Annual Report to Parliament on the Privacy Act

1. Introduction

The Canadian Grain Commission (CGC) presents to Parliament its Annual Report on the Administration of the Privacy Act (the “Act”) for fiscal year 2020-2021 (April 1, 2020 to March 31, 2021). This report is prepared and tabled in accordance with section 72 of the Act.

The purpose of the Act is to protect the privacy of individuals with respect to personal information about themselves held by a government institution and to provide individuals with a right of access to that information.

In accordance with Treasury Board of Canada Secretariat (TBS) requirements, this report provides an overview of the CGC’s activities in administering its responsibilities under the Act. This report should be considered along with CGC’s 2020-2021 Annual Report to Parliament on the Administration of the Access to Information Act, which is tabled separately.

The CGC is a federal government department, which administers the provisions of the Canada Grain Act (CGA). The CGC’s mandate, as set out in the CGA, is to, “in the interests of producers, establish and maintain standards of quality for Canadian grain and regulate grain handling in Canada, to ensure a dependable commodity for domestic and export markets”.

The CGC’s Core Responsibility is Grain Regulation, or, to regulate grain handling in Canada and to establish and maintain science-based standards for Canadian grain. The CGC regulates the handling of 21 grains grown in Canada to protect producer rights and ensure the integrity of grain transactions.

The Departmental Results of this Core Responsibility are that domestic and international markets regard Canadian grain as dependable and safe and that farmers are fairly compensated for their grain.

The CGC supports its Core Responsibility through its programs: Grain Quality, Grain Research, and Safeguards for Grain Farmers.

2. Access to Information and Privacy Office structure

The CGC is supported by Agriculture and Agri-Food Canada’s (AAFC) Access to Information and Privacy (ATIP) office who assists in processing and responding to access to information and privacy requests received by the CGC.

The CGC’s Chief Operating Officer is responsible for the coordination and implementation of policies, guidelines and procedures to ensure compliance with the Access to Information Act and the Privacy Act.

The CGC has an access to information and privacy coordinator whose key responsibilities include:

  • Ensuring timely processing of all ATIP requests and coordinating with AAFC’s ATIP office for processing the CGC’s ATIP requests;
  • Providing senior management and all departmental staff with advice and guidance on ATIP-related matters;
  • Responding to and managing privacy breaches and inquiries;
  • Proactively disclosing summaries of closed access requests on the CGC website;
  • Preparing annual reports to Parliament and maintaining the CGC Info Source chapter; and
  • Developing and updating Personal Information Banks (PIBs).

3. Delegation of authority

The Chief Commissioner of the CGC is responsible for responding to requests made under the Act. Section 73(1) of the Act provides for the delegation of the powers, duties and functions designated by the Act.

The Chief Operating Officer of the CGC leads CGC operations and reports to the Chief Commissioner. This position has full delegated authority of the powers, duties and functions designated by the Act.

The delegation of authority instrument for the administration of the Act is appended hereto at Annexes A and B.

4. Privacy Act Statistical Report

The CGC’s detailed Statistical Report on the Act for April 1, 2020 to March 31, 2021 is appended hereto in Annex C.

Privacy requests received and completed

The ATIP office received three new requests under the Act in 2020-2021. Compared with the previous fiscal year, this number represents a decrease in the total number of privacy requests received.

Number of privacy requests
Year Outstanding Received Completed Carried Forward
2017-2018 0 2 2 0
2018-2019 0 7 7 0
2019-2020 0 5 5 0
2020-2021 0 3 2 1
  • The CGC received three new requests for information under the Act.
  • Of the three requests received one was completed within 1-15 days and one within 61-120 days.
  • One request was carried over to the next reporting period.
  • Of the two requests responded to, one request was abandoned.
  • As part of the completed request, 450 pages were reviewed.
  • The 450 pages were disclosed in part.

Exemptions invoked

  • The appended statistical reports provide details regarding the types of exemptions applied to information contained in records for completed requests. The most common exemption used by the CGC during the reporting period was section 26 (personal information about individuals other than the requester).

Extensions

  • The Act allows extensions beyond the 30-day statutory time frame for specific reasons, such as the volume of relevant records associated with a request or required consultations with other government departments.
  • During the reporting period, one request required a time extension of up to 30 days due to the volume of relevant records requiring review.

Consultations

  • The CGC must also respond to consultations pursuant to the Act from other government institutions in order to provide those institutions with recommendations regarding the release of information of interest to CGC.
  • No privacy consultation requests were received from other institutions during the reporting period.

Requests for correction of personal information and notations

  • No requests were received from individuals seeking a correction or notation to their personal information pursuant to subsection 12(2) of the Act.

COVID-19 related measures

  • The CGC has been operating under its Business Continuity Plan since March 17, 2020. This plan focuses CGC resources on critical services which include ATIP request processing. There were no delays during the 2020-2021 reporting period.

5. ATIP training and education

  • During the reporting period, there was no training provided to CGC employees.

The CGC continues to review and develop information management practices and procedures within the organization as part of an ongoing records and information management project.

6. Privacy polices, guidelines, procedures and engagement

The CGC did not implement any new or revise any existing privacy policies, guidelines, or procedures during the 2020 to 2021 fiscal period.

7. Privacy complaints, investigations and audits

No complaints were received in relation to CGC obligations under the Act. No investigations or audits were carried out.

8. Monitoring timelines

Requests received under the Act by the CGC are monitored by AAFC’s ATIP office using an automated system to ensure the timely processing of privacy requests. The workflow case management tool used by AAFC tracks all actions and due dates, stores relevant records requiring review, maintains audit logs, promotes the use of standard templates, allows extensive search capability to facilitate analysis and generates progress and statistical reports.

The CGC’s ATIP Coordinator monitors the time to process privacy requests by completing an internal tracking log spreadsheet, which is updated to reflect key dates and activities for all requests including deadlines. Senior management is kept apprised of the privacy activities on a strict need-to-know basis only.

9. Material privacy breaches

In May 2014, TBS launched the updated Guidelines for Privacy Breaches based on changes made to the Directive on Privacy Practices. The updated guidelines and directive establish a mandatory requirement for departments to report all material privacy breaches to the Office of the Privacy Commissioner and TBS. In accordance with the Guidelines, a breach is defined as “material” if the breach “involves sensitive personal information and could reasonably be expected to cause serious injury or harm to the individual and/or involves a large number of affected individuals.”

No material privacy breaches occurred during the reporting period.

10. Privacy impact assessments

Privacy impact assessments (PIAs) are used to determine whether privacy risks may be present in new or existing CGC programs or initiatives that manage personal information for administrative purposes.

The CGC did not complete any PIAs during the reporting period.

11. Disclosures pursuant to paragraph 8(2)(m)

Paragraph 8(2)(m) of the Act allows for the disclosure of personal information without the consent of the individual in specific circumstances. During the reporting period, no such disclosures were made under that paragraph.

12. Closing

In summary, the CGC saw a decrease in the number of privacy requests received during the 2020-2021 year and completed all of these by the legislated deadline. The CGC is fully committed to both the spirit and the intent of the Act. The CGC will continue to work proactively to protect the personal information of its employees and the Canadian public that is under its control.

Annex A – Privacy Act Delegation Order - Canadian Grain Commission

Privacy Act Delegation Order - Canadian Grain Commission

The Chief Commissioner of the Canadian Grain Commission (CGC), pursuant to section 73(1) of the Privacy Act, hereby delegates the persons of the CGC holding the positions set out in the schedule hereto, or the persons occupying on an acting basis those positions, to exercise the powers and perform the duties and functions of the Chief Commissioner as the head of a government institution under the sections of the Act as set out in the schedule opposite each position. This Delegation Order supersedes all previous orders.

Doug Chorney
Acting Chief Commissioner
Signed on : August 12, 2021

Annex B – Delegation of authority instrument for the administration of the Privacy Act

Sections of the Privacy Act
Sections Powers, Duties or Functions Chief Operating Officer
8(2)(j) To disclose personal information for research of statistical purposes X
8(2)(m) To disclose personal information in the public interest or to benefit an individual X
8(4) To maintain records of requests from investigative bodies. X
8(5) To notify Privacy Commissioner of disclosures in the public interest X
9(1) To maintain record of any use not included in InfoSource and attach to the personal information involved X
9(4) To notify Privacy Commissioner of consistent use of personal information and update index X
10 To include personal information in personal information banks X
14 To notify applicant and to give access to the record X
15 To extend time limit and notify applicant X
17(2)(b) To determine the necessity for translation or interpretation of record X
17(3)(b) Access to personal information in alternative format X
18(2) To refuse to disclose information contained in an exempt bank X
19(1) To exempt personal information obtained in confidence from another government X
19(2) To disclose with consent of the other government X
20 To exempt personal information re: federal-provincial affairs X
21 To exempt information re: international affairs and defense X
22 To exempt information re: law enforcement and investigation X
22.3 To exempt information re: Public Services Disclosure Protection Act X
23 To exempt information re: security clearances X
24 To exempt personal information re: individuals sentenced for an offense X
25 To exempt personal information re: safety of individuals X
26 To exempt personal information about another individual X
27 To exempt personal information re: solicitor-client privilege X
28 To exempt personal information re: medical records X
31 Notice of intention to investigate X
33(2) To make representations to the Privacy Commissioner during an investigation X
35(1) To respond to Privacy Commissioner’s recommendations X
35(4) To provide access to applicant pursuant to Privacy Commissioner’s recommendation X
36(3) To receive Privacy Commissioner’s report of findings of investigation of exempt bank X
37(3) To receive report of Privacy Commissioner’s findings after compliance investigation X
51(2)(b) To request that Section 51 hearing be held in the National Capital Region X
51(3) To request and be given right to make representations in Section 51 hearing X
72(1) To prepare annual report to Parliament X
Legend:
X = has delegated authority
Sections of the Privacy Regulations
Sections Powers, Duties or Functions Chief Operating Officer
9 Reasonable facilities and time provided to examine personal information X
11(2) Notification that correction to personal information has been made X
11(4) Notification that correction to personal information has been refused X
13(1) Disclosure of personal information relating to physical or mental health may be disclosed to a duly qualified medical practitioner or psychologist in order to provide an opinion as to whether disclosure of the information would be contrary to the best interests of the individual X
14 Disclosure of personal information relating to physical or mental health may be made to a requestor in the presence of a qualified medical practitioner or psychologist X
Legend:
X = Has delegated authority

Annex C - Statistical report on the Privacy Act

Name of institution: Canadian Grain Commission

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Requests Under the Privacy Act

1.1 Number of requests

Number of Requests
Received during reporting period 3
Outstanding from previous reporting period 0
Total 3
Closed during reporting period 2
Carried over to next reporting period 1

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time

Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 1 0 0 0 1
All exempted 0 0 0 0 0 0 0 0
No records exist 0 0 0 0 0 0 0 0
Request abandoned 1 0 0 0 0 0 0 1
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 1 0 0 1 0 0 0 2

2.2 Exemptions

Section Number of Requests
18(2) 0
19(1)(a) 0
19(1)(b) 0
19(1)(c) 0
19(1)(d) 0
19(1)(e) 0
19(1)(f) 0
20 0
21 0
22(1)(a)(i) 0
22(1)(a)(ii) 0
22(1)(a)(iii) 0
22(1)(b) 0
22(1)(c) 0
22(1) 0
Section Number of Requests
22(2) 0
22.1 0
22.2 0
22.3 0
22.4 0
23(a) 0
23(b) 0
24(a) 0
24(b) 0
25 0
26 1
27 0
27.1 0
28 0

2.3 Exclusions

Section Number of Requests
69(1)(a) 0
69(1)(b) 0
69.1 0
Section Number of Requests
70(1) 0
70(1)(a) 0
70(1)(b) 0
70(1)(c) 0
Section Number of Requests
70(1)(d) 0
70(1)(e) 0
70(1)(f) 0
70.1 0

2.4 Format of information released

Paper Electronic Other
1 0 0

2.5 Complexity

2.5.1 Relevant pages processed and disclosed

Number of Pages Processed Number of Pages Disclosed Number of Requests
450 450 2

2.5.2 Relevant pages processed and disclosed by size of requests

Disposition Less Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
All disclosed 0 0 0 0 0 0 0 0 0 0
Disclosed in part 0 0 1 450 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 1 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 1 0 1 450 0 0 0 0 0 0

2.5.3 Other complexities

Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 0 0 0 0
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 0 0 0 0 0

2.6 Closed requests

2.6.1 Number of requests closed within legislated timelines

Requests closed within legislated timelines
Number of requests closed within legislated timelines 2
Percentage of requests closed within legislated timelines (%) 100

2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines

Number of Requests Closed Past the Legislated Timelines Principal Reason
Interference with Operations / Workload External Consultation Internal Consultation Other
0 0 0 0 0

2.7.2 Requests closed beyond legislated timelines (including any extension taken)

Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Where No Extension Was Taken Number of Requests Past Legislated Timelines Where an Extension Was Taken Total
1 to 15 days 0 0 0
16 to 30 days 0 0 0
31 to 60 days 0 0 0
61 to 120 days 0 0 0
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 0 0 0

2.8 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Section 4: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests

Number of requests where an extension was taken 15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b)
Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
1 0 0 1 0 0 0 0 0

5.2 Length of extensions

Length of Extensions 15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b)
Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section (Section 70) External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 0 0 1 0 0 0 0 0
31 days or greater               0
Total 0 0 1 0 0 0 0 0

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Carried over to the next reporting period 0 0 0 0

6.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

6.3 Recommendations and completion time for consultations received from other organizations

Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services

Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

7.2 Requests with Privy Council Office

Number of Days Fewer Than 100 Pages Processed 101-500 Pages Processed 501-1000 Pages Processed 1001-5000 Pages Processed More Than 5000 Pages Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
0 0 0 0 0

Section 9: Privacy Impact Assessments (PIA) and Personal Information Banks (PIB)

9.1 Privacy Impact Assessments

Number of PIA(s) completed 0

9.2 Personal Information Banks

Personal Information Banks Active Created Terminated Modified
  2 0 0 0

Section 10: Material Privacy Breaches

Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

Section 11: Resources Related to the Privacy Act

11.1 Costs

Expenditures Amount
Salaries $26,154
Overtime $0
Goods and Services $0
• Professional services contracts $0  
• Other $0  
Total $26,154

11.2 Human Resources

Resources Person Years Dedicated to Privacy Activities
Full-time employees 0.300
Part-time and casual employees 0.000
Regional staff 0.000
Consultants and agency personnel 0.000
Students 0.000
Total 0.300

Note: Enter values to two decimal places.

Date modified: