Annual Report on the Privacy Act 2020–2021

Annual Report on the Privacy Act 2020–2021

Annual Report on the Privacy Act 2020–2021 [PDF 5312 KB]

ISSN 2563-3104

Copyright/Permission to Reproduce

About the Canada Energy Regulator

The Canada Energy Regulator is an independent federal regulator of several parts of Canada’s energy industry. It regulates pipelines, energy development and trade on behalf of Canadians in a way that protects the public and the environment while supporting efficient markets. The Minister of Natural Resources is responsible for this organization.

The Canada Energy Regulator (CER) was established by Parliament to regulate pipelines, energy development and trade in the Canadian public interest. Before making a decision or recommendation, we factor in economic, environmental and social considerations. By considering all the evidence with these things in mind, we are able to make decisions and recommendations that represent the ever- changing interests and concerns of Canadians. This is key to achieving our vision of being active and effective in Canada’s pursuit of a sustainable energy future. We also regulate for the complete life cycle of a pipeline or power line project. The public expects us to hold the companies we regulate accountable for the safe operation of CER-regulated energy infrastructure.

For more information about the CER please visit our website.

The Privacy Act

The Privacy Act (the Act) gives individuals the right of access to information about themselves held by the federal government, with certain specific and limited exceptions. The Act protects an individual's privacy by setting out provisions related to the collection, retention, use and disclosure of personal information.

In accordance with section 72 of the Act, the head of every federal institution is required to submit an Annual Report to Parliament on the administration of the Act following the close of each fiscal year. The Annual Reports are then tabled in Parliament pursuant to section 72 of the Act. This report describes how the Canada Energy Regulator (CER) fulfilled its privacy responsibilities during the fiscal year 2020–21.

Organizational Structure

Privacy requests at the CER are processed by the ATIP Office, which reports to the Vice President (VP), Data and Information Management, as the ATIP Coordinator.

Privacy requests are received primarily through two channels; through the mail or the ATIP Online Request Service (AORS), which was established in late 2018. Requests received through the mail are logged into the CER’s records management system by the Data & Information Management department and then forwarded to the ATIP Office.

As of the end of 2020-21, the CER has 4 full- time employees, who allocated a portion of their time to activities related to the Act. This includes the Group Leader ATIP, two ATIP Officers, and one ATIP Coordinator.

Delegation Order

The CER Act designates the CER CEO with the authority to exercise the powers, duties and functions of the Act. The CEO has historically delegated this authority.

The ATIP Office reports to the VP, Data and Information Management and the delegation authority has been permanently delegated.

This year, the new CEO reviewed the delegation order to ensure internal organizational alignment, appropriate oversight and operational efficiency. Under the current order, there are three Vice President positions that have been delegated full authority under the Act. They are: the VP, Data and Information Management (primary ATIP Coordinator), the VP, Regulatory Strategy and Coordination and the VP, Performance and Results (alternate ATIP Coordinators). From an operational standpoint, granting this authority to three individuals ensures that files can be reviewed and signed- off without undue delay.

See annex B for a copy of the delegation order.

Performance 2020–2021

The CER Act designates the CER CEO with the authority to exercise the powers, duties and functions of the Act. The CEO has historically delegated this authority.

Of the three closed requests responded to during this period, one request or 33% was responded to within the legislated timeline of 30 days with all material being disclosed. The second request was completed within 180 days and the third took more than 365 days and in both cases material was disclosed in part.

Privacy Requets

Source and Description:

Source:
CER – Annual Report on the Privacy Act 2020–2021

Description:
This graph shows the number of requests received during reporting periods from 2015–16 to 2020–2021. The CER received no requests under the Act, a decrease as the CER received three requests in the previous reporting period.

Over the past three years the CER has received very few privacy requests, however one of those requests contained more than 5,000 pages to be processed, making the workload associated with the Privacy Act substantial for a small organization.

The CER did not receive any consultations from other institutions or organizations.

During 2020–21, the CER Access to Information and Privacy (ATIP) Office incurred $26,812 in salary costs and $0 in goods and services costs to administer the Act.

In 2020–21, the CER closed 3 requests. Of the requests closed during the reporting period, records for 33% were fully disclosed and 66% were disclosed in part.

During the COVID-19 pandemic work continued from home with minimal disruption and a slight increase in processing time.

See annex A for further statistical information.

Training and Awareness

Training was a significant area of focus for the CER’s ATIP Office this year. The use of screensaver tips was discontinued in favor of more direct outreach training efforts. The COVID work from home environment and introduction of new technologies presented unique privacy concerns. In addition to promoting privacy awareness through in-person online training, the ATIP Office also delivered a number of well-received presentations on obtaining meaningful consent as part of its training program.

Training on the Access to Information Act and the Privacy Act was also offered by the ATIP Office which delivers both specialized training to respond to the needs of officers and clients, and general training to raise employees’ awareness of their responsibilities under these Acts. In this regard, the CER reviewed its ATIP training materials (i.e. tasking email, PowerPoint presentation, ATIP Tips Sheet, etc.) towards improving its training and communications with CER leadership and staff.

During 2020–21, the CER continued to require that all CER staff and contractors successfully pass the Access to Information and Privacy Fundamentals – I015 course offered by the Canadian School of Public Service (CSPS). During this reporting period, 42 CER employees and 22 contractors registered for the course with 60 completing it successfully.

The ATIP Office anticipates that increased awareness of the Act amongst employees will improve their ability to collect records, help them better identify information for potential redaction, and enable them to better support the ATIP Office’s processing of requests. The ultimate goal being release packages that are responsive to requesters.

Training also focused heavily on employees’ obligations under the Privacy Act with respect to protection of personal information. This was a considerable focus area for the ATIP Office this year, in light of an uptick in privacy breaches. In this regard, the CER also reviewed its internal privacy breach procedures and practices to ensure CER staff are aware of their obligations in the event of a privacy breach. The CER has adopted TBS’ privacy breach management procedures and utilizes the available suite of tools to assist in managing breaches.

The CER’s ATIP Officers received training by attending webinars offered by the Treasury Board‘s Information and Privacy Policy Department. The ATIP Office also participated in this year’s Right to Know week.

Policies, Guidelines, Procedures and Initiatives

Documentation and training materials on the CER ATIP program were updated and made available through the corporate intranet, along with links to other materials, such as the Acts, Treasury Board Secretariat policies and guidance documents, and a range of information management and guidance tools.

The CER adopted Treasury Board’s privacy breach management guidelines and further integrated this approach into the CER’s processes. Recommended improvements have been submitted to adjacent policies such as the Breach Management Policy and Policy on Email Management.

The CER continued to examine its ATIP procedures in an effort to enable continuous improvement and to identify opportunities for efficiencies in processing access to information and privacy requests.

Summary of Key Issues and Actions Taken on Complaints

During 2020–21, there were no new complaints registered with the Office of the Privacy Commissioner. As always, the CER will continue to work closely with the Office of the Privacy Commissioner to resolve complaints in a timely and efficient manner.

No appeals were made to the Federal Court of Canada during 2020–21.

Monitoring Compliance

The CER achieved a compliance rating of 33% for completed privacy requests closed within the legislated timeframe in 2020–21. The CER processed a total of 6983 pages and disclosed 4036 pages to requesters.

With regards to the timeliness of processing privacy requests, the ATIP Office regularly communicates progress updates to the ATIP Coordinator through the ATIP Group Leader. The ATIP Group Leader receives weekly updates from the ATIP Office regarding the status of all active requests, and has access to a central tracker that is updated on a regular basis to establish action items or flag upcoming due dates.

Material Privacy Breaches

There were seven investigations undertaken by the CER’s ATIP Office during 2020–21, and five of them were determined to be privacy breaches. Three incidents were emails containing personal information sent to the wrong address, and two were related to information disclosed without proper authorization. Although all instances were reported to the Treasury Board and Office of the Privacy Commissioner, all were determined to be non-material breaches.

In all instances, the ATIP Office applied the Treasury Board’s breach management procedures and worked with the relevant Office of Primary Interest and ATIP Coordinator to identify and implement administrative measures to mitigate the potential for future incidents. Overall, these incidents have helped the CER improve its handling and classification of personal information, as well as its information management practices.

Privacy Impact Assessments

During the 2020–21 reporting period, no privacy impact assessments were completed.

The CER posts summaries of completed privacy impact assessments on its external website and forwards copies of completed assessment reports to the Office of the Privacy Commissioner.

Public Interest Disclosures

The CER did not disclose any personal information under paragraphs 8(2)(e) or (m) of the Privacy Act.

Top of Page

Annex A – Statistical Information

Statistical Report on the Privacy Act

Name of institution: Canada Energy Regulator

Reporting period: 4/1/2020 to 3-31–2021

Section 1: Requests Under the Privacy Act

1.1 Number of requests
1.1 Number of requests
  Number of Requests
Received during reporting period 0
Outstanding from previous reporting period 4
Total 4
Closed during reporting period 3
Carried over to next reporting period 1

Section 2: Requests Closed During the Reporting Period

2.1 Disposition and completion time
2.1 Disposition and completion time
Disposition of Requests Completion Time
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 1 0 0 0 0 0 1
Disclosed in part 0 0 0 0 1 0 1 2
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 0 1 0 0 1 0 1 3
2.2 Exemptions
2.2 Exemptions
Section Number of Requests Section Number of Requests Section Number of Requests
18(2) 0 22(1)(a)(i) 0 23(a) 0
19(1)(a) 0 22(1)(a)(ii) 0 23(b) 0
19(1)(b) 0 22(1)(a)(iii) 0 24(a) 0
19(1)(c) 0 22(1)(b) 0 24(b) 0
19(1)(d) 0 22(1)(c) 0 25 0
19(1)(e) 0 22(2) 0 26 2
19(1)(f) 0 22.1 0 27 1
20 0 22.2 0 27.1 0
21 0 22.3 0 28 0
  22.4 0
2.3 Exclusions
2.3 Exclusions
Section Number of Requests Section Number of Requests Section Number of Requests
69(1)(a) 0 70(1) 0 70(1)(d) 0
69(1)(b) 0 70(1)(a) 0 70(1)(e) 0
69.1 0 70(1)(b) 0 70(1)(f) 0
  70(1)(c) 0 70.1 0
2.4 Format of information released
2.4 Format of information released
Paper Electronic Other formats
2 1 0
2.5 Complexity
2.5.1 Relevant pages processed and disclosed
2.5.1 Relevant pages processed and disclosed
Number of Pages Processed Number of Pages Disclosed Number of Requests
6983 4036 3
2.5.2 Relevant pages processed and disclosed by size of requests
2.5.2 Relevant pages processed and disclosed by size of requests
Disposition Less Than
100 Pages
Processed
101-500
Pages Processed
501-1000
Pages

Processed
1001-5000
Pages
Processed
More Than
5000 Pages
Processed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
Number of
Requests
Pages
Disclosed
All disclosed 9 0 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 1 365 1 3662
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 1 9 0 0 0 0 1 365 1 3662
2.5.3 Other complexities
2.5.3 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 1 0 0 1
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 0 1 0 0 1
2.6 Closed requests
2.6.1 Number of requests closed within legislated timelines
2.6.1 Number of requests closed within legislated timelines
  Requests closed within legislated timelines
Number of requests closed within legislated timelines 1
Percentage of requests closed within legislated timelines (%) 33.3
2.7 Deemed refusals

2.7.1 Reasons for not meeting legislated timelines

2.7.1 Reasons for not meeting legislated timelines
  Principal Reason
Number of Requests Closed Past the Legislated Timelines Interference with Operations / Workload External Consultation Internal Consultation Other
2 2 0 0 0

2.7.2 Requests closed beyond legislated timelines (including any extension taken)

2.7.2 Requests closed beyond legislated timelines (including any extension taken)
Number of Days Past Legislated Timelines Number of Requests Past Legislated Timeline Where No Extension Was Taken Number of Requests Past Legislated Timelines Where an Extension Was Taken Total
1 to 15 days 0 0 0

16 to 30 days

0 0 0
31 to 60 days 0 0 0
61 to 120 days 0 1 1
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 1 1
Total 0 2 2
2.8 Requests for translation
2.8 Requests for translation
Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 3: Disclosures Under Subsections 8(2) and 8(5)

Section 3: Disclosures Under Subsections 8(2) and 8(5)
Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
0 0 0 0

Section 4: Requests for Correction of Personal Information and Notations

Section 4: Requests for Correction of Personal Information and Notations
Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 5: Extensions

5.1 Reasons for extensions and disposition of requests
5.1 Reasons for extensions and disposition of requests
Number of requests where an extension was taken 15(a)(i)
Interference with operations
15(a)(ii)
Consultation
15(b)
Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section
(Section 70)
External Internal
2 2 0 0 0 0 0 0 0
5.2 Length of extensions
5.2 Length of extensions
Length of Extensions 15(a)(i)
Interference with operations
15(a)(ii)
Consultation
15(b) Translation purposes or conversion
Further review required to determine exemptions Large volume of pages Large volume of requests Documents are difficult to obtain Cabinet Confidence Section
(Section 70)
External Internal
1 to 15 days 0 0 0 0 0 0 0 0

16 to 30 days

2 0 0 0 0 0 0 0
31 days or greater               0
Total 2 0 0 0 0 0 0 0

Section 6: Consultations Received From Other Institutions and Organizations

6.1 Consultations received from other Government of Canada institutions and other organizations
6.1 Consultations received from other Government of Canada institutions and other organizations
Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Carried over to the next reporting period 0 0 0 0
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
6.2 Recommendations and completion time for consultations received from other Government of Canada institutions
Recommendation Number of Days Required to Complete Consultation Requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121  to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0
6.3 Recommendations and completion time for consultations received from other organizations
6.3 Recommendations and completion time for consultations received from other organizations
Recommendation Number of days required to complete consultation requests
1 to 15 Days 16 to 30 Days 31 to 60 Days 61 to 120 Days 121 to 180 Days 181 to 365 Days More Than 365 Days Total
All disclosed 0 0 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0 0 0
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 7: Completion Time of Consultations on Cabinet Confidences

7.1 Requests with Legal Services
7.1 Requests with Legal Services
Number of Days Fewer Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More than
5000 Pages
Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0
7.2 Requests with Privy Council Office
7.2 Requests with Privy Council Office
Number of Days Fewer Than 100
Pages Processed
101-500
Pages Processed
501-1000
Pages Processed
1001-5000
Pages Processed
More than
5000 Pages
Processed
Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed Number of Requests Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
More than 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 8: Complaints and Investigations Notices Received

Section 8: Complaints and Investigations Notices Received
Section 31 Section 33 Section 35 Court action Total
0 0 0 0 0

Section 9: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIB)

9.1 Privacy Impact Assessments
9.1 Privacy Impact Assessments
Number of PIA(s) completed 0
9.2 Personal Information Banks
9.2 Personal Information Banks
Personal Information Banks Active Created Terminated Modified
  0 0 1 0

Section 10: Material Privacy Breaches

Section 10: Material Privacy Breaches
Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

Section 11: Resources related to the Privacy Act

11.1 Costs
11.1 Costs
Expenditures Amount
Salaries $26,812
Overtime $0
Goods and Services $0
  • Professional services contracts
$0
  • Other
$0
Total $26,812
11.2 Human Resources
11.2 Human Resources
Resources Person Years Dedicated to Privacy Activities
Full-time employees 0.350
Part-time and casual employees 0.000
Regional staff 0.000
Consultants and agency personnel 0.000
Students 0.000
Total 0.350

Note: Enter values to two decimal places.

Supplemental Statistical Report on the Access to Information Act and Privacy Act

Name of institution: Canada Energy Regulator

Reporting period: 2020-04-01 to 2021-03-31

Section 1: Capacity to Receive Requests

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.
Section 1: Requests Under the Access to Information Act
  Number of Weeks
Able to receive requests by mail 52
Able to receive requests by email 52
Able to receive requests through the digital request service 52

Section 2: Capacity to Process Records

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels.
Section 2: Enter the number of weeks your institution was able to process paper records in different classification levels.
  No Capacity Partial Capacity Full Capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 0 52 52
Secret and Top Secret Paper Records 0 0 52 52
2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.
Section 2.2: Enter the number of weeks your institution was able to process electronic records in different classification levels.
  No Capacity Partial Capacity Full Capacity Total
Unclassified Electronic Records 0 0 52 52
Protected B Electronic Records 0 0 52 52
Secret and Top Secret Electronic Records 0 0 52 52
Top of Page

Annex B – Delegation Order

Delegation of Authority pursuant to the Access to Information Act and the Privacy Act

I, the Chief Executive Officer of the Canada Energy Regulator, pursuant to Section 73 of the Access to Information ActFootnote 1 and section 73 of the Privacy ActFootnote 2, hereby designate the persons holding the positions set out in the Delegation of Authority Schedule attached hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Chief Executive Officer of the Canada Energy Regulator under the provisions of the Acts and related regulations set out in the schedule opposite each position. This designation supersedes all previous delegation orders.

Dated at the City of Calgary, in the Province of Alberta, this 28th day of August 2019.


______________________________
C.  Peter Watson, P. Eng., FCAE
Chief Executive Officer

Delegation of Authority Schedule

Delegation of Authority Schedule
Position Access to Information Act and Regulations Privacy Act and Regulations
Vice-President, Data and Information Management Full authority Full authority
Director, Open Government Full authority Full authority
Vice-President, Energy Adjudication Full authority Full authority

Delegation of Authority pursuant to the Access to Information Act and the Privacy Act

I, the Chief Executive Officer of the Canada Energy Regulator, pursuant to section 95(1) of the Access to Information ActFootnote 3 and section 73(1) of the Privacy ActFootnote 4, hereby designate the persons holding the positions set out in the Delegation of Authority Schedule attached hereto, or the persons occupying on an acting basis those positions, to exercise the powers, duties and functions of the Chief Executive Officer of the Canada Energy Regulator under the provisions of the Acts and related regulations set out in the schedule opposite each position. This designation supersedes all previous delegation orders.

Dated at the City of Calgary, in the Province of Alberta, this 16th day of February 2021.


______________________________
Gitane De Silva
Chief Executive Officer

Delegation of Authority Schedule

Delegation of Authority Schedule
Position Access to Information Act and Regulations Privacy Act and Regulations
Vice-President, Data and Information Management Full authority Full authority
Vice-President, Regulatory Strategy and Coordination Full authority Full authority
Vice-President, Performance and Results Full authority Full authority
Top of Page
Date modified: