Annual Report to Parliament on the Privacy Act: 2022 to 2023
From: Canada Border Services Agency
Chapter 1: Privacy Act report
Introduction
The Canada Border Services Agency (CBSA) is pleased to present to Parliament, in accordance with section 72 of the Privacy Act (the PA), its annual report on the management of this Act. The report describes the activities that support compliance with the PA for the fiscal year commencing April 1, 2022, and ending March 31, 2023. During this period, the CBSA continued to build on successful practices implemented in previous years.
The purpose of the PA is to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.Footnote 1
As stated in subsections 72(1) and 72(2) of the PA, “Every year the head of every government institution shall prepare a report on the administration of this Act within the institution during the period beginning on April 1 of the preceding year and ending on March 31 of the current year… Every report prepared under subsection (1) shall be laid before each House of Parliament on any of the first 15 days on which that House is sitting after September 1 of the year in which the report is prepared.”Footnote 2
Organization
1. About the Canada Border Services Agency
Since December 2003, the CBSA has been an integral part of the Public Safety Canada (PS) portfolio, which was created to protect Canadians and maintain a peaceful and safe society. The CBSA is responsible for providing integrated border services that support national security and public safety priorities and facilitate the free flow of persons and goods, including animals and plants, that meet all requirements under the program legislation.Footnote 3
The CBSA carries out its responsibilities with a workforce of approximately 14,000 employees, including over 6,500 uniformed CBSA officers who provide services at approximately 1,200 points across Canada and at 39 international locations.Footnote 4
2. Information sharing, access to information and Chief Privacy Office
The Information Sharing, Access to Information and Chief Privacy (ISATICP) Office is comprised of six units: an Administration section, three Case Management units, and two Policy units.
- The Administration section receives all incoming requests and consultations, ensures quality control of all outgoing correspondence, and supports the Case Management units in their day-to-day business
- The Case Management units assign branches and regions with retrieval requests, process requests for information under the PA, and provide daily operational guidance and support to CBSA employees
- The Access to Information and Privacy (ATIP) Policy and Governance Unit develops policies, tools, and procedures to support ATIP requirements within the CBSA and provides training to employees
- The Information Sharing and Collaborative Arrangements Policy (ISCAP) Unit maintains the policy framework for the CBSA’s information sharing and domestic written collaborative arrangements (WCAs)
On average, 85 full time equivalents, and three part time, casual and student employees were employed in the CBSA ISATICP Office during fiscal year 2022–2023.
The head of ATIP for the CBSA is the Director General and Chief Privacy Officer of the ISATICP Office, who reports directly to the Vice-President (VP) of the Strategic Policy Branch. Consistent with best practices identified by the Treasury Board of Canada Secretariat (TBS), the head of CBSA ATIP is positioned within two levels of the President and has full delegated authority.
The key to maintaining compliance with the statutory time requirements of the PA is the CBSA ISATICP Office’s ability to obtain personal information from branches and regions in an efficient manner. Supported by a network of ATIP liaison officers embedded within 16 offices of primary interest across the Regions and Branches, the ISATICP Office is well positioned to receive, coordinate, and process requests for personal information under the PA.
The CBSA ISATICP Office works closely with other members of the PS portfolio, including the Canadian Security Intelligence Service, the Correctional Service of Canada, the Parole Board of Canada, and the Royal Canadian Mounted Police, to share best practices and develop streamlined processes for the retrieval of jointly held records within the 30-day legislated time frame required to respond to privacy requests.
Activities and accomplishments
1. Performance
Fiscal year 2022–2023 saw record high volumes of privacy requests made to the CBSA. The volumes are largely attributable to individuals seeking copies of their history of arrival dates into Canada and those seeking copies of their Immigration file. In fiscal year 2022 to 2023, 49.9% of all privacy requests received by the CBSA came from individuals seeking their Immigration file. During the same period, 47.1% of all the privacy requests received by the CBSA came from individuals seeking their Traveller History Report (THR). THR and Immigration files contain information used to support requirements for programs administered by Immigration, Refugees and Citizenship Canada (IRCC) and Employment and Social Development Canada (ESDC).
In September 2012, IRCC, in consultation with the CBSA, introduced a new consent-based application form which sees applicants for citizenship provide consent on their applications for IRCC to view their travel history directly. The CBSA has allocated 100 accounts to the IRCC to verify (i.e. view only) clients’ THR to Canada. IRCC has since viewed approximately 1.86 million THR, of which 121,346 were in fiscal year 2022–2023, that might otherwise have been requested formally through the CBSA by way of formal Privacy Act, or Access to Information Act requests.
The CBSA continued to see high volumes of privacy requests submitted through the Access to Information and Privacy Online Request tool. Through this tool, the CBSA received 20,335 requests, which amounted to 94.2% of all privacy requests received by the CBSA. In November 2023, the CBSA will adopt the Online Request Services/Online Management Tool developed by TBS, which will allow it to interact with the requesters directly, and also securely disclose documents to clients.
The CBSA continued to offer the electronic format for responses to privacy requests, which amounted to 96.2% of the release packages. As a result, these requests accounted for 92% of all the pages the CBSA disclosed in their entirety or disclosed in part this fiscal year.
The CBSA also provided case-by-case policy guidance to program areas related to the disclosure of information under section 8 of the PA, section 107 of the Customs Act, and on written collaborative arrangements. In total, the CBSA received 3,733 requests for guidance in fiscal year 2022–2023, representing an increase of 39.7% over the previous year.
Finally, as per Section 73.1 of the PA, the CBSA has not provided services related to any power, duty or function conferred or imposed on the CBSA under the PA to another government institution that is under the responsibility of the Minister of Public Safety and Emergency Preparedness and has not received such services from any other such government institution.
2. Education and training
In fiscal year 2022 to 2023, the CBSA continued to provide support and guidance to employees. To do so, the Office adapted to numerous changes and explored alternative measures to delivery. The CBSA provided 10 virtual training sessions to 319 employees. The training sessions are designed to ensure that the participants fully understood their responsibilities under the PA and the Access to Information Act, with a focus on requests made pursuant to the Acts and the duty to assist principles.
The CBSA maintained the Canada School of Public Service’s (CSPS) Access to Information and Privacy Fundamentals (I015) course to the list of mandatory training. This training must be successfully completed by all persons employed by the CBSA who occupy an indeterminate or term position on a full-time, part-time or seasonal basis, as well as students and casual employees. It also must be completed within six months of joining the CBSA.
Moreover, the CBSA delivered 13 training sessions on section 107 of the Customs Act, as well as basic information sharing, disclosure of intelligence-related information, and business line specific training sessions to 273 employees. In addition, before attending the training, employees are advised to complete the interactive online training course, regarding information sharing that was developed by the CBSA.
Furthermore, the CBSA continues to raise employees’ awareness of their obligations under the PA by leveraging the CBSA’s daily newsletter as a way to provide employees with important information. The communiqués include key dates, such as Data Privacy Day, and other activities at the CBSA to promote ATIP tools and resources. Additionally, a bi-annual message is sent to employees to promote the CBSA privacy breach protocol and the importance of reporting privacy breaches.
The CBSA continues to actively participate in the TBS-led ATIP coordinators, ATIP practitioners, ADM Access to information and openness committee (ATIO) and ATIP Community meetings. These meetings provide opportunities for employees of the Office to liaise with employees from other institutions to discuss various issues and challenges that have been identified by the ATIP community.
Finally, during the summer of 2022, the Canada Border Services Agency and the Treasury Board of Canada Secretariat signed a Memorandum of Understanding (MoU) to tackle capacity issues faced by ATIP practitioners in various Government of Canada institutions. This MoU is established with institutional partners to seek contributions for fiscal year (FY) 2022-23, to establish a Communities Development Office for the ATIP communities which aims to address challenges related to recruitment, retention, as well as centralized training and professional development programs.
3. New and revised privacy-related policies and procedures
During fiscal year 2022 to 2023, the CBSA continued to revise existing policies, develop new policies, and introduce new procedures.
As per TBS Privacy Implementation Notice 2022-02, the CBSA developed an ATIP ID Verification Policy. This Policy provides direction on the requirement set out in section 4.1.4 of the Directive on Personal Information Requests and Correction of Personal Information that institutions must establish procedures to validate the identity of a requester. More specifically, this Policy formalized and enhanced the CBSA’s practices in response to the extension order, which includes foreign nationals. The CBSA has continued to ensure that identity documentation is adequately verified as it is imperative to mitigate the risk of privacy breaches while delivering government services. The CBSA balances the right of access and program delivery with identity verification to provide an effortless ATIP process to Canadian citizens, permanent residents and foreign nationals.
The CBSA has continued to take a number of measures to enhance and promote ATIP tools that are readily accessible to CBSA employees by utilizing Apollo (GCDocs). To this end, it ensures that the CBSA intranet site is up to date and available to all CBSA employees. This allows the Office to quickly share information and best practices, as well as facilitate collaboration across the CBSA.
The CBSA continued to receive ATIP related audio/video redacting requests. In response, the CBSA ISATICP Office, in partnership with the Information, Science and Technology Branch, and as part of an Innovation Solution Canada challenge initiative, was involved in a project allowing private companies to introduce applied concept for the redaction of video recording. The project ended successfully with two products brought to market, and the CBSA is currently exploring the purchase of one of the solutions for our own use.
During the second half of fiscal year 2022 to 2023, the CBSA began to use a Robotic Process Automation (RPA) tool, as it became fully operational, to register new incoming access to information and privacy requests without the requirement for human intervention. The CBSA is working on expanding the use of RPA tools to perform other routine processes to create further efficiencies in order to better respond to increasing volumes.
The CBSA remains an active and key participant in the PA Modernization working group, to help establish the CBSA’s position on the modernization of this Act. The CBSA believes that a modernized Act should facilitate the government work while continuing to respect individuals’ privacy rights and the Canadian Charter of Rights and Freedom. The CBSA will continue to develop policy options, and to work on transition advice, alongside the Department of Justice, in the modernization of the PA.
During the fiscal year 2022 to 2023, the CBSA approved and published two updated national information sharing policies:
- The Policy on the Order in Council to the CBSA, as well as a number of working tools, to aid in the day-to-day management of activities related to the Order in Council (OiC) and the Avoiding Complicity in Mistreatment by Foreign Entities Act (ACA). This milestone marks the completion of the first phase of implementation for the updated policy and governance framework
- The Policy on sharing information pursuant to the Security of Canada Information Disclosure Act (SCIDA) which provides functional guidance on the disclosure of CBSA program information to specific federal departments with a security of Canada mandate
The CBSA also introduced the updated Policy and Guide for the Development of Written Collaborative Arrangements (WCA). The updated policy provides a standardized step-by-step guide for the development of domestic WCAs, including a simplified WCA Flowchart and WCA templates.
The CBSA continued to provide the service of informally reviewing CBSA records for internal programs as if they had been requested under the PA. The intent was for proactive publication. The Office received 150 internal requests of this nature in fiscal year 2022 to 2023.
The CBSA closely monitors the time it takes to process privacy requests. Monthly reports, which show trends and performance, are submitted to the Assistant Directors, the Director of the Case Management units, and to the Director General and Chief Privacy Officer of the ISATICP Office. Finally, monthly reports consisting of statistics on the performance of the offices of primary interest are also distributed to all ATIP liaison officers.
4. Reading room
The CBSA, in accordance with the PA, maintains a reading room for applicants who wish to review material in person at the CBSA. Applicants may access the reading room by contacting the CBSA's ISATICP Office by telephone at 343-291-7021 or by sending an email to atip-aiprp@cbsa-asfc.gc.ca. The reading room is located at:
Place Vanier Complex
14 flr Tower A
333 N River Rd
Ottawa ON K1A 0L8
5. Audits of, and investigations into the privacy practices of the Canada Border Services Agency
In 2022 to 2023, the ISATICP Office underwent a review conducted by the Agency’s Internal Audit and Program Evaluation. The review focused on the Management of Written Collaborative Arrangements (WCA). The review was completed in fiscal year 2022 to 2023 and the recommendations are as follows:
Recommendation 1: The Vice-President of the Strategic Policy Branch (SPB), in consultation with VPs of enabling areas, should update the policy instruments by clarifying the roles and responsibilities and requirements for the full continuum of WCAs (development, maintenance and monitoring) of all implicated internal CBSA stakeholders and communicate those expectations.
Management response: The Vice-President of the SPB agrees to work with relevant Branches to update and communicate the roles and responsibilities related to WCAs for all key CBSA functional leads and stakeholders.
Recommendation 2: The Vice-President of the SPB should maintain a complete repository of WCAs.
Management response: The Vice-President of the SPB agrees to review, update and maintain a WCA inventory, to reflect current and usable WCA inventory information, including the status of WCAs that are in various states of negotiation and development. Given the ongoing horizontal efforts required to maintain a pulse on developments, SPB will be heavily reliant upon other Branches and regions to be active participants in this process, whether through regular consultations with functional leads or inquiries made by Offices of Primary Interest on drafting new WCAs or updating existing ones. Furthermore, it should be noted that the interim database solution may be past its operational life and SPB will explore alternative options for a more reliable database to meet the CBSA’s WCA needs. As noted, where the activities below involve IPPD, they are also addressed under the Audit of International Activities Management Response and Action Plan.
Recommendation 3: The Vice-President of the SPB should ensure that an appropriate mechanism provides strategic direction on WCAs and oversight over high-risk WCAs.
Management response: The Vice-President of the SPB agrees to develop appropriate ongoing oversight mechanisms to ensure that WCAs align with the CBSA’s strategic direction and partnerships, while mitigating the potential for arrangements which may pose vulnerabilities for the CBSA. To this end, SPB has created a team to lead a WCA Review which will assess governance options and develop criteria for WCA vulnerability assessments.
Further, an audit of the Management of Information Technology Security (MITS) – Phase III was conducted in fiscal year 2022 to 2033 and the recommendation is as follow:
Recommendation 6.1: The Vice-President of the SPB, in consultation with the Vice-President of the Finance and Corporate Management (FCM) Branch and Vice-President ISTB, should ensure the process for issuing security attestations is respected for new and amended agreements and develop a strategy to ensure that existing information sharing agreements with third parties include the necessary security controls to prevent the unintentional interception and disclosure of information.
Management response: The Recommendation is accepted. It is the practice of both the SPB and the FCM Branch to ensure that all agreements or arrangements, as they are being implemented or renewed, include appropriate privacy and security provisions. As such, both teams are committed to conducting a review at the initial and final phases of the WCA development. Strategic Policy will communicate the importance of the Policy and Guide for the Management and Development of WCAs. Where IT security requirements exist and have been met, the CBSA Chief Security Officer (CSO) will issue a CSO attestation.
6. Privacy impact assessments
In fiscal year 2022 to 2023, the CBSA did not complete any privacy impact assessment (PIA). Despite not having completed any PIAs, the CBSA continued to work closely with program areas on many initiatives that are in the process of completion in 2024, such as:
The Canada Border Services Agency (CBSA) Assessment and Revenue Management (CARM)
This project is a multi-year initiative that will transform the collection of duties and taxes for goods imported into Canada. Through CARM, the CBSA will modernize and streamline the process of importing commercial goods. Once fully implemented, CARM will:
- simplify the overall importing process
- provide a modern interface for importing into Canada
- give importers self-service access to their information
- reduce the cost of importing into Canada
- improve consistency of compliance with trade rules
ArriveCAN Primary Inspection Kiosk PIA Annex
In partnership with Public Health Agency of Canada (PHAC), and in response to COVID-19, the CBSA introduced the ArriveCAN app. ArriveCAN allowed travellers to electronically provide the Government of Canada their contact, quarantine, and health screening information under the Quarantine Act. Expanding on the success of the Primary Inspection Kiosk platform and the ArriveCAN service, the CBSA leveraged and improved existing technologies to facilitate travel and made ArriveCAN a one-stop tool for submitting advance travel information, eliminating the need to use two separate platforms and capitalizing on the higher user uptake and familiarity with the brand. After consultation with the Office of the Privacy Commissioner (OPC), the CBSA will be writing an independent ArriveCAN PIA after PHAC has relinquished their portion of the ArriveCAN application.
Preclearance
Preclearance is a border management program designed to enhance border security, improve cross-border flow of legitimate travellers and goods and allow for border infrastructure to be used more efficiently. Preclearance allows border officers of the inspecting country to determine the admissibility of travellers and goods before they enter into the territory of the inspecting country. In Canada, United States air preclearance has been in place and operating successfully since the 1950s.
Alcohol, Tobacco, Firearms and Explosives (ATF) and Drug Enforcement Administration (DEA) Memorandum of Understanding (MOU)
On February 23, 2021, Prime Minister Justin Trudeau and United States President Joseph R. Biden met and unveiled the Roadmap for a Renewed US-Canada Partnership, detailing commitments on various issues, including the illegal cross-border flows of firearms, drugs, and currency, organized crime, mass marketing fraud, and human trafficking. This commitment led to the development of Memorandum of Understandings between the CBSA and US Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) and Drug Enforcement Administration (DEA). A PIA was written to describe and assess the MOUs as well as the processes followed in responding to and requesting information from the ATF and DEA.
Update to the Alternatives to Detention PIA
Significant funds were allocated pre-pandemic to create the Alternative to Detention (ATD) program, aiming to modernize how the CBSA interacts with supervised immigrants and refugees entering Canada. The program provides the CBSA with more monitoring options, offering flexibility to agents and a humane experience for those under supervision. The ATD Program initially included Community Case Management Supervision (CCMS), the Voice Reporting System (VRS), and Electronic Monitoring (EM) ankle bracelets. However, the VRS was a pilot program to assess technology options and operational viability. It is set to expire in February 2024. The new ReportIN system replaces VRS, improving verification accuracy with facial recognition and introducing two-way messaging between CBSA officers and clients for instant communication.
Digital Workplace
The Digital Workplace program, aligned with the Government of Canada's digital strategy and the Policy on Service and Digital, is an initiative by the CBSA to establish a fully digital workforce. Starting with the implementation of M365 services, specifically Teams Chat, in May 2020 as a response to the pandemic, the program initially focused on providing communication and collaboration tools like MS Teams to enable virtual work for CBSA employees. The program's development and implementation were expedited due to the global pandemic, the adoption of Microsoft cloud services, and the Digital Communications and Collaboration Project (DCCP) led by Shared Services Canada (SSC). The DCCP serves to validate the strategy, approach, and network reliability for the broader migration of the Government of Canada to a unified and modern digital communications and collaboration service toolset.
The full executive summaries for previous PIAs completed can be found on the CBSA’s Privacy impact assessments.
Finally, the CBSA continued playing a critical role in ensuring that all privacy implications were considered during the development of programs and has remained committed to ongoing collaboration with the OPC for the development of our PIAs.
Disclosures made pursuant to paragraph 8(2)(e) of the Privacy Act
During the 2022 to 2023 fiscal year, the CBSA made 226 disclosures pursuant to paragraph 8(2)(e) of the PA.
Disclosures made pursuant to paragraph 8(2)(m) of the Privacy Act
During the 2022 to 2023 fiscal year, the CBSA made two public interest disclosure pursuant to paragraph 8(2)(m) of the PA.
Disclosure pursuant to 8(2)(m)(i) – Public Interest Disclosure
The disclosure was to inform next of kin of a death that occurred while an individual was in custody in a detention center. The Office of the Privacy Commissioner was notified after the disclosure had occurred due to the urgency of the notification. The media was also notified, however, the disclosure included limited information.
Disclosure pursuant to 8(2)(m)(ii) – Benefit to the individual
The disclosure was to conduct a wellness check due to threats of self harm. As the threat raised concerns for the safety of the individual, the CBSA verified with local Police if they would provide assistance. The police service stated that they considered this to be a serious matter and that an officer(s) would be dispatched to conduct a “wellness check”. The Office of the Privacy Commissioner was notified after the disclosure had occurred due to the urgency of the notification.
Delegation order
See Annex A for a signed copy of the delegation order.
Chapter 2: Statistical report
Statistical report on the Privacy Act
See Annex B for the CBSA's statistical report on the Privacy Act (the PA).
Interpretation of the statistical report
1. Requests received and completed under the Privacy Act
The CBSA received 21,577 privacy requests in fiscal year 2022–2023, which was an increase of 51.6% compared to the previous year. Moreover, the CBSA responded to 18,773 PA requests, representing 78.4% of the total number of requests received and outstanding from the previous reporting periods. Finally, the CBSA processed 362,877 pages under the PA.
For the past five years, the CBSA has consistently been among the top government departments and agencies in terms of the number of PA requests received. While receiving a substantial number of requests each year, the CBSA has consistently been one of the top performing institutions, responding within legislative timeframes more than 90% in a year which saw the greatest number of requests received.
Text description
Fiscal year | Requests received | Completed requests |
---|---|---|
2018 to 2019 | 13,447 | 13,873 |
2019 to 2020 | 14,102 | 13,866 |
2020 to 2021 | 11,997 | 12,126 |
2021 to 2022 | 14,230 | 13,086 |
2022 to 2023 | 21,577 | 18,773 |
2. Completion time
In fiscal year 2022 to 2023, a total of 18,773 requests were completed. The graph below presents the response times for the requests that the CBSA completed during this fiscal year.
Text description
Completion time (days) | Number of requests |
---|---|
121 or more | 278 |
61 to 120 | 539 |
31 to 60 | 2,435 |
30 or less | 15,521 |
Of the 18,773 completed requests, the CBSA was successful in responding to 95.5% within the legislated timelines, an increase from the 94.2% achieved last fiscal year.
The chart below provides an overview of the disposition of these completed requests.
Text description
Fully disclosed | 62.14% |
Partially disclosed | 29.66% |
No records exist | 2.15% |
Request abandoned | 5.99% |
Other | 0.06% |
Of the completed requests, 10,590 records were fully disclosed and 6,983 were partially disclosed. See Annex B for all the details on the disposition of the completed requests.
Of the 5,184 requests carried over to fiscal year 2023–2024, 424 were on time and 4,760 were late. The graph below provides an overview of the requests carried over that were within or beyond legislated timelines.
Text description
Fiscal year | Requests within legislated timelines | Requests beyond legislated timelines |
---|---|---|
2016 to 2017 | 0 | 0 |
2017 to 2018 | 0 | 3 |
2018 to 2019 | 0 | 11 |
2019 to 2020 | 0 | 67 |
2020 to 2021 | 34 | 290 |
2021 to 2022 | 618 | 1,357 |
2022 to 2023 | 420 | 4,157 |
See Annex C for all the details related to the number of outstanding requests carried over to next fiscal year.
3. Extensions
In total, 1,546 extensions were applied for during fiscal year 2022 to 2023. This represents a significant decrease in extensions in comparison to the previous fiscal year. The implementation of a more robust processing solution for immigration requests reduced reliance on extensions. Extensions were applied 99.9% of the time because of workload and meeting the original 30-day time limit would have resulted in unreasonable interference with the CBSA operations. The remaining 0.1% of the time was for consulting with third parties or other government institutions, or for additional time for translation purposes or for the purposes of converting the personal information into an alternative format.
4. Consultations received from other institutions and organizations
In 2022 to 2023, the CBSA completed 57 consultation requests from other government institutions and organizations. This represents a decrease of 5% in comparison to the previous fiscal year. To respond to these requests, 1,224 pages were reviewed, an increase of 54.2% from the previous fiscal year.
5. Completion time of consultations on Cabinet confidences
Although Cabinet confidences are excluded from the application of the PA (section 70), the policies of TBS require agencies and departments to consult their legal services to determine if requested information should be excluded. If there is any doubt or if the records contain discussion papers, legal counsel must consult the Office of the Counsel to the Clerk of the Privy Council Office (PCO).
In 2022 to 2023, the CBSA did not consult CBSA Legal services regarding Cabinet confidence exclusions, due to the fact that requesters are excluding Cabinet confidences from their requests.
6. Complaints and investigations
Subsection 29(1) of the PA describes how the Office of the Privacy Commissioner of Canada (OPC) receives and investigates complaints from individuals regarding their personal information held by a government institution. Examples of complaints the OPC may choose to investigate include a refusal of access to personal information; an allegation that personal information about an individual that is held by a government institution has been misused or wrongfully disclosed; or failure to provide access to personal information in the official language requested by the individual.
For 2022 to 2023, 69 PA complaints were filed against the CBSA, which represents an increase of 64.3% compared to fiscal year 2021 to 2022. For context, the number of complaints filed relate to only 0.4% of the 18,773 privacy requests completed during this period. The complaints received during the fiscal year were related to the following issues: time delay (52); application of exemptions (4); missing / incomplete records (2); early resolution (1); use and disclosure (8); and collection (2).
Of the 42 complaints that were closed in fiscal year 2022–2023, 12 were deemed well-founded, and one was deemed not well-founded. Additionally, 27 complaints were resolved; none were discontinued; and two were settled. Where complaints are substantiated, the matter is reviewed by the delegated Assistant Directors and processes are adjusted if required.
At the end of fiscal year 2022 to 2023, the CBSA had 87 active complaints that were outstanding from previous reporting periods. The graph below provides an overview of the active complaints that are outstanding.
Text description
Fiscal year | Active complaints |
---|---|
2015 to 2016 or earlier |
1 |
2016 to 2017 | 0 |
2017 to 2018 | 4 |
2018 to 2019 | 8 |
2019 to 2020 | 2 |
2020 to 2021 | 4 |
2021 to 2022 | 11 |
2022 to 2023 | 57 |
7. Privacy breaches
There were no material privacy breaches reported during fiscal year 2022–2023.
8. COVID-19: Impact on the CBSA ISATICP Office
Since the beginning of the pandemic, the CBSA has played a critical role in managing the border in a safe and efficient manner, contributing to the health and security of Canadians. During fiscal year 2022 to 2023, many CBSA employees were reassigned, and called upon to work around the clock to provide critical and essential services to Canadians and travelers. Despite the implementation of these new measures, the CBSA was able to maintain the ability to process requests received under the PA in a timely manner, responding to requests within their statutory timelines in more than nine out of 10 cases.
This success is also due to the implementation of interim measures for processing PA requests and the office already had remote access capability which enabled the employees to continue to work from home. In September 2022, the CBSA ISATICP Office partially returned to the office and documents classified as secret were once again accessible.
During this period, the CBSA collaborated closely with TBS and coordinators in the access to information and privacy community. Every two weeks, the CBSA has completed the TBS request capacity questionnaire on the status of ATIP offices during COVID-19, which is being published on the Open Government website.
9. Conclusion
The achievements portrayed in this report reflect the CBSA’s commitment to ensuring that every reasonable effort is made to meet its obligations under the PA. The CBSA strives to provide Canadians with their personal information to which they have a right in a timely and helpful manner while protecting the privacy rights of all Canadians.
Annex A: Delegation order
Text description
Ministerial Order
Access to Information Act and Privacy Act
Pursuant to section 73 of the Access to Information ActFootnote 1 and section 73 of the Privacy ActFootnote 2, I hereby designate the persons holding the positions set out in the schedule hereto, or a person authorized to exercise the powers or perform the duties and functions of that position, to exercise or perform the powers, duties and functions of the Minister of Public Safety and Emergency Preparedness as the head of the Canada Border Services Agency under the provisions of the Act and related regulations set out in the schedule opposite each position.
This Order replaces previous designation orders and comes into force on the date on which it is signed.
Dated at Ottawa, Province of Ontario, this .
The Honourable Bill Blair, P.C., C.O.M., M.P.
Minister of Public Safety and Emergency Preparedness
Positions | Access to Information Act and Regulations | Privacy Act and Regulations |
---|---|---|
President | Full authority | Full authority |
Executive Vice-President | Full authority | Full authority |
Vice-President, Strategic Policy Branch | Full authority | Full authority |
Director General, Chief Data Office | Full authority | Full authority |
Director General and Chief Privacy Officer, Information Sharing, Access to Information and Chief Privacy (ISATICP)Office | Full authority | Full authority |
Assistant Director, Information Sharing, ISATICP | Full authority | Full authority (except 8(2)(m)) |
Team Leader, Information Sharing, ISATICP | Full authority | Full authority (except 8(2)(m)) |
Annex B: Statistical report
Statistical report on the Privacy Act on the Privacy Act
Name of institution: Canada Border Services Agency
Reporting period: to
Section 1: Requests under the Privacy Act
Received during reporting period | 21,577 |
Outstanding from previous reporting period
|
2,380 |
Total | 23,957 |
Closed during reporting period | 18,773 |
Carried over to the next reporting period
|
5,184 |
Source | Number of requests |
---|---|
Online | 20,335 |
744 | |
441 | |
In person | 0 |
Phone | 0 |
Fax | 57 |
Total | 21,577 |
Section 2: Informal requests
Received during reporting period | 0 |
Outstanding from previous reporting period
|
0 |
Total | 0 |
Closed during reporting period | 0 |
Carried over to the next reporting period | 0 |
Source | Number of requests |
---|---|
Online | 0 |
0 | |
0 | |
In person | 0 |
Phone | 0 |
Fax | 0 |
Total | 0 |
Completion time | |||||||
---|---|---|---|---|---|---|---|
1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Less than 100 pages released |
100-500 pages released |
501-1000 pages released |
1001-5000 pages released |
More than 5000 pages released |
|||||
---|---|---|---|---|---|---|---|---|---|
Number of requests |
Pages released |
Number of requests |
Pages released |
Number of requests |
Pages released |
Number of requests |
Pages released |
Number of requests |
Pages released |
0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 3: Requests closed during the reporting period
Disposition of requests | Completion time | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
All disclosed | 2,160 | 7,587 | 760 | 68 | 9 | 5 | 1 | 10,590 |
Disclosed in part | 678 | 4,054 | 1,595 | 444 | 79 | 88 | 45 | 6,983 |
All exempted | 0 | 2 | 1 | 1 | 0 | 1 | 0 | 5 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
No records exist | 42 | 145 | 41 | 7 | 3 | 2 | 0 | 240 |
Request abandoned | 615 | 235 | 36 | 19 | 6 | 6 | 33 | 950 |
Neither confirmed nor denied | 2 | 1 | 2 | 0 | 0 | 0 | 0 | 5 |
Total | 3,497 | 12,024 | 2,435 | 539 | 97 | 102 | 79 | 18,773 |
Section | Number of requests | Section | Number of requests | Section | Number of requests |
---|---|---|---|---|---|
18(2) | 1 | 22(1)(a)(i) | 1 | 23(a) | 0 |
19(1)(a) | 4,465 | 22(1)(a)(ii) | 0 | 23(b) | 0 |
19(1)(b) | 6 | 22(1)(a)(iii) | 0 | 24(a) | 0 |
19(1)(c) | 6 | 22(1)(b) | 5,307 | 24(b) | 0 |
19(1)(d) | 8 | 22(1)(c) | 11 | 25 | 11 |
19(1)(e) | 0 | 22(2) | 0 | 26 | 3,941 |
19(1)(f) | 0 | 22.1 | 0 | 27 | 12 |
20 | 0 | 22.2 | 0 | 27.1 | 0 |
21 | 2,088 | 22.3 | 0 | 28 | 0 |
22.4 | 0 |
Section | Number of requests | Section | Number of requests | Section | Number of requests |
---|---|---|---|---|---|
69(1)(a) | 0 | 70(1) | 0 | 70(1)(d) | 0 |
69(1)(b) | 0 | 70(1)(a) | 0 | 70(1)(e) | 0 |
69.1 | 0 | 70(1)(b) | 0 | 70(1)(f) | 0 |
70(1)(c) | 0 | 70.1 | 0 |
Paper | Electronic | Other | |||
---|---|---|---|---|---|
E-record | Data set | Video | Audio | ||
671 | 0 | 16,902 | 4 | 6 | 0 |
3.5 Complexity
Number of pages processed | Number of pages disclosed | Number of requests |
---|---|---|
362,877 | 281,825 | 18,533 |
Disposition | Less than 100 pages processed |
100-500 pages processed |
501 to 1,000 pages processed |
1001-5000 pages processed |
More than 5000 pages processed |
|||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
All disclosed | 10,559 | 64,915 | 31 | 4,645 | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 6,510 | 111,056 | 399 | 84,323 | 49 | 33,529 | 23 | 41,854 | 2 | 11,945 |
All exempted | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 937 | 942 | 7 | 1,625 | 2 | 1,425 | 4 | 6,618 | 0 | 0 |
Neither confirmed nor denied | 5 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 18,016 | 176,913 | 437 | 90,593 | 51 | 34,954 | 27 | 48,472 | 2 | 11,945 |
Number of minutes processed | Number of minutes disclosed | Number of requests |
---|---|---|
563 | 454 | 6 |
Disposition | Less than 60 minutes processed |
60-120 minutes processed |
More than 120 minutes processed |
|||
---|---|---|---|---|---|---|
Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
All disclosed | 3 | 54 | 0 | 0 | 1 | 131 |
Disclosed in part | 0 | 0 | 0 | 0 | 2 | 378 |
All exempted | 0 | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 3 | 54 | 0 | 0 | 3 | 509 |
Number of minutes processed | Number of minutes disclosed | Number of requests |
---|---|---|
1,991 | 124 | 4 |
Disposition | Less than 60 minutes processed |
60-120 minutes processed |
More than 120 minutes processed |
|||
---|---|---|---|---|---|---|
Number of requests | Minutes processed | Number of requests | Minutes processed | Number of requests | Minutes processed | |
All disclosed | 0 | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 0 | 0 | 0 | 0 | 1 | 124 |
All exempted | 2 | 2 | 0 | 0 | 1 | 1865 |
All excluded | 0 | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 2 | 42 | 0 | 0 | 2 | 1,989 |
Disposition | Consultation required | Legal advice sought | Interwoven information | Other | Total |
---|---|---|---|---|---|
All disclosed | 0 | 0 | 0 | 0 | 0 |
Disclosed in part | 5 | 0 | 3,941 | 1 | 3,947 |
All exempted | 0 | 0 | 0 | 0 | 0 |
All excluded | 0 | 0 | 0 | 0 | 0 |
Request abandoned | 0 | 0 | 0 | 0 | 0 |
Neither confirmed nor denied | 0 | 0 | 0 | 0 | 0 |
Total | 5 | 0 | 3,941 | 1 | 3,947 |
3.6 Closed requests
Number of requests closed within legislated timelines | Percentage of requests closed within legislated timelines (%) |
---|---|
17,927 | 95.49352794 |
3.7 Deemed refusals
>Number of requests closed past the legislated timelines | Principal reason | |||
---|---|---|---|---|
Interference with operations / workload | External consultation | Internal consultation | Other | |
846 | 419 | 2 | 0 | 425 |
>Number of days past legislated timelines | Number of requests past legislated timeline where no extension was taken | Number of requests past legislated timeline where an extension was taken | Total |
---|---|---|---|
1 to 15 days | 180 | 74 | 254 |
16 to 30 days | 119 | 43 | 162 |
31 to 60 days | 75 | 56 | 131 |
61 to 120 days | 44 | 59 | 103 |
121 to 180 days | 27 | 27 | 54 |
181 to 365 days | 27 | 48 | 75 |
More than 365 days | 23 | 44 | 67 |
Total | 495 | 351 | 846 |
>Translation requests | Accepted | Refused | Total |
---|---|---|---|
English to French | 0 | 0 | 0 |
French to English | 0 | 0 | 0 |
Total | 0 | 0 | 0 |
Section 4: Disclosures under subsections 8(2) and 8(5)
Paragraph 8(2)(e) | Paragraph 8(2)(m) | Subsection 8(5) | Total |
---|---|---|---|
226 | 2 | 2 | 230 |
Section 5: Requests for correction of personal information and notations
>Disposition for correction requests received | Number |
---|---|
Notations attached | 24 |
Requests for correction accepted | 6 |
Total | 30 |
Section 6: Extensions
>Number of requests where an extension was taken | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence section (Section 70) | External | Internal | ||
1,546 | 0 | 77 | 1,467 | 1 | 1 | 0 | 0 | 0 |
>Length of extensions | 15(a)(i) Interference with operations | 15 (a)(ii) Consultation | 15(b) Translation purposes or conversion | |||||
---|---|---|---|---|---|---|---|---|
Further review required to determine exemptions | Large volume of pages | Large volume of requests | Documents are difficult to obtain | Cabinet confidence section (Section 70) | External | Internal | ||
1 to 15 days | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 days | 0 | 77 | 1,467 | 1 | 1 | 0 | 0 | 0 |
31 days or greater | ||||||||
Total | 0 | 77 | 1,467 | 1 | 1 | 0 | 0 | 0 |
Section 7: Consultations received from other institutions and organizations
Consultations | Other Government of Canada institutions | Number of pages to review | Other organizations | Number of pages to review |
---|---|---|---|---|
Received during reporting period | 60 | 1,435 | 2 | 29 |
Outstanding from the previous reporting period | 0 | 0 | 2 | 51 |
Total | 60 | 1,435 | 4 | 80 |
Closed during the reporting period | 54 | 1,183 | 3 | 41 |
Carried over to next reporting period | 6 | 252 | 1 | 39 |
Carried over beyond negotiated timelines | 0 | 0 | 0 | 0 |
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
Disclose entirely | 15 | 3 | 1 | 0 | 0 | 0 | 0 | 19 |
Disclose in part | 16 | 9 | 4 | 0 | 1 | 0 | 2 | 32 |
Exempt entirely | 2 | 0 | 0 | 0 | 0 | 0 | 0 | 2 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 1 | 1 |
Total | 33 | 12 | 5 | 0 | 1 | 0 | 3 | 54 |
Recommendation | Number of days required to complete consultation requests | |||||||
---|---|---|---|---|---|---|---|---|
1 to 15 days |
16 to 30 days |
31 to 60 days |
61 to 120 days |
121 to 180 days |
181 to 365 days |
More than 365 days |
Total | |
Disclose entirely | 1 | 0 | 0 | 0 | 0 | 0 | 0 | 1 |
Disclose in part | 0 | 0 | 1 | 1 | 0 | 0 | 0 | 2 |
Exempt entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Exclude entirely | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Consult other institution | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Other | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 1 | 0 | 1 | 1 | 0 | 0 | 0 | 3 |
Section 8: Completion time of consultations on cabinet confidences
Number of days | Fewer than 100 pages processed | 100 to 500 pages processed | 501 to 1,000 pages processed | 1001 to 5,000 pages processed | More than 5,000 pages processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Number of days | Fewer than 100 pages processed | 100 to 500 pages processed | 501 to 1,000 pages processed | 1001 to 5,000 pages processed | More than 5,000 pages processed | |||||
---|---|---|---|---|---|---|---|---|---|---|
Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | Number of requests | Pages disclosed | |
1 to 15 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
16 to 30 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
31 to 60 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
61 to 120 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
121 to 180 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
181 to 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
More than 365 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Total | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 | 0 |
Section 9: Complaints and investigations notices received
Section 31 | Section 33 | Section 35 | Court action | Total |
---|---|---|---|---|
58 | 10 | 37 | 1 | 106 |
Section 10: Privacy impact assessments (PIA) and personal information banks (PIB)
Number of PIAs completed | 0 |
---|---|
Number of PIAs modified | 0 |
Personal information banks | Active | Created | Terminated | Modified |
---|---|---|---|---|
Institution-specific | 52 | 0 | 0 | 3 |
Central | 0 | 0 | 0 | 0 |
Total | 52 | 0 | 0 | 3 |
Section 11: Privacy breaches
Number of material privacy breaches reported to TBS | 0 |
---|---|
Number of material privacy breaches reported to OPC | 0 |
Number of non-material privacy breaches | 28 |
---|
Section 12: Resources related to the Privacy Act
Expenditures | Amount |
---|---|
Salaries | $4,136,812 |
Overtime | $119,228 |
Goods and services:
|
$278,269 |
Total | $4,534,309 |
Resources | Person years dedicated to privacy activities |
---|---|
Full-time employees | 48.830 |
Part-time and casual employees | 1.400 |
Regional staff | 0.000 |
Consultants and agency personnel | 0.000 |
Students | 0.000 |
Total | 50.230 |
Annex C: Supplemental statistical report on the Privacy Act
Section 1: Capacity to receive requests
Weeks | |
---|---|
Able to receive requests by mail | 52 |
Able to receive requests by email | 52 |
Able to receive requests through the digital request service | 52 |
Section 2: Capacity to process records
No capacity | Partial capacity | Full capacity | Total | |
---|---|---|---|---|
Unclassified paper records | 0 | 0 | 52 | 52 |
Protected B paper records | 0 | 0 | 52 | 52 |
Secret and Top Secret paper records | 0 | 0 | 52 | 52 |
No capacity | Partial capacity | Full capacity | Total | |
---|---|---|---|---|
Unclassified electronic records | 0 | 0 | 52 | 52 |
Protected B electronic records | 0 | 0 | 52 | 52 |
Secret and top secret electronic records | 0 | 0 | 52 | 52 |
Section 3: Open requests and complaints
Fiscal year open requests were received | Open requests that are within legislated timelines as of | Open requests that are beyond legislated timelines as of | Total |
---|---|---|---|
Received in 2022 to 2023 | 420 | 4,157 | 4,577 |
Received in 2021 to 2022 | 1 | 379 | 380 |
Received in 2020 to 2021 | 2 | 162 | 164 |
Received in 2019 to 2020 | 1 | 51 | 52 |
Received in 2018 to 2019 | 0 | 8 | 8 |
Received in 2017 to 2018 | 0 | 3 | 3 |
Received in 2016 to 2017 | 0 | 0 | 0 |
Received in 2015 to 2016 or earlier | 0 | 0 | 0 |
Total | 424 | 4,760 | 5,184 |
Fiscal year open complaints were received | Number of open complaints |
---|---|
Received in 2022 to 2023 | 57 |
Received in 2021 to 2022 | 11 |
Received in 2020 to 2021 | 4 |
Received in 2019 to 2020 | 2 |
Received in 2018 to 2019 | 8 |
Received in 2017 to 2018 | 4 |
Received in 2016 to 2017 | 0 |
Received in 2015 to 2016 or earlier | 1 |
Total | 87 |
Section 5: Social Insurance Number (SIN)
Did your institution receive authority for a new collection or new consistent use of the SIN in 2022 to 2023? | No |
---|
Section 6: Universal Access under the Privacy Act
How many requests were received from confirmed foreign nationals outside of Canada in 2022 to 2023? | 728 |
---|