Canada Border Services Agency
Symbol of the Government of Canada

ARCHIVED - Privacy Act

CBSA Annual Report
2008-2009

Warning This page has been archived.

Archived Content

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Table of Contents

Return to Top of Page

Privacy Act Report

Introduction

As part of the Public Safety portfolio, the CBSA is responsible for providing integrated border services that support national security priorities and facilitate the free flow of people and goods, including food, plants and animals, across the border.

On April 1, 2004, the CBSA established the ATIP Section. The Section was staffed with six employees based on an estimated annual workload of between 250 and 350 requests. During the 2008–2009 fiscal year, the CBSA received 1,155 requests under the Access to Information Act and 1,140 requests under the Privacy Act. These requests were more numerous than in previous years, and the Agency was able to improve compliance with legislated time frames while managing this challenging workload.

ATIP Responsibilities

The CBSA's ATIP and Disclosure Policy Division replaced the ATIP Section. The Division is part of the Corporate Secretariat and is responsible for the administration of the Access to Information Act and the Privacy Act, as well as for the provision of policy direction on the disclosure authorities referred to in the program legislation (e.g. section 107 of the Customs Act). The Director of the Division is the ATIP Coordinator for the CBSA. Three managers report to the Director. During the 2007–2008 fiscal year, the Division was reorganized and now includes two production units to process requests and a policy and training unit. In total, 47 persons were employed in the Division as of March 31, 2009. Of these, four were consultants who were engaged on a temporary basis. The Division will continue to reduce its reliance on consultants by completing competitive staffing processes.

Administration of the Privacy Act

Return to Top of Page

Delegation order

The Director of the ATIP and Disclosure Policy Division and all ATIP managers and team leaders have delegated authority under the Privacy Act. See Annex A for a copy of the delegation order under the Act.

Return to Top of Page

Statistical report

During the 2008–2009 fiscal year, the CBSA received 1,140 new requests under the Privacy Act. This was an increase of 23% from the 2007–2008 fiscal year. In addition, 127 requests were carried forward from the 2007–2008 fiscal year for a total of 1,267 requests in the 2008–2009 fiscal year. The CBSA completed a total of 1,089 Privacy Act requests. Accordingly, the Agency carried forward 178 requests into the 2009–2010 fiscal year.

Of the 1,089 Privacy Act requests that were completed during the 2008–2009 fiscal year, 89.6% were completed within the statutory time frames.

See Annex B (PDF, 74 KB) for the CBSA's statistical report on the Privacy Act.

Return to Top of Page

Summary of changes

As part of an action plan to improve compliance with ATIP legislation and the management of the ATIP function, CBSA procedures and guidelines were reviewed and revised to support the timely processing of requests. Existing CBSA case management procedures and administrative policies will be further reviewed in the 2009–2010 fiscal year to ensure that they reflect proposed changes to the Treasury Board's administrative policies.

The CBSA created an intranet section that provides the following:

  • the roles and responsibilities of the ATIP function;
  • ATIP-related policies and procedures;
  • contact information for the ATIP and Disclosure Policy Division and for ATIP liaison officers; and
  • links to the OIC, the OPC and relevant TBS sites.

The Security and Professional Standards Directorate has initiated a series of educational programs to enhance the security awareness of all CBSA employees. This includes messages concerning the Government Security Policy that are posted on the intranet site and activities in support of Security Awareness Week, such as security sweeps. Furthermore, to ensure that all employees have basic knowledge of security requirements, the Directorate, in partnership with the Innovation, Science and Technology Branch and the Human Resources Branch, is planning to introduce mandatory online security awareness training for all employees in 2009. These initiatives will support the administration of the Privacy Act by ensuring the appropriate safeguarding of protected information.

In addition, the CBSA is continuing to encourage employees to attend ATIP-related information seminars.

Allegations of inappropriate use of, access to or disclosure of information protected by related legislation are carefully reviewed. Senior management is continuing to provide appropriate leadership and oversight.

Return to Top of Page

Major changes

In June 2006, the OPC released its findings related to an audit of the personal information management practices of the CBSA. To respond to the recommendations of the audit, the CBSA is establishing a Privacy Management Framework (PMF). The Framework will strengthen the Agency's information sharing and management practices. The components and proposed governance structure of the PMF have been identified and a gap analysis is under way. The CBSA will work with the OPC and the TBS as the PMF and related tools are developed.

Return to Top of Page

Privacy Impact Assessments (PIAs) and Preliminary Privacy Impact Assessments (PPIAs)

National Integrated Interagency Information (N-III) program and the integrated query tool component – Addendum B – CBSA PIA

The N-III program led by Public Safety Canada and the RCMP promotes information sharing and interoperability between member agencies by providing technology that supports the intelligence sharing efforts of Canadian police services and public safety and security departments or agencies. The N-III program is intended to provide a mechanism for the Canadian law enforcement and public safety and security community that will improve information sharing as it relates to public safety, national security enforcement, law enforcement, and the detection, prevention or suppression of crime.

The integrated query tool has been developed and is owned by the RCMP. The tool supports secure law enforcement information-sharing with public safety and security departments or agencies. Access to the tool will allow CBSA investigations and intelligence officers to query and retrieve an index of information related to individuals and vehicles in accordance with the CBSA's legislated mandate; access to the tool will also support CBSA investigative and intelligence functions. This PIA falls under the overarching PIA that was submitted to the OPC by Public Safety Canada.

Please read the executive summary of the PIA for more information.

Enhanced driver's licences and enhanced identification cards – Full implementation (PIA update)

Enhanced driver's licence (EDL) and enhanced identification card (EIC) programs have been implemented by some Canadian provinces to provide people with an alternative document that is acceptable under the U.S. Western Hemisphere Travel Initiative. The provincial programs have been developed in partnership with the CBSA and Citizenship and Immigration Canada (CIC) to allow holders to present their EDL/EIC as a single document to denote their identity and citizenship when they wish to enter the United States by land or water. As part of the EDL/EIC program, the CBSA will retain specific EDL/EIC information in a secure CBSA database in Canada. When a holder presents his or her EDL/EIC for admission into the United States, the U.S. system will request the cardholder's information from the CBSA system that will in turn transmit the information to the United States.

The PIA was originally presented to the OPC in January 2008 and was revised during the 2008–2009 fiscal year to reflect the recommendations made by the OPC, particularly with regard to the sharing and retention of Canadian EDL/EIC information.

An executive summary of the PIA will be posted online in the near future.

Transit Without Visa program – PPIA

The Transit Without Visa (TWOV) pilot program facilitates the transit of Philippine, Indonesian, Thai or Taiwanese citizens, who possess a valid U.S. visa and are travelling on an approved air carrier, through Vancouver International Airport as they travel to and from the United States. The CBSA and CIC are continuing to work with stakeholders on the implementation of the TWOV program.

Return to Top of Page

Data matching/sharing activities

The CBSA has not initiated any data matching projects or programs during the 2008–2009 fiscal year. 

Data sharing activities at the CBSA respect existing legislative authorities and are undertaken, as necessary, to ensure that the CBSA can fulfill its mandate. For example, the National Risk Assessment Centre provides the appropriate CBSA officials with information on certain travellers who are transiting through Canada to another country to enable the officials to assess any associated risks.

Return to Top of Page

Training

The ATIP and Disclosure Policy Division provided more than 80 training and awareness sessions to over 1,000 CBSA employees during the 2008–2009 fiscal year. The policy and training unit continues to update and develop the course material, and additional sessions are being scheduled for the 2009–2010 fiscal year.

Training for ATIP employees during the 2008–2009 fiscal year was a combination of internal and external training. The internal sessions, which were available to all ATIP employees, focused on the following: the report card recommendations and the CBSA's responses, the appropriate use of case management and redaction software, the impact of the TBS's policy suite renewal, and awareness of CBSA program activities. Some ATIP employees also participated at the annual Canadian Access and Privacy Association conference and took Canada School of Public Service/TBS-sponsored ATIP courses. Employees were also provided with ongoing mentoring by senior analysts, team leaders and managers.

As part of the recommendations for improving the ATIP function at the CBSA, all employees are being encouraged to take ATIP courses from the TBS, the Canada School of Public Service or other sources as part of their individual learning plans.

The ATIP and Disclosure Policy Division organized a second annual conference, the ATIP Learning Event, for the Agency's ATIP liaison officers. The conference received positive reviews from participants.

Return to Top of Page

Disclosures made pursuant to paragraph 8(2)(e) of the Privacy Act

During the 2008–2009 fiscal year, more than 65 disclosures pursuant to paragraph 8(2)(e) of the Privacy Act were made by the CBSA to investigative bodies. Disclosures often occur in the regional offices. New protocols to track disclosures made under the provisions of subsection 8(2) are being developed and should be implemented during the 2009–2010 fiscal year. The need for the better tracking of disclosures will be addressed by the development of the PMF.

Return to Top of Page

Disclosures made pursuant to paragraph 8(2)(f) of the Privacy Act

During the 2008–2009 fiscal year, disclosures pursuant to paragraph 8(2)(f) of the Privacy Act were made by the CBSA to other federal departments, the provinces and foreign governments. These disclosures were completed under the terms of various memoranda of understanding and agreements with the CBSA's partners.

Return to Top of Page

Disclosures made pursuant to paragraph 8(2)(g) of the Privacy Act

During the 2008–2009 fiscal year, more than 100 disclosures pursuant to paragraph 8(2)(g) of the Privacy Act were made by the CBSA to members of Parliament to assist individuals in resolving problems.

Return to Top of Page

Disclosures made pursuant to paragraph 8(2)(m) of the Privacy Act

During the 2008–2009 fiscal year, no disclosures pursuant to paragraph 8(2)(m) of the Privacy Act were made by the CBSA.

Return to Top of Page

Complaints

The 31 complaints received during the 2008–2009 fiscal year were for time delay (3), general reasons (6), applied exemptions (20), miscellaneous reasons (1) and use and disclosure (1). These complaints were in addition to the 35 complaints carried forward from the 2007–2008 fiscal year.

During the 2008–2009 fiscal year, the OPC resolved 31 complaints. Of the complaints resolved, 19 were well founded, 9 were not substantiated and 3 were abandoned or discontinued. At the end of the 2008–2009 fiscal year, the OPC continued to actively investigate 35 complaints related to the management of requests under the Privacy Act.

Complaints in 2008–2009
Total inventory 66
Carried forward from 2007–2008 35
New complaints in 2008–2009 31

Complaints closed in 2008–2009
Total 31
Carried forward to 2009–2010 35
Resolved – well founded 19
Abandoned/discontinued 3
Not substantiated 9

Reasons for complaints in 2008–2009 Complaints received
Total 31
General reasons 6
Time delay 3
Time extension 0
Use and disclosure 1
Application of exemption 20
Miscellaneous reasons 1
Return to Top of Page

Appeals

There were no privacy appeals to the courts during the 2008–2009 fiscal year.



To access the Portable Document Format (PDF) version you must have a PDF reader installed. If you do not already have such a reader, there are numerous PDF readers available for free download or for purchase such as: