2022-2023 Annual Report on the Administration of the Privacy Act

On this page

I - Introduction

The purpose of the Privacy Act, (“the Act”), is to strengthen Canada’s laws that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information.

This Annual Report on the Canadian Air Transport Security Authority’s (CATSA) administration of the Act has been prepared in accordance with section 72(1) of the Act and is hereby submitted for tabling in Parliament under Section 72(2) of the Act.

This is CATSA’s 20th Annual Report, as this fiscal year marks the 20th anniversary of the establishment of Canadian Air Transport Security Authority . Over the last 20 years, a tremendous amount of work has gone into developing new programs and initiatives to ensure CATSA continuously delivers the highest level of air transport security for Canada.

Previous such reports are available under the “Corporate Publications” heading of the “About Us” page on the website.

II - The Canadian Air Transport Security Authority – Mandate

Established as an agent Crown Corporation on April 1, 2002, CATSA‘s mandate is to protect the public by securing critical elements of the air transportation system as assigned by the Government of Canada.

Fully funded by parliamentary appropriations, CATSA is accountable to Parliament through the Minister of Transport. CATSA is governed by a Board of Directors. Operations are directed by a senior management team. CATSA currently contracts security screening to third-party contractors.

CATSA delivers on its mandate of securing Canada’s air transportation system by conducting the following activities across 89 of Canada’s designated airports:

  1. Pre-Board Screening (PBS) - The screening of passengers and their belongings prior to their entry into the secure area of an air terminal building;
  2. Hold Baggage Screening (HBS) - The screening of passengers checked (or hold) baggage to prevent the boarding of prohibited items;
  3. Non-Passenger Screening (NPS) - The random screening of non-passengers accessing restricted areas; and
  4. Restricted Area Identity Card (RAIC) - The program that uses iris and fingerprint biometric identifiers to allow non-passenger access to the restricted areas of airports.

Under an agreement concluded with Transport Canada in 2010, CATSA has the authorization to conduct screening of cargo at smaller airports if there is capacity to do so. Each of these activities is carried out effectively, efficiently, consistently, and in the public interest, as required by the CATSA Act.

Implementation of the Privacy Act at CATSA

The Manager of Privacy and ATIP, who is also the organization’s Access to Information and Privacy (ATIP) Coordinator, is responsible for processing requests received under the Act, and privacy policy and compliance. A Senior ATIP Advisor supports the ATIP Coordinator in processing requests under the Act, and a Privacy Advisor supports the privacy policy and compliance functions. A Disclosure Advisor provided support for disclosures of personal information under Paragraph 8 of the Act.

The ATIP Coordinator reports directly to the General Manager, Corporate Security, Facilities, and Information Management. The Vice-President, Corporate Services and Corporate Secretary serves as CATSA’s Chief Privacy Officer (CPO) and reports directly to the President and Chief Executive Officer.

CATSA’s Privacy Office responsibilities regarding the Act are as follows:

  • receive and process all requests in accordance with the Act;
  • assist requesters in formulating their requests when required;
  • gather all pertinent records and ensure that the search for information is rigorous and complete; receive and process all disclosure requests in accordance with the Act;
  • conduct the initial record review and provide recommendations to the program areas;
  • conduct all internal and external consultations;
  • consolidate recommendations and apply all discretionary and mandatory exemptions under the Act;
  • assist the Office of the Privacy Commissioner (OPC) in all privacy-related matters including complaints against CATSA;
  • prepare annual reports on the administration of the Act;
  • coordinate the annual Info Source update;
  • work with representatives throughout the organization, complete Privacy Impact Assessments for any new or substantially modified activity, program or system that collects or uses personal information;
  • provide ongoing advice and guidance to senior management and staff on matters related to privacy;
  • promote privacy of personal information awareness and training sessions to ensure that all staff are aware of the obligations imposed by legislation;
  • respond to consultations received from external organizations;
  • develop and maintain privacy policies and guidelines;
  • stay current on, and promulgate within CATSA, any changes to administrative requirements for the Act from the Treasury Board of Canada Secretariat, or guidance prepared by the Office of the Privacy Commissioner; and
  • participate in ATIP community activities and ATIP community meetings.

During 2022-2023, CATSA regularly engaged the OPC to discuss initiatives potentially impacting privacy.

III - Delegation of Signing Authority

In accordance with section 73(1) of the Act, a delegation order, signed by CATSA’s President and Chief Executive Officer (CEO), designates the person holding the position of ATIP Coordinator to exercise and perform the privacy duties on behalf of the organization. CATSA welcomed a new President and CEO, Nada Semaan on April 3, 2023. A new delegation order was issued on July 27, 2023.

The signed and dated delegation order is attached to this report as Annex A.

IV - Statistical Report Interpretation

Privacy Act Requests Received and Completed

In the fiscal year, CATSA received four new Privacy Act requests, which is approximately 50% less requests processed than in the previous fiscal year.

One file was carried over from the previous fiscal year. Of the five Privacy Act requests completed during 2022-2023, CATSA processed 763 pages; an average of 153 pages per request.

Chart I: Annual Formal Requests Received

Bar chart presenting the numbers of requests
Chart Table 
Fiscal Year 2018-2019 2019-2020 2020-2021 2021-2022 2022-2023
Number of Requests Received 4 15 9 9 4

Chart II: Average Number of Pages Processed per Request

Bar chart presenting the numbers of pages
Chart Table
Fiscal Year 2018-2019 2019-2020 2020-2021 2021-2022 2022-2023
Number of Pages Processed 127 55 77 530 153

Multi-Year Trend

Over the past number of fiscal years, the number of Privacy Act requests submitted to CATSA has fluctuated. Some CATSA Privacy Act requests are from members of the travelling public who wish to know if CATSA has any of their personal information on file.

Completion Time

Of the five Privacy Act requests completed during the 2022-2023 fiscal year, CATSA was successful in responding to 88% of them within the statutory time frame. This result demonstrates CATSA’s commitment to ensuring that all efforts are made to complete its requests in a timely manner and in compliance with the Privacy Act

Disposition of Completed Requests

Of the five completed requests:

  • 3 files (60%) were disclosed in part.
  • All requests disclosed were delivered electronically and two files in video format.

Exemptions Invoked

Where privacy exemptions were invoked, these reasons were cited:

Reason Subject Number of Cases
International affairs S. 21 1
Personal information S. 26 3
Legal advice S. 27 3

Extensions

For the five requests completed in 2022-2023, three extensions of an additional period between 16 to 30 days was taken due to two files needing further review to determine exemptions. The files were for the viewing of video footage and making arrangements for the individuals to view the footage make the requests more complex, costly, and labour intensive. The third extension was for one file that contained a large volume of pages for review.

Consultations

During this reporting period, CATSA received no consultations from other government departments. No consultations were pending at the end of the previous reporting period.

The full Statistical Report on the Administration of the Act is attached as Annex B and Supplemental Statistical Report on Access to Information Act and the Privacy Act is attached as Annex C.

V - Training and Awareness

The Privacy Advisor and ATIP Coordinator are actively pursuing the designation of Certified Information Privacy Professional - Canada (CIPP/C), and keep current through professional development opportunities such as attendance at conferences and peer communication in order to provide the most up to date privacy training.

CATSA continues to provide staff with privacy training, most recently in accordance with its Privacy Training and Awareness Plan adopted in June of 2020. The training plan outlines specific privacy training and awareness activities accessible to various groups, including specific and relevant guidance on how CATSA employees should incorporate privacy considerations into their day-today job functions, especially for those with elevated access to personal information.

In 2022-2023 CATSA continued to make the privacy e-module training mandatory within 90 days of start of employment. At the end of the fiscal year, 92% of the all CATSA employees had complied and completed the training.

For the upcoming fiscal year, CATSA will be working to update this training by changing the requirement to within 30 days of the start of employment and updating the e-module as per the training plan on a triennial basis.

CATSA offers additional privacy training during a virtual orientation sessions for new employees and directed training to business areas.

VI - Policies, Guidelines, Procedures and Initiatives

In October 2022, TBS published additional privacy safeguards for contracts and information sharing agreements (ISAs) as part of their Directive on Privacy Practices. CATSA elected to implement the requirements that were straight forward immediately, to work towards total compliance, while awaiting additional guidance from TBS on requirements that required further clarification on government expectations.

The Privacy Office undertook a continued assessment of the activities and evidence in our Privacy Management Framework. The review confirmed that no gaps were identified in the framework itself. Methods of monitoring compliance were noted as needing ongoing refreshing such as the Risk Registry and Personal Information Inventory. These documents need to be consistently updated to include the actual present practices and any changes in processes undertaken. The Privacy Office also intends to document longer-term activities and projects to maintain CATSA’s compliance to privacy laws, regulations and best practices as part of a strategic plan to be completed in 2023-2024.

VII - Response to Key Issues Raised

During the reporting period, one new complaint has been received under the Act. The complaint was resolved. 

VIII - Monitoring Compliance

CATSA’s Privacy Monitoring Plan serves to strengthen compliance monitoring practices beyond the Privacy Impact Assessment (PIA) and breach management processes, and provides an effective way to evaluate the status and maturity of CATSA’s Privacy Program.

Reports on the CATSA’s Privacy Program are submitted to senior management semi-annually, with a briefing in June and again in October.

IX - Material Privacy Breaches

No material privacy breaches occurred during the reporting period.

X - Privacy Impact Assessments

Privacy Impact Assessments (PIAs) provide a framework to ensure that the protection of personal information is considered throughout the design or re-design of a program or service. PIAs identify the extent to which proposals comply with all appropriate statutes and legislation. They assist managers and decision-makers to avoid or mitigate privacy risks and promote only fully informed policy, program and system design choices.

During the 2022-2023 fiscal year, there were no PIAs completed.

XI - Public Interest Disclosures

There was one disclosures were made under paragraph 8(2)(m) of the Act during the reporting period. The disclosure was to benefit the individual and a very limited amount of personal information was disclosed.

Collaboration

CATSA is a strong advocate of collaboration, both internally within the organization as well as within the Privacy Community.

CATSA – The Privacy Office regularly engages with various internal groups to provide advice, ideas and best practices. Regularly engaging with representatives from across the organization naturally allows a better understanding of issues and activities that are occurring operationally, and what may impact or be of interest as a whole.

Privacy Community – The Privacy Office also has regular consultations with other Crown Corporation privacy offices as well as with the Treasury Board Secretariat through quarterly ATIP community meetings. These discussions encourage the sharing of valuable knowledge and experience.

Regulatory Community– The Privacy Office seeks out advice and guidance form regulators such as the Government Advisory Directorate of the Office of the Privacy Commissioner. Their office provides informal, proactive advice and guidance on programs and activities where there is clearly privacy impacts.

ANNEXES

Annex A: Delegation Order – Privacy Act
Annex B: Statistical Report on the Administration of the Privacy Act
Annex C: Supplemental Statistical Report on Access to Information Act and the Privacy Act

Annex A: Delegation Order – Privacy Act

Privacy Act Delegation of Authority

I, Nada Semaan, President and CEO of CATSA, pursuant to subsection 73(1) of the Privacy Act, designate the persons holding the positions set out in the attached Schedule ‘A’, or persons acting in those positions, to exercise the powers and perform the duties and functions that have been given to me as head of a government institution under the sections of the Privacy Act, as set out in the Schedule.

Nada Semaan
President and Chief Executive Officer
Canadian Air Transport Security Authority

Signed in Ottawa, Ontario, Canada this 27 day of July 2023


Schedule "A"
Delegation Pursuant to Subsection 73(1) of the Act
Section Description ATIP
Coordinator
Vice-President, Corporate Services, General Counsel and Corporate Secretary (CPO) Senior Vice-President, Operations Senior Director, Operations General Manager, Program Delivery General Manager, Corporate Security Director HR Senior ATIP Advisor
For requests related to passenger and non-passenger records For requests related to employee records
8(2)
(b)
For any purpose in accordance with any Act of Parliament or any regulation made thereunder that authorizes its disclosure Yes Yes Yes Yes Yes Yes Yes No
8(2)
(c)
For the purpose of complying with a subpoena or warrant issued or order made by a court, person or body with jurisdiction to compel the production of information or for the purpose of complying with rules of court relating to the production of information Yes Yes Yes Yes Yes Yes Yes No
8(2)
(d)
To the Attorney General of Canada for use in legal proceedings involving the Crown in right of Canada or the Government of Canada Yes Yes No No No Yes Yes No
8(2)
(e)
To an investigative body specified in the regulations, on the written request of the body, for the purpose of enforcing any law of Canada or a province or carrying out a lawful investigation, if the request specifies the purpose and describes the information to be disclosed Yes Yes Yes Yes Yes Yes Yes No
8(2)
(f)
Under an agreement or arrangement between the Government of Canada or an institution thereof and the government of a province, the council of the Westbank First Nation, the council of a participating First Nation — as defined in subsection 2(1) of the First Nations Jurisdiction over Education in British Columbia Act —, the government of a foreign state, an international organization of states or an international organization established by the governments of states, or any institution of any such government or organization, for the purpose of administering or enforcing any law or carrying out a lawful Investigation Yes Yes Yes Yes Yes Yes Yes No
8(2)
(g)
To a member of Parliament for the purpose of assisting the individual to whom the information relates in resolving a problem Yes Yes No No No No Yes No
8(2)
(h)
To officers or employees of the institution for internal audit purposes, or to the office of the Comptroller General or any other person or body specified in the regulations for audit purposes Yes Yes No No No No No No
8(2)
(i)
To the Library and Archives of Canada for archival purposes Yes Yes No No No No No No
8(2)
(j)
To any person or body for research or statistical purpose when satisfied that the purpose for which the information is disclosed meets the conditions referred to in that paragraph Yes Yes No No No No No No
8(2)
(k)
To any aboriginal government, association of aboriginal people, Indian band, government institution or part thereof, or to any person acting on behalf of such government, association, band, institution or part thereof, for the purpose of researching or validating the claims, disputes or grievances of any of the aboriginal peoples of Canada Yes Yes No No No No No No
8(2)
(l)
To any government institution for the purpose of locating an individual in order to collect a debt owing to Her Majesty in right of Canada by that individual or make a payment owing to that individual by Her Majesty in right of Canada Yes Yes No No No No Yes No
8(2) (m)
(i)
For any purpose where, in the opinion of the head of the institution the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure Yes Yes Yes Yes No Yes No No
8(2) (m)
(ii)
For any purpose where, in the opinion of the head of the institution, disclosure would clearly benefit the individual to whom the information relates Yes Yes Yes Yes Yes Yes No No
8(4) To keep copies of requests made under 8(2)(e), keep records of information disclosed pursuant to such requests and to make those copies and records available to Privacy Commissioner Yes Yes No No No Yes No No
8(5) To notify the Privacy Commissioner in writing of disclosure under paragraph 8(2)(m) Yes Yes No No No No No No
9(1) To retain a record of use of personal information Yes Yes No No No Yes No Yes
9(4) To notify the Privacy Commissioner of consistent use of personal information and update index accordingly Yes Yes No No No No No No
10 To include personal information in personal information banks Yes Yes No No No No No No
4( a)
(b)
To give notice to applicant that access will be given and to give access to requester Yes Yes No No No No No Yes
15 To extend time limit and give notice Yes Yes No No No No No Yes
18(2) To refuse to disclose any personal information requested under that subsection Yes Yes No No No No No Yes
19 - 28 To refuse to disclose any personal information requested under that subsection Yes Yes No No No No No Yes
33(2) To make representations to the Privacy Commissioner Yes Yes No No No No No Yes
35(1) (b) To receive the report of findings of the investigation and give notice of action taken or proposed to be taken or reasons why no action has been or is proposed to be taken Yes Yes No No No No No No
35(4) To provide access to personal information Yes Yes No No No No No No
37(3) To receive the report of findings after investigation in respect of personal information Yes Yes No No No No No No
69 To refuse to disclose a record referred to in that section Yes Yes No No No No No Yes
70 To refuse to disclose a record referred to in that section Yes Yes No No No No No Yes
72(1) To prepare annual report for submission to Parliament Yes Yes No No No No No Yes
77 To carry out responsibilities conferred on the Head of the institution by regulations made under section 77 which are not included above Yes Yes No No No No No No

The ATIP Coordinator, the Vice-President, Corporate Services, General Counsel, Corporate Secretary (CPO), the Senior Vice-President, Operations, the Senior Director, Program Delivery, the General Manager, Program Delivery, the General Manager, Corporate Security and the Director, HR are authorized to designate in writing a member of their staff to act on their behalf in case of absence or unavailability.

Annex B: Statistical Report on the Administration of the Privacy Act

Name of institution: Canadian Air Transport Security Authority

Reporting period: 4/1/2022 to 3/31/2023

Section 1: Requests Under the Privacy Act

1.1 Number of requests received

Description Number of Requests
Received during reporting period 4
Outstanding from previous reporting periods 1
  • Outstanding from previous reporting period
1  
  • Outstanding from more than one reporting period
0  
Total 5
Closed during reporting period 5
Carried over to next reporting period 0
  • Carried over within legislated timeline
0  
  • Carried over beyond legislated timeline
0  

1.2 Channels of requests

Source Number of Requests
Online 0
E-mail 4
Mail 0
In person 0
Phone 0
Fax 0
Total 4

Section 2: Informal requests

2.1 Number of informal requests

Description Number of Requests
Received during reporting period 0
Outstanding from previous reporting periods 0
  • Outstanding from previous reporting period
0  
  • Outstanding from more than one reporting period
0  
Total 0
Closed during reporting period 0
Carried over to next reporting period 0
  • Carried over within legislated timeline
0  
  • Carried over beyond legislated timeline
0  

2.2 Channels of informal requests

Source Number of Requests
Online 0
E-mail 0
Mail 0
In person 0
Phone 0
Fax 0
Total 0

2.3 Completion time of informal requests

Completion Time
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180
Days
181 to 365
Days
More Than
365 Days
Total
0 0 0 0 0 0 0 0

2.4 Pages released informally

Less Than
100 Pages Released
100-500
Pages 
Released
501-1000
Pages R
eleased
1001-5000 
Pages
Released
More Than
5000 Pages Released
Number of Requests Pages Released Number of Requests Pages Released Number of Requests Pages Released Number of Requests Pages Released Number of Requests Pages Released
00 0 0 0 0 0 0 0 0 0

Section 3: Requests Closed During the Reporting Period

3.1 Disposition and completion time

Completion Time
Disposition of
Requests
1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to
180
Days
181 to 365
Days
More
Than 365
Days
Total
All disclosed 0 1 1 0 0 0 0 2
Disclosed in part 0 1 1 0 0 1 0 3
All exempted 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0
No records exist 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0
Total 0 2 2 0 0 1 0 5

3.2 Exemptions

Section Number of
Requests
Section Number of
Requests
Section Number of
Requests
18(2) 0 22(1)(a)(i) 0 23(a) 0
19(1)(a) 0 22(1)(a)(ii) 0 23(b) 0
19(1)(b) 0 22(1)(a)(iii) 0 24(a) 0
19(1)(c) 0 22(1)(b) 0 24(b) 0
19(1)(d) 0 22(1)(c) 0 25 0
19(1)(e) 0 22(2) 0 26 3
19(1)(f) 0 22.1 0 27 3
20 0 22.2 0 27.1 0
21 1 22.3 0 28 0
  22.4 0  

3.3 Exclusions

Section Number of
Requests
Section Number of
Requests
Section Number of
Requests
69(1)(a) 0 70(1) 0 70(1)(d) 0
69(1)(b) 0 70(1)(a) 0 70(1)(e) 0
69.1 0 70(1)(b) 0 70(1)(f) 0
  70(1)(c) 0 70.1 0

3.4 Format of information released

Paper Electronic Other
E-record Data set Video Audio
0 3 0 2 0 0

3.5 Complexity

3.5.1 Relevant pages processed and disclosed for paper and e-record formats
Number of Pages Processed Number of Pages Disclosed Number of Requests
763 278 3
 3.5.2 Relevant pages processed by request disposition for paper and e-record formats by size of requests
Pages Less Than
100 Pages
Processed
100-500
Pages
Processed
500-1000
Pages
Processed
1001-5000
Pages
Processed
More Than 5000
Pages Processed
Disposition Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed
All disclosed 0 0 0 0 0 0 0 0 0 0
Disclosed in part 1 80 1 151 1 532 0 0 0 0
All exempted 0 0 0 0 0 0 0 0 0 0
All excluded 0 0 0 0 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0 0 0 0 0
Total 1 80 1 151 1 532 0 0 0 0
3.5.3 Relevant minutes processed and disclosed for audio formats
Number of Minutes Processed Number of Minutes Disclosed Number of Requests
0 0 0
3.5.4 Relevant minutes processed per request disposition for audio formats by size of requests
Disposition Less than 60 Minutes processed 60-120 Minutes processed More than 120 Minutes processed
  Number of requests Minutes Processed Number of requests Minutes Processed Number of requests Minutes Processed
All disclosed 0 0 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Total 0 0 0 0 0 0
3.5.5 Relevant minutes processed and disclosed for video formats
Number of Minutes Processed Number of Minutes Disclosed Number of Requests
3 3 2
3.5.6 Relevant minutes processed per request disposition for video formats by size of requests
Disposition Less than 60 Minutes processed 60-120 Minutes processed More than 120 Minutes processed
  Number of requests Minutes Processed Number of requests Minutes Processed Number of requests Minutes Processed
All disclosed 2 3 0 0 0 0
Disclosed in part 0 0 0 0 0 0
All exempted 0 0 0 0 0 0
All excluded 0 0 0 0 0 0
Request abandoned 0 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0 0
Total 0 0 0 0 0 0
3.5.7 Other complexities
Disposition Consultation Required Legal Advice Sought Interwoven Information Other Total
All disclosed 0 0 0 0 0
Disclosed in part 0 3 0 0 3
All exempted 0 0 0 0 0
All excluded 0 0 0 0 0
Request abandoned 0 0 0 0 0
Neither confirmed nor denied 0 0 0 0 0
Total 0 3 0 0 3

3.6 Closed requests

3.6.1 Number of requests closed within legislated timelines
Description Number of Requests
Number of requests closed within legislated timelines 2
Percentage of requests closed within legislated timelines (%) 40

3.7 Deemed refusals

3.7.1 Reasons for not meeting legislated timelines
Principal Reason
Number of requests closed past the legislated timelines Interference with operations / Workload External Consultation Internal Consultation Other
3 2 0 1 0
3.7.2 Request closed beyond legislated timelines (including any extension taken)
Number of days past legislated timelines Number of requests past legislated timeline where no extension was taken Number of requests past legislated timeline where an extension was taken Total
1 to 15 days 0 0 0
16 to 30 days 0 3 3
31 to 60 days 0 0 0
61 to 120 days 0 0 0
121 to 180 days 0 0 0
181 to 365 days 0 0 0
More than 365 days 0 0 0
Total 0 3 3

3.8 Requests for translation

Translation Requests Accepted Refused Total
English to French 0 0 0
French to English 0 0 0
Total 0 0 0

Section 4: Disclosures Under Subsections 8(2) and 8(5)

Paragraph 8(2)(e) Paragraph 8(2)(m) Subsection 8(5) Total
398 1 0 399

Section 5: Requests for Correction of Personal Information and Notations

Disposition for Correction Requests Received Number
Notations attached 0
Requests for correction accepted 0
Total 0

Section 6: Extensions

6.1 Reasons for extensions

Section 15(a)(i) Interference with operations 15 (a)(ii) Consultation

15(b)

Translation purposes or conversion

Number
of
extensions
taken
Further
review
required to
determine
exemptions
Large
volume
of pages
Large
volume of
requests
Documents
are difficult
to obtain
Cabinet
Confidence
Section
(Section 70)
External Internal  
3 2 1 0 0 0 0 0 0

6.2 Length of extensions

Section 15(a)(i) Interference with operations 15 (a)(ii) Consultation 15(b) Translation purposes or conversion
Length of Extensions Further
review
required to
determine
exemptions
Large
volume
of pages
Large
volume of
requests
Documents
are difficult
to obtain
Cabinet
Confidence
Section
(Section 70)
External Internal
1 to 15 days 0 0 0 0 0 0 0 0
16 to 30 days 2 1 0 0 0 0 0 0
31 days or greater - - - - - - - -
Total 2 1 0 0 0 0 0 0

Section 7: Consultations Received From Other Institutions and Organizations

7.1 Consultations received from other Government of Canada institutions and other organizations

Consultations Other Government of Canada Institutions Number of Pages to Review Other Organizations Number of Pages to Review
Received during the reporting period 0 0 0 0
Outstanding from the previous reporting period 0 0 0 0
Total 0 0 0 0
Closed during the reporting period 0 0 0 0
Carried over within negotiated timelines 0 0 0 0
Carried over beyond negotiated timelines 0 0 0 0

7.2 Recommendations and completion time for consultations received from other Government of Canada institutions

Number of Days Required to Complete Consultation Requests
Recommendation 1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180 Days 181 to 365
Days
More Than 365 Days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

7.3 Recommendations and completion time for consultations received from other organizations outside the Government of Canada

Number of days required to complete consultation requests
Recommendation 1 to 15
Days
16 to 30
Days
31 to 60
Days
61 to 120
Days
121 to 180 Days 181 to 365
Days
More Than 365 Days Total
Disclose entirely 0 0 0 0 0 0 0 0
Disclose in part 0 0 0 0 0 0 0 0
Exempt entirely 0 0 0 0 0 0 0 0
Exclude entirely 0 0 0 0 0 0 0 0
Consult other institution 0 0 0 0 0 0 0 0
Other 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0

Section 8: Completion Time of Consultations on Cabinet Confidences

8.1 Requests with Legal Services

Pages Less Than 100
Pages Processed
100-500
Pages Processed
500-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number of Days Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

8.2 Requests with Privy Council Office

Pages Less Than 100
Pages Processed
100-500
Pages Processed
500-1000
Pages Processed
1001-5000
Pages Processed
More Than 5000
Pages Processed
Number
of Days
Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Processed Number of
Requests
Pages Disclosed Number of
Requests
Pages Disclosed
1 to 15 0 0 0 0 0 0 0 0 0 0
16 to 30 0 0 0 0 0 0 0 0 0 0
31 to 60 0 0 0 0 0 0 0 0 0 0
61 to 120 0 0 0 0 0 0 0 0 0 0
121 to 180 0 0 0 0 0 0 0 0 0 0
181 to 365 0 0 0 0 0 0 0 0 0 0
Total 0 0 0 0 0 0 0 0 0 0

Section 9: Complaints and Investigations Notices Received

Section 31 Section 33 Section 35 Court action Total
0 0 2 0 2

Section 10: Privacy Impact Assessments (PIAs) and Personal Information Banks (PIBs)

10.1 Privacy Impact Assessments

Description Number
Number of PIAs completed 0
Number of PIAs modified 0

10.2 Institution-specific and Central Personal Information Banks

Personal Information Banks Active Created Terminated Modified
Institution-specific 0 0 0 0
Central 0 0 0 0
Total 0 0 0 0

Section 11: Privacy Breaches

11.1 Material Privacy Breaches reported

Description Number
Number of material privacy breaches reported to TBS 0
Number of material privacy breaches reported to OPC 0

11.2 Non-Material Privacy Breaches

Description Number
Number of non-material privacy breaches 7

Section 12: Resources Related to the Privacy Act

12.1 Allocated Costs

Expenditures Amount
Salaries $232,000
Overtime $0
Goods and Services $46,080
  • Professional services contracts
$46,080  
  • Other
$0
Total $278,080

12.2 Human Resources

Resources Person Years Dedicated to Privacy Activities
Full-time employees 2.300
Part-time and casual employees 0.000
Regional staff 0.000
Consultants and agency personnel 0.500
Students 0.000
Total 2.800

Note: Enter values to three decimal places.

Annex C: Supplemental Statistical Report on Access to Information Act and the Privacy Act

Name of institution: Canadian Air Transport Security Authority

Reporting period: 2022-04-01 to 2023-03-31

Section 1: Capacity to Receive Requests under the Access to Information Act and the Privacy Act

Enter the number of weeks your institution was able to receive ATIP requests through the different channels.

Description Number of Weeks
Able to receive requests by mail 52
Able to receive requests by email 52
Able to receive requests through the digital request service 0

Section 2: Capacity to Process Records under the Access to Information Act and the Privacy Act

2.1 Enter the number of weeks your institution was able to process paper records in different classification levels

Description No Capacity Partial Capacity Full Capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 0 52 52
Secret and Top Secret Paper Records 0 0 52 52

2.2 Enter the number of weeks your institution was able to process electronic records in different classification levels.

Description No Capacity Partial Capacity Full Capacity Total
Unclassified Paper Records 0 0 52 52
Protected B Paper Records 0 0 52 52
Secret and Top Secret Paper Records 0 0 52 52

Section 3: Open Requests and Complaints Under the Access to Information Act

3.1 Enter the number of open requests that are outstanding from previous reporting periods.

Fiscal Year Open Requests Were Received Open Requests that are Within Legislated Timelines as of March 31, 2023 Open Requests that are Beyond Legislated Timelines as of March 31, 2023 Total
Received in 2022-2023 0 0 0
Received in 2021-2022 0 0 0
Received in 2020-2021 0 0 0
Received in 2019-2020 0 0 0
Received in 2018-2019 0 0 0
Received in 2017-2018 0 0 0
Received in 2016-2017 0 0 0
Received in 2015-2016 0 0 0
Received in 2014-2015 0 0 0
Received in 2013-2014 or earlier 0 0 0
Total 0 0 0

3.2 Enter the number of open complaints with the Information Commissioner of Canada that are outstanding from previous reporting periods.

Fiscal Year Open Complaints Were Received by Institution Number of Open Complaints
Received in 2022-2023 1
Received in 2021-2022 0
Received in 2020-2021 0
Received in 2019-2020 0
Received in 2018-2019 0
Received in 2017-2018 0
Received in 2016-2017 0
Received in 2015-2016 0
Received in 2014-2015 0
Received in 2013-2014 or earlier 0
Total 1

Section 4: Open Requests and Complaints Under the Privacy Act

4.1 Enter the number of open requests that are outstanding from previous reporting periods.

Fiscal Year Open Requests Were Received Open Requests that are Within Legislated Timelines as of March 31, 2023 Open Requests that are Beyond Legislated Timelines as of March 31, 2023 Total
Received in 2022-2023 0 0 0
Received in 2021-2022 0 0 0
Received in 2020-2021 0 0 0
Received in 2019-2020 0 0 0
Received in 2018-2019 0 0 0
Received in 2017-2018 0 0 0
Received in 2016-2017 0 0 0
Received in 2015-2016 0 0 0
Received in 2014-2015 0 0 0
Received in 2013-2014 or earlier 0 0 0
Total 0 0 0

4.2 Enter the number of open complaints with the Privacy Commissioner of Canada that are outstanding from previous reporting periods.

Fiscal Year Open Complaints Were Received by Institution Number of Open Complaints
Received in 2022-2023 0
Received in 2021-2022 1
Received in 2020-2021 0
Received in 2019-2020 0
Received in 2018-2019 0
Received in 2017-2018 0
Received in 2016-2017 0
Received in 2015-2016 0
Received in 2014-2015 0
Received in 2013-2014 or earlier 0
Total 1

Section 5: Social Insurance Number

Question Answer
Has your institution begun a new collection or a new consistent use of the SIN in 2022-2023? No

Section 6: Universal Access under the Privacy Act

Question Number
How many requests were received from confirmed foreign nationals outside of Canada in 2022-2023? 0