We have archived this page on the web
The information was accurate at the time of publishing but may no longer reflect the current state at the Canada Border Services Agency. It is not subject to the Government of Canada web standards.
Annual Report to Parliament on the Privacy Act: 2021 to 2022
From: Canada Border Services Agency
Chapter 1: Privacy Act report
Introduction
The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act, its annual report on the management of this Act. The report describes the activities that support compliance with the Privacy Act for the fiscal year commencing , and ending . During this period, the CBSA continued to build on successful practices implemented in previous years.
The purpose of this Act is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.Footnote 1
As stated in subsections 72(1) and 72(2) of the Privacy Act, “Every year the head of every government institution shall prepare a report on the administration of this Act within the institution during the period beginning on of the preceding year and ending on of the current year… Every report prepared under subsection (1) shall be laid before each House of Parliament on any of the first 15 days on which that House is sitting after September 1 of the year in which the report is prepared.”Footnote 2
Organization
I. About the Canada Border Services Agency
The CBSA has been, since 2003, an integral part of the Public Safety Canada (PS) portfolio, which was created to protect Canadians and maintain a peaceful and safe society. The Agency is responsible for providing integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation.Footnote 3
The CBSA carries out its responsibilities with a workforce of approximately 14,000 employees, including over 6,500 uniformed CBSA officers who provide services at approximately 1,200 points across Canada and at 39 international locations.Footnote 4
II. Information Sharing, Access to Information and Chief Privacy Office
The Information Sharing, Access to Information and Chief Privacy (ISATICP) Office is comprised of six units: an Administration section, three Case Management units, and two Policy units. The Administration section’s function is to receive all incoming requests and consultations, to ensure quality control of all outgoing correspondence, and to support the Case Management units in their day-to-day business. The Case Management units assign branches and regions with retrieval requests, process requests under the Privacy Act, and provide daily operational guidance and support to CBSA employees. The ATIP Policy and Governance Unit develops policies, tools, and procedures to support ATIP requirements within the CBSA and provides training to employees. The Information Sharing and Collaborative Arrangement Policy Unit maintains the policy framework for the CBSA’s information sharing and domestic written collaborative arrangements. On average, 71 full time equivalents, and 0.5 part time, casual and student employee were employed in the ISATICP Office during fiscal year 2021–2022.
The ATIP coordinator for the CBSA is the Executive Director of the ISATICP Office. The ISATICP Office is part of the Chief Data Office, which reports to the Vice-President (VP) of the Strategic Policy Branch. Consistent with best practices identified by the Treasury Board of Canada Secretariat (TBS), the CBSA's ATIP coordinator is positioned within three levels of the President and has full delegated authority, reporting directly to the Chief Data Officer, who in turn reports to the VP of the Strategic Policy Branch.
Key to maintaining compliance with the statutory time requirements of the Privacy Act is the CBSA ISATICP Office’s ability to obtain personal information from branches and regions in a timely and reliable manner. Supported by a network of 16 ATIP liaison officers across the CBSA, the ISATICP Office is well positioned to receive, coordinate, and process requests for personal information under the Privacy Act.
The CBSA ISATICP Office works closely with other members of the PS portfolio, including the Canadian Security Intelligence Service, the Correctional Service of Canada, the Parole Board of Canada, and the Royal Canadian Mounted Police, to share best practices and develop streamlined processes for the retrieval of jointly held records within the 30-day legislated time frame required to respond to privacy requests.
Activities and accomplishments
I. Performance
Fiscal year 2021–2022 saw record high volumes of privacy requests made to the CBSA. The volumes are largely attributable to individuals seeking copies of their history of arrival dates into Canada. In fiscal year 2021–2022, 64.1% of all the privacy requests received by the CBSA came from individuals seeking their Traveller History Report (THR). The volumes are also largely attributable to individuals seeking copies of their Immigration file. During the same period, 30.6% of all privacy requests received by the CBSA came from individuals seeking their Immigration file. THR and Immigration files contain information used to support requirements for programs administered by Immigration, Refugees and Citizenship Canada (IRCC) and Employment and Social Development Canada (ESDC).
In September 2012, IRCC, in consultation with the CBSA, introduced a new consent-based application form which sees applicants for citizenship provide consent on their applications for IRCC to view their travel history directly. The CBSA has allocated 100 accounts to the IRCC to verify (view only) clients’ THR to Canada. IRCC has since viewed approximately 1.76 million THR, of which 116,366 were in fiscal year 2021–2022 that might otherwise have been requested formally through the CBSA by way of formal Privacy Act or Access to Information Act requests.
The CBSA continued to see high volumes of privacy requests submitted through the Access to Information and Privacy Online Request tool. Through this tool, the Agency received 12,955 requests, which amounted to 91% of all privacy requests received by the CBSA.
The CBSA continued to offer the electronic format for responses to privacy requests. Although electronic format made up only 87.9%, these requests accounted for 6.1% of all the pages the CBSA disclosed in their entirety or disclosed in part this fiscal year.
The ISATICP Office also provided case-by-case policy guidance to CBSA program areas related to the disclosure of information under section 8 of the Privacy Act, section 107 of the Customs Act, and on written collaborative arrangements. In total, the ISATICP Office received 2,673 requests for guidance in fiscal year 2021–2022, representing an increase of 5.9% over the previous year.
Finally, as per Section 73.1 of the Privacy Act, the CBSA ISATICP Office has not provided services related to any power, duty or function conferred or imposed on the CBSA under this Act to another government institution that is under the responsibility of the Minister of Public Safety and Emergency Preparedness and has not received such services from any other such government institution.
II. Education and training
In fiscal year 2021–2022, the CBSA ISATICP Office continued to provide support and guidance to employees. To do so, the Office adapted to numerous changes and explored alternative measures to delivery. Not being able to offer in-person training sessions, the CBSA ISATICP office shared it’s training materials with 26 employees and also provided 14 virtual training sessions to 200 employees. The training sessions are designed to ensure that the participants fully understood their responsibilities under the Privacy Act and the Access to Information Act, with a focus on requests made pursuant to the Acts and the duty to assist principles.
It should be noted that the CBSA added the Canada School of Public Service’s (CSPS) Access to Information and Privacy Fundamentals (I015) course to the list of mandatory training. This training must be successfully completed by all persons employed by the CBSA who occupy an indeterminate or term position on a full-time, part-time or seasonal basis, as well as students and casual employees. It also must be completed within six months of joining the CBSA.
Moreover, the ISATICP Office delivered six training sessions on section 107 of the Customs Act, as well as basic information sharing, disclosure of intelligence-related information, and business line specific training sessions to 25 employees. In addition, before attending the training, employees are advised to complete the interactive online training course, regarding information sharing that was developed by the ISATICP Office.
Further, the ISATICP Office continues to raise employees’ awareness of their obligations under the Privacy Act by leveraging the Agency’s daily newsletter as a way to provide employees with important information. The communiqués include key dates, such as Data Privacy Day, and other activities at the CBSA to promote ATIP tools and resources. Additionally, a bi-annual message is sent to employees to promote the CBSA privacy breach protocol and the importance of reporting privacy breaches.
Further, the ISATICP Office continues to raise employees’ awareness of their obligations under the Privacy Act by leveraging the Agency’s daily newsletter as a way to provide employees with important information. The communiqués include key dates, such as Data Privacy Day, and other activities at the CBSA to promote ATIP tools and resources. Additionally, a bi-annual message is sent to employees to promote the CBSA privacy breach protocol and the importance of reporting privacy breaches.
Finally, the CBSA ISATICP Office continues to actively participate in the TBS-led ATIP coordinators and ATIP practitioners meetings. These meetings provide opportunities for employees of the Office to liaise with employees from other institutions to discuss various issues and challenges that have been identified by the ATIP community.
III. New and revised privacy-related policies and procedures
During fiscal year 2021–2022, the CBSA ISATICP Office continued to revise existing policies, to develop new ones, and to introduce new procedures.
The Office has continued to take a number of measures to enhance and promote ATIP tools that are readily accessible to CBSA employees by utilizing Apollo (GCDocs). To this end, it ensures that the CBSA ISATICP Office intranet site is up to date and available to all CBSA employees. This allows the Office to quickly share information and best practices and to facilitate collaboration across the Agency.
The CBSA continued to see high volume in ATIP related audio/video redacting requests. In response to this growth, the CBSA ISATICP Office, in partnership with the Chief Transformation Officer Branch and the Information, Science and Technology Branch, and as part of an Innovation Solution Canada challenge initiative, is currently involved in a project allowing private companies to introduce applied concept for the redaction of video recording. This solution will allow video and audio recordings to be automatically processed. This year, Phase 2 of the initiative was undertook. Once available, this software will be promoted as the solution for processing video and audio recordings for the entirety of the Government of Canada.
The CBSA ISATICP Office continued sending documents safely via email to clients when consent was provided. The Office will soon adopt the Online Request Services/Online Management Tool developed by TBS, which will allow it to interact with the requesters directly, and also securely disclose documents to clients.
During fiscal year 2021-2022, the CBSA ISATICP Office introduced a new automated tool to register new incoming access to information and privacy requests without the requirement for human intervention. In the past, employees had to manually enter the information received from clients in our database. This automated tool access the same information, and perform the same tasks, that employees used to do to register the new requests received via the Online portal.
This year, the CBSA continued to be an active and key participant in the Privacy Act Modernization working group, which has helped establish the CBSA’s position on the modernization of this Act. The CBSA believes that a modernized Act should facilitate the government work while continuing to respect individuals’ privacy rights and the Canadian Charter of Rights and Freedom. The CBSA will continue to develop policy options, and to work on transition advice, alongside the Department of Justice, in the modernization of the Privacy Act.
The CBSA ISATICP Office continued to provide the service of informally reviewing CBSA records for internal programs as if they had been requested under the Privacy Act. The Office received 288 internal requests of this nature in fiscal year 2021–2022.
The CBSA closely monitors the time it takes to process privacy requests. Monthly reports, which show trends and performance, are submitted to the Assistant Directors of the Case Management units, and to the Executive Director of the ISATICP Office. Finally, monthly reports consisting of statistics on the performance of the offices of primary interest are also distributed to all ATIP liaison officers.
IV. Reading room
The CBSA, in accordance with the Privacy Act, maintains a reading room for applicants who wish to review material in person at the CBSA. Applicants may access the reading room by contacting the CBSA's ISATICP Office by telephone at 343-291-7021 or by sending an email to atip-aiprp@cbsa-asfc.gc.ca. The reading room is located at:
Place Vanier Complex
14 flr Tower A
333 N River Rd
Ottawa ON K1A 0L8
V. Audits of, and investigations into the privacy practices of the Canada Border Services Agency
In 2021–2022, there were no key issues raised as a result of access to information investigations, and no audits were conducted that related to the access to information practices of the CBSA.
VI. Privacy Impact Assessments
In fiscal year 2021–2022, the CBSA completed five Privacy Impact Assessments (PIA). They were all sent to the Office of the Privacy Commissioner of Canada and TBS for review and comments.
The five PIAs completed by the CBSA are:
- Primary Inspection Kiosk PIA Annex – Right Touch Air: Advance CBSA Declaration
- CBSA Assessment and Revenue Management (CARM) – Release 1
- Nexus Program
- CANPASS Programs
- Chain of Trust
The full executive summaries for each of these PIAs can be found on the CBSA’s website.
Primary Inspection Kiosk PIA Annex - Right Touch Air: Advance CBSA Declaration
The CBSA launched a new feature as part of the agency's modernization efforts, which allows travellers to voluntarily submit their customs and immigration declarations electronically to the CBSA, up to 72 hours in advance of their arrival to Canada. The optional Advance CBSA Declaration feature has been added to the mandatory public health reporting program launched by the Public Health Agency of Canada via ArriveCAN.
Upon arrival, a traveller's advanced declaration will be retrieved and displayed for certification when they present their travel document to a Primary Inspection Kiosk (PIK). Information will be automatically purged after 72 hours, including in circumstances such as: if the traveller does not arrive in Canada, or does not certify the declaration at the PIK. This information will not be used pre-arrival to conduct a risk assessment or produce a release or referral recommendation prior to a traveller arriving in Canada.
Information collected through ArriveCAN for Advance CBSA Declaration is deposited directly into a database within the CBSA Protected B cloud where it is stored temporarily. The data is encrypted in transit and at rest. It is retrieved from the cloud at the PIK when a traveller scans their passport or permanent resident card upon entry to Canada. When the traveller certifies the declaration at the kiosk or eGate the information is then transmitted to the CBSA to process the traveller as per existing PIK processes.
The first phase of the Advance CBSA Declaration initiative was deployed to the Vancouver International Airport on September 28, 2021, and to Toronto Pearson International Airport on December 14, 2021. To date, traveller processing times have been reduced to approximately 65 seconds or half of traditional PIK processing. National deployment of the initiative to all PIK-enabled airports will begin in 2022.
CBSA Assessment and Revenue Management (CARM) – Release 1
The CBSA launched the CBSA Assessment and Revenue Management (CARM) solution to enable the CBSA to track duties and taxes payable on the importation of commercial goods, monitor payments and facilitate reimbursements in the event of an overpayment by importers. The solution encompasses connections to multiple existing CBSA applications and databases and integrates with the Revenue Ledger. The CARM solution requires connections with the Canada Revenue Agency (CRA) and with Public Services and Procurement Canada.
The information held within the CARM solution is mostly commercial in nature: corporate contact information, corporate business numbers, and carrier codes. CARM holds information about importers, carriers, duty free shop owners, warehouse owners and customs brokerages. In some cases, the importers or carriers may be small-scale, sole proprietors and, in those cases, the identity, CRA-issued business numbers and even carrier numbers could be considered to be personal information.
The first phase of CARM, the Accounts Receivable Ledger (ARL) solution, was implemented in January 2016. In January 2021, the CARM project launched the first release of Phase 2, wherein the CARM Phase 1 solution underwent a technology upgrade and was moved onto the SAP S/4HANA platform. No new personal information or functionality was introduced, and existing connections with multiple CBSA applications and databases and other government departments remained in place. In May 2021, the CARM project deployed additional Phase 2 components. The new components include an online portal for Trade Chain Partners (TCPs), an automated chatbot, and a modern and efficient case management functionality for CBSA employees. This version of the PIA reflects the current release of CARM Phase 2.
Nexus Program
NEXUS is a bi-national Canada-United States (U.S.) program managed by the CBSA and U.S. Customs and Border Protection (U.S. CBP). The Trusted Traveller Programs Unit of the Travellers Programs at the CBSA is the Office of Primary Interest (OPI) for NEXUS.
NEXUS allows customs and immigration border clearance processes to be streamlined for pre-approved, low-risk travellers, and permits the CBSA and the U.S. CBP to allocate their resources more effectively at the border. Membership is five years and provides expedited border clearance into Canada and the U.S. in the land, air and marine travel modes. In 2002, the NEXUS program was delivered in a travel mode specific format, beginning with the NEXUS Land Program. Subsequently in 2006, the NEXUS suite of programs was harmonized to provide members with expedited travel privileges in all three travel modes (land, air and marine). NEXUS members use dedicated lanes in the highway mode, self-serve kiosks in the air mode and report through the Telephone Reporting Centres in the marine mode.
To become a member of the NEXUS program, an applicant submits an electronic application form through the Trusted Traveler Programs (TTP) System, which is maintained by the U.S. CBP. The U.S. CBP then forwards the personal information electronically through their Global Enrolment System (GES) to the CBSA’s Global Enrolment Component (GEC) of the Integrated Customs System (ICS) where it is assessed against a variety of enforcement databases to determine program eligibility. The personal information entered by the applicant is used by the CBSA and the U.S. CBP to confirm their identity and to determine the eligibility of an applicant and the continued eligibility of a member.
CANPASS Programs
This Umbrella PIA includes all activities relating to the collection, storage and use of personal information by the CBSA as it relates to the CANPASS suite of programs (CANPASS Corporate Air, CANPASS Private Air, and CANPASS Private Boats ), the Commercial Driver Registration Program (CDRP) and the Pilot Project for Travellers in Remote Areas – Québec (PPTRA-Q). These TTPs store personal information in similar databases whereby CANPASS Corporate Air, Private Air, Private Boats and CDRP all use the Canadian Processing Centre System and PPTRA-Q uses the GEC.
The CANPASS suite of programs is a suite of voluntary TTPs in the air and marine modes offered by the CBSA to expedite the border clearance process for frequent, pre-approved, low risk travellers arriving in Canada. A separate application form is required for each applicant and CANPASS program. The existing CANPASS Corporate Air and CANPASS Private Air programs are open to Canadian and U.S. citizens and permanent residents who meet the program eligibility criteria.
Chain of Trust
The global outbreak of the COVID-19 pandemic introduced new travel restrictions in countries around the world, elevating the need for additional border requirements. Prior to the pandemic, air travel volumes were increasing at a steady pace, and over the next several years they are expected to return to pre-pandemic levels and potentially increase. To address emerging risks and responsibilities, the CBSA is exploring ways to provide self-service options for travellers to facilitate the free flow of persons and goods through the international border clearance process. This will contribute to a low-touch air travel ecosystem that supports the recovery of travel and tourism industries and promotes the economic prosperity and health of Canadians while continuing to support national security and public safety.
As part of planning for Traveller Modernization, the CBSA is moving towards a risk-based compliance model using technology and intelligence to provide the information needed to expedite the flow of legitimate goods and people. High-touch and manual processes often create long delays and congestion in Customs Halls for travellers and, at the same time, irregular migration, international organized crime, and terrorism continue to dominate the global landscape.
The Chain of Trust (CoT) pilot project tests innovative technology solutions to assess their effectiveness in automating the collection and verification of traveller information and the authentication of travel documents while reducing physical touch-points in the border clearance process. To eliminate the need for physical handling of documents or interaction with a kiosk upon arrival at an airport, volunteer participants provide their information electronically in advance of their arrival using a mobile app. This is expected to reduce congestion in primary inspection lines and minimize the risks of virus transmission, particularly in airports where volumes could exceed capacity. Furthermore, CoT enables a more flexible and dynamic operational model for Border Services Officers facilitating the border clearance process.
Disclosures Made Pursuant to Paragraph 8(2)(e) of the Privacy Act
During the 2021–2022 fiscal year, the CBSA made 122 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act.
Disclosures Made Pursuant to Paragraph 8(2)(m) of the Privacy Act
During the 2021–2022 fiscal year, the CBSA made one public interest disclosure pursuant to paragraph 8(2)(m) of the Privacy Act. The disclosure was to inform next of kin, and the media, of a death that occurred while an individual was in custody in a detention center. The Office of the Privacy Commissioner was notified after the disclosure had occurred.
Delegation order
See Annex A for a signed copy of the delegation order.
Chapter 2: Statistical report
Statistical report on the Privacy Act
Refer to Annex B for the CBSA's statistical report on the Privacy Act.
Interpretation of the statistical report
I. Requests received and completed under the Privacy Act
The CBSA received 14,230 privacy requests in fiscal year 2021–2022, which was an increase of 18.6% over the previous year. Moreover, the CBSA responded to 13,086 Privacy Act requests, representing 84.6% of the total number of requests received and outstanding from the previous reporting period. Finally, the CBSA processed 346,435 pages under the Privacy Act.
For the past five years, the CBSA has consistently been among the top government departments in terms of workload. While receiving a substantial number of requests each year, the CBSA has been able to maintain its performance.
Image description
| Fiscal year | Requests received | Completed requests |
|---|---|---|
| 2017 to 2018 | 13,429 | 13,575 |
| 2018 to 2019 | 13,447 | 13,873 |
| 2019 to 2020 | 14,102 | 13,866 |
| 2020 to 2021 | 11,997 | 12,126 |
| 2021 to 2022 | 14,230 | 13,086 |
II. Completion time
In fiscal year 2021-2022, a total of 13,086 requests were completed. The graph below presents the response times for the requests that the CBSA completed this fiscal year.
Image description
| Completion time (days) | Number of requests |
|---|---|
| 121 or more | 205 |
| 61 to 120 | 603 |
| 31 to 60 | 2,813 |
| 30 or less | 9,465 |
Of the 13,086 completed requests, the CBSA was successful in responding to 94.2% within the legislated timelines, a decrease from the 96.6% achieved last fiscal year.
Furthermore, the pie chart below provides an overview of the disposition of these completed requests.
Image description
| Fully disclosed | 62.14% |
| Partially disclosed | 29.66% |
| No records exist | 2.15% |
| Request abandoned | 5.99% |
| Other | 0.06% |
Of the completed requests, 8,132 records were fully disclosed and 3,881 were partially disclosed. See Annex B for all the details on the disposition of the completed requests.
Of the 2,380 requests carried over to fiscal year 2022–2023, 652 were on time and 1,728 were late. The graph below provides an overview of the requests carried over that were within or beyond legislated timelines.
Image description
| Fiscal year | Requests within legislated timeline | Requests beyond legislated timeline |
|---|---|---|
| 2015 to 2016 or earlier |
0 | 0 |
| 2016 to 2017 | 0 | 0 |
| 2017 to 2018 | 0 | 3 |
| 2018 to 2019 | 0 | 11 |
| 2019 to 2020 | 0 | 67 |
| 2020 to 2021 | 34 | 290 |
| 2021 to 2022 | 618 | 1,357 |
See Annex C for all the details related to the number of outstanding requests carried over to next fiscal year.
III. Extensions
In total, 2,394 extensions were applied for in fiscal year 2021–2022. This represents a significant increase in extensions in comparison to the previous fiscal year. Extensions were applied 99.9% of the time because of workload and meeting the original 30-day time limit would have resulted in unreasonable interference with the CBSA operations. The remaining 0.1% of the time was for consulting with third parties or other government institutions, or for additional time for translation purposes or for the purposes of converting the personal information into an alternative format.
IV. Consultations received from other institutions and organizations
In 2021–2022, the CBSA completed 60 consultation requests from other government institutions and organizations. This represents an increase of 20% in comparison to the previous fiscal year. To respond to these requests, 794 pages were reviewed, a decrease of 4.3% from the previous fiscal year.
V. Completion time of consultations on Cabinet confidences
Although Cabinet confidences are excluded from the application of the Privacy Act (section 70), the policies of TBS require agencies and departments to consult their legal services to determine if requested information should be excluded. If there is any doubt or if the records contain discussion papers, legal counsel must consult the Office of the Counsel to the Clerk of the Privy Council Office (PCO).
In 2021–2022, the CBSA did not consult CBSA Legal services regarding Cabinet confidence exclusions, due to the fact that requesters are excluding Cabinet confidences from their requests.
VI. Complaints and investigations
Subsection 29(1) of the Privacy Act describes how the Office of the Privacy Commissioner of Canada (OPC) receives and investigates complaints from individuals regarding their personal information held by a government institution. Examples of complaints the OPC may choose to investigate include a refusal of access to personal information; an allegation that personal information about an individual that is held by a government institution has been misused or wrongfully disclosed; or failure to provide access to personal information in the official language requested by the individual.
For 2021–2022, 42 Privacy Act complaints were filed against the CBSA, which represents a decrease of 20.7% compared to fiscal year 2020–2021. For context, the number of complaints filed relate to only 0.3% of the 13,086 privacy requests completed during this period. The complaints received during the fiscal year were related to the following issues: time delay (27); application of exemptions (3); missing / incomplete records (1); use and disclosure (8); and collection (3).
Of the 33 complaints that were closed in fiscal year 2021–2022, 10 were deemed well-founded, and one was deemed not well-founded. Additionally, 20 complaints were resolved; none were discontinued; and two were settled. Where complaints are substantiated, the matter is reviewed by the delegated Assistant Directors and processes are adjusted if required.
At the end of fiscal year 2021–2022, the CBSA had 42 active complaints that were outstanding from previous reporting periods. The graph below provides an overview of the active complaints that are outstanding.
Image description
| Fiscal Year | Active complaints |
|---|---|
| 2015 to 2016 or earlier |
1 |
| 2016 to 2017 | 1 |
| 2017 to 2018 | 4 |
| 2018 to 2019 | 8 |
| 2019 to 2020 | 4 |
| 2020 to 2021 | 5 |
| 2021 to 2022 | 19 |
VII. Privacy breaches
There were no material privacy breaches reported during fiscal year 2021–2022.
VIII. COVID-19: Impact on the CBSA ISATICP Office
Since the beginning of the pandemic, the CBSA has played a critical role in managing the border in a safe and efficient manner, contributing to Canadians’ health and security. During fiscal year 2021-2022, many CBSA employees were reassigned, and called upon to work around the clock to provide critical and essential services to Canadians and travelers. Despite the implementation of these new measures, the CBSA was able to maintain the ability to process requests received under the Privacy Act in a timely manner, responding to requests within their statutory timelines in more than 9 out of 10 cases.
This success is also due to the implementation of interim measures for processing Privacy Act requests. Since paper records were not accessible, the CBSA ISATICP Office contacted each requester, for new and outstanding requests, to offer that they limit their request to non-secret and electronic records, thereby making them retrievable remotely. This new measure was very well received by requesters, and has allowed the CBSA ISATICP Office to process 100% of the electronic, non-secret documents.
During this period, the CBSA ISATICP Office collaborated closely with TBS and coordinators in the access to information and privacy community. The CBSA ISATICP Office has completed, every two weeks, the TBS request capacity questionnaire on the status of ATIP offices during COVID-19, which is being published on the Open Government website.
During the Covid-19 pandemic, the CBSA implemented the Temporary Exceptional Procedures for Cabinet Confidences to allow access to some of the Cabinet Confidence Documents, classified up to “Secret”, on the corporate network. This exception applies only to the following Cabinet documents defined in the PCO Policy on the Security of Cabinet Confidences (Memoranda to Cabinet, decks, Treasury Board submissions, drafts and briefing materials, as well as policy development and analysis that could lead to Ministerial and/or cabinet consideration).
Finally, the CBSA ISATICP Office continued playing a critical role in ensuring that all privacy implications were considered when programs were implemented.
IX. Conclusion
The achievements portrayed in this report reflect the CBSA’s commitment to ensuring that every reasonable effort is made to meet its obligations under the Privacy Act. The CBSA strives to provide Canadians with their personal information to which they have a right in a timely and helpful manner while protecting the privacy rights of all Canadians.
Annex A: Delegation order
Ministerial Order
Access to Information Act and Privacy Act
Pursuant to section 73 of the Access to Information ActFootnote 1 and section 73 of the Privacy ActFootnote 2, I hereby designate the persons holding the positions set out in the schedule hereto, or a person authorized to exercise the powers or perform the duties and functions of that position, to exercise or perform the powers, duties and functions of the Minister of Public Safety and Emergency Preparedness as the head of the Canada Border Services Agency under the provisions of the Act and related regulations set out in the schedule opposite each position.
This Order replaces previous designation orders and comes into force on the date on which it is signed.
Dated at Ottawa, Province of Ontario, this .
The Honourable Bill Blair, P.C., C.O.M., M.P.
Minister of Public Safety and Emergency Preparedness
| Positions | Access to Information Act and Regulations |
Privacy Act and Regulations |
|---|---|---|
| President | Full authority | Full authority |
| Executive Vice-President | Full authority | Full authority |
| Vice-President Strategic Policy Branch |
Full authority | Full authority |
| Director General Chief Data Office |
Full authority | Full authority |
| Executive Director Information Sharing, Access to Information and Chief Privacy (ISATICP)Office |
Full authority | Full authority |
| Assistant Director Information Sharing, ISATICP |
Full authority | Full authority (except 8(2)(m)) |
| Team Leader Information Sharing, ISATICP |
Full authority | Full authority (except 8(2)(m)) |
Annex B: Statistical Report
Statistical Report on the Privacy Act on the Privacy Act
Name of institution: Canada Border Services Agency
Reporting period: to
Section 1: Requests under the Privacy Act
| Received during reporting period | 14,230 |
Outstanding from previous reporting period
|
1,236 |
| Total | 15,466 |
| Closed during reporting period | 13,086 |
Carried over to the next reporting period
|
2,380 |
| Source | Number of requests |
|---|---|
| Online | 12,955 |
| 743 | |
| 461 | |
| In person | 0 |
| Phone | 0 |
| Fax | 71 |
| Total | 14,230 |
Section 2: Informal Requests
| Received during reporting period | 0 |
Outstanding from previous reporting period
|
|
| Total | 0 |
| Closed during reporting period | 0 |
| Carried over to the next reporting period | 0 |
| Source | Number of requests |
|---|---|
| Online | 0 |
| 0 | |
| 0 | |
| In person | 0 |
| Phone | 0 |
| Fax | 0 |
| Total | 0 |
| Completion Time | |||||||
|---|---|---|---|---|---|---|---|
| 1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Less Than 100 Pages Released |
100-500 Pages Released |
501-1000 Pages Released |
1001-5000 Pages Released |
More Than 5000 Pages Released |
|||||
|---|---|---|---|---|---|---|---|---|---|
| Number of Requests |
Pages Released |
Number of Requests |
Pages Released |
Number of Requests |
Pages Released |
Number of Requests |
Pages Released |
Number of Requests |
Pages Released |
| 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests Closed During the Reporting Period
| Disposition of Requests | Completion Time | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
| All disclosed | 2,199 | 4,761 | 1,101 | 56 | 12 | 3 | 0 | 8,132 |
| Disclosed in part | 261 | 1,299 | 1,619 | 52 | 79 | 60 | 37 | 3,881 |
| All exempted | 2 | 0 | 1 | 1 | 1 | 0 | 0 | 5 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| No records exist | 64 | 157 | 48 | 9 | 1 | 1 | 1 | 281 |
| Request abandoned | 627 | 93 | 44 | 11 | 5 | 4 | 0 | 784 |
| Neither confirmed nor denied | 0 | 2 | 0 | 0 | 1 | 0 | 0 | 3 |
| Total | 3,153 | 6,312 | 2,813 | 603 | 99 | 68 | 38 | 13,086 |
| Section | Number of Requests | Section | Number of Requests | Section | Number of Requests |
|---|---|---|---|---|---|
| 18(2) | 0 | 22(1)(a)(i) | 2 | 23(a) | 1 |
| 19(1)(a) | 2,371 | 22(1)(a)(ii) | 1 | 23(b) | 0 |
| 19(1)(b) | 5 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
| 19(1)(c) | 3 | 22(1)(b) | 2,813 | 24(b) | 0 |
| 19(1)(d) | 7 | 22(1)(c) | 21 | 25 | 106 |
| 19(1)(e) | 0 | 22(2) | 0 | 26 | 2,122 |
| 19(1)(f) | 1 | 22.1 | 0 | 27 | 10 |
| 20 | 1 | 22.2 | 0 | 27.1 | 0 |
| 21 | 1,249 | 22.3 | 1 | 28 | 2 |
| 22.4 | 0 |
| Section | Number of Requests | Section | Number of Requests | Section | Number of Requests |
|---|---|---|---|---|---|
| 69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
| 69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
| 69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
| 70(1)(c) | 0 | 70.1 | 0 |
Paper |
Electronic |
Other |
|||
|---|---|---|---|---|---|
| E-record | Data set | Video | Audio | ||
| 509 | 0 | 11,504 | 5 | 1 | 0 |
3.5 Complexity
Number of Pages Processed |
Number of Pages Disclosed |
Number of Requests |
|---|---|---|
| 346,435 | 280,243 | 12,805 |
| Disposition | Less Than 100 |
101-500 |
501 to 1,000 |
1001-5000 |
More Than 5000 |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| All disclosed | 8,097 | 46,751 | 32 | 5,479 | 2 | 1,801 | 1 | 1,221 | 0 | 0 |
| Disclosed in part | 3,128 | 59,298 | 669 | 151,729 | 65 | 43,164 | 18 | 30,145 | 1 | 5,709 |
| All exempted | 3 | 13 | 2 | 325 | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 780 | 430 | 4 | 990 | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 3 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 12,011 | 106,492 | 707 | 158,523 | 67 | 44,345 | 19 | 31,366 | 1 | 5,709 |
Number of minutes Processed |
Number of Minutes Disclosed |
Number of Requests |
|---|---|---|
| 64 | 64 | 1 |
| Disposition | Less Than |
60-120 |
More than |
|||
|---|---|---|---|---|---|---|
| Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | |
| All disclosed | 0 | 0 | 1 | 64 | 0 | 0 |
| Disclosed in part | 0 | 0 | 0 | 0 | 0 | 0 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 1 | 64 | 0 | 0 |
Number of minutes Processed |
Number of Minutes Disclosed |
Number of Requests |
|---|---|---|
| 881 | 212 | 5 |
| Disposition | Less Than |
60-120 |
More than |
|||
|---|---|---|---|---|---|---|
| Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | Number of Requests | Minutes Processed | |
| All disclosed | 1 | 10 | 2 | 158 | 0 | 0 |
| Disclosed in part | 1 | 32 | 0 | 0 | 1 | 681 |
| All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
| All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 2 | 42 | 2 | 158 | 1 | 681 |
Disposition |
Consultation Required |
Legal Advice Sought |
Interwoven Information |
Other |
Total |
|---|---|---|---|---|---|
| All disclosed | 1 | 0 | 0 | 0 | 1 |
| Disclosed in part | 4 | 0 | 2,122 | 0 | 2,126 |
| All exempted | 2 | 0 | 0 | 0 | 2 |
| All excluded | 0 | 0 | 0 | 0 | 0 |
| Request abandoned | 0 | 0 | 0 | 0 | 0 |
| Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
| Total | 5 | 0 | 2,122 | 0 | 2,127 |
3.6 Closed requests
Number of requests closed within legislated timelines |
Percentage of requests closed within legislated timelines (%) |
|---|---|
| 12,329 | 94.21519181 |
3.7 Deemed refusals
Number of Requests Closed Past the Legislated Timelines |
Principal Reason |
|||
|---|---|---|---|---|
| Interference with Operations / Workload | External Consultation | Internal Consultation | Other | |
| 757 | 325 | 1 | 3 | 428 |
Number of Days Past Legislated Timelines |
Number of Requests Past Legislated Timeline Where No Extension Was Taken |
Number of Requests Past Legislated Timeline Where an Extension Was Taken |
Total |
|---|---|---|---|
| 1 to 15 days | 0 | 0 | 0 |
| 16 to 30 days | 0 | 0 | 0 |
| 31 to 60 days | 292 | 0 | 292 |
| 61 to 120 days | 100 | 160 | 260 |
| 121 to 180 days | 38 | 61 | 99 |
| 181 to 365 days | 24 | 44 | 68 |
| More than 365 days | 9 | 29 | 38 |
| Total | 463 | 294 | 757 |
Translation Requests |
Accepted |
Refused |
Total |
|---|---|---|---|
| English to French | 0 | 0 | 0 |
| French to English | 0 | 0 | 0 |
| Total | 0 | 0 | 0 |
Section 4: Disclosures Under Subsections 8(2) and 8(5)
| Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
|---|---|---|---|
| 122 | 1 | 0 | 123 |
Section 5: Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received |
Number |
|---|---|
| Notations attached | 6 |
| Requests for correction accepted | 4 |
| Total | 10 |
Section 6: Extensions
Number of requests where an extension was taken |
15(a)(i) Interference with operations |
15 (a)(ii) Consultation |
15(b) Translation purposes or conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 2,394 | 1 | 29 | 2,362 | 0 | 0 | 2 | 0 | 0 |
Length of Extensions |
15(a)(i) Interference with operations |
15 (a)(ii) Consultation |
15(b) Translation purposes or conversion |
|||||
|---|---|---|---|---|---|---|---|---|
| Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet Confidence Section (Section 70) | External | Internal | ||
| 1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 days | 1 | 29 | 2,362 | 0 | 0 | 2 | 0 | 0 |
| 31 days or greater | ||||||||
| Total | 1 | 29 | 2,362 | 0 | 0 | 2 | 0 | 0 |
Section 7: Consultations Received From Other Institutions and Organizations
| Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
|---|---|---|---|---|
| Received during reporting period | 55 | 709 | 4 | 46 |
| Outstanding from the previous reporting period | 0 | 0 | 1 | 39 |
| Total | 55 | 709 | 5 | 85 |
| Closed during the reporting period | 55 | 709 | 3 | 34 |
| Carried over to next reporting period | 0 | 0 | 2 | 51 |
| Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
| Disclose entirely | 7 | 7 | 1 | 0 | 0 | 1 | 2 | 18 |
| Disclose in part | 9 | 14 | 6 | 2 | 0 | 1 | 2 | 34 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 1 | 2 | 0 | 0 | 0 | 0 | 0 | 3 |
| Total | 17 | 23 | 7 | 2 | 0 | 2 | 4 | 55 |
| Recommendation | Number of days required to complete consultation requests | |||||||
|---|---|---|---|---|---|---|---|---|
| 1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
| Disclose entirely | 0 | 1 | 1 | 0 | 0 | 0 | 0 | 2 |
| Disclose in part | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Other | 0 | 0 | 1 | 0 | 0 | 0 | 0 | 1 |
| Total | 0 | 1 | 2 | 0 | 0 | 0 | 0 | 3 |
Section 8: Completion Time of Consultations on Cabinet Confidences
| Number of days | Fewer than 100 pages processed |
101 to 500 pages processed |
501 to 1,000 pages processed |
1001 to 5,000 pages processed |
More than 5,000 pages processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Number of days | Fewer than 100 pages processed |
101 to 500 pages processed |
501 to 1,000 pages processed |
1001 to 5,000 pages processed |
More than 5,000 pages processed |
|||||
|---|---|---|---|---|---|---|---|---|---|---|
| Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
| 1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| 181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
| Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and Investigations Notices Received
| Section 31 | Section 33 | Section 35 | Court action | Total |
|---|---|---|---|---|
| 42 | 39 | 33 | 0 | 114 |
Section 10: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)
| Number of PIAs completed | 5 |
|---|---|
| Number of PIAs modified | 0 |
| Personal Information Banks | Active | Created | Terminated | Modified |
|---|---|---|---|---|
| Institution-specific | 53 | 0 | 0 | 0 |
| Central | 0 | 0 | 0 | 0 |
| Total | 53 | 0 | 0 | 0 |
Section 11: Privacy Breaches
| Number of material privacy breaches reported to TBS | 0 |
|---|---|
| Number of material privacy breaches reported to OPC | 0 |
| Number of non-material privacy breaches | 40 |
|---|
Section 12: Resources Related to the Privacy Act
| Expenditures | Amount | |
|---|---|---|
| Salaries | $4,331,697 | |
| Overtime | $101,668 | |
Goods and services:
|
$499,998 | |
| Total | $4,933,363 | |
Resources |
Person Years Dedicated to Privacy Activities |
|---|---|
| Full-time employees | 47.660 |
| Part-time and casual employees | 0.230 |
| Regional staff | 0.000 |
| Consultants and agency personnel | 0.000 |
| Students | 0.000 |
| Total | 47.890 |
Annex C: Supplemental statistical report on the Privacy Act
Section 1: Capacity to receive requests
| Weeks | |
|---|---|
| Able to receive requests by mail | 52 |
| Able to receive requests by email | 52 |
| Able to receive requests through the digital request service | 52 |
Section 2: Capacity to process records
| No capacity | Partial capacity | Full capacity | Total | |
|---|---|---|---|---|
| Unclassified paper records | 14 | 17 | 21 | 52 |
| Protected B paper records | 14 | 17 | 21 | 52 |
| Secret and Top Secret paper records | 22 | 13 | 17 | 52 |
| No capacity | Partial capacity | Full capacity | Total | |
|---|---|---|---|---|
| Unclassified electronic records | 0 | 0 | 52 | 52 |
| Protected B electronic records | 0 | 0 | 52 | 52 |
| Secret and Top Secret electronic records | 23 | 13 | 16 | 52 |
Section 3: Open Requests and Complaints
| Fiscal Year Open Requests were received |
Open Requests that are within Legislated Timelines as of |
Open Requests that are Beyond Legislated Timelines as of |
Total |
|---|---|---|---|
| Received in 2021-2022 | 618 | 1,357 | 1,975 |
| Received in 2020-2021 | 34 | 290 | 324 |
| Received in 2019-2020 | 0 | 67 | 67 |
| Received in 2018-2019 | 0 | 11 | 11 |
| Received in 2017-2018 | 0 | 3 | 3 |
| Received in 2016-2017 | 0 | 0 | 0 |
| Received in 2015-2016 or earlier | 0 | 0 | 0 |
| Total | 652 | 1,728 | 2,380 |
| Fiscal Year Open | Complaints were received Number of Open Complaints |
|---|---|
| Received in 2021-2022 | 19 |
| Received in 2020-2021 | 5 |
| Received in 2019-2020 | 4 |
| Received in 2018-2019 | 8 |
| Received in 2017-2018 | 4 |
| Received in 2016-2017 | 1 |
| Received in 2015-2016 or earlier | 1 |
| Total | 42 |
Section 4: Social Insurance Number (SIN)
| Did your institution receive authority for a new collection or new consistent use of the SIN in 2021-2022? | No |
|---|
- Date modified: