Annual Report - Privacy Act

Document Sample
Annual Report - Privacy Act Powered By Docstoc
					ANNUAL REPORT TO PARLIAMENT


              OF THE


        BANK OF CANADA


   ON THE ADMINISTRATION OF


        THE PRIVACY ACT


(1 January 2008 to 31 December 2008)




                                       April 2009
INTRODUCTION ..............................................................................................................................3



RESPONSIBILITIES OF THE BANK OF CANADA ........................................................................3



ADMINISTRATION OF THE PRIVACY LEGISLATION ..................................................................4
   SUMMARY OF PRIVACY ACTIVITIES ..................................................................................................4
   ORGANIZATION OF PRIVACY ACTIVITIES ...........................................................................................4
   FORMAL/INFORMAL INTERFACE .......................................................................................................5
   STAFF AWARENESS ........................................................................................................................5
   HIGHLIGHTS IN 2008 .......................................................................................................................6



PRIVACY ACT..................................................................................................................................6
   INTERPRETATION OF THE STATISTICAL REPORT (ATTACHMENT B) ....................................................6
   DISPOSITION OF REQUESTS …………....……………………………………………………….. ......... 6
   EXEMPTIONS INVOKED ...…………………………………………………………………………….… 7
   COMPLETION TIME AND EXTENSIONS…………………………………………………………………….. 7
   CALCULATION OF COSTS................................................................................................................. 7
   DISCLOSURES UNDER PARAGRAPH 8(2) ..........................................................................................7
   ASSESSMENT OF PRIVACY ISSUES .................................................................................................. 8
   OTHER ........................................................................................................................................... 8
   COMPLAINTS AND INVESTIGATIONS ................................................................................................ 8


   ATTACHMENTS
          A.         Delegation Order
          B.         Statistical Report on Privacy
                     1 January 2008 – 31 December 2008




                                                                         2
       INTRODUCTION


               The Bank of Canada has been subject to the Privacy Act (PA) since its inception in
1983. This report is prepared in accordance with Section 71(1)(e) of the Privacy Act.
Copies of the Bank’s statistical report on the PA as well as the Bank’s Delegation Order are
attached.



RESPONSIBILITIES OF THE BANK OF CANADA


               The Bank of Canada’s mandate is to promote Canada’s economic and financial
well-being. Our operations are grouped into four main functions: monetary policy, currency, the
financial system and funds management along with a corporate administration function. These
functions are outlined below.


Monetary policy
               The objective of monetary policy is to promote solid economic performance and
higher living standards for Canadians by keeping inflation low, stable, and predictable.


Currency
               The Bank is responsible for the design, production, and distribution of paper
currency – bank notes. It must ensure that there is a sufficient supply of bank notes and that those
notes are secure against counterfeiting.


Financial System
               The objective of this function is to promote the safe and efficient operation of the
financial system. The Bank helps Canada’s payments system function smoothly, keeping
accounts for the country’s largest deposit-taking institutions.


Funds Management
               The Bank of Canada is the federal government’s fiscal agent. It provides high-
quality, effective, and efficient funds-management services for the federal government, the Bank
and other clients.


                                                   3
Corporate Administration
               To achieve the objectives of its core functions, the Bank of Canada relies on a
variety of internal services in the areas of human resources, information technology, finance,
executive and legal, communications, knowledge and information management, facilities, security,
and audit.



ADMINISTRATION OF THE PRIVACY LEGISLATION



Summary of Privacy Activities

               The Bank received and completed eight requests during this reporting period (1
January 2008 – 31 December 2008).



Organization of Privacy Activities

               Under Section 71(2) of the Privacy Act, the Governor of the Bank of Canada is
required to undertake the responsibilities of the designated Minister for the purposes of
subsections 71(1)(a) and (d) of the Act.


               Responsibility for compliance with the requirements of the Act has been delegated
by the Governor under Section 73 to the General Counsel and Corporate Secretary of the Bank,
and to the Deputy Corporate Secretary and Access to Information and Privacy Coordinator. In
addition, responsibility for various administrative requirements of the legislation, such as extending
time limits has been delegated to the Senior ATIP Analyst. A copy of the Bank’s Delegation Order
in effect in 2008 is attached (Attachment A).


               The ATIP section forms part of the Executive and Legal Services Department.
Under the guidance of the Access to Information and Privacy Coordinator, three employees are
responsible for coordinating the handling of Privacy requests and complaints, drafting responses,
providing advice and promoting ATIP awareness to staff and the general public.




                                                  4
               The Bank also provides a controlled-access reading room at its Head Office in
Ottawa, where files can be examined. In addition, arrangements can be made at each of the
Bank’s Regional Offices in five major cities across Canada to review records related to ATIP
requests.


               Copies of Info Source and Personal Information request forms have been placed in
the Library, in the lobbies at the Bank’s Head Office and also at the Regional offices where staff
are informed about their responsibilities on dealing with ATIP requests submitted in regions.



Formal/Informal Interface

               The Bank of Canada responds to informal public inquiries through its
Communications Department and also on an ad hoc basis throughout the organization. A request
is considered to be "formal" if it is presented to the Access and Privacy Coordinator in writing,
refers to the Act and provides sufficient information to identify the records. The Bank occasionally
receives "formal" requests for information which are normally available to the general public; in
these cases the Bank prefers to handle such requests informally through normal channels
whenever possible. For example, the Bank continues to receive inquiries related to Canada
Savings Bond holdings and unclaimed bank balances and directs the requestors to websites or to
specific client service work units. As a general rule, and when the requester agrees to it, the Bank
treats these requests as informal even if they are submitted as a formal request.


               Informal requests for access to personal information by Bank of Canada employees
are directed to Human Resources personnel. Alternatively, for various reasons, employees may
choose to submit a formal Privacy request to the ATIP office. The Bank has an employee redress
procedure in place. As a resultof these measures, formal requests are uncommon.



Staff Awareness

               Privacy awareness with respect to the appropriate management of corporate
records and personal information factored into discussions with staff and managers resulting from
informal queries and advice in the course of business. The Bank’s practice is to brief Senior
Management and the Board of Directors at least annually on Privacy matters.



                                                  5
                During this reporting period, the ATIP staff delivered 4 presentations on Privacy
to different work groups (approximately 53 participants) within the Bank in both official languages.


                In addition, the ATIP Office planned and organized a staff discussion with and
presentation by the Privacy Commissioner of Canada on the occasion of the 25th anniversary of
the Privacy Act focusing on privacy and the use of social networking tools. This represented a
unique opportunity for Bank staff to hear the views of the Commissioner.


Highlights in 2008
                A new ATIP case management and imaging system was implemented to achieve
efficiencies in processing requests and enable the Bank to deliver records in electronic format
when requested.



PRIVACY ACT


Interpretation of the Statistical Report (Attachment B)

                The Bank of Canada received and processed 8 formal applications for personal
information under the Privacy Act as was the case in 2007. All of these requests were
completed in the reporting period and information was found for only 2 of these requests.



Disposition of Requests

                A summary is provided below of the disposition of the privacy requests completed
during the reporting period.


All Disclosed
Information was disclosed in total for one request (12% of total privacy request).


Records Disclosed in Part
For one request (12% of the total privacy requests), some information was disclosed and
exemptions were applied to the other portions of the requested information.




                                                  6
Unable to process
6 requests (76% of the total) were for information not found in the Bank.


Abandoned by applicant
No requests were abandoned by the applicants.


Transferred
No requests were transferred to another organization.



Exemptions Invoked

               The figures shown in this section of the report reflect the exemptions that were
claimed under the Act. If an exemption is applied several times for a given request, it is only
reported once. The only exemption used in one request this year was section 26 “Information
about another individual.”



Completion Time and Extensions

               None of the 8 requests required a time extension.

Calculation of costs
               The cost of administering the program for 2008 was $99,453.65, including salaries
and program administration costs.



Disclosures under Paragraph 8(2)

               The Bank holds Government Bond Registers that contain a listing of bonds
purchased and redeemed by individuals as well as other personal information of bondholders.
Each year the Bank receives several requests under Paragraph 8(2) from investigative bodies,
police forces and numerous provincial social services organizations.
During this reporting period, the Bank made three disclosures of personal information pursuant to
subsections 8(2)(e) of the Privacy Act. Personal information was also disclosed pursuant to
subsection 8(2)(f) of the Privacy Act. There was no disclosure of personal information done
pursuant to subsection 8(2)(m).


                                                  7
Assessment of privacy issues
               During the current reporting period, preliminary work was undertaken for privacy
reviews that will be completed in 2009. With respect to any data matching activities, the ATIP
Office is not aware of any that took place within this reporting period.


Other
               The ATIP Office provided advice to staff within the Bank with respect to
the appropriate management of personal information associated with a variety of issues. As part of
a Work Environment Survey, the Bank’s ATIP Office reviewed commentary submitted by staff as
part of a survey to ensure the identity of both the individual making the comment and the individual
about whom the comment was made were not disclosed. In addition, a review was undertaken
related to the use of the employee ID number on pledge forms including who had access to the
information and the method of distribution of associated tax receipts. The ATIP Office also
provided advice concerning outsourcing arrangements for travel services, web hosting and
education validation as well as the implementation of Blackberry devices for designated Bank staff.
In addition, the ATIP Office was consulted on numerous ad hoc privacy matters concerning the
appropriate access to and management of personal information. Finally, the ATIP Office was
consulted as part of the development of the Bank’s Information Policy and Social Networking
Guidelines. This advice takes up the majority of staff time who are assigned to privacy matters and
is regarded as indicating a proactive and attentive privacy culture in the Bank.



Complaints and Investigations

               There were no complaints during this reporting period.




                                                   8