental statistical report on the Access to Information Act and Privacy Act

Section 1: Capacity to receive requests

Number of weeks the CBSA was able to receive ATIP requests through the different channels
  Weeks
Able to receive requests by mail 52
Able to receive requests by email 52
Able to receive requests through the digital request service 52

Section 2: Capacity to process records

2.1 Number of weeks the CBSA was able to process paper records in different classification levels
  No capacity Partial capacity Full capacity Total
Unclassified paper records 52 0 0 52
Protected B paper records 52 0 0 52
Secret and Top Secret paper records 52 0 0 52
2.2 Number of weeks the CBSA was able to process electronic records in different classification levels
  No capacity Partial capacity Full capacity Total
Unclassified electronic records 0 0 52 52
Protected B electronic records 0 0 52 52
Secret and Top Secret electronic records 52 0 0 52

Page details

Date modified: